3ae22eb3f959510525078de05498ab7a34fdd79b7dc0360ec93fc199ce64a266

Sharing

Copy URL Twitter E-mail

General

Target

3ae22eb3f959510525078de05498ab7a34fdd79b7dc0360ec93fc199ce64a266
Size

195KB
MD5

209c69a20c1d189dbb973ea9f14b3010
SHA1

83ccf5335940ccf096fe70484669f7b924e4ce14
SHA256

3ae22eb3f959510525078de05498ab7a34fdd79b7dc0360ec93fc199ce64a266
SHA512

16a3475540c9e75886919ca4e8731599ebc38ec660b7192ef8158644bf9d20008f53f47fffda602ba92a657e6b1ff2f497d90e263801705e7b57695f7ce36b15
SSDEEP

3072:kCu+BYtIftRQDou24NSigNg1OlttyXfdUg0jN6i4TcZS/2FN:kCJmoQ/uNttyXv0ju0u2F

Score

N/A

Malware Config

Signatures

Files

3ae22eb3f959510525078de05498ab7a34fdd79b7dc0360ec93fc199ce64a266
.exe windows x86

aaf63847d54350b255ba0d83983791b4

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpynW
GetProfileIntW
GetStringTypeW
GetStringTypeA
LoadLibraryA
GetOEMCP
GetACP
GetCPInfo
FlushFileBuffers
SetStdHandle
LCMapStringW
LCMapStringA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetProcAddress
lstrcpynA
GetFileType
GetStdHandle
SetHandleCount
HeapSize
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetModuleFileNameA
RaiseException
ExitProcess
GetVersion
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
HeapAlloc
HeapReAlloc
RtlUnwind
HeapFree
TerminateProcess
lstrlenA
MultiByteToWideChar
WideCharToMultiByte
GetTickCount
GetLastError
LocalFree
lstrlenW
InterlockedDecrement
CreateFileW
WriteFile
CloseHandle
LocalAlloc
FindResourceW
LoadResource
SizeofResource
GlobalAlloc
GlobalLock
LockResource
FreeResource
LeaveCriticalSection
GlobalUnlock
GlobalFree
GetVersionExW
GetCurrentProcess
FlushInstructionCache
InitializeCriticalSection
EnterCriticalSection
GetCurrentThreadId
SetFilePointer

user32

TrackPopupMenuEx
CreatePopupMenu
GetMenuItemCount
AppendMenuW
GetMenuItemInfoW
DestroyMenu
MessageBeep
LoadStringA
PostQuitMessage
CreateDialogParamW
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
IsRectEmpty
IsWindowVisible
SetWindowTextW
SetCursor
GetCursorPos
wsprintfW
SetForegroundWindow
SetFocus
TranslateAcceleratorW
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
ShowWindow
DefWindowProcW
GetMonitorInfoW
MonitorFromPoint
PtInRect
RemoveMenu
GetWindowTextW
ScreenToClient
ReleaseCapture
FindWindowW
LoadAcceleratorsW
LoadMenuW
LoadStringW
RegisterClassExW
LoadImageW
LoadCursorW
GetClassInfoExW
wvsprintfW
CreateWindowExW
SetWindowLongW
TrackMouseEvent
FillRect
ReleaseDC
GetDC
MapWindowPoints
SendMessageW
GetWindowRect
SetWindowPos
GetSystemMetrics
GetParent
GetWindowLongW
EndPaint
BeginPaint
SetRect
GetDlgItem
DestroyWindow
InvalidateRect
InflateRect
GetSysColorBrush
GetClientRect
CallWindowProcW
PostMessageW
GetWindowTextLengthW
EqualRect
IsWindow
CopyRect
GetDCEx
UpdateWindow
SetCapture
GetCapture
DrawTextW

gdi32

GetObjectW
GetDIBits
DeleteDC
BitBlt
SelectObject
CreateCompatibleDC
DeleteObject
CreateFontW
CreateCompatibleBitmap
EnumFontFamiliesExW
Rectangle
CreatePen
CreateSolidBrush
SetTextColor
LineTo
StretchBlt
SetBkMode
GetPixel
CreateDCW
SetBitmapBits
GetBitmapBits
SetViewportOrgEx
CreateBitmap
RestoreDC
PatBlt
UnrealizeObject
SetROP2
SetWindowOrgEx
SetMapMode
SaveDC
MoveToEx
CreatePatternBrush
GetStockObject

comdlg32

GetSaveFileNameW

ole32

CreateStreamOnHGlobal
CoInitialize

oleaut32

SysFreeString
SysAllocString

comctl32

InitCommonControlsEx

msimg32

AlphaBlend

gdiplus

GdipDrawPath
GdipCloneBrush
GdipCreatePen1
GdipSetSmoothingMode
GdipCreateSolidFill
GdipCreatePath
GdipAddPathLineI
GdipCreateCustomLineCap
GdipSetCustomLineCapWidthScale
GdipSetCustomLineCapStrokeCaps
GdipSetPenCustomEndCap
GdipSetPenStartCap
GdipSetPenBrushFill
GdipDrawLineI
GdipDeletePath
GdipDeleteBrush
GdipAddPathEllipseI
GdipSaveImageToFile
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipCreateFromHDC
GdipDeleteGraphics
GdipDrawImageRectRectI
GdipSetInterpolationMode
GdipCloneImage
GdipDisposeImage
GdipLoadImageFromStream
GdipGetImageWidth
GdipGetImageHeight
GdiplusStartup
GdipAlloc
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipFree
GdipSetPenEndCap
GdipDeletePen
GdipDeleteCustomLineCap

shlwapi

StrCmpIW
SHSetValueW
SHGetValueW

Sections

.text
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

nndwxuz
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

aaf63847d54350b255ba0d83983791b4

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

ole32

oleaut32

comctl32

msimg32

gdiplus

shlwapi

Sections

.text Size: 91KB - Virtual size: 91KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 13KB - Virtual size: 20KB

.rsrc Size: 72KB - Virtual size: 73KB

nndwxuz Size: 6KB - Virtual size: 6KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

.text
Size: 91KB - Virtual size: 91KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 13KB - Virtual size: 20KB

.rsrc
Size: 72KB - Virtual size: 73KB

nndwxuz
Size: 6KB - Virtual size: 6KB