05f63c976a9f3bd6ef04bcabf02ece47dabfd84a5f610c3aa90b045d960e75b0

Sharing

Copy URL Twitter E-mail

General

Target

05f63c976a9f3bd6ef04bcabf02ece47dabfd84a5f610c3aa90b045d960e75b0
Size

596KB
MD5

0562df799f9ab6b202830696fcef6fdb
SHA1

1680713251f1d9fd54555b8fca2888493f7d714c
SHA256

05f63c976a9f3bd6ef04bcabf02ece47dabfd84a5f610c3aa90b045d960e75b0
SHA512

91b7e4087e3737a2f7d0b76afebd8783ed02fdd9edbac13e64f0b2d1c7d0fbd6e4f542cacba66c255365cdb90e16e107a1634fbb001ed44c33f2625254924570
SSDEEP

12288:1hYRtS4dYXQvgoeX3FhDH/MW/Wm7MDgTuaZxZMma:1qtS4d0X3FNJt7kgqSM

Score

N/A

Malware Config

Signatures

Files

05f63c976a9f3bd6ef04bcabf02ece47dabfd84a5f610c3aa90b045d960e75b0
.exe windows x86

23ced302addc0ee12124eca60dbd1d3f

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/01/2010, 00:00

Not After

25/01/2013, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7e:38:a4:b6:68:68:f3:ba:b8:b5:bb:a2:20:ec:e8:6b:6d:d9:f5:3a
Signer

Actual PE Digest

7e:38:a4:b6:68:68:f3:ba:b8:b5:bb:a2:20:ec:e8:6b:6d:d9:f5:3a

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

06/05/2010, 10:55
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FlushInstructionCache
GetTickCount
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
GetCommandLineW
CopyFileW
GetLogicalDrives
GetDriveTypeW
QueryDosDeviceW
DeviceIoControl
FindFirstFileW
FindClose
GetDiskFreeSpaceExW
ProcessIdToSessionId
LocalFree
lstrlenW
GlobalAlloc
GlobalFree
MapViewOfFileEx
GetFullPathNameW
GetCPInfo
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
LeaveCriticalSection
GetDriveTypeA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
GetConsoleMode
GetConsoleCP
GetModuleFileNameW
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetCurrentDirectoryA
GetTimeZoneInformation
GetDateFormatA
GetTimeFormatA
GetStdHandle
ExitProcess
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
IsValidCodePage
GetOEMCP
HeapCreate
LCMapStringW
LCMapStringA
RtlUnwind
EnterCriticalSection
WideCharToMultiByte
RaiseException
SetLastError
WritePrivateProfileStringW
GetVersionExW
VirtualQueryEx
ReadProcessMemory
GetCurrentProcessId
DeleteFileW
GetProcAddress
GetCurrentProcess
GetThreadSelectorEntry
GetModuleFileNameA
FindResourceW
GetCurrentThread
SetUnhandledExceptionFilter
GetCurrentThreadId
FreeLibrary
CreateFileA
VirtualQuery
LoadLibraryW
OpenFileMappingW
GetLocalTime
CreateFileMappingW
SystemTimeToFileTime
InterlockedIncrement
UnmapViewOfFile
MapViewOfFile
MultiByteToWideChar
ReadFile
GetFileSize
WriteFile
FindResourceExW
CreateFileW
GetLastError
LoadResource
LockResource
SetFilePointer
SizeofResource
GetStartupInfoW
CreateDirectoryW
FileTimeToLocalFileTime
FileTimeToSystemTime
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
Sleep
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
HeapSize
HeapReAlloc
HeapDestroy
CloseHandle
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange

user32

GetCursorPos
PostQuitMessage
SetCursor
LoadCursorW
GetMonitorInfoW
MonitorFromPoint
GetWindowTextLengthW
CreateWindowExW
SetWindowTextW
GetWindowTextW
IsWindow
GetDlgItem
FillRect
GetClientRect
LoadBitmapW
DrawTextW
SendMessageW
InvalidateRect
BeginPaint
LoadImageW
ShowWindow
MoveWindow
SetWindowLongW
GetWindowRect
CreateDialogParamW
TrackMouseEvent
RedrawWindow
GetParent
UnregisterClassA
GetWindowLongW
GetMessageW
DispatchMessageW
TranslateMessage
KillTimer
IsWindowVisible
PtInRect
SetWindowPos
SetTimer
EndPaint
ScreenToClient
DestroyWindow
ReleaseDC
GetDC

gdi32

SetBkColor
SetTextColor
TextOutW
CreateFontW
GetTextExtentPointW
SetBkMode
DeleteDC
BitBlt
SelectObject
CreateCompatibleDC
DeleteObject
CreateSolidBrush
GetObjectW

advapi32

RegOpenKeyExW
RegQueryValueExW
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
SetEntriesInAclW
BuildExplicitAccessWithNameW
GetSecurityInfo
LookupAccountSidW
OpenProcessToken
ConvertSidToStringSidW
GetTokenInformation
LookupAccountNameW
RegSetValueExW
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExW
RegCloseKey

shell32

SHGetFolderPathW
SHGetSpecialFolderPathW
SHCreateDirectoryExW
ShellExecuteExW
ShellExecuteW

ole32

CoCreateInstance
CoCreateGuid
CreateBindCtx
CoUninitialize
CoInitialize

oleaut32

SysFreeString
SysAllocString

shlwapi

PathFileExistsW

comctl32

ord17

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

ws2_32

sendto
gethostbyname
htonl
htons
socket
ntohl
WSACleanup
WSAStartup
closesocket

urlmon

CreateURLMoniker
RegisterBindStatusCallback

netapi32

NetApiBufferFree
Netbios
NetWkstaTransportEnum

Sections

.text
Size: 220KB - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

!6�
Size: 236KB - Virtual size: 236KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

23ced302addc0ee12124eca60dbd1d3f

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0Certificate

Extended Key Usages

Key Usages

7e:38:a4:b6:68:68:f3:ba:b8:b5:bb:a2:20:ec:e8:6b:6d:d9:f5:3aSigner

Signature Validations

Verification

06/05/2010, 10:55 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

wtsapi32

version

ws2_32

urlmon

netapi32

Sections

.text Size: 220KB - Virtual size: 216KB

.rdata Size: 40KB - Virtual size: 36KB

.data Size: 8KB - Virtual size: 18KB

Shared Size: 4KB - Virtual size: 4B

.rsrc Size: 76KB - Virtual size: 75KB

!6� Size: 236KB - Virtual size: 236KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

7e:38:a4:b6:68:68:f3:ba:b8:b5:bb:a2:20:ec:e8:6b:6d:d9:f5:3a
Signer

06/05/2010, 10:55
Valid: false

.text
Size: 220KB - Virtual size: 216KB

.rdata
Size: 40KB - Virtual size: 36KB

.data
Size: 8KB - Virtual size: 18KB

Shared
Size: 4KB - Virtual size: 4B

.rsrc
Size: 76KB - Virtual size: 75KB

!6�
Size: 236KB - Virtual size: 236KB