ec1d867d4bcd9a71e90a082a72cbfdf07e304b50a3db418b266d276b7bf45d5a

Sharing

Copy URL Twitter E-mail

General

Target

ec1d867d4bcd9a71e90a082a72cbfdf07e304b50a3db418b266d276b7bf45d5a
Size

523KB
MD5

088bee8bce63193eb6714ab374af291a
SHA1

226100e52f499247011aee04fb705d74d322f2f7
SHA256

ec1d867d4bcd9a71e90a082a72cbfdf07e304b50a3db418b266d276b7bf45d5a
SHA512

fff6016fe8a9857a334d97b2ff6e4b2258a224e6c91feab6ed7745ab84e0cf35b9339da2a3bc24be42b2a34c440f67933ab670ddfa7c5420e1340afcaf446df6
SSDEEP

12288:KaZWecz/aD+04iTxtNmO9+344IUIXTsjsv:KamiS8tNR+35JIXT1

Score

N/A

Malware Config

Signatures

Files

ec1d867d4bcd9a71e90a082a72cbfdf07e304b50a3db418b266d276b7bf45d5a
.exe windows x86

6cca11491a69bd0fec48b1ef7f90af83

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/01/2010, 00:00

Not After

25/01/2013, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

46:a3:37:63:fd:35:22:67:d8:b5:54:1f:a4:10:cb:6b:16:c0:5f:53
Signer

Actual PE Digest

46:a3:37:63:fd:35:22:67:d8:b5:54:1f:a4:10:cb:6b:16:c0:5f:53

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

14/12/2011, 08:09
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCPInfo
GetFullPathNameW
WideCharToMultiByte
ExitProcess
lstrlenA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
GetCurrentDirectoryA
GetDateFormatA
GetTimeFormatA
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
HeapCreate
GetTimeZoneInformation
Sleep
InterlockedDecrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
RtlUnwind
GetStartupInfoA
GetCommandLineA
CreateDirectoryW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetSystemTimeAsFileTime
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetThreadLocale
GetLocaleInfoA
GetACP
LocalFree
FindClose
DeviceIoControl
FindFirstFileW
GetDriveTypeW
GetLogicalDrives
CopyFileW
VirtualQuery
GetModuleFileNameA
VirtualQueryEx
GetVersionExW
WritePrivateProfileStringW
ReadFile
CreateFileA
SetUnhandledExceptionFilter
ReadProcessMemory
GetCurrentThread
SetFilePointer
FreeLibrary
GetCurrentProcessId
GetThreadSelectorEntry
InterlockedExchange
DeleteFileW
InterlockedIncrement
GetLocalTime
SystemTimeToFileTime
RaiseException
SetLastError
FlushInstructionCache
GetCurrentProcess
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
CreateMutexW
OpenMutexW
MultiByteToWideChar
GlobalUnlock
GlobalLock
GlobalAlloc
GetModuleHandleW
ReleaseMutex
WaitForSingleObject
GetTickCount
GetFileSize
CreateFileMappingW
MapViewOfFileEx
CloseHandle
WriteFile
UnmapViewOfFile
CreateFileW
LoadResource
LockResource
SizeofResource
GetLastError
FindResourceW
GetProcAddress
LoadLibraryW
GetModuleFileNameW
FindResourceExW
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
GetDriveTypeA
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
SetEndOfFile
GetVersionExA
DeleteCriticalSection
GetLocaleInfoW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
InitializeCriticalSection
QueryPerformanceCounter

user32

UnregisterClassA
GetCursorPos
GetMonitorInfoW
MonitorFromPoint
SetForegroundWindow
ShowWindow
IsIconic
GetWindowLongW
GetActiveWindow
EnumWindows
DialogBoxParamW
LoadIconW
SetTimer
SetWindowLongW
InvalidateRect
GetDlgItem
SetWindowTextW
GetWindowTextW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EndDialog
MessageBoxW
KillTimer
SendMessageW
ValidateRect
ScreenToClient
GetWindowRect
ReleaseDC
GetDesktopWindow
GetDC
GetSystemMetrics
IsWindowVisible

gdi32

GetDIBits
GetObjectW
CreateFontIndirectW
GetTextExtentPointW
LineTo
MoveToEx
TextOutW
SetBkMode
SetTextColor
Rectangle
CreatePen
CreateSolidBrush
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
DeleteObject
DeleteDC
SelectObject

advapi32

RegCloseKey
RegOpenKeyExW
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
SetEntriesInAclW
BuildExplicitAccessWithNameW
GetSecurityInfo
RegQueryValueExW
RegOpenKeyExA
RegQueryValueExA

shell32

SHGetSpecialFolderPathW
SHCreateDirectoryExW
SHGetFolderPathW
ShellExecuteW

ole32

CoInitialize
CoCreateGuid
CoUninitialize

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime

shlwapi

PathFileExistsW

comctl32

ord17

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

ws2_32

sendto
WSAStartup
WSACleanup
htons
socket
gethostbyname
closesocket

netapi32

NetWkstaTransportEnum
Netbios
NetApiBufferFree

Sections

.text
Size: 388KB - Virtual size: 384KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6cca11491a69bd0fec48b1ef7f90af83

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0Certificate

Extended Key Usages

Key Usages

46:a3:37:63:fd:35:22:67:d8:b5:54:1f:a4:10:cb:6b:16:c0:5f:53Signer

Signature Validations

Verification

14/12/2011, 08:09 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

version

ws2_32

netapi32

Sections

.text Size: 388KB - Virtual size: 384KB

.rdata Size: 84KB - Virtual size: 82KB

.data Size: 8KB - Virtual size: 18KB

.rsrc Size: 39KB - Virtual size: 39KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

46:a3:37:63:fd:35:22:67:d8:b5:54:1f:a4:10:cb:6b:16:c0:5f:53
Signer

14/12/2011, 08:09
Valid: false

.text
Size: 388KB - Virtual size: 384KB

.rdata
Size: 84KB - Virtual size: 82KB

.data
Size: 8KB - Virtual size: 18KB

.rsrc
Size: 39KB - Virtual size: 39KB