2788e5be958713c30b2ee369731d3dd805fd3c3912c7463a3519640e6ce1494d

Sharing

Copy URL Twitter E-mail

General

Target

2788e5be958713c30b2ee369731d3dd805fd3c3912c7463a3519640e6ce1494d
Size

261KB
MD5

0f0213854c978ec76c0369c7c4afef60
SHA1

92d45b9135a5d495f3873d386ae2fb8346bd4a8d
SHA256

2788e5be958713c30b2ee369731d3dd805fd3c3912c7463a3519640e6ce1494d
SHA512

7dcf66349c1dbb045618e631c87aead5501ebc6fb93aa6921f022a978a157bb1fa1139a4b62dce2585e85178c0944a56675e9625786bec63daed2143448a8f86
SSDEEP

3072:K1niLpHgJjhkR9FbajkMHYpxWrlNaFp/TsdkgAdGoXsKCIxAKRIZFDdyJXmQZe9U:onuHHEYpxWJYSSdG3KvAKm+QQZeRh

Score

N/A

Malware Config

Signatures

Files

2788e5be958713c30b2ee369731d3dd805fd3c3912c7463a3519640e6ce1494d
.exe windows x86

8177cdbe2b479763609fdce0f37c8dbe

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileW
GetTickCount
GetModuleHandleW
OutputDebugStringW
MultiByteToWideChar
lstrlenA
TerminateThread
WaitForSingleObject
CreateThread
lstrcpyW
DebugBreak
CreateFileMappingW
QueryPerformanceCounter
CreateDirectoryW
GetVersionExW
FreeLibrary
GetTempPathW
GetProcAddress
LoadLibraryW
LocalAlloc
WriteFile
CreateEventW
SetEvent
SetThreadPriority
ResumeThread
SuspendThread
GetLocalTime
OpenEventW
GetStartupInfoW
LocalFree
WideCharToMultiByte
WritePrivateProfileStringW
GetPrivateProfileStringW
CreateMutexW
GetLastError
UnmapViewOfFile
OpenFileMappingW
MapViewOfFile
GetCurrentProcess
FlushInstructionCache
lstrcmpW
CloseHandle
InterlockedDecrement
InterlockedIncrement
GlobalLock
GlobalUnlock
lstrlenW
GlobalAlloc
FindResourceW
LoadResource
LockResource
GlobalHandle
GlobalFree
FreeResource
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
HeapDestroy
InitializeCriticalSection
GetCurrentThreadId
SizeofResource

user32

SendMessageW
wsprintfW
GetDlgItem
InvalidateRgn
DefWindowProcW
DispatchMessageW
TranslateMessage
CreateWindowExW
PostMessageW
GetMessageW
PeekMessageW
DestroyWindow
InvalidateRect
CreateDialogIndirectParamW
RegisterClassExW
LoadCursorW
BringWindowToTop
SetForegroundWindow
ShowWindow
GetClassInfoExW
RegisterWindowMessageW
GetWindow
SetWindowLongW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
GetWindowLongW
GetSysColor
SetFocus
IsChild
GetFocus
ReleaseDC
GetDC
CallWindowProcW
EndPaint
FillRect
GetClientRect
BeginPaint
SetWindowPos
IsWindow
RedrawWindow
GetClassNameW
GetParent
GetDesktopWindow
CreateAcceleratorTableW
ReleaseCapture
MsgWaitForMultipleObjects
InflateRect
PtInRect
TrackMouseEvent
SetRectEmpty
KillTimer
DrawIconEx
SetWindowRgn
OffsetRect
IsZoomed
SubtractRect
MonitorFromWindow
GetMonitorInfoW
SetRect
SetCapture
EnumDisplaySettingsW
PrintWindow
FindWindowExW
PostThreadMessageW
DrawEdge
DrawStateW
DestroyIcon
LoadBitmapW
GetWindowDC
DrawTextW
GetMenuItemCount
GetMenuItemInfoW
SetMenuItemInfoW
LoadMenuW
GetSubMenu
ClientToScreen
TrackPopupMenu
DestroyMenu
CopyRect
CharNextW
wvsprintfW
IsWindowVisible
LoadStringW
GetWindowRect
SystemParametersInfoW
MapWindowPoints
PostQuitMessage
SetTimer
GetSystemMetrics
LoadImageW
IsDialogMessageW
FindWindowW
IsIconic

gdi32

GetStockObject
SetViewportOrgEx
CreateFontIndirectW
SetBkColor
SetBkMode
SetTextColor
Rectangle
ExtTextOutW
GetObjectW
CreatePen
GetCurrentObject
CreateRoundRectRgn
GetDIBits
CreateFontW
CreateSolidBrush
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
CreateDIBSection
GetDeviceCaps

shell32

SHAppBarMessage
SHGetSpecialFolderPathW

ole32

OleLockRunning
CoTaskMemAlloc
StringFromCLSID
CoTaskMemFree
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoInitialize
CoUninitialize
CoCreateGuid
CoGetClassObject
OleSetContainedObject

oleaut32

SysFreeString
SysAllocStringLen
SysAllocString
LoadRegTypeLi
SysStringLen
VariantClear
OleCreateFontIndirect

comctl32

InitCommonControlsEx
ImageList_Draw
ImageList_GetIcon
ImageList_ReplaceIcon
ImageList_Create

msimg32

AlphaBlend

msvcp60

?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ

msvcrt

printf
fopen
fprintf
swprintf
wcscat
wcsrchr
_ftol
_wcsnicmp
atoi
wcschr
iswspace
strcmp
_wfopen
fseek
ftell
fread
fclose
iswdigit
_except_handler3
wcscmp
_wcsicmp
_snprintf
malloc
strlen
vswprintf
wcsstr
_itow
_wtoi
wcscpy
wcslen
wcsncpy
_snwprintf
memcmp
free
memset
memmove
realloc
memcpy
??2@YAPAXI@Z
_purecall
__CxxFrameHandler
isalpha
isalnum
isspace
strncmp
strchr
tolower
_CxxThrowException
?terminate@@YAXXZ
__dllonexit
_onexit
_exit
_XcptFilter
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
??1type_info@@UAE@XZ

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

shlwapi

PathAppendW
PathIsRootW
PathFileExistsW
SHGetValueW
StrDupW

gdiplus

GdipCreateBitmapFromStream
GdipCreateHBITMAPFromBitmap
GdipSaveImageToFile
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipCreateFromHDC
GdipDrawImageRectRectI
GdipSetInterpolationMode
GdipDeleteGraphics
GdipGetImageHeight
GdipGetImageWidth
GdipFree
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipAlloc
GdiplusStartup
GdipLoadImageFromStream
GdipDisposeImage
GdipCloneImage

Sections

.text
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8177cdbe2b479763609fdce0f37c8dbe

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

oleaut32

comctl32

msimg32

msvcp60

msvcrt

version

shlwapi

gdiplus

Sections

.text Size: 119KB - Virtual size: 119KB

.rdata Size: 26KB - Virtual size: 25KB

.data Size: 27KB - Virtual size: 29KB

.rsrc Size: 88KB - Virtual size: 109KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

.text
Size: 119KB - Virtual size: 119KB

.rdata
Size: 26KB - Virtual size: 25KB

.data
Size: 27KB - Virtual size: 29KB

.rsrc
Size: 88KB - Virtual size: 109KB