ca851bad2b948b1340e87ce839a795a50df57cbab23a9b475d9fa84c02499526

Sharing

Copy URL Twitter E-mail

General

Target

ca851bad2b948b1340e87ce839a795a50df57cbab23a9b475d9fa84c02499526
Size

340KB
MD5

0cff5212e37748d0edd8a3e9def60e80
SHA1

173093602f2bd630c1a4bd449f31ef78ff31774f
SHA256

ca851bad2b948b1340e87ce839a795a50df57cbab23a9b475d9fa84c02499526
SHA512

ff0b2ed5941d1b0706025470a42945d57ad3f297a3b398d0bf199b46615c66d62f2745dfee8bc51b1a839fc97f6a88fec8ce4e6ad9d1dc02edd266fd0a7395ad
SSDEEP

3072:z0cPVKrYvsproEvTLIIetOpGCOlEv2IbFaqoYRoYH1Y28lkt3lzjfGFNgK6T9bND:Y5aA7Ln1Yw1Tt9bDMRywpQhnD6

Score

N/A

Malware Config

Signatures

Files

ca851bad2b948b1340e87ce839a795a50df57cbab23a9b475d9fa84c02499526
.exe windows x86

939c7cb3a16aafe4e5318ff5ef90493d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

17:26:fc:a1:3e:1c:db:47:6c:9c:1b:dd:08:bd:02:58
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/05/2012, 00:00

Not After

03/07/2015, 23:59

Subject

CN=Mydrivers Information Technology Co.\, Ltd (ZhengZhou),OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Mydrivers Information Technology Co.\, Ltd (ZhengZhou),L=Zhengzhou,ST=Henan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8f:25:c1:17:d5:6a:36:83:1c:54:f9:07:d6:d1:c8:ef:e0:09:bd:d1
Signer

Actual PE Digest

8f:25:c1:17:d5:6a:36:83:1c:54:f9:07:d6:d1:c8:ef:e0:09:bd:d1

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Mydrivers Information Technology Co.\, Ltd (ZhengZhou),OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Mydrivers Information Technology Co.\, Ltd (ZhengZhou),L=Zhengzhou,ST=Henan,C=CN

05/02/2015, 08:51
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
GetCurrentThreadId
SetConsoleCtrlHandler
CreateMutexW
GetCommandLineW
OutputDebugStringW
LockResource
FindResourceExW
CreateProcessW
GetVersionExW
OpenProcess
LocalFree
LocalAlloc
SystemTimeToFileTime
GetLocalTime
DeleteFileW
MoveFileExW
MoveFileW
SetFileAttributesW
CreateDirectoryW
RemoveDirectoryW
FindClose
FindNextFileW
FindFirstFileW
LoadLibraryExW
GetFileSize
CreateFileW
WriteFile
GetSystemDirectoryW
CreateRemoteThread
GetModuleHandleA
WriteProcessMemory
VirtualAllocEx
EnterCriticalSection
LeaveCriticalSection
SetFilePointer
CreateSemaphoreW
CreateEventW
GetPrivateProfileIntW
OutputDebugStringA
GetCurrentProcessId
WaitForMultipleObjects
ReleaseSemaphore
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
FindResourceW
LoadResource
SizeofResource
lstrcmpiW
InterlockedIncrement
GetCurrentThread
GetCurrentProcess
InterlockedDecrement
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetFileAttributesW
CreateThread
Sleep
InterlockedExchange
OpenEventW
SetEvent
TerminateThread
WaitForSingleObject
GetModuleFileNameW
GetPrivateProfileStringW
GetModuleFileNameA
GetPrivateProfileIntA
lstrlenA
MultiByteToWideChar
lstrlenW
WideCharToMultiByte
GetLastError
CloseHandle
LoadLibraryW
FreeLibrary
GetModuleHandleW
GetProcAddress
Process32FirstW
Process32NextW
Thread32First
OpenThread
Thread32Next
SuspendThread
CreateToolhelp32Snapshot
Module32FirstW
Module32NextW
ReadFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
FlushFileBuffers
GetTimeZoneInformation
GetLocaleInfoW
LoadLibraryA
GetConsoleMode
GetConsoleCP
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
LCMapStringA
GetStdHandle
ExitProcess
VirtualAlloc
FatalAppExitA
VirtualFree
HeapCreate
SetLastError
TlsFree
TlsSetValue
TlsAlloc
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
GetSystemTimeAsFileTime
ExitThread
ResumeThread
GetStartupInfoW
GetCPInfo
GetOEMCP
IsValidCodePage
TlsGetValue

user32

PostThreadMessageW
LoadStringW
CharNextW
UnregisterClassA

advapi32

GetTokenInformation
DuplicateTokenEx
SetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
CreateProcessAsUserW
QueryServiceConfigW
QueryServiceStatus
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
OpenThreadToken
OpenProcessToken
RegCreateKeyExW
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
IsValidSid
GetLengthSid
CopySid
RegQueryValueExW
RegDeleteValueW
ChangeServiceConfigW
StartServiceW
SetServiceStatus
RegisterEventSourceW
ReportEventW
DeregisterEventSource
ControlService
DeleteService
CreateServiceW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
RegOpenKeyExW
RegSetValueExW
RegOpenKeyW
RegDeleteKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyA
RegCloseKey

shell32

SHGetSpecialFolderPathW

ole32

CoTaskMemAlloc
CoCreateInstance
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CoUninitialize
CoInitialize
CoRegisterClassObject

oleaut32

RegisterTypeLi
SysAllocString
LoadTypeLi
UnRegisterTypeLi
VarUI4FromStr
SysFreeString
SysStringLen

shlwapi

PathRemoveFileSpecW
PathAppendW
PathFileExistsW
PathAppendA
SHDeleteKeyW
PathRemoveFileSpecA

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory
WTSWaitSystemEvent

patchcore

ord264

pnpsup

ord34

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 252KB - Virtual size: 251KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

939c7cb3a16aafe4e5318ff5ef90493d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

17:26:fc:a1:3e:1c:db:47:6c:9c:1b:dd:08:bd:02:58Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

8f:25:c1:17:d5:6a:36:83:1c:54:f9:07:d6:d1:c8:ef:e0:09:bd:d1Signer

Signature Validations

Verification

05/02/2015, 08:51 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

wtsapi32

patchcore

pnpsup

version

Sections

.text Size: 252KB - Virtual size: 251KB

.rdata Size: 44KB - Virtual size: 43KB

.data Size: 8KB - Virtual size: 13KB

.rsrc Size: 32KB - Virtual size: 52KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

17:26:fc:a1:3e:1c:db:47:6c:9c:1b:dd:08:bd:02:58
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

8f:25:c1:17:d5:6a:36:83:1c:54:f9:07:d6:d1:c8:ef:e0:09:bd:d1
Signer

05/02/2015, 08:51
Valid: false

.text
Size: 252KB - Virtual size: 251KB

.rdata
Size: 44KB - Virtual size: 43KB

.data
Size: 8KB - Virtual size: 13KB

.rsrc
Size: 32KB - Virtual size: 52KB