acc2f3830ca657c08e94d8124e6b5876d896d05a6a3b34e7bab66af6f8a5609b

Sharing

Copy URL Twitter E-mail

General

Target

acc2f3830ca657c08e94d8124e6b5876d896d05a6a3b34e7bab66af6f8a5609b
Size

894KB
MD5

05dd34b5ce5bc5ef683d8ef30c707cb0
SHA1

e87aaebb2a78f897f4c07227483deffb63310ccd
SHA256

acc2f3830ca657c08e94d8124e6b5876d896d05a6a3b34e7bab66af6f8a5609b
SHA512

045357eca39fe1673957ddd58aa52c6a5dbdad59fc5dfde76b0b4ca1c286b0f49e7d0da0365bbc9239c1faf5092eaf752b66566e92f26a3ace37b0d431b4f19d
SSDEEP

12288:/Xf65zCjLHi0nonJdiWy7RAeLWcj426cnqXpOEudt6YoJ+MNIY9qtgWjOdB0+g6a:edtiv+OE46YBeo+Wjh

Score

N/A

Malware Config

Signatures

Files

acc2f3830ca657c08e94d8124e6b5876d896d05a6a3b34e7bab66af6f8a5609b
.exe windows x86

c5c6c596cdbc0bd499e0ecf1bc7243d0

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

50:da:15:04:90:9f:72:73:48:6d:47:ac:0a:b7:46:75
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/11/2013, 00:00

Not After

02/01/2017, 23:59

Subject

CN=BEIJING KUWO TECHNOLOGY CO.\,LTD.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=KUWO MUSIC,O=BEIJING KUWO TECHNOLOGY CO.\,LTD.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5c:46:92:b6:45:78:20:0a:54:74:d1:8f:e2:e9:7a:1b:7c:a1:76:51
Signer

Actual PE Digest

5c:46:92:b6:45:78:20:0a:54:74:d1:8f:e2:e9:7a:1b:7c:a1:76:51

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=BEIJING KUWO TECHNOLOGY CO.\,LTD.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=KUWO MUSIC,O=BEIJING KUWO TECHNOLOGY CO.\,LTD.,L=Beijing,ST=Beijing,C=CN

10/01/2014, 04:17
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TerminateProcess
LockResource
LoadLibraryExA
FormatMessageA
GetProcAddress
GetModuleFileNameA
GetCommandLineW
GetCurrentProcessId
WideCharToMultiByte
OutputDebugStringA
OutputDebugStringW
WaitForSingleObject
GetTickCount
SuspendThread
GetThreadContext
SetThreadContext
ResumeThread
GetEnvironmentStrings
FreeEnvironmentStringsA
SetEnvironmentVariableA
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringW
CompareStringA
InitializeCriticalSectionAndSpinCount
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetTimeZoneInformation
SetFilePointer
CreateFileA
GetExitCodeProcess
CreatePipe
GetFileAttributesA
LCMapStringW
CreateThread
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
SetHandleCount
GetModuleHandleA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapCreate
GetStdHandle
WriteFile
HeapSize
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoW
ExitProcess
Sleep
GetDateFormatA
GetTimeFormatA
GetSystemTimeAsFileTime
MoveFileA
DeleteFileA
ReadFile
DuplicateHandle
CreateProcessA
HeapReAlloc
VirtualQuery
GetSystemInfo
VirtualProtect
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
lstrcmpiW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
GetModuleHandleW
lstrcpyW
lstrcatW
SetLastError
InterlockedDecrement
InterlockedIncrement
GetModuleFileNameW
MulDiv
GetLastError
lstrcmpW
lstrcpynW
lstrlenA
lstrcpynA
GlobalAlloc
GlobalLock
LeaveCriticalSection
GlobalUnlock
GetCurrentProcess
FlushInstructionCache
RaiseException
GetCurrentThreadId
lstrlenW
SetEvent
CloseHandle
DeleteCriticalSection
InitializeCriticalSection
CreateEventW
GetVersionExW
GetCurrentThread
EnterCriticalSection
LCMapStringA

user32

CreateWindowExW
LoadStringW
LoadMenuW
LoadAcceleratorsW
DefWindowProcW
GetWindow
GetWindowRect
GetWindowLongW
MonitorFromWindow
GetMonitorInfoW
GetClientRect
MapWindowPoints
SetWindowPos
GetParent
EndDialog
CreateAcceleratorTableW
SetCursorPos
mouse_event
GetCursorPos
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
KillTimer
SetTimer
GetMenu
PostMessageW
DialogBoxParamW
GetSubMenu
MessageBeep
SendMessageW
IsWindow
PtInRect
PeekMessageW
InvalidateRect
CreatePopupMenu
TrackPopupMenuEx
RemoveMenu
TranslateAcceleratorW
GetActiveWindow
IsWindowVisible
CheckMenuRadioItem
GetMenuItemID
GetMenuItemCount
EnableMenuItem
AppendMenuW
DeleteMenu
AdjustWindowRectEx
CallWindowProcW
GetDlgItem
InvalidateRgn
ScreenToClient
MoveWindow
UnregisterClassA
CharNextW
GetClassNameW
BeginPaint
FillRect
EndPaint
IsChild
DestroyAcceleratorTable
GetDlgCtrlID
InflateRect
SetCursor
ReleaseDC
GetDC
GetSysColor
UpdateWindow
RedrawWindow
GetFocus
DestroyMenu
GetKeyState
ClientToScreen
GetSystemMetrics
GetDesktopWindow
ReleaseCapture
SetCapture
LoadStringA
PostQuitMessage
SetFocus
SetMenuDefaultItem
GetMenuItemInfoW
SetMenuItemInfoW
wvsprintfW
LoadImageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
RegisterWindowMessageW
GetClassInfoExW
LoadCursorW
RegisterClassExW
ShowWindow
SetWindowLongW
DestroyWindow
GetMessageW
TranslateMessage
DispatchMessageW
MonitorFromPoint

gdi32

GetStockObject
DeleteDC
CreateCompatibleDC
SetViewportOrgEx
CreateCompatibleBitmap
DeleteObject
CreateSolidBrush
GetDeviceCaps
GetObjectW
Polygon
CreatePen
SelectObject
BitBlt

advapi32

RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

ole32

CoInitialize
OleUninitialize
StringFromCLSID
CoTaskMemRealloc
CoTaskMemFree
OleLockRunning
CoTaskMemAlloc
StringFromGUID2
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleInitialize
CreateStreamOnHGlobal
CoUninitialize

oleaut32

SysFreeString
VariantCopy
VariantChangeType
VarCmp
SysStringByteLen
SysAllocStringByteLen
DispCallFunc
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
VariantClear
VariantInit
SysAllocString
SysStringLen
SysAllocStringLen

comctl32

InitCommonControlsEx
ImageList_LoadImageW
CreateStatusWindowW
ImageList_AddMasked
ImageList_Create
ImageList_DragEnter
ImageList_DragShowNolock
ImageList_DragMove
ImageList_EndDrag
ImageList_BeginDrag
ImageList_DragLeave
ImageList_Destroy

urlmon

URLOpenBlockingStreamW

winmm

waveOutWrite
mixerOpen
mixerGetLineInfoW
mixerGetLineControlsW
mixerSetControlDetails
mixerClose

dsound

ord1

Sections

.text
Size: 474KB - Virtual size: 474KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SHARED
Size: 512B - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 216KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c5c6c596cdbc0bd499e0ecf1bc7243d0

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

50:da:15:04:90:9f:72:73:48:6d:47:ac:0a:b7:46:75Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

5c:46:92:b6:45:78:20:0a:54:74:d1:8f:e2:e9:7a:1b:7c:a1:76:51Signer

Signature Validations

Verification

10/01/2014, 04:17 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

comctl32

urlmon

winmm

dsound

Sections

.text Size: 474KB - Virtual size: 474KB

.rdata Size: 93KB - Virtual size: 93KB

.data Size: 25KB - Virtual size: 32KB

SHARED Size: 512B - Virtual size: 1B

.rsrc Size: 216KB - Virtual size: 216KB

.reloc Size: 83KB - Virtual size: 83KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

50:da:15:04:90:9f:72:73:48:6d:47:ac:0a:b7:46:75
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

5c:46:92:b6:45:78:20:0a:54:74:d1:8f:e2:e9:7a:1b:7c:a1:76:51
Signer

10/01/2014, 04:17
Valid: false

.text
Size: 474KB - Virtual size: 474KB

.rdata
Size: 93KB - Virtual size: 93KB

.data
Size: 25KB - Virtual size: 32KB

SHARED
Size: 512B - Virtual size: 1B

.rsrc
Size: 216KB - Virtual size: 216KB

.reloc
Size: 83KB - Virtual size: 83KB