cd53fd7915c0fe8401afe5bbd5031397ba33ef654103e04d8ba51d28a7962812

Sharing

Copy URL

Twitter E-mail

General

Target

cd53fd7915c0fe8401afe5bbd5031397ba33ef654103e04d8ba51d28a7962812
Size

541KB
MD5

14fce07dc8bfc33d905c6db97ab69680
SHA1

cd416876cac5670715d94629429798fba3f7ca5f
SHA256

cd53fd7915c0fe8401afe5bbd5031397ba33ef654103e04d8ba51d28a7962812
SHA512

a9345f8a1d1bdfec96b6323d4c9108a08352904c21d08ef8fb76230d9918030bb4b0f659afb4d12dd16b3ea4beb042946cd6b424419530c08984347540e35017
SSDEEP

12288:2DDTfY9qtgWjOdB0+gJfY9qtgWjOdB0+g:2DDTT+ET+

Score

N/A

Malware Config

Signatures

Files

cd53fd7915c0fe8401afe5bbd5031397ba33ef654103e04d8ba51d28a7962812
.exe windows x86

579eb69a9d42f824590130a37d3931e6

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:d7:b3:a2:1f:f5:c0:8d:6e:f2:1f:8c:7d:ec:0c:d7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/12/2011, 00:00

Not After

05/12/2013, 23:59

Subject

CN=BEIJING KUWO TECHNOLOGY CO.\,LTD.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BEIJING KUWO TECHNOLOGY CO.\,LTD.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2c:e2:49:e4:75:2f:97:c4:37:ae:ff:d6:b8:06:dc:72:95:78:6c:bb
Signer

Actual PE Digest

2c:e2:49:e4:75:2f:97:c4:37:ae:ff:d6:b8:06:dc:72:95:78:6c:bb

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=BEIJING KUWO TECHNOLOGY CO.\,LTD.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BEIJING KUWO TECHNOLOGY CO.\,LTD.,L=Beijing,ST=Beijing,C=CN

13/09/2012, 06:40
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
GetVersionExA
GetCurrentProcess
GetProcAddress
GetModuleHandleA
FindNextFileA
DeleteFileA
SetFileAttributesA
CloseHandle
GetWindowsDirectoryA
InterlockedDecrement
lstrcmpiA
LocalFree
lstrlenA
GetPrivateProfileStringA
WritePrivateProfileStringA
FindFirstFileA
FindClose
GetModuleFileNameA
GetCurrentDirectoryA
GetSystemDirectoryA
CreateProcessA
GetProcessHeap
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoA
RaiseException
RtlUnwind
GetSystemTimeAsFileTime
GetCommandLineA
GetStartupInfoA
HeapAlloc
GetLastError
HeapFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
HeapSize
ExitProcess
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
WriteFile
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
VirtualAlloc
HeapReAlloc
SetFilePointer
GetConsoleCP
GetConsoleMode
LoadLibraryA
InitializeCriticalSectionAndSpinCount
SetStdHandle
FlushFileBuffers
MultiByteToWideChar
ReadFile
CreateFileA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

user32

wsprintfW
FindWindowA
MessageBoxA
wsprintfA

advapi32

GetTokenInformation
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
OpenProcessToken

shell32

ShellExecuteExA
ShellExecuteA
SHGetSpecialFolderPathA

ole32

CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

VariantClear
VariantInit
SysFreeString
SysAllocString
GetErrorInfo

Sections

.text
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 420KB - Virtual size: 419KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

579eb69a9d42f824590130a37d3931e6

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

47:d7:b3:a2:1f:f5:c0:8d:6e:f2:1f:8c:7d:ec:0c:d7Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

2c:e2:49:e4:75:2f:97:c4:37:ae:ff:d6:b8:06:dc:72:95:78:6c:bbSigner

Signature Validations

Verification

13/09/2012, 06:40 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 79KB - Virtual size: 79KB

.rdata Size: 15KB - Virtual size: 15KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 420KB - Virtual size: 419KB

.reloc Size: 20KB - Virtual size: 20KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

47:d7:b3:a2:1f:f5:c0:8d:6e:f2:1f:8c:7d:ec:0c:d7
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

2c:e2:49:e4:75:2f:97:c4:37:ae:ff:d6:b8:06:dc:72:95:78:6c:bb
Signer

13/09/2012, 06:40
Valid: false

.text
Size: 79KB - Virtual size: 79KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 420KB - Virtual size: 419KB

.reloc
Size: 20KB - Virtual size: 20KB