5b896f1bdb302ac15ba82320de90bd527c5da063f9fc92dd182cf8ddedbee2bd

Sharing

Copy URL Twitter E-mail

General

Target

5b896f1bdb302ac15ba82320de90bd527c5da063f9fc92dd182cf8ddedbee2bd
Size

60KB
MD5

0f3bff55bf8052f5ec4b70eb66c79d10
SHA1

0bc8440167a641577b739c10b6f7cddcfa7c0553
SHA256

5b896f1bdb302ac15ba82320de90bd527c5da063f9fc92dd182cf8ddedbee2bd
SHA512

2a451aff35b662bb6a7af1cd1854ecedc6dacb1092a2c83fc97ddc93057079013291e4dc849f3f971ca6a7a288dd27036cf525779446f953f2d19f8c958c63e7
SSDEEP

768:qFH/iqdb4AxwQjq2DwEbCHUiK42Wd/iwOa9+4Zh2IH4HP/Y9VisKl4qd:qR/iqPBnDrIUe2q/iwLZZKv/IisKldd

Score

N/A

Malware Config

Signatures

Files

5b896f1bdb302ac15ba82320de90bd527c5da063f9fc92dd182cf8ddedbee2bd
.exe windows x86

e4803ca15da0f179799275062c49bedf

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

40:90:52:79:e0:05:2e:27:92:4a:79:bd:23:c0:0e:50
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/05/2012, 00:00

Not After

23/06/2015, 23:59

Subject

CN=ShenZhen Thunder Networking Technologies Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Operate,O=ShenZhen Thunder Networking Technologies Ltd.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

43:8b:4e:e8:59:11:1f:04:6f:b9:d2:18:d5:27:74:c0:db:e2:ba:61
Signer

Actual PE Digest

43:8b:4e:e8:59:11:1f:04:6f:b9:d2:18:d5:27:74:c0:db:e2:ba:61

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=ShenZhen Thunder Networking Technologies Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Operate,O=ShenZhen Thunder Networking Technologies Ltd.,L=Shenzhen,ST=Guangdong,C=CN

06/03/2013, 09:24
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessHeap
GetCommandLineW
DeleteFileW
HeapFree
MultiByteToWideChar
GetSystemTimeAsFileTime
GetCurrentProcessId
GetSystemDirectoryW
GetModuleHandleW
GetProcAddress
GetTempPathW
LocalFree
lstrlenW
SetLastError
DeleteCriticalSection
InitializeCriticalSection
GetLastError
GetVersionExW
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetStartupInfoW
GetModuleHandleA
ExitProcess
HeapSize
HeapReAlloc
HeapAlloc
HeapDestroy
GetVersionExA

advapi32

RegQueryValueExW
GetNamedSecurityInfoW
GetAclInformation
GetAce
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
EqualSid
SetNamedSecurityInfoW
InitializeAcl
AddAce
GetLengthSid
CopySid
IsValidSid
RegOpenKeyExW
RegCloseKey

shell32

SHGetFolderPathW
ord165
SHFileOperationW
SHGetSpecialFolderPathW
CommandLineToArgvW

ole32

CoTaskMemFree

shlwapi

PathIsSameRootW
PathCombineW
PathFileExistsW
PathAppendW
PathIsDirectoryW

msvcp71

?_Nomemory@std@@YAXXZ
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z

msvcr71

_controlfp
memset
memmove
malloc
free
_resetstkoflw
_except_handler3
_CxxThrowException
_purecall
??3@YAXPAX@Z
memcpy
__CxxFrameHandler
wcscpy
??0exception@@QAE@ABV0@@Z
??_V@YAXPAX@Z
_wcsupr
wcslen
??1exception@@UAE@XZ
??0exception@@QAE@XZ
fclose
_wfopen
getc
fgetwc
fseek
fread
__set_app_type
_wcsicmp
_callnewh
__security_error_handler
??1type_info@@UAE@XZ
__dllonexit
_onexit
?terminate@@YAXXZ
_c_exit
_exit
_XcptFilter
_cexit
exit
_wcmdln
_amsg_exit
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e4803ca15da0f179799275062c49bedf

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

40:90:52:79:e0:05:2e:27:92:4a:79:bd:23:c0:0e:50Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

43:8b:4e:e8:59:11:1f:04:6f:b9:d2:18:d5:27:74:c0:db:e2:ba:61Signer

Signature Validations

Verification

06/03/2013, 09:24 Valid: false

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

ole32

shlwapi

msvcp71

msvcr71

Sections

.text Size: 24KB - Virtual size: 22KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 16KB - Virtual size: 16KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

40:90:52:79:e0:05:2e:27:92:4a:79:bd:23:c0:0e:50
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

43:8b:4e:e8:59:11:1f:04:6f:b9:d2:18:d5:27:74:c0:db:e2:ba:61
Signer

06/03/2013, 09:24
Valid: false

.text
Size: 24KB - Virtual size: 22KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 16KB - Virtual size: 16KB