4cf56ae9fb778eb2074e30413179337b03ab90a057a1eae70b90dd7cacdfe596

Sharing

Copy URL Twitter E-mail

General

Target

4cf56ae9fb778eb2074e30413179337b03ab90a057a1eae70b90dd7cacdfe596
Size

852KB
MD5

0f63c5770d33eb0a9d48cf91f0c9a9c0
SHA1

45e7e8c72118c2b039ab3500cfa459f2663a5987
SHA256

4cf56ae9fb778eb2074e30413179337b03ab90a057a1eae70b90dd7cacdfe596
SHA512

8802c09e87c407ad1ec724a9c951d4bbddd232a79250b39ddf4c868d784546d08ecce282b60386d5c50dcd70c3f69d394f3ef4219e2160e0652511e47ef3a651
SSDEEP

24576:xn2Qscn94Fvc+qZ1FJzRSIAm9vwgk/4XIRl0PV:xOZdqZ1P1SIAm9vnkuIIN

Score

N/A

Malware Config

Signatures

Files

4cf56ae9fb778eb2074e30413179337b03ab90a057a1eae70b90dd7cacdfe596
.exe windows x86

0abf368c4d6bdac54d76951e0b79d19e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetVersion
GetLogicalDriveStringsW
QueryDosDeviceW
GetLongPathNameW
GetModuleHandleA
SetEvent
WaitForSingleObject
CreateThread
GlobalMemoryStatusEx
WritePrivateProfileStringW
GetPrivateProfileIntW
ResetEvent
VirtualAlloc
VirtualFree
DeleteFileW
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
WideCharToMultiByte
InitializeCriticalSectionAndSpinCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapCreate
HeapReAlloc
GetModuleFileNameA
GetStdHandle
WriteFile
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapSize
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetSystemTimeAsFileTime
ExitProcess
RtlUnwind
GetStartupInfoW
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetFileSize
CreateFileW
ReadFile
SetFilePointer
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
ExpandEnvironmentStringsW
CreateProcessW
GlobalAddAtomW
GlobalFindAtomW
CreateEventW
SetProcessWorkingSetSize
lstrcmpW
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
SetLastError
FlushInstructionCache
lstrlenA
LocalFree
Sleep
CreateMutexW
DeleteCriticalSection
InitializeCriticalSection
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
GetLastError
RaiseException
lstrcmpiW
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
MultiByteToWideChar
LoadLibraryW
GetProcAddress
GetModuleHandleW
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
GetModuleFileNameW
GetCommandLineW
CloseHandle
GetCurrentProcess
GetVersionExW
InterlockedIncrement
lstrlenW
LCMapStringA
InterlockedDecrement

user32

LoadStringW
CharLowerW
CharNextW
SendMessageTimeoutW
IsIconic
GetWindowLongW
DefWindowProcW
CallWindowProcW
DestroyWindow
UnregisterClassA
FindWindowW
LoadBitmapW
DialogBoxParamW
EndDialog
CreateDialogParamW
GetWindowDC
IsRectEmpty
IntersectRect
LoadIconW
FrameRect
IsWindowVisible
GetScrollInfo
ScrollWindow
SetScrollPos
ShowScrollBar
SetScrollInfo
GetScrollPos
OpenClipboard
TrackMouseEvent
RegisterClassW
GetClassInfoW
GetDlgCtrlID
GetMenu
AdjustWindowRectEx
SystemParametersInfoW
CopyRect
SetRect
SetCursor
DrawEdge
InflateRect
PostQuitMessage
DrawFocusRect
GetCapture
UpdateWindow
DestroyIcon
GetActiveWindow
EnableWindow
SetActiveWindow
EmptyClipboard
SetClipboardData
PtInRect
PostMessageW
SendMessageW
IsWindowEnabled
CloseClipboard
SetWindowLongW
ShowWindow
SetForegroundWindow
SwitchToThisWindow
GetSystemMetrics
KillTimer
SetTimer
OffsetRect
LoadImageW
DrawIconEx
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
IsChild
GetFocus
GetDlgItem
GetClassNameW
GetSysColor
RedrawWindow
CreateAcceleratorTableW
ScreenToClient
MoveWindow
InvalidateRgn
GetDC
ReleaseDC
GetDesktopWindow
DestroyAcceleratorTable
SetWindowRgn
EndPaint
BeginPaint
ClientToScreen
ReleaseCapture
SetCapture
InvalidateRect
IsWindow
CreateWindowExW
LoadCursorW
GetClassInfoExW
RegisterClassExW
SetFocus
GetWindow
MonitorFromWindow
GetMonitorInfoW
GetWindowRect
MapWindowPoints
IsZoomed
SetWindowPos
DrawTextW
FillRect
GetClientRect
GetParent
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
MessageBoxW

gdi32

ExtTextOutW
CreateFontIndirectW
MoveToEx
LineTo
SaveDC
GetClipBox
RestoreDC
SetBkColor
StretchBlt
CreateFontW
SetBkMode
CreateSolidBrush
GetStockObject
GetObjectW
GetDeviceCaps
CreatePolygonRgn
BitBlt
DeleteObject
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
SelectObject
CreatePen
SetViewportOrgEx
SetTextColor

comdlg32

GetSaveFileNameW

advapi32

RegSetValueExW
GetTokenInformation
RegDeleteKeyW
RegCloseKey
RegQueryInfoKeyW
RegDeleteValueW
RegCreateKeyExW
OpenProcessToken
RegOpenKeyExW
RegEnumKeyExW

shell32

ord680
SHGetSpecialFolderPathW
SHGetFileInfoW
ExtractIconExW
SHGetFolderPathW
CommandLineToArgvW
ShellExecuteW
ShellExecuteExW

ole32

OleInitialize
CLSIDFromString
CLSIDFromProgID
CreateStreamOnHGlobal
OleLockRunning
StringFromGUID2
OleUninitialize
CoUninitialize
CoInitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoGetClassObject

oleaut32

SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
DispCallFunc
VariantClear
VariantInit
SysAllocStringLen
SysStringLen
SysAllocString
VarUI4FromStr
SysFreeString

shlwapi

PathFileExistsW
PathIsDirectoryW
PathRemoveFileSpecW
PathAddBackslashW
PathCombineW
ord154
PathAppendW
SHGetValueW
PathFindExtensionW
StrCmpIW
StrChrW
StrStrIW
PathAddExtensionW

comctl32

ImageList_LoadImageW
ImageList_GetIconSize
_TrackMouseEvent
ImageList_Destroy
ImageList_Draw

msimg32

TransparentBlt

iphlpapi

GetAdaptersInfo

wininet

InternetGetConnectedState

psapi

GetModuleFileNameExW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Sections

.text
Size: 430KB - Virtual size: 429KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 242KB - Virtual size: 242KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0abf368c4d6bdac54d76951e0b79d19e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

iphlpapi

wininet

psapi

version

Sections

.text Size: 430KB - Virtual size: 429KB

.rdata Size: 89KB - Virtual size: 88KB

.data Size: 35KB - Virtual size: 44KB

.rsrc Size: 242KB - Virtual size: 242KB

.reloc Size: 54KB - Virtual size: 54KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

.text
Size: 430KB - Virtual size: 429KB

.rdata
Size: 89KB - Virtual size: 88KB

.data
Size: 35KB - Virtual size: 44KB

.rsrc
Size: 242KB - Virtual size: 242KB

.reloc
Size: 54KB - Virtual size: 54KB