df788047bcd4c78a4fc2d914ef149d29f802724d707fafb8306acf814c63e39f

Sharing

Copy URL Twitter E-mail

General

Target

df788047bcd4c78a4fc2d914ef149d29f802724d707fafb8306acf814c63e39f
Size

184KB
MD5

499837bf82595386db397578f79e9e30
SHA1

0a3e5c1a516ae1b7b7a8019732d6b13ea390e26b
SHA256

df788047bcd4c78a4fc2d914ef149d29f802724d707fafb8306acf814c63e39f
SHA512

e36b5ccd51e3f8f6e7eeff64028a5887862632ca6aa38d6d1e9ea341e25e9cc2109fb41509a4bbc59e35083f7ef653a570bb6eac394400683ecb101a38fdab41
SSDEEP

3072:JYWpnTgnOnfmEPg2/UR5IrYhwP5ITm3drafA45YS5v:tReOfmEPQ5Jhg5ITmtra4jq

Score

N/A

Malware Config

Signatures

Files

df788047bcd4c78a4fc2d914ef149d29f802724d707fafb8306acf814c63e39f
.exe windows x86

9db75de2eaf91fba63f554a411d0430f

Code Sign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6b:d0:fa:31:11:e1:60:37:0e:59:8f:35:d2:0a:41:b4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

13/09/2010, 00:00

Not After

12/11/2011, 23:59

Subject

CN=Shenzhen DriveTheLife Software Technology Co.Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen DriveTheLife Software Technology Co.Ltd,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:57:ca:38:56:11:76:0c:08:8a:ee:87:04:be:16:0c:f9:87:c2:8e
Signer

Actual PE Digest

0c:57:ca:38:56:11:76:0c:08:8a:ee:87:04:be:16:0c:f9:87:c2:8e

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Shenzhen DriveTheLife Software Technology Co.Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen DriveTheLife Software Technology Co.Ltd,L=Shenzhen,ST=Guangdong,C=CN

09/05/2011, 02:47
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gzipdll

unzip

mfc80ud

ord7034
ord4114
ord2522
ord5313
ord7276
ord8601
ord6873
ord1341
ord5287
ord7570
ord2644
ord2689
ord6009
ord8669
ord5279
ord8667
ord5613
ord5655
ord386
ord1416
ord2634
ord5045
ord6278
ord5770
ord8386
ord7991
ord8391
ord8424
ord5502
ord573
ord832
ord7664
ord4646
ord3469
ord2725
ord6482
ord289
ord3663
ord3187
ord422
ord742
ord3121
ord1975
ord4487
ord1669
ord2784
ord5941
ord6179
ord3999
ord6998
ord2152
ord2221
ord2222
ord2580
ord6970
ord1864
ord6730
ord4655
ord8670
ord5280
ord8668
ord2064
ord2992
ord3002
ord7036
ord3268
ord3266
ord3284
ord3296
ord3273
ord3289
ord3294
ord3277
ord3279
ord3281
ord3275
ord3291
ord3271
ord1184
ord1180
ord1182
ord1178
ord1173
ord7050
ord7052
ord8194
ord2153
ord5961
ord6455
ord4775
ord1802
ord2994
ord7001
ord5856
ord8666
ord6841
ord2508
ord6946
ord5922
ord1916
ord5499
ord2176
ord2179
ord8117
ord9157
ord2100
ord2101
ord2244
ord2245
ord6638
ord6468
ord5884
ord6977
ord9137
ord288
ord2029
ord919
ord3402
ord1160
ord5503
ord6266
ord7046
ord7011
ord7553
ord3508
ord3803
ord3972
ord5990
ord3780
ord3975
ord3511
ord3684
ord3503
ord5151
ord5152
ord5142
ord3682
ord5506
ord6174
ord5940
ord2891
ord1757
ord7685
ord4638
ord3080
ord714
ord2646
ord2595
ord3253
ord5633
ord1578
ord1358
ord8227
ord1396
ord1485
ord5311
ord908
ord888
ord662
ord5087
ord6237
ord1142
ord1145
ord286
ord299
ord673
ord921
ord901
ord1435
ord3286
ord893

msvcr80d

_CrtSetCheckCount
_wcmdln
_cexit
_XcptFilter
_exit
__wgetmainargs
_amsg_exit
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_errno
_CrtDbgReportW
exit
_beginthreadex
wcslen
memmove_s
_wcsicmp
memcmp
_recalloc
calloc
_initterm
_initterm_e
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_controlfp_s
_invoke_watson
_except_handler4_common
_crt_debugger_hook
__CxxFrameHandler3
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_snprintf_s
_CxxThrowException
_CrtDbgReport
free
strcpy
wcscpy
_vsnprintf_s
memset
_vsnwprintf_s
_snwprintf_s
wcscpy_s
wcsncpy_s
strcpy_s

kernel32

CloseHandle
Sleep
CreateMutexW
SetLastError
GetLastError
MultiByteToWideChar
GetCurrentProcess
GetModuleFileNameW
InterlockedExchange
InterlockedCompareExchange
GetStartupInfoW
SetThreadPriority
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
FatalAppExitA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameA
InterlockedDecrement
InterlockedIncrement
OpenFileMappingA
GetVersion
ResumeThread
GetTickCount
GetCurrentThread
CreateFileMappingA
MapViewOfFile
QueryPerformanceCounter
GetSystemInfo
UnmapViewOfFile
VirtualAlloc
lstrlenA
OutputDebugStringW
OutputDebugStringA
OpenEventA
SetEvent
RaiseException
GetThreadLocale
GetLocaleInfoA
GetACP
GetVersionExA
MulDiv

user32

OffsetRect
InflateRect
EqualRect
SetRectEmpty
SubtractRect
IntersectRect
IsRectEmpty
RegisterClassW
GetSysColor
PtInRect
UnionRect
LoadCursorW
SetRect
CopyRect
PostMessageW
GetSystemMetrics
FindWindowW
DefDlgProcW

gdi32

CreateSolidBrush

shell32

ShellExecuteW
SHFileOperationW

comctl32

InitCommonControlsEx

shlwapi

PathRemoveFileSpecW

ws2_32

WSAStartup

gdiplus

GdiplusStartup
GdiplusShutdown

advapi32

SetThreadToken
RevertToSelf
OpenThreadToken

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

�c�
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9db75de2eaf91fba63f554a411d0430f

Code Sign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0dCertificate

Extended Key Usages

Key Usages

6b:d0:fa:31:11:e1:60:37:0e:59:8f:35:d2:0a:41:b4Certificate

Extended Key Usages

Key Usages

0c:57:ca:38:56:11:76:0c:08:8a:ee:87:04:be:16:0c:f9:87:c2:8eSigner

Signature Validations

Verification

09/05/2011, 02:47 Valid: false

Headers

File Characteristics

Imports

gzipdll

mfc80ud

msvcr80d

kernel32

user32

gdi32

shell32

comctl32

shlwapi

ws2_32

gdiplus

advapi32

Sections

.text Size: 32KB - Virtual size: 28KB

.rdata Size: 28KB - Virtual size: 25KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 27KB - Virtual size: 28KB

�c� Size: 88KB - Virtual size: 88KB

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

6b:d0:fa:31:11:e1:60:37:0e:59:8f:35:d2:0a:41:b4
Certificate

0c:57:ca:38:56:11:76:0c:08:8a:ee:87:04:be:16:0c:f9:87:c2:8e
Signer

09/05/2011, 02:47
Valid: false

.text
Size: 32KB - Virtual size: 28KB

.rdata
Size: 28KB - Virtual size: 25KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 27KB - Virtual size: 28KB

�c�
Size: 88KB - Virtual size: 88KB