e0d854669d6f76790b230f45669aa29b10f8ac01a2fb348352704dac11f3e013

Sharing

Copy URL Twitter E-mail

General

Target

e0d854669d6f76790b230f45669aa29b10f8ac01a2fb348352704dac11f3e013
Size

596KB
MD5

2a870c82ed5f6a9650bf501f38586b00
SHA1

3612a52e0147398220762cbe32dc22db1ab03e70
SHA256

e0d854669d6f76790b230f45669aa29b10f8ac01a2fb348352704dac11f3e013
SHA512

14ac889a752337013bc07200beb3b370a6fcc646c5847d0cc283d92ef60f8f340c4338bb0cfcfed97465ee68979e6b9492350b196e123e907eabf99c338cfb70
SSDEEP

6144:jR7sW/1aRxTVWJOilvqVD2N//zDNw4zAfjvvDSvlXQzoOtxWgAowU7OxdONNClEN:jD0Ru3N//WMArQlX8ygAowEC7jnAE3s

Score

N/A

Malware Config

Signatures

Files

e0d854669d6f76790b230f45669aa29b10f8ac01a2fb348352704dac11f3e013
.dll windows x86

f3a17b2553f370c1385a4b544a5879ab

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/01/2010, 00:00

Not After

25/01/2013, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ee:c4:33:00:02:79:ac:4a:55:a1:58:d8:a5:53:63:18:39:c4:04:57
Signer

Actual PE Digest

ee:c4:33:00:02:79:ac:4a:55:a1:58:d8:a5:53:63:18:39:c4:04:57

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

21/12/2012, 01:22
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmAssociateContext

comctl32

ord17

kernel32

FindFirstFileW
SetFilePointer
VirtualQuery
QueryPerformanceCounter
CreateDirectoryW
GetTickCount
GetPrivateProfileStringW
WriteFile
WideCharToMultiByte
LeaveCriticalSection
GetModuleFileNameW
CreateFileW
MultiByteToWideChar
GetLastError
EnterCriticalSection
FindClose
GetLocalTime
GetModuleHandleA
FindNextFileW
QueryPerformanceFrequency
GetCurrentThreadId
OutputDebugStringA
DeleteFileW
GetCurrentProcessId
lstrlenW
WritePrivateProfileStringW
WaitForSingleObject
SetEvent
InitializeCriticalSectionAndSpinCount
CreateEventA
QueueUserAPC
ResetEvent
DeleteCriticalSection
FreeLibrary
LoadLibraryExW
GetProcAddress
QueueUserWorkItem
GetFileSize
ReadFile
CloseHandle
FileTimeToSystemTime
GetTempPathW
InitializeCriticalSection
Sleep
GetExitCodeThread
CreateMutexA
ReleaseMutex
GetModuleFileNameA
OutputDebugStringW
GetLongPathNameW
ConnectNamedPipe
WaitForSingleObjectEx
WaitNamedPipeW
GetOverlappedResult
SetNamedPipeHandleState
CancelIo
SearchPathW
CreateProcessW
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
VirtualAllocEx
DuplicateHandle
OpenProcess
LoadLibraryW
GetWindowsDirectoryW
SleepEx
GetFileAttributesA
CreateFileA
GetSystemTimeAsFileTime
lstrcpynA
IsBadReadPtr
TerminateThread
lstrlenA
InterlockedIncrement
InterlockedDecrement
IsDebuggerPresent
UnhandledExceptionFilter
InterlockedCompareExchange
InterlockedExchange
CreateNamedPipeW

user32

UnregisterClassW
KillTimer
DefWindowProcA
PostMessageA
RegisterClassW
SendMessageA
SetTimer
wsprintfW
SetWindowLongA
GetWindowLongA
CreateWindowExW
CloseWindow
MsgWaitForMultipleObjects
DestroyWindow
DispatchMessageA
PeekMessageA
TranslateMessage
PostQuitMessage

advapi32

RegQueryValueExA
RegOpenKeyA
RegCloseKey

shell32

SHGetSpecialFolderPathA
SHGetSpecialFolderPathW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
ShellExecuteA

ole32

CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoInitializeEx
CoFreeLibrary
CoLoadLibrary
CoCreateInstance
CLSIDFromString
CoCreateGuid
CoInitialize
StringFromGUID2
CoUninitialize
CLSIDFromProgID

oleaut32

SysAllocStringLen
SysAllocStringByteLen
SysFreeString
SysStringLen

shlwapi

wnsprintfA

msvcp90

?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?_Myptr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEPADXZ
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IIPB_W@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHPB_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
?empty@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE_NXZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHPBD@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

ws2_32

socket
ioctlsocket
WSACleanup
htons
recv
WSAGetLastError
connect
__WSAFDIsSet
select
closesocket
send
WSAStartup
ntohl
htonl
inet_addr
ntohs
gethostbyname

msvcr90

free
_CxxThrowException
__CxxFrameHandler3
memchr
atoi
strspn
_strdup
_wcsdup
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_except_handler4_common
_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
_splitpath_s
_mbsnbcat_s
strncpy_s
_getpid
memmove
calloc
strnlen
strchr
strcmp
memcmp
sprintf
strstr
??3@YAXPAX@Z
wcschr
swprintf_s
wcsncpy_s
_time32
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
_snprintf_s
_vsnprintf_s
strlen
_wsplitpath_s
wcslen
tolower
_invalid_parameter_noinfo
wcsrchr
printf
memset
??_V@YAXPAX@Z
_snwprintf_s
wcsftime
strcpy_s
_waccess
_localtime32_s
_purecall
wcscat_s
_vsnwprintf_s
wcscpy_s
??2@YAPAXI@Z
memcpy
memmove_s
_mbsnbcpy
sprintf_s
strcpy
rand
srand
wcsncpy
ceil
_beginthreadex
__RTDynamicCast
_localtime64_s
_time64
towlower
wcstoul
_mkgmtime32
__iob_func
fprintf
_endthreadex
realloc
wcsncat
wcscpy
_errno
malloc

Exports

Exports

??0CTenioDL_coredll@@QAE@XZ
??4CTenioDL_coredll@@QAEAAV0@ABV0@@Z
?TenioDL_Initialize@@YAHXZ
?TenioDL_Release@@YAHXZ
?nTenioDL_coredll@@3HA

Sections

.text
Size: 343KB - Virtual size: 343KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 81KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f3a17b2553f370c1385a4b544a5879ab

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0Certificate

Extended Key Usages

Key Usages

ee:c4:33:00:02:79:ac:4a:55:a1:58:d8:a5:53:63:18:39:c4:04:57Signer

Signature Validations

Verification

21/12/2012, 01:22 Valid: false

Headers

File Characteristics

Imports

imm32

comctl32

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

msvcp90

version

ws2_32

msvcr90

Exports

Exports

Sections

.text Size: 343KB - Virtual size: 343KB

.rdata Size: 64KB - Virtual size: 63KB

.data Size: 81KB - Virtual size: 104KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 19KB - Virtual size: 18KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

ee:c4:33:00:02:79:ac:4a:55:a1:58:d8:a5:53:63:18:39:c4:04:57
Signer

21/12/2012, 01:22
Valid: false

.text
Size: 343KB - Virtual size: 343KB

.rdata
Size: 64KB - Virtual size: 63KB

.data
Size: 81KB - Virtual size: 104KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 19KB - Virtual size: 18KB