c7c5f8595ee7c0df604a4629d1bfe44d6d010ddf48e3cf0a4e25cd744ee301c0

Sharing

Copy URL

Twitter E-mail

General

Target

c7c5f8595ee7c0df604a4629d1bfe44d6d010ddf48e3cf0a4e25cd744ee301c0
Size

360KB
MD5

44692b46d69ccd783ebab6e1343fcfc4
SHA1

e61f3abea3f7193a8096cc7d26c73b8222a1fc85
SHA256

c7c5f8595ee7c0df604a4629d1bfe44d6d010ddf48e3cf0a4e25cd744ee301c0
SHA512

3f3b6d65b74424a84e053fcabfc5d6949bc63ea486cacf0d3a2c82d4b8eed6ff51728144444fc0c065c55c2929e8b71af46f35cd7472e6bdfe3f6e9d036d2313
SSDEEP

6144:f/GddWp5ex6F4Ycb20NbdjMSkwb2if1L5kz91xSxCFYd:HGmfexmWbdjMNwbn9y6sY

Score

N/A

Malware Config

Signatures

Files

c7c5f8595ee7c0df604a4629d1bfe44d6d010ddf48e3cf0a4e25cd744ee301c0
.exe windows x86

5083ea187df2633dc7b7ce2a98a822ed

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:92:ae:b3:83:26:5c:7c:64:53:bd:92:a0:40:a0:20
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

15-02-2009 00:00

Not After

15-02-2010 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tencent,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c1:93:ed:45:47:f9:5e:59:7f:8f:d5:85:4f:43:0b:04:f1:d3:f7:95
Signer

Actual PE Digest

c1:93:ed:45:47:f9:5e:59:7f:8f:d5:85:4f:43:0b:04:f1:d3:f7:95

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tencent,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

09-12-2009 09:23
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenProcess
CreateEventW
TerminateThread
SetEvent
WaitForMultipleObjects
Sleep
GetCommandLineW
GetSystemDefaultLangID
GetModuleFileNameW
CreateDirectoryW
lstrcpynW
GetFileAttributesW
GetPrivateProfileStringW
FreeLibrary
LoadLibraryW
ResetEvent
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
WaitForSingleObject
CloseHandle
GetLastError
GetVersionExW
GetProcAddress
GetSystemInfo
WideCharToMultiByte
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetLocalTime
GetModuleHandleW
GetPrivateProfileIntW
lstrlenA

user32

PostMessageW
SendMessageW
FindWindowA
IsIconic
ShowWindow

advapi32

CreateProcessAsUserW
ControlService
DeleteService
QueryServiceStatus
OpenServiceW
OpenSCManagerW
CloseServiceHandle
ImpersonateLoggedOnUser
DuplicateTokenEx
StartServiceCtrlDispatcherW
ChangeServiceConfig2W
CreateServiceW
StartServiceW
SetServiceStatus
RegisterServiceCtrlHandlerW
OpenProcessToken

shell32

SHGetSpecialFolderPathW

msvcp60

??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
?_Eos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
?_Grow@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAE_NI_N@Z
?_Xlen@std@@YAXXZ
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?_Xran@std@@YAXXZ
?_Split@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXXZ
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1ios_base@std@@UAE@XZ
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??1locale@std@@QAE@XZ
??_7?$basic_streambuf@DU?$char_traits@D@std@@@std@@6B@
?_Tidy@?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXXZ
??_7?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@6B@
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??_7?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@6B@
??0?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??0ios_base@std@@IAE@XZ
??_8?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@7B@
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z
?find_last_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
__p___winitenv
exit
_XcptFilter
_exit
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
_snprintf
__CxxFrameHandler
wcslen
??2@YAPAXI@Z
_snwprintf
fclose
fwrite
_purecall
_vsnprintf
_vsnwprintf
strncpy
free
realloc
memmove
atoi
strchr
strtok
wprintf
_wcsicmp
_ftol
_beginthreadex
_wfopen
time
__p___wargv
__p___argc
wcsncpy
wcsncat
_wsplitpath
wcschr
mktime
malloc
_stricmp
wcsrchr
_strdup

ws2_32

getsockopt
send
setsockopt
recv
connect
ioctlsocket
socket
closesocket
shutdown
ntohl
ntohs
gethostbyname
select
WSAStartup
WSACleanup
htonl
htons
WSAGetLastError

wininet

InternetQueryOptionW

Sections

.text
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

ls
Size: 244KB - Virtual size: 244KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5083ea187df2633dc7b7ce2a98a822ed

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

7b:92:ae:b3:83:26:5c:7c:64:53:bd:92:a0:40:a0:20Certificate

Extended Key Usages

Key Usages

c1:93:ed:45:47:f9:5e:59:7f:8f:d5:85:4f:43:0b:04:f1:d3:f7:95Signer

Signature Validations

Verification

09-12-2009 09:23 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

msvcp60

msvcrt

ws2_32

wininet

Sections

.text Size: 68KB - Virtual size: 66KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 16KB - Virtual size: 15KB

.rsrc Size: 4KB - Virtual size: 992B

ls Size: 244KB - Virtual size: 244KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

7b:92:ae:b3:83:26:5c:7c:64:53:bd:92:a0:40:a0:20
Certificate

c1:93:ed:45:47:f9:5e:59:7f:8f:d5:85:4f:43:0b:04:f1:d3:f7:95
Signer

09-12-2009 09:23
Valid: false

.text
Size: 68KB - Virtual size: 66KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 16KB - Virtual size: 15KB

.rsrc
Size: 4KB - Virtual size: 992B

ls
Size: 244KB - Virtual size: 244KB