8bfbbfd4e728bf6ac205ef3ae07bb03ded1b533d89eb75caed39056fbeec5a30

Sharing

Copy URL Twitter E-mail

General

Target

8bfbbfd4e728bf6ac205ef3ae07bb03ded1b533d89eb75caed39056fbeec5a30
Size

10.7MB
MD5

20652cdec6e392e65d0a2faf11b8d12a
SHA1

24cc99d0e89a35d75618d76b3e0be732ed285fb4
SHA256

8bfbbfd4e728bf6ac205ef3ae07bb03ded1b533d89eb75caed39056fbeec5a30
SHA512

3290264c48b8a41fb2fc20fdea9f11b6efb1bc1a49fe09c3305f6ee7cd59d751a173359a97727f9aa42d97bfd87adc4574bb8464ec212d8522c63e1819eecbaf
SSDEEP

196608:Rwjlzn8UTu8pxOOSr/o3CnpHtVf8mns8csJm7zM2MHuThwcIoo9bf:RGzNTuVo0Z8mnswJaWL1Rf

Score

N/A

Malware Config

Signatures

Files

8bfbbfd4e728bf6ac205ef3ae07bb03ded1b533d89eb75caed39056fbeec5a30
.exe windows x86

96effc0710249839f0821b4bb2f37026

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:83:ef:09:6f:14:d7:bc:f9:f0:69:9c:ea:15:6b:7f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

22/02/2012, 00:00

Not After

21/02/2015, 23:59

Subject

CN=Beijing Baofeng Technology Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing Baofeng Technology Co.\, Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d8:57:c9:da:35:a6:ae:37:54:ab:04:8d:33:32:9e:1f:fd:1c:d5:9f
Signer

Actual PE Digest

d8:57:c9:da:35:a6:ae:37:54:ab:04:8d:33:32:9e:1f:fd:1c:d5:9f

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Beijing Baofeng Technology Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing Baofeng Technology Co.\, Ltd.,L=Beijing,ST=Beijing,C=CN

04/09/2014, 08:33
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winhttp

WinHttpCloseHandle
WinHttpOpen
WinHttpSetTimeouts
WinHttpCrackUrl
WinHttpConnect
WinHttpSetOption
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpWriteData
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpQueryOption

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

kernel32

FindNextFileW
DeleteFileW
FindClose
HeapAlloc
GetProcessHeap
HeapFree
GlobalFree
lstrlenA
GetCurrentProcessId
lstrcpyA
TerminateThread
CreateDirectoryW
GetLocalTime
MoveFileW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OpenProcess
LoadLibraryExW
GetLogicalDriveStringsW
GetDriveTypeW
SetErrorMode
GetDiskFreeSpaceExW
MoveFileExW
CopyFileW
GetCommandLineW
LocalFree
InitializeCriticalSectionAndSpinCount
lstrcmpW
RaiseException
CreateProcessW
GetSystemInfo
GetTickCount
LeaveCriticalSection
SystemTimeToFileTime
RemoveDirectoryW
GetFileTime
SetEndOfFile
FileTimeToSystemTime
lstrcmpA
GlobalAlloc
GlobalLock
GlobalUnlock
InterlockedDecrement
InterlockedIncrement
GetCurrentThreadId
SetLastError
FlushInstructionCache
MulDiv
lstrcmpiA
GlobalReAlloc
HeapDestroy
HeapReAlloc
HeapSize
InterlockedCompareExchange
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
IsProcessorFeaturePresent
DecodePointer
GetVersionExW
EncodePointer
CreateThread
ExitThread
IsDebuggerPresent
ExitProcess
GetModuleHandleExW
VirtualProtect
VirtualAlloc
VirtualFree
FindFirstFileW
lstrcatW
GetFileAttributesW
lstrcpynW
GetModuleFileNameW
MultiByteToWideChar
GetTempPathW
Sleep
GetModuleHandleA
TerminateProcess
CreateProcessA
GetSystemDirectoryA
CreatePipe
lstrcpyW
LoadLibraryW
CreateMutexW
GetModuleHandleW
OpenMutexW
GetProcAddress
FreeLibrary
GetCurrentProcess
CreateEventW
SetEvent
WaitForSingleObject
SetFileAttributesW
CreateDirectoryA
SetFileTime
WideCharToMultiByte
DeleteCriticalSection
CompareFileTime
EnterCriticalSection
CloseHandle
GetLastError
CreateFileW
ReadFile
WriteFile
SetFilePointer
GetFileSize
CreateFileA
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrcmpiW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
lstrlenW
GetConsoleMode
GetFileType
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
OutputDebugStringW
SetFilePointerEx
SetStdHandle
WriteConsoleW
FlushFileBuffers
GetSystemTime
GetConsoleCP
GetStringTypeW
VirtualQuery
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStdHandle
ReadConsoleW

user32

UnregisterClassW
KillTimer
SetTimer
SetWindowRgn
EnableWindow
MonitorFromPoint
TrackPopupMenu
GetMenuItemID
EndDialog
DialogBoxParamW
DrawIconEx
MapWindowPoints
IsDialogMessageW
SetCursor
SetMenuItemInfoW
RemoveMenu
GetMenuState
SetMenuInfo
GetMenuInfo
GetClassNameA
CallNextHookEx
GetCursorPos
SetWindowsHookExW
SetPropA
UnhookWindowsHookEx
GetMenuItemInfoW
InflateRect
SetWindowTextA
FindWindowA
GetWindowDC
GetMenuItemCount
GetSystemMetrics
SystemParametersInfoW
GetMonitorInfoW
MonitorFromWindow
GetPropA
SetRect
CopyRect
OffsetRect
PtInRect
EqualRect
UpdateWindow
SetParent
IsRectEmpty
SetRectEmpty
PostQuitMessage
ShowWindow
IsIconic
PeekMessageW
TranslateMessage
DispatchMessageW
IsChild
GetFocus
GetWindow
IsWindow
GetClassNameW
GetSysColor
CharNextW
RedrawWindow
LoadCursorW
GetClassInfoExW
RegisterClassExW
CreateWindowExW
DestroyWindow
CreateAcceleratorTableW
ClientToScreen
GetParent
MoveWindow
SetCapture
ReleaseCapture
InvalidateRgn
GetDC
ReleaseDC
DestroyAcceleratorTable
EndPaint
FillRect
GetClientRect
BeginPaint
InvalidateRect
SetFocus
UnregisterHotKey
RegisterHotKey
LoadIconW
GetDesktopWindow
SendMessageTimeoutW
RegisterWindowMessageW
GetWindowThreadProcessId
DrawTextW
IsZoomed
GetWindowRect
ScreenToClient
SetForegroundWindow
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
EnableMenuItem
GetSystemMenu
CallWindowProcW
DefWindowProcW
GetWindowLongW
SetWindowLongW
GetDlgItem
SendMessageW
SetWindowPos
PostMessageW
FindWindowExW
IsWindowVisible
MessageBoxW
FindWindowW
wsprintfW
GetMessageW

advapi32

RegEnumKeyExW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
GetTokenInformation
LookupAccountNameW
GetFileSecurityW
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
GetAclInformation
GetLengthSid
InitializeAcl
GetAce
EqualSid
AddAce
AddAccessAllowedAce
SetSecurityDescriptorDacl
GetSecurityDescriptorControl
SetFileSecurityW
RegOpenKeyExW
RegQueryValueExW
GetNamedSecurityInfoW
GetExplicitEntriesFromAclW
GetUserNameW
DeleteAce
BuildExplicitAccessWithNameW
SetEntriesInAclW
SetNamedSecurityInfoW
RegOpenKeyW
RegCloseKey
AddAccessAllowedAceEx
SetSecurityDescriptorControl
RegDeleteKeyW
RegQueryInfoKeyW

ole32

CoInitializeEx
CoCreateInstance
CoUninitialize
PropVariantClear
CoFreeLibrary
CoLoadLibrary
CoInitialize
OleInitialize
OleUninitialize
CoTaskMemAlloc
CoTaskMemFree
CreateStreamOnHGlobal
StringFromGUID2
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoTaskMemRealloc

shell32

ShellExecuteW
ShellExecuteExW
SHChangeNotify
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderPathW
SHBrowseForFolderW

oleaut32

VariantClear
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
SysAllocString
SysFreeString
SysStringLen
SysAllocStringLen
SysStringByteLen
SysAllocStringByteLen
VariantInit

shlwapi

PathIsDirectoryW
PathAppendA
PathFileExistsW
SHStrDupW
PathFindFileNameW
PathAddBackslashW
PathStripToRootW
wnsprintfW
SHGetValueW
SHSetValueW
SHDeleteKeyW
SHDeleteValueW
StrStrIA
StrStrA
StrStrIW
StrChrIW
PathAppendW
StrCmpW

comctl32

InitCommonControlsEx
_TrackMouseEvent

gdi32

DeleteDC
SetBkMode
SetTextColor
DeleteObject
GetStockObject
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
GetDeviceCaps
GetObjectW
CreateSolidBrush
SetBkColor
ExtTextOutW
CreateDIBSection
CreatePen
CreateFontIndirectW
GetClipBox
ExcludeClipRect
Rectangle
StretchBlt
GetPixel
RoundRect
GetTextExtentPoint32W
CreateFontW
GetRgnBox
CreateDCW
SelectPalette
RealizePalette
GetDIBits
CreateDIBitmap
ExtCreateRegion
CombineRgn
SelectObject

msimg32

TransparentBlt

urlmon

ObtainUserAgentString
UrlMkGetSessionOption

gdiplus

GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetPropertyItem
GdipAlloc
GdipReleaseDC
GdipFree
GdipDeleteGraphics
GdiplusShutdown
GdiplusStartup
GdipSetCompositingQuality
GdipSetSmoothingMode
GdipSetPixelOffsetMode
GdipSetInterpolationMode
GdipSetCompositingMode
GdipCreateSolidFill
GdipDeleteBrush
GdipFillRectangle
GdipDrawImageRectRect
GdipDisposeImage
GdipCloneImage
GdipLoadImageFromStream
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromStream
GdipImageSelectActiveFrame
GdipCreateFromHDC

ws2_32

WSACleanup
socket
setsockopt
inet_addr
gethostbyname
htonl
inet_ntoa
htons
connect
WSAGetLastError
closesocket
recv
send
ioctlsocket
select
__WSAFDIsSet
WSAStartup

wininet

InternetSetCookieA
InternetGetCookieA
InternetTimeToSystemTimeA
InternetCrackUrlW
InternetTimeFromSystemTimeW
InternetGetConnectedState

sensapi

IsNetworkAlive

Sections

.text
Size: 465KB - Virtual size: 465KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10.1MB - Virtual size: 10.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

96effc0710249839f0821b4bb2f37026

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

11:83:ef:09:6f:14:d7:bc:f9:f0:69:9c:ea:15:6b:7fCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

d8:57:c9:da:35:a6:ae:37:54:ab:04:8d:33:32:9e:1f:fd:1c:d5:9fSigner

Signature Validations

Verification

04/09/2014, 08:33 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

winhttp

wtsapi32

kernel32

user32

advapi32

ole32

shell32

oleaut32

shlwapi

comctl32

gdi32

msimg32

urlmon

gdiplus

ws2_32

wininet

sensapi

Sections

.text Size: 465KB - Virtual size: 465KB

.rdata Size: 120KB - Virtual size: 119KB

.data Size: 13KB - Virtual size: 31KB

.rsrc Size: 10.1MB - Virtual size: 10.1MB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

11:83:ef:09:6f:14:d7:bc:f9:f0:69:9c:ea:15:6b:7f
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

d8:57:c9:da:35:a6:ae:37:54:ab:04:8d:33:32:9e:1f:fd:1c:d5:9f
Signer

04/09/2014, 08:33
Valid: false

.text
Size: 465KB - Virtual size: 465KB

.rdata
Size: 120KB - Virtual size: 119KB

.data
Size: 13KB - Virtual size: 31KB

.rsrc
Size: 10.1MB - Virtual size: 10.1MB