229a52b888cc5143702a92cbb99236f1efa3e8f5e3f1fd0804ab2fb79524e9a2

Sharing

Copy URL Twitter E-mail

General

Target

229a52b888cc5143702a92cbb99236f1efa3e8f5e3f1fd0804ab2fb79524e9a2
Size

186KB
MD5

3a76dd3e84667b8b1f28203c818ceb6e
SHA1

c6aa69f85bfc3c06023c3b0c7b62319d310863ca
SHA256

229a52b888cc5143702a92cbb99236f1efa3e8f5e3f1fd0804ab2fb79524e9a2
SHA512

9d2d61c8100f290a5189a80e2c15d0fd0ad2cef8e37193fc3a30bba370ffafb6ae26f9a9010e91fcb6d09e25efc1d98a389818a9b65aa01c5dc76086b429e062
SSDEEP

3072:kMdOd5/Z8p1ShmdSKvVTGVReXqj4JfHEZAjcl2GrqgeU6a:PEdSzgKvBGp4JfxHM/

Score

N/A

Malware Config

Signatures

Files

229a52b888cc5143702a92cbb99236f1efa3e8f5e3f1fd0804ab2fb79524e9a2
.dll windows x86

9c3db14765981761c16654b733438fc4

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

68:78:c7:d3:95:19:2f:06:7c:7f:d0:81:52:c8:82:4b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

08/07/2011, 00:00

Not After

05/09/2013, 23:59

Subject

CN=shanghai xin hao yi software Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=shanghai xin hao yi software Co.\, Ltd,L=上海,ST=上海,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

78:9c:94:a7:33:1e:b7:2e:04:b6:be:5c:5a:81:7f:56:5b:66:42:9e
Signer

Actual PE Digest

78:9c:94:a7:33:1e:b7:2e:04:b6:be:5c:5a:81:7f:56:5b:66:42:9e

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=shanghai xin hao yi software Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=shanghai xin hao yi software Co.\, Ltd,L=上海,ST=上海,C=CN

08/05/2013, 07:15
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
GlobalFlags
GetVersion
GetCurrentThreadId
GetProcessVersion
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetCPInfo
GetOEMCP
RtlUnwind
HeapFree
HeapAlloc
RaiseException
SetStdHandle
GetFileType
GetACP
HeapSize
HeapReAlloc
TlsFree
ExitProcess
TerminateProcess
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
FlushInstructionCache
GlobalHandle
TlsAlloc
lstrcatA
lstrcmpA
GlobalLock
GlobalUnlock
LocalAlloc
FreeLibrary
SetLastError
lstrcmpiA
lstrcpynA
GetProcAddress
FlushFileBuffers
SetFilePointer
LocalFree
InterlockedDecrement
InterlockedIncrement
TerminateThread
CreateThread
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetCurrentProcessId
CreateToolhelp32Snapshot
GetLastError
Process32First
Process32Next
GetModuleFileNameA
GetPrivateProfileSectionNamesA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetFileAttributesA
lstrcpyW
GetModuleHandleA
LoadLibraryA
VirtualProtect
GetCurrentProcess
WriteProcessMemory
GetCommandLineA
CreateFileA
GetFileSize
ReadFile
WriteFile
MultiByteToWideChar
WideCharToMultiByte
GetWindowsDirectoryA
GetTempPathA
CopyFileA
DeleteFileA
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
CloseHandle
GlobalAlloc
GlobalFree
GetTickCount
lstrlenA
Sleep
lstrcpyA
GetComputerNameA

user32

CopyRect
GetClientRect
AdjustWindowRectEx
MapWindowPoints
PostMessageA
LoadIconA
GetNextDlgTabItem
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
PostQuitMessage
DestroyMenu
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
DefWindowProcA
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
GetMessagePos
SetForegroundWindow
RegisterWindowMessageA
SystemParametersInfoA
GetWindowPlacement
GetSysColor
GetSysColorBrush
LoadCursorA
DispatchMessageA
GetKeyState
PeekMessageA
SetFocus
SetWindowPos
SetWindowLongA
GetDlgItem
GetFocus
GetWindowTextA
SetWindowTextA
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetClassNameA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
SendMessageA
MessageBoxA
EnableWindow
ReleaseDC
GetDC
GetMessageTime
GetTopWindow
LoadStringA
GrayStringA
DrawTextA
TabbedTextOutA
ClientToScreen
GetSystemMetrics
GetForegroundWindow
GetWindowThreadProcessId
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
IsIconic

gdi32

SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
OffsetViewportOrgEx
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
CreateBitmap
SetViewportOrgEx
SetMapMode
SetTextColor
SetBkColor
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
GetDeviceCaps
DeleteObject
GetObjectA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegOpenKeyExW

comctl32

ord17

ws2_32

WSAStartup
socket
htons
connect
send
shutdown
closesocket
WSACleanup
gethostbyname
WSAGetLastError

iphlpapi

GetAdaptersInfo

Exports

Exports

SetBarID
SetHook
UnHook

Sections

.text
Size: 108KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9c3db14765981761c16654b733438fc4

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

68:78:c7:d3:95:19:2f:06:7c:7f:d0:81:52:c8:82:4bCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

78:9c:94:a7:33:1e:b7:2e:04:b6:be:5c:5a:81:7f:56:5b:66:42:9eSigner

Signature Validations

Verification

08/05/2013, 07:15 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

comctl32

ws2_32

iphlpapi

Exports

Exports

Sections

.text Size: 108KB - Virtual size: 106KB

.rdata Size: 28KB - Virtual size: 24KB

.data Size: 8KB - Virtual size: 20KB

Shared Size: 4KB - Virtual size: 8B

.rsrc Size: 4KB - Virtual size: 968B

.reloc Size: 24KB - Virtual size: 23KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

68:78:c7:d3:95:19:2f:06:7c:7f:d0:81:52:c8:82:4b
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

78:9c:94:a7:33:1e:b7:2e:04:b6:be:5c:5a:81:7f:56:5b:66:42:9e
Signer

08/05/2013, 07:15
Valid: false

.text
Size: 108KB - Virtual size: 106KB

.rdata
Size: 28KB - Virtual size: 24KB

.data
Size: 8KB - Virtual size: 20KB

Shared
Size: 4KB - Virtual size: 8B

.rsrc
Size: 4KB - Virtual size: 968B

.reloc
Size: 24KB - Virtual size: 23KB