d76c76f4b54e81eb5b68a66e5b7208f3982753b53722afa19d502dbad179958f

Sharing

Copy URL Twitter E-mail

General

Target

d76c76f4b54e81eb5b68a66e5b7208f3982753b53722afa19d502dbad179958f
Size

170KB
MD5

21412670f3142d6704f8f46d593b7a12
SHA1

d329f531fe9ad7047b1f85c48146c37833770665
SHA256

d76c76f4b54e81eb5b68a66e5b7208f3982753b53722afa19d502dbad179958f
SHA512

e84b114b6b893c7a6fcc5a83c8358ba8028f94d86cac207868a87e2480f5f65e32da879b7eb6730831f1f9f6ba00de94bda6ca2f7a0285390184bad274d9cf1d
SSDEEP

3072:I6na4zHm4inFb3gZ1zKMJ5XTwre50+XNTBfIKulXw7DSb:vpHRoeZNvXTwjENTBIwC

Score

N/A

Malware Config

Signatures

Files

d76c76f4b54e81eb5b68a66e5b7208f3982753b53722afa19d502dbad179958f
.exe windows x86

c3073019b02654f825825e3167571836

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

68:78:c7:d3:95:19:2f:06:7c:7f:d0:81:52:c8:82:4b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

08/07/2011, 00:00

Not After

05/09/2013, 23:59

Subject

CN=shanghai xin hao yi software Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=shanghai xin hao yi software Co.\, Ltd,L=上海,ST=上海,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b5:e8:b7:c8:46:cb:85:03:ba:bb:cf:5e:65:a1:54:29:15:63:e8:55
Signer

Actual PE Digest

b5:e8:b7:c8:46:cb:85:03:ba:bb:cf:5e:65:a1:54:29:15:63:e8:55

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=shanghai xin hao yi software Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=shanghai xin hao yi software Co.\, Ltd,L=上海,ST=上海,C=CN

09/05/2013, 10:37
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
HeapReAlloc
HeapSize
QueryPerformanceCounter
GetSystemTimeAsFileTime
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetStartupInfoA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetStdHandle
InterlockedExchange
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapAlloc
HeapFree
RtlUnwind
ExitProcess
GetOEMCP
GetCPInfo
SetErrorMode
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
GlobalFlags
InterlockedIncrement
lstrcatA
WritePrivateProfileStringA
FlushFileBuffers
SetFilePointer
InterlockedDecrement
GlobalAddAtomA
SetLastError
FormatMessageA
lstrcpynA
LocalFree
GetCurrentThread
GetCurrentThreadId
GlobalLock
GlobalDeleteAtom
lstrcmpA
GetModuleHandleA
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
TerminateProcess
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
LoadLibraryA
GetProcAddress
FreeLibrary
GetCurrentProcessId
GlobalUnlock
GetCurrentProcess
GetTickCount
FileTimeToSystemTime
SystemTimeToFileTime
GetLocalTime
WriteFile
lstrcmpiA
GetVersion
GetLastError
MultiByteToWideChar
lstrlenA
CreateProcessA
GetModuleFileNameA
CreateFileA
ReadFile
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
WideCharToMultiByte
LocalAlloc
CloseHandle
FindResourceA
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
GetEnvironmentStrings

user32

DestroyMenu
RegisterWindowMessageA
WinHelpA
CreateWindowExA
GetClassLongA
GetClassInfoExA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
LoadIconA
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
AdjustWindowRectEx
GetClassInfoA
RegisterClassA
DefWindowProcA
CallWindowProcA
SystemParametersInfoA
IsIconic
GetWindowPlacement
SetWindowPos
ShowWindow
SetWindowLongA
GetDlgItem
GetSysColorBrush
GetSysColor
ReleaseDC
GetDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetWindowTextA
SetWindowTextA
GetClassNameA
LoadCursorA
GetCapture
ClientToScreen
wsprintfA
GetSystemMetrics
UnhookWindowsHookEx
SetMenuItemBitmaps
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
MessageBoxA
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
SendMessageA
SetCursor
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
PostQuitMessage
PostMessageA
UnregisterClassA
CopyRect

gdi32

PtVisible
TextOutA
GetStockObject
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
RectVisible
GetDeviceCaps
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
DeleteObject
CreateBitmap
ExtTextOutA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegEnumKeyA
RegCloseKey
RegQueryValueExA
RegOpenKeyA
RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegDeleteKeyA
RegOpenKeyExA

comctl32

ord17

shlwapi

PathFindFileNameA
PathFindExtensionA

oleaut32

VariantInit
VariantClear
VariantChangeType

iphlpapi

GetAdaptersInfo

wininet

InternetQueryOptionA
HttpOpenRequestA
HttpSendRequestA
InternetReadFile
InternetOpenA
InternetConnectA
InternetCloseHandle
InternetSetOptionA

Sections

.text
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c3073019b02654f825825e3167571836

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

68:78:c7:d3:95:19:2f:06:7c:7f:d0:81:52:c8:82:4bCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

b5:e8:b7:c8:46:cb:85:03:ba:bb:cf:5e:65:a1:54:29:15:63:e8:55Signer

Signature Validations

Verification

09/05/2013, 10:37 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

comctl32

shlwapi

oleaut32

iphlpapi

wininet

Sections

.text Size: 96KB - Virtual size: 94KB

.rdata Size: 36KB - Virtual size: 32KB

.data Size: 12KB - Virtual size: 22KB

.rsrc Size: 16KB - Virtual size: 14KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

68:78:c7:d3:95:19:2f:06:7c:7f:d0:81:52:c8:82:4b
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

b5:e8:b7:c8:46:cb:85:03:ba:bb:cf:5e:65:a1:54:29:15:63:e8:55
Signer

09/05/2013, 10:37
Valid: false

.text
Size: 96KB - Virtual size: 94KB

.rdata
Size: 36KB - Virtual size: 32KB

.data
Size: 12KB - Virtual size: 22KB

.rsrc
Size: 16KB - Virtual size: 14KB