df0982d6e87795a4d01dae1f615651eb9e04ac8d85fa391e5c93dd9ef2b357cb

Sharing

Copy URL

Twitter E-mail

General

Target

df0982d6e87795a4d01dae1f615651eb9e04ac8d85fa391e5c93dd9ef2b357cb
Size

1.2MB
MD5

2a8d83e32a5121cfa09162ac404e3cb0
SHA1

7a0a4c67de5f3e075a0056a0bca70a38c1d948c4
SHA256

df0982d6e87795a4d01dae1f615651eb9e04ac8d85fa391e5c93dd9ef2b357cb
SHA512

d61f8319cf3c35879c991a90c6921da38b788276d8a81099388a47e63f6c7f8090b351bb84acba8ed616528a6a217e99f4195944c16460cc8096a9b616567e08
SSDEEP

24576:eBZsgsikjQ3l7jp/HTan8b8tiHlBqTXABN0XGVHlo:ekbikk37/HTw08tglBqTwBqWN

Score

N/A

Malware Config

Signatures

Files

df0982d6e87795a4d01dae1f615651eb9e04ac8d85fa391e5c93dd9ef2b357cb
.exe windows x86

ff637e83186a7fc2dcaca0c261532887

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17-01-2013 00:00

Not After

16-02-2016 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ce:d6:11:f7:39:df:bb:4a:45:49:94:d6:51:ba:da:b0:9b:9f:cf:d3
Signer

Actual PE Digest

ce:d6:11:f7:39:df:bb:4a:45:49:94:d6:51:ba:da:b0:9b:9f:cf:d3

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

23-05-2013 13:36
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemDirectoryW
GetTempPathW
ResetEvent
WaitForMultipleObjects
GlobalFree
InitializeCriticalSectionAndSpinCount
DuplicateHandle
ReleaseMutex
GetCurrentDirectoryW
IsBadReadPtr
ExpandEnvironmentStringsW
CreateDirectoryW
SetFilePointer
QueryDosDeviceW
SetFileAttributesW
MoveFileW
GetCPInfo
IsDBCSLeadByte
GetLogicalDriveStringsW
GetSystemDefaultLangID
VirtualQuery
LoadLibraryA
GetStdHandle
CreatePipe
GlobalAlloc
GlobalLock
GetUserDefaultUILanguage
SetEndOfFile
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetDriveTypeA
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetWindowsDirectoryW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
FlushFileBuffers
GetConsoleMode
GetConsoleCP
IsValidCodePage
GetOEMCP
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
GetModuleFileNameA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
RtlUnwind
GetStartupInfoW
CreateThread
ExitThread
GetFullPathNameW
IsDebuggerPresent
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedCompareExchange
HeapSize
HeapReAlloc
HeapDestroy
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
CreateFileA
LocalAlloc
LocalFree
SetEvent
MapViewOfFile
GetLocalTime
DeviceIoControl
WriteFile
FreeResource
GetProcessHeap
HeapAlloc
HeapFree
WriteProcessMemory
VirtualAllocEx
SearchPathW
SetUnhandledExceptionFilter
TerminateProcess
CreateEventW
SetErrorMode
GetVersionExW
GetCommandLineA
lstrcpynW
GetExitCodeProcess
CreateProcessW
WaitForSingleObject
GetFileSize
ReadFile
CreateFileW
GetCommandLineW
GetTickCount
GetTempFileNameW
GetFileAttributesW
RemoveDirectoryW
MoveFileExW
CreateToolhelp32Snapshot
ExitProcess
GetSystemTimeAsFileTime
Process32NextW
CopyFileW
OpenProcess
FindFirstFileW
FindNextFileW
GetSystemInfo
Sleep
GetCurrentProcessId
GetProcAddress
Process32FirstW
FindClose
GetProcessTimes
DeleteFileW
FreeLibrary
InterlockedIncrement
FlushInstructionCache
LockResource
GetModuleFileNameW
GetVersion
UnmapViewOfFile
DeleteCriticalSection
FindResourceW
MultiByteToWideChar
CreateFileMappingW
SetLastError
lstrlenA
LeaveCriticalSection
GetModuleHandleW
LoadLibraryExW
GetCurrentProcess
LoadResource
lstrlenW
WideCharToMultiByte
LoadLibraryW
lstrcmpiW
CloseHandle
FindResourceExW
CreateMutexW
GetCurrentThreadId
InterlockedDecrement
MapViewOfFileEx
EnterCriticalSection
SizeofResource
RaiseException
GetLastError
InitializeCriticalSection
GetCurrentDirectoryA
DebugBreak

user32

CharNextW
RegisterClassExW
ShowWindow
PtInRect
SetWindowRgn
GetWindowTextW
GetSysColor
SendMessageW
GetParent
GetWindowThreadProcessId
GetClientRect
GetClassInfoExW
SetRect
SetWindowLongW
MoveWindow
CreateWindowExW
UnregisterClassA
GetKeyState
RegisterClassW
PeekMessageW
LoadImageW
DestroyWindow
InflateRect
LoadCursorW
GetMessageW
GetFocus
LoadStringW
SetWindowPos
MapWindowPoints
DispatchMessageW
ReleaseDC
SetActiveWindow
CopyRect
GetDC
IsWindow
GetDlgItem
InvalidateRect
SystemParametersInfoW
GetActiveWindow
GetWindowRect
AttachThreadInput
SetForegroundWindow
GetWindow
GetDesktopWindow
IsWindowEnabled
GetWindowLongW
GetForegroundWindow
TranslateMessage
FindWindowW
FindWindowExW
PostMessageW
SendMessageTimeoutW
ReleaseCapture
OffsetRect
GetSystemMenu
FrameRect
ClientToScreen
SetCapture
DrawFrameControl
KillTimer
BeginPaint
PostQuitMessage
DrawTextW
SetWindowTextW
SetTimer
EqualRect
TrackPopupMenu
FillRect
SetCursor
IsWindowVisible
GetPropW
CopyImage
EnableWindow
GetWindowDC
GetWindowTextLengthW
DrawIconEx
MonitorFromWindow
LoadIconW
GetDlgCtrlID
GetMonitorInfoW
CallWindowProcW
EndPaint
DestroyIcon
SetPropW
PostThreadMessageW
DefWindowProcW

gdi32

DeleteObject
CreateCompatibleBitmap
GetStockObject
Rectangle
SetTextColor
DeleteDC
BitBlt
CreateCompatibleDC
StretchBlt
SetBkColor
SelectObject
GetObjectW
ExtTextOutW
CreateBitmap
CreateFontIndirectW
CreateRectRgn
ExtSelectClipRgn
CombineRgn
OffsetRgn
GetTextMetricsW
RoundRect
GetTextExtentPoint32W
SelectClipRgn
LineTo
CreateRectRgnIndirect
CreateSolidBrush
TextOutW
MoveToEx
SaveDC
CreatePen
CreateDIBSection
RectInRegion
GetClipRgn
GetCurrentObject
SetBkMode
RestoreDC

advapi32

LookupPrivilegeValueW
OpenProcessToken
QueryServiceStatus
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ControlService
OpenServiceW
CloseServiceHandle
OpenSCManagerW
DeleteService
RegOpenKeyW
RegQueryValueExW
RegCreateKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegEnumKeyExW
RegRestoreKeyW
IsTextUnicode
CryptAcquireContextW
CryptCreateHash
CryptReleaseContext
CryptGetHashParam
CryptDestroyHash
CryptHashData
AdjustTokenPrivileges

shell32

SHChangeNotify
SHCreateDirectoryExW
ShellExecuteW
SHGetSpecialFolderPathW

ole32

CreateStreamOnHGlobal
CoUninitialize
CoInitializeEx
StgOpenStorage
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc

oleaut32

VariantInit
SysFreeString
SysAllocString
VariantClear
OleLoadPicture
VarUI4FromStr

shlwapi

SHDeleteKeyW
StrToIntA
SHDeleteValueW
PathAppendW
wnsprintfW
PathAddBackslashW
PathFileExistsW

comctl32

_TrackMouseEvent

ws2_32

htonl
WSCEnumProtocols
WSCDeinstallProvider
ntohl
htons

psapi

GetModuleFileNameExW
GetProcessImageFileNameW
GetProcessMemoryInfo

gdiplus

GdipCreateImageAttributes
GdipSetImageAttributesColorMatrix
GdipFree
GdipAlloc
GdipDeleteBrush
GdipDisposeImageAttributes
GdipCreateSolidFill
GdipFillRectangleI
GdipLoadImageFromStream
GdipGetImageWidth
GdiplusStartup
GdipDrawImageRectRectI
GdipGetImageHeight
GdipDrawImageRectI
GdipCreateFromHDC
GdipDeleteGraphics
GdiplusShutdown
GdipDisposeImage
GdipCloneImage
GdipCloneBrush
GdipDrawImageI

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

fltlib

FilterUnload

wininet

InternetCloseHandle
InternetGetConnectedState
HttpQueryInfoW
InternetReadFile
InternetOpenUrlW
InternetOpenW

crypt32

CertFindCertificateInStore
CertGetNameStringW
CryptMsgGetParam
CryptQueryObject

netapi32

Netbios

Sections

.text
Size: 680KB - Virtual size: 678KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 362KB - Virtual size: 382KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ff637e83186a7fc2dcaca0c261532887

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0eCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

ce:d6:11:f7:39:df:bb:4a:45:49:94:d6:51:ba:da:b0:9b:9f:cf:d3Signer

Signature Validations

Verification

23-05-2013 13:36 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

ws2_32

psapi

gdiplus

version

fltlib

wininet

crypt32

netapi32

Sections

.text Size: 680KB - Virtual size: 678KB

.rdata Size: 128KB - Virtual size: 125KB

.data Size: 16KB - Virtual size: 23KB

.rsrc Size: 362KB - Virtual size: 382KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

ce:d6:11:f7:39:df:bb:4a:45:49:94:d6:51:ba:da:b0:9b:9f:cf:d3
Signer

23-05-2013 13:36
Valid: false

.text
Size: 680KB - Virtual size: 678KB

.rdata
Size: 128KB - Virtual size: 125KB

.data
Size: 16KB - Virtual size: 23KB

.rsrc
Size: 362KB - Virtual size: 382KB