3c7790689de838002a5032e138a3fd9cc54bfa57f0c61e388d2635618224c51f

Sharing

Copy URL Twitter E-mail

General

Target

3c7790689de838002a5032e138a3fd9cc54bfa57f0c61e388d2635618224c51f
Size

2.2MB
MD5

87e5b4466211675ce7e30c224d424464
SHA1

c6924360f37da92c1f9e5f108b2640efb5bca46f
SHA256

3c7790689de838002a5032e138a3fd9cc54bfa57f0c61e388d2635618224c51f
SHA512

699da9820f3b8ff265483044a2972b1cb6cbffd1772c601cc9e1395e6431697a6ba2190a8036071a7d150a5a63c110499e660be16b547dcaa53dc92b9cc4279a
SSDEEP

12288:Fs6EX99ywGLn54Qq+RScwQyndW5H3aNo7mVFj:FKywGLntYndmhmVt

Score

N/A

Malware Config

Signatures

Files

3c7790689de838002a5032e138a3fd9cc54bfa57f0c61e388d2635618224c51f
.exe windows x86

3775797eb1d9b19fea4790bbecc23eba

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:49:53:f9:cd:7b:f9:f9:fc:1f:a8:4f:a7:d0:90:3d
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

11/06/2014, 00:00

Not After

11/07/2015, 23:59

Subject

CN=에이코리아,OU=IT Team,O=에이코리아,L=Haewoondae-gu,ST=Busan,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

8e:8a:5b:68:8c:87:85:72:6c:69:8d:ca:d0:eb:f6:a1:e2:e0:2f:b0
Signer

Actual PE Digest

8e:8a:5b:68:8c:87:85:72:6c:69:8d:ca:d0:eb:f6:a1:e2:e0:2f:b0

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=에이코리아,OU=IT Team,O=에이코리아,L=Haewoondae-gu,ST=Busan,C=KR

14/11/2014, 03:03
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
HeapAlloc
ExitProcess
TerminateProcess
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetStartupInfoA
GetCommandLineA
RaiseException
CreateThread
ExitThread
SetStdHandle
GetFileType
GetACP
HeapSize
HeapReAlloc
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringA
RtlUnwind
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
GetDriveTypeA
IsBadReadPtr
IsBadCodePtr
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetErrorMode
GetCurrentDirectoryA
GetProfileStringA
WritePrivateProfileStringA
SizeofResource
GetOEMCP
GetCPInfo
GlobalFlags
GetProcessVersion
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFileTime
GetFileAttributesA
GetThreadLocale
GetFullPathNameA
GetVolumeInformationA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
DuplicateHandle
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
GlobalAlloc
GetCurrentThread
CreateEventA
SuspendThread
SetThreadPriority
ResumeThread
SetEvent
WaitForSingleObject
GlobalLock
GlobalUnlock
GlobalFree
FindResourceA
LoadResource
LockResource
GetVersion
lstrcatA
GetCurrentThreadId
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
MulDiv
lstrlenW
GetModuleFileNameA
lstrcmpA
FindNextFileA
FindFirstFileA
FindClose
SetLastError
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LocalAlloc
lstrcpyA
lstrcpynA
EnterCriticalSection
FormatMessageA
LocalFree
WideCharToMultiByte
lstrlenA
InterlockedDecrement
InterlockedIncrement
ReleaseMutex
CreateMutexA
GetLastError
GetModuleHandleA
GetCurrentProcess
GetWindowsDirectoryA
GetVersionExA
WriteFile
GetTickCount
MultiByteToWideChar
CreateProcessA
CreateDirectoryA
ReadFile
LoadLibraryA
GetProcAddress
FreeLibrary
CreateFileA
GetFileSize
DeleteFileA
Sleep
OpenProcess
CreateToolhelp32Snapshot
GetCurrentProcessId
Process32First
Process32Next
CloseHandle
LCMapStringW
CopyFileA

user32

RegisterClipboardFormatA
PostThreadMessageA
CheckMenuItem
EnableMenuItem
GetNextDlgTabItem
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
SendDlgItemMessageA
MapWindowPoints
GetSysColor
PeekMessageA
DispatchMessageA
SetActiveWindow
ScreenToClient
CopyRect
IsWindowVisible
ScrollWindow
GetScrollInfo
SetScrollInfo
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetDlgItem
GetWindowTextLengthA
GetKeyState
DestroyWindow
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetNextDlgGroupItem
SetPropA
UnhookWindowsHookEx
GetPropA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetWindowLongA
SetWindowLongA
GetSysColorBrush
IntersectRect
GetWindowPlacement
GetSystemMetrics
OffsetRect
SystemParametersInfoA
SetFocus
GetWindowRect
UpdateWindow
GetClassNameA
GetWindowTextA
GetWindow
UnregisterClassA
HideCaret
ShowCaret
ExcludeUpdateRgn
DrawFocusRect
GetDlgCtrlID
IsIconic
GetFocus
IsChild
IsWindow
GetClientRect
AdjustWindowRectEx
KillTimer
MessageBoxA
RedrawWindow
InvalidateRect
LoadBitmapA
PostQuitMessage
SendMessageA
SetRect
CopyAcceleratorTableA
GetDesktopWindow
SetTimer
LoadIconA
EnableWindow
PostMessageA
EnumChildWindows
RegisterWindowMessageA
SendMessageTimeoutA
FindWindowA
GetParent
DefDlgProcA
IsWindowUnicode
GetWindowThreadProcessId
CallWindowProcA
MessageBeep
InflateRect
PtInRect
DestroyMenu
CharNextA
SetMenuItemBitmaps
LoadStringA
MapDialogRect
SetWindowContextHelpId
SetCursor
GetMessageA
TranslateMessage
ValidateRect
GetCursorPos
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
SetWindowPos
LoadCursorA
GetDC
ClientToScreen
EndDialog
GetActiveWindow
CreateDialogIndirectParamA
GetMenuCheckMarkDimensions
GetMenuState
GetClassLongA
ModifyMenuA
CharUpperA

gdi32

SetWindowExtEx
ScaleWindowExtEx
IntersectClipRect
DeleteObject
GetDeviceCaps
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
PatBlt
GetTextColor
GetBkColor
GetMapMode
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetBkMode
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
DPtoLP
LPtoDP
GetObjectA
CreateDIBitmap
GetTextExtentPointA
BitBlt
CreateCompatibleDC
CreateSolidBrush

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
GetUserNameA
RegCreateKeyExA
RegCloseKey

shell32

SHGetSpecialFolderPathA
ShellExecuteA

comctl32

ord17

oledlg

ord8

ole32

CoTaskMemAlloc
CoTaskMemFree
StgCreateDocfileOnILockBytes
OleInitialize
OleUninitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoGetClassObject
CreateILockBytesOnHGlobal
CoCreateInstance
CoInitialize
CoUninitialize
StgOpenStorageOnILockBytes
CLSIDFromString
CLSIDFromProgID

olepro32

ord253

oleaut32

SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocStringLen
SysFreeString
VariantClear
SafeArrayCreate
VariantCopy
SysAllocString
SysAllocStringByteLen
VariantChangeType
VariantTimeToSystemTime
SysStringLen
SafeArrayGetElemsize

urlmon

URLDownloadToFileA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

shlwapi

StrStrIA

psapi

GetModuleFileNameExA

wininet

HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetConnectA
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetGetLastResponseInfoA
InternetQueryOptionA
InternetCanonicalizeUrlA
InternetCrackUrlA
HttpQueryInfoA
InternetCloseHandle
InternetOpenUrlA
InternetOpenA
InternetReadFile
InternetQueryDataAvailable
InternetGetConnectedState
InternetCheckConnectionA

iphlpapi

GetAdaptersInfo

sensapi

IsNetworkAlive

Sections

.text
Size: 200KB - Virtual size: 198KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3775797eb1d9b19fea4790bbecc23eba

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

03:49:53:f9:cd:7b:f9:f9:fc:1f:a8:4f:a7:d0:90:3dCertificate

Extended Key Usages

Key Usages

8e:8a:5b:68:8c:87:85:72:6c:69:8d:ca:d0:eb:f6:a1:e2:e0:2f:b0Signer

Signature Validations

Verification

14/11/2014, 03:03 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

urlmon

version

shlwapi

psapi

wininet

iphlpapi

sensapi

Sections

.text Size: 200KB - Virtual size: 198KB

.rdata Size: 52KB - Virtual size: 49KB

.data Size: 24KB - Virtual size: 52KB

.rsrc Size: 2.0MB - Virtual size: 2.0MB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

03:49:53:f9:cd:7b:f9:f9:fc:1f:a8:4f:a7:d0:90:3d
Certificate

8e:8a:5b:68:8c:87:85:72:6c:69:8d:ca:d0:eb:f6:a1:e2:e0:2f:b0
Signer

14/11/2014, 03:03
Valid: false

.text
Size: 200KB - Virtual size: 198KB

.rdata
Size: 52KB - Virtual size: 49KB

.data
Size: 24KB - Virtual size: 52KB

.rsrc
Size: 2.0MB - Virtual size: 2.0MB