SecuriteInfo[.]com[.]Riskware[.]Wews87[.]B[.]5693[.]19120[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

SecuriteInfo.com.Riskware.Wews87.B.5693.19120.dll
Size

1.0MB
MD5

f7376e2cc0fc2e600d206d16c8856aff
SHA1

b5c0022ea51492f48c8aa1d35b29a32afaa88fe4
SHA256

40a330f35d513627c4e9c65625981e0506d5142a62b28867c82710bb1ad165e9
SHA512

eda724e5ea87d74815dfaebde1de5e490960f8bcddea05bbc3ba0305e8e98e5c23f0daf46238e6b3bf04fc062b41b6da82cf6472bc84ef761d24626dad439fd4
SSDEEP

24576:RQZIXU/LYc1LR9RsdDjizRiunSFsJHvtrwc/PybAVN:7cLYc1XRqjuRTZtrwc/PhVN

Score

N/A

Malware Config

Signatures

Files

SecuriteInfo.com.Riskware.Wews87.B.5693.19120.dll
.dll windows x86

51679bbcb1ff3ca63f268df605c4585a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3b:ed:0d:06:95:fa:ca:69:9b:e4:5b:5f:db:c7:37:ad
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

17-07-2017 00:00

Not After

17-07-2018 23:59

Subject

CN=江苏嘉趣网络科技有限公司,OU=IT,O=江苏嘉趣网络科技有限公司,L=淮安,ST=江苏,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:0c:ee:fb:26:27:85:56:90:a3:9e:30:12:8a:56:8e:61:90:ab:53
Signer

Actual PE Digest

69:0c:ee:fb:26:27:85:56:90:a3:9e:30:12:8a:56:8e:61:90:ab:53

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=江苏嘉趣网络科技有限公司,OU=IT,O=江苏嘉趣网络科技有限公司,L=淮安,ST=江苏,C=CN

08-09-2017 03:11
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OutputDebugStringW
InterlockedExchange
FreeResource
GlobalFree
Sleep
ResumeThread
CreateEventW
SetEvent
CreateFileW
WriteFile
WaitForSingleObject
DeleteFileW
TerminateThread
GetTickCount
GetVersionExW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CloseHandle
SetProcessAffinityMask
SetPriorityClass
DeviceIoControl
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
lstrlenA
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetTempPathW
WideCharToMultiByte
GetPrivateProfileIntW
WritePrivateProfileStringW
GetPrivateProfileStringW
CreateDirectoryW
GetCommandLineW
CreateProcessW
FindResourceExW
LockResource
lstrcmpW
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
FlushInstructionCache
GetCurrentProcess
SetLastError
IsBadWritePtr
GetCurrentThreadId
GetModuleFileNameW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
GetLastError
RaiseException
lstrcmpiW
GetModuleHandleW
GetProcAddress
FreeLibrary
InterlockedDecrement
InterlockedIncrement
lstrlenW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetProcessAffinityMask
InitializeCriticalSection

user32

SetCursor
GetClientRect
ShowWindow
DefWindowProcW
UpdateWindow
ClientToScreen
IsChild
MessageBoxW
LoadMenuW
ReleaseDC
UpdateLayeredWindow
GetDC
GetWindowLongW
SetWindowLongW
SetWindowPos
SendMessageW
RegisterClassExW
LoadCursorW
LoadIconW
DestroyWindow
CharNextW
GetSubMenu
RemoveMenu
DestroyMenu
CheckMenuItem
TrackPopupMenu
GetCursorPos
CallWindowProcW
DestroyAcceleratorTable
GetDesktopWindow
InvalidateRect
InvalidateRgn
FillRect
ReleaseCapture
SetCapture
MoveWindow
ScreenToClient
GetParent
CreateAcceleratorTableW
CreateWindowExW
GetClassInfoExW
RedrawWindow
GetSysColor
GetClassNameW
IsWindow
GetDlgItem
GetWindow
SetFocus
GetFocus
EndPaint
BeginPaint
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
RegisterWindowMessageW
SetLayeredWindowAttributes
PostQuitMessage
PostMessageW
GetKeyState
LoadStringW
SetForegroundWindow
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
GetForegroundWindow
IsWindowVisible
LoadImageW
PtInRect
UnregisterClassA
OffsetRect
DrawTextW
InflateRect
IsIconic
SetWindowRgn
SystemParametersInfoW

gdi32

SetBkColor
StretchBlt
CreateRoundRectRgn
SetTextColor
SetBkMode
SetDIBColorTable
CreateDIBSection
SelectObject
CreateSolidBrush
GetStockObject
GetDeviceCaps
GetObjectW
BitBlt
RestoreDC
CreateCompatibleBitmap
CreateFontW
DeleteDC
DeleteObject
CreateCompatibleDC
SaveDC

advapi32

RegDeleteValueW
GetTokenInformation
OpenProcessToken
RegCreateKeyW
RegQueryValueExW
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey

shell32

SHGetSpecialFolderPathW
ShellExecuteW
ShellExecuteExW
Shell_NotifyIconW

ole32

CoCreateGuid
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CreateStreamOnHGlobal
OleLockRunning
StringFromGUID2
CoUninitialize
OleUninitialize
OleInitialize
CoInitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree

oleaut32

SysFreeString
VarUI4FromStr
SysAllocString
SysStringLen
VariantInit
VariantClear
SafeArrayCreate
SafeArrayPutElement
LoadRegTypeLi
LoadTypeLi
DispCallFunc
OleCreateFontIndirect
SysAllocStringLen
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayUnaccessData

shlwapi

PathFileExistsW
StrCpyW

comctl32

_TrackMouseEvent

msimg32

TransparentBlt
AlphaBlend

msvcp90

?uncaught_exception@std@@YA_NXZ
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_WABV10@@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD0@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IIPB_W@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAH@Z
??0?$basic_istringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@1@H@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@I_W@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??_D?$basic_istringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PB_WHH@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??$getline@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

gdiplus

GdipDrawImageI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipAlloc
GdipFree
GdipGetImageWidth
GdiplusShutdown
GdipCloneImage
GdipBitmapUnlockBits
GdiplusStartup
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight

msvcr90

??2@YAPAXI@Z
??_V@YAXPAX@Z
memcpy
_itoa
free
malloc
memcpy_s
_recalloc
wcsncpy_s
wcsstr
??0exception@std@@QAE@ABV01@@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
memmove_s
_invalid_parameter_noinfo
??0exception@std@@QAE@XZ
swprintf_s
_vscwprintf
vswprintf_s
_localtime64_s
_time64
wcsftime
_purecall
_resetstkoflw
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_except_handler4_common
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_beginthreadex
_unlock
_CxxThrowException
__CxxFrameHandler3
memset
strpbrk
sprintf_s
sscanf
isalnum
wcscpy_s
wcscat_s
_wcsicmp
_wcslwr_s
_snwprintf_s
memmove
atoi
??3@YAXPAX@Z

wininet

InternetCloseHandle
InternetReadFile
HttpQueryInfoW
HttpSendRequestW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetConnectW
InternetOpenW
InternetCrackUrlW
FindCloseUrlCache
FindNextUrlCacheEntryW
DeleteUrlCacheEntryW
FindFirstUrlCacheEntryW

iphlpapi

GetAdaptersInfo

Exports

Exports

StartLander

Sections

.text
Size: 192KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 767KB - Virtual size: 767KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

51679bbcb1ff3ca63f268df605c4585a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

3b:ed:0d:06:95:fa:ca:69:9b:e4:5b:5f:db:c7:37:adCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

69:0c:ee:fb:26:27:85:56:90:a3:9e:30:12:8a:56:8e:61:90:ab:53Signer

Signature Validations

Verification

08-09-2017 03:11 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

msvcp90

gdiplus

msvcr90

wininet

iphlpapi

Exports

Exports

Sections

.text Size: 192KB - Virtual size: 192KB

.rdata Size: 54KB - Virtual size: 54KB

.data Size: 6KB - Virtual size: 17KB

.rsrc Size: 767KB - Virtual size: 767KB

.reloc Size: 22KB - Virtual size: 21KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

3b:ed:0d:06:95:fa:ca:69:9b:e4:5b:5f:db:c7:37:ad
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

69:0c:ee:fb:26:27:85:56:90:a3:9e:30:12:8a:56:8e:61:90:ab:53
Signer

08-09-2017 03:11
Valid: false

.text
Size: 192KB - Virtual size: 192KB

.rdata
Size: 54KB - Virtual size: 54KB

.data
Size: 6KB - Virtual size: 17KB

.rsrc
Size: 767KB - Virtual size: 767KB

.reloc
Size: 22KB - Virtual size: 21KB