a4fd808ddb33f9f4aaadebe0233ad9001884523da622016d9a5532aa1ab12eb9

Sharing

Copy URL Twitter E-mail

General

Target

a4fd808ddb33f9f4aaadebe0233ad9001884523da622016d9a5532aa1ab12eb9
Size

1.5MB
MD5

065e7566c18de52b942a81d1f722800c
SHA1

996e87a5f4e8c77236a76821e6e5a39d22a5ab68
SHA256

a4fd808ddb33f9f4aaadebe0233ad9001884523da622016d9a5532aa1ab12eb9
SHA512

44ee489dd9ebb60f1e13ae7700777930e9fc546b098e9a37c38a61822e46c780ebdf6d4aec6fd66d4a92a53cefa837149df3989fc1322cb263257c49e48e4d53
SSDEEP

24576:y2XvDOjUhnYNp4ehFuvmZ4kn9T97Ox4brdlm6OpdfOC:y2XSju6nJCaTpOx4bZlm6O/

Score

N/A

Malware Config

Signatures

Files

a4fd808ddb33f9f4aaadebe0233ad9001884523da622016d9a5532aa1ab12eb9
.exe windows x86

7f90f199499864513892cad68379782b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

74:72:57:f2:02:e9:c9:62:c9:1b:4e:da:68:9d:5d:bb
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

07/02/2014, 00:00

Not After

19/03/2015, 23:59

Subject

CN=Shanghai Bo Yi Information Technology Co. Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shanghai Bo Yi Information Technology Co. Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

58:d5:ff:13:9f:96:7e:d6:b6:24:3c:b4:86:f7:4c:0f:38:d2:9b:f6
Signer

Actual PE Digest

58:d5:ff:13:9f:96:7e:d6:b6:24:3c:b4:86:f7:4c:0f:38:d2:9b:f6

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Shanghai Bo Yi Information Technology Co. Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shanghai Bo Yi Information Technology Co. Ltd.,L=Shanghai,ST=Shanghai,C=CN

02/04/2014, 09:48
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

sekeygensdk

SEGenerateKeyFileW

kernel32

HeapCreate
VirtualFree
QueryPerformanceCounter
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetTimeZoneInformation
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
GetModuleHandleW
SizeofResource
LockResource
LoadResource
FindResourceW
GetModuleFileNameW
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
SetUnhandledExceptionFilter
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapSize
HeapReAlloc
RaiseException
ExitProcess
Sleep
RtlUnwind
GetSystemTimeAsFileTime
GetStartupInfoW
GetSystemDirectoryW
GetFileTime
GetFileSizeEx
GetFileAttributesW
EnumResourceTypesW
EnumResourceNamesW
lstrcpynW
CreateFileW
ReadFile
CloseHandle
GetFileSize
HeapAlloc
GetProcessHeap
HeapFree
WriteFile
GetProcAddress
FreeLibrary
GlobalAlloc
lstrcmpW
GlobalLock
InterlockedExchange
WideCharToMultiByte
MultiByteToWideChar
CompareStringA
LoadLibraryExW
lstrcmpA
EnumResourceLanguagesW
ConvertDefaultLocale
GetCurrentThreadId
GetCurrentThread
GlobalDeleteAtom
GlobalFree
FreeResource
SetLastError
InterlockedDecrement
GlobalUnlock
GetSystemDefaultLangID
GlobalAddAtomW
GetLastError
GetCurrentProcessId
GetVersionExA
LoadLibraryA
CompareStringW
GetLocaleInfoW
FileTimeToLocalFileTime
GetTickCount
SetErrorMode
FileTimeToSystemTime
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetCurrentProcess
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
GetThreadLocale
lstrlenA
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalFlags
WritePrivateProfileStringW
FormatMessageW
LocalFree
MulDiv
GetModuleHandleA
lstrlenW
GlobalFindAtomW
GetVersionExW
LoadLibraryW

user32

SetRectEmpty
CharUpperW
DestroyIcon
GetSysColorBrush
SystemParametersInfoW
DestroyMenu
InflateRect
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
InvalidateRect
SetRect
IsRectEmpty
CopyAcceleratorTableW
CharNextW
ReleaseCapture
LoadCursorW
WindowFromPoint
SetCapture
EndPaint
BeginPaint
GetWindowDC
RegisterClipboardFormatW
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
SendDlgItemMessageW
EnableWindow
LoadIconW
SendMessageW
GetWindowRect
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
UnionRect
PostThreadMessageW
SetTimer
KillTimer
ReleaseDC
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
RegisterWindowMessageW
PostMessageW
PostQuitMessage
SetWindowPos
MapDialogRect
GetParent
SetWindowContextHelpId
GetWindow
UnhookWindowsHookEx
EndDialog
GetNextDlgTabItem
IsWindowEnabled
GetDlgItem
GetWindowLongW
IsWindow
DestroyWindow
CreateDialogIndirectParamW
SetActiveWindow
GetActiveWindow
GetDesktopWindow
GetSubMenu
LoadMenuW
CheckMenuItem
EnableMenuItem
GetMenuState
UnregisterClassW
GetTabbedTextExtentA
GetDoubleClickTime
DrawEdge
GetClipboardData
EmptyClipboard
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
UpdateWindow
GetMenuItemID
GetMenuItemCount
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
CopyRect
PtInRect
GetMenu
SetWindowLongW
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowThreadProcessId
GetLastActivePopup
MessageBoxW
CloseClipboard
ShowCaret
SetCursor
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
IsWindowVisible
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuW
RedrawWindow
mouse_event
InvertRect
DrawStateW
GetIconInfo
CopyIcon
CreateIconIndirect
CreateIconFromResourceEx
DrawIconEx
LoadImageW
SetClipboardData
GetCursor
SetWindowRgn
DrawFrameControl
DrawFocusRect
LookupIconIdFromDirectoryEx
SetClassLongW
OpenClipboard
HideCaret

gdi32

DeleteObject
SelectClipRgn
GetClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
BitBlt
GetPixel
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
PolyBezierTo
ExtSelectClipRgn
CreateCompatibleDC
GetStockObject
CreatePen
CreateSolidBrush
GetBkColor
GetTextColor
CreateRectRgnIndirect
GetRgnBox
GetTextExtentPoint32W
GetTextMetricsW
CreateFontIndirectW
GetMapMode
PatBlt
CreateCompatibleBitmap
GetCharWidthW
CreateFontW
StretchDIBits
DeleteDC
CreateBitmap
GetClipBox
SetTextColor
SetBkColor
GetObjectW
SaveDC
RestoreDC
SetBkMode
SetStretchBltMode
Polygon
SetPixel
StretchBlt
CreateDIBSection
GetDIBits
GetBitmapBits
ExtCreateRegion
GetTextAlign
GetTextExtentPoint32A
Ellipse
Polyline
StrokePath
FillPath
StrokeAndFillPath
CloseFigure
BeginPath
SetMapMode
ExcludeClipRect
IntersectClipRect
LineTo
MoveToEx
GetDeviceCaps
EndPath

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegQueryValueExW
RegOpenKeyExW
RegDeleteKeyW
RegEnumKeyW
RegOpenKeyW
RegQueryValueW
RegCreateKeyExW
RegCloseKey
RegSetValueExW

shell32

DragQueryFileW

comctl32

InitCommonControlsEx
_TrackMouseEvent
ImageList_GetImageCount
ImageList_GetIconSize
ImageList_DrawEx
ImageList_Destroy

shlwapi

PathStripToRootW
PathIsUNCW
PathFindFileNameW
PathFindExtensionW

oledlg

OleUIBusyW

ole32

OleIsCurrentClipboard
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CoCreateInstance
CoDisconnectObject
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
OleFlushClipboard
CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
CoRegisterMessageFilter
CoGetClassObject
CoRevokeClassObject

oleaut32

VariantTimeToSystemTime
SystemTimeToVariantTime
SysFreeString
SysAllocStringLen
VariantClear
VariantChangeType
VariantInit
SysStringLen
SysAllocStringByteLen
SysStringByteLen
SafeArrayDestroy
SysAllocString
LoadTypeLi
VariantCopy
VarDateFromStr
VarBstrFromDate
VarUdateFromDate
OleLoadPicturePath
OleCreateFontIndirect

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 257KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7f90f199499864513892cad68379782b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

74:72:57:f2:02:e9:c9:62:c9:1b:4e:da:68:9d:5d:bbCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

58:d5:ff:13:9f:96:7e:d6:b6:24:3c:b4:86:f7:4c:0f:38:d2:9b:f6Signer

Signature Validations

Verification

02/04/2014, 09:48 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

sekeygensdk

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.sedata Size: 257KB - Virtual size: 260KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

74:72:57:f2:02:e9:c9:62:c9:1b:4e:da:68:9d:5d:bb
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

58:d5:ff:13:9f:96:7e:d6:b6:24:3c:b4:86:f7:4c:0f:38:d2:9b:f6
Signer

02/04/2014, 09:48
Valid: false

.text
Size: 1.3MB - Virtual size: 1.3MB

.sedata
Size: 257KB - Virtual size: 260KB