26f0d0ffa3795b3e8da444ce94df4f12a1a04267ef6a703a04bb293b02c84968

Sharing

Copy URL

Twitter E-mail

General

Target

26f0d0ffa3795b3e8da444ce94df4f12a1a04267ef6a703a04bb293b02c84968
Size

1.6MB
MD5

6608a59828021526d2ed539fa4010263
SHA1

9362b621da77d4f7f3c3e0077e2c7cf65c057eea
SHA256

26f0d0ffa3795b3e8da444ce94df4f12a1a04267ef6a703a04bb293b02c84968
SHA512

80edc4a58ec3ea5ec7da0a73c31ef4256c15186d1df797a76c48e1e748501fd58e9944abd75f4291b0c6bc3a13a9d685d77157652a0cf4f533e82cae4c83321f
SSDEEP

49152:Chs/UjXWnglxc4iphRLXBkxgdvYr968/ZcU1tU:wpjXWngjc4ip/LXBkxIvYR6lF

Score

N/A

Malware Config

Signatures

Files

26f0d0ffa3795b3e8da444ce94df4f12a1a04267ef6a703a04bb293b02c84968
.dll regsvr32 windows x86

c3026e98e1cc28b840b7b1327168dc50

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3f:ba:a1:10:b3:5d:98:65:83:3d:2d:3f:38:6b:8f:44
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

03-07-2009 00:00

Not After

03-07-2011 23:59

Subject

CN=SHANGHAI ZHONGYUAN NETWORKS LIMITED,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=SHANGHAI ZHONGYUAN NETWORKS LIMITED,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
TerminateProcess
IsBadReadPtr
GetSystemTimeAsFileTime
GetDateFormatA
GetTimeFormatA
CreateThread
ExitThread
RtlUnwind
ExitProcess
VirtualQuery
VirtualAlloc
GetDiskFreeSpaceA
LocalLock
LocalUnlock
GetCurrentDirectoryA
GetFileTime
SetFileTime
LocalFileTimeToFileTime
GetOEMCP
GetCPInfo
GlobalFlags
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GetEnvironmentVariableA
GlobalReAlloc
ResumeThread
SetThreadPriority
GetCurrentThread
lstrcmpA
ConvertDefaultLocale
HeapSize
FileTimeToLocalFileTime
FileTimeToSystemTime
VirtualProtect
GetShortPathNameA
GetFullPathNameA
GetVolumeInformationA
GetCurrentProcess
DuplicateHandle
FlushFileBuffers
InterlockedDecrement
FreeResource
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcatA
lstrcmpW
GlobalFree
MulDiv
GlobalSize
FormatMessageA
CompareStringW
CompareStringA
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
InterlockedExchange
CloseHandle
WaitForSingleObject
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
SetStdHandle
GetFileType
LCMapStringA
LCMapStringW
FatalAppExitA
VirtualFree
IsBadWritePtr
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetDriveTypeA
IsBadCodePtr
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
SetConsoleCtrlHandler
GetLocaleInfoW
SetEnvironmentVariableA
CreateEventA
lstrcpynA
HeapCreate
HeapDestroy
GetSystemTime
SystemTimeToFileTime
DeviceIoControl
RemoveDirectoryA
MoveFileA
LockFile
UnlockFile
ReadFile
GetFileAttributesA
GlobalAlloc
GlobalLock
GlobalUnlock
LocalFree
LocalAlloc
ResetEvent
SetEvent
TerminateThread
SetLastError
GetExitCodeThread
SuspendThread
OpenMutexA
CreateMutexA
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GetTempPathA
GetTempFileNameA
FindFirstFileA
SetFileAttributesA
FindNextFileA
FindClose
CreateDirectoryA
GetCurrentProcessId
SetEndOfFile
SetFilePointer
CopyFileA
DeleteFileA
OpenFile
GetModuleHandleA
GlobalMemoryStatus
GetSystemInfo
InterlockedIncrement
GetLocalTime
GetCurrentThreadId
WriteFile
GetModuleFileNameA
CreateFileA
OutputDebugStringA
CreateProcessA
GetWindowsDirectoryA
lstrcpyA
Sleep
GetTickCount
GetStringTypeExW
GetStringTypeExA
EnumResourceLanguagesA
GetEnvironmentVariableW
FreeLibrary
lstrlenA
lstrcmpiW
lstrlenW
lstrcmpiA
GetVersion
FindResourceExA
FindResourceA
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetLastError
RaiseException
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
GlobalHandle

user32

SetMenuItemBitmaps
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetAsyncKeyState
GetActiveWindow
MapDialogRect
GetDesktopWindow
EndDialog
ValidateRect
GetMessageA
GetSysColorBrush
GetDialogBaseUnits
DeleteMenu
DestroyIcon
IsClipboardFormatAvailable
MessageBeep
SetRect
GetTabbedTextExtentA
TranslateAcceleratorA
SetMenu
BringWindowToTop
SetRectEmpty
CreatePopupMenu
GetNextDlgTabItem
CreateDialogIndirectParamA
GetKeyNameTextA
MapVirtualKeyA
GetMenuItemInfoA
DestroyMenu
PostQuitMessage
ShowOwnedPopups
WindowFromPoint
InsertMenuItemA
LoadAcceleratorsA
ReuseDDElParam
UnpackDDElParam
IsRectEmpty
UnionRect
GetDCEx
LockWindowUpdate
GetSystemMenu
BeginDeferWindowPos
GetMenuCheckMarkDimensions
LoadBitmapA
ScrollWindowEx
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
LoadIconA
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
GetKeyState
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
GetMenu
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
GetClassInfoA
RegisterClassA
SetWindowPlacement
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
CopyRect
GetWindow
GetMenuState
GetMenuStringA
AppendMenuA
InsertMenuA
RemoveMenu
GetWindowTextA
CharLowerA
CharLowerW
CharUpperA
IsWindowEnabled
MoveWindow
SetWindowTextA
IsDialogMessageA
IsDlgButtonChecked
SetDlgItemInt
SetActiveWindow
GetLastActivePopup
GetForegroundWindow
SetParent
GetDlgItemTextA
GetDlgItemInt
CheckRadioButton
CheckDlgButton
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetFocus
CharUpperW
SetFocus
IsChild
GetWindowTextLengthA
GetWindowLongA
KillTimer
SetTimer
IsWindowVisible
IsIconic
PostMessageA
LoadMenuA
GetSubMenu
GetMenuItemID
GetMenuItemCount
GetCursorPos
SetWindowPos
ScreenToClient
PostThreadMessageA
wsprintfA
MessageBoxA
TranslateMessage
GetClipboardData
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
PeekMessageA
DispatchMessageA
MsgWaitForMultipleObjects
GetSystemMetrics
UpdateWindow
SendDlgItemMessageA
SetDlgItemTextA
ShowWindow
SetForegroundWindow
SetWindowLongA
CopyIcon
DestroyCursor
GetSysColor
IsWindow
ReleaseCapture
LoadCursorA
EnableWindow
GetParent
SetCapture
RedrawWindow
InvalidateRect
ReleaseDC
GetDC
GetClientRect
GetWindowRect
SendMessageA
InflateRect
PtInRect
SetCursor
UnregisterClassA

ws2_32

inet_addr
WSAGetLastError
gethostbyname
htonl
getservbyname
htons
gethostbyaddr
ntohs
getservbyport
WSACleanup
WSACloseEvent
WSAEnumNetworkEvents
WSAConnect
WSAGetOverlappedResult
WSASend
WSAResetEvent
WSARecv
WSAEventSelect
WSASetEvent
WSACreateEvent
WSAStartup
closesocket
WSASocketA
gethostname
ntohl
sendto
bind
socket
recvfrom
accept
WSASetLastError
listen
WSAWaitForMultipleEvents
ioctlsocket
select
__WSAFDIsSet
send
recv
connect
inet_ntoa
setsockopt
shutdown
getpeername
getsockname

gdi32

CreateFontA
StretchDIBits
CreateCompatibleBitmap
EndDoc
AbortDoc
SetAbortProc
EndPage
StartPage
GetCharWidthA
EnumFontFamiliesExA
GetTextMetricsA
DPtoLP
GetMapMode
CombineRgn
SetRectRgn
PatBlt
CreateRectRgnIndirect
CreateHatchBrush
CreateSolidBrush
ExtCreatePen
CreatePen
PlayMetaFile
EnumMetaFile
GetObjectType
PlayMetaFileRecord
SelectPalette
CreateCompatibleDC
CreateBitmap
CreatePatternBrush
CreateDIBPatternBrushPt
DeleteDC
ExtSelectClipRgn
PolyBezierTo
PolylineTo
PolyDraw
ArcTo
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
StartDocA
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
SelectClipPath
CreateRectRgn
GetClipRgn
SelectClipRgn
DeleteObject
SetColorAdjustment
SetArcDirection
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
SetMapMode
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
GetDCOrgEx
CreateDCA
CopyMetaFileA
GetDeviceCaps
GetTextExtentPoint32A
GetObjectA
CreateFontIndirectA
GetStockObject
GetBkColor

comdlg32

CommDlgExtendedError
PrintDlgA
PageSetupDlgA
FindTextA
ReplaceTextA
GetOpenFileNameA
GetSaveFileNameA
GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
GetJobA
ClosePrinter

advapi32

RegDeleteKeyA
RegCreateKeyA
RegSetValueExA
RegOpenKeyA
RegQueryValueA
RegOpenKeyExA
RegQueryInfoKeyA
RegEnumKeyExA
RegQueryValueExA
RegCloseKey
RegDeleteValueA
RegEnumKeyA
RegEnumValueA
CryptReleaseContext
CryptAcquireContextA
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
RegSetValueA
RegCreateKeyExA
SetFileSecurityA
GetFileSecurityA

shell32

SHGetPathFromIDListA
DragQueryFileA
DragFinish
SHGetSpecialFolderLocation
SHGetMalloc
ShellExecuteA
SHGetFileInfoA
ExtractIconA

comctl32

ord17
PropertySheetA
DestroyPropertySheetPage
CreatePropertySheetPageA
ord13
ImageList_Write
ord14
ImageList_Destroy
ImageList_Create
ImageList_LoadImageA
ImageList_Merge
ImageList_Draw
ImageList_GetImageInfo
ImageList_Read

shlwapi

PathFindFileNameA
PathRemoveFileSpecA
PathStripToRootA
PathIsUNCA
UrlUnescapeA
PathFindExtensionA
PathRemoveExtensionA

ole32

CoTaskMemAlloc
SetConvertStg
CoTaskMemFree
CLSIDFromString
CoCreateInstance
CoDisconnectObject
OleDuplicateData
WriteFmtUserTypeStg
WriteClassStg
OleRegGetUserType
ReadFmtUserTypeStg
ReadClassStg
StringFromCLSID
CoTreatAsClass
CreateBindCtx
ReleaseStgMedium
StringFromGUID2

oleaut32

VariantCopy
SysStringLen
SysAllocStringByteLen
SysStringByteLen
VarBstrFromDate
VarBstrFromCy
VarCyFromStr
VarDecFromStr
VarBstrFromDec
VarDateFromStr
SysReAllocStringLen
SysAllocString
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayCopy
SafeArrayAllocDescriptor
SafeArrayAllocData
VariantClear
SafeArrayRedim
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocStringLen
VariantInit
VariantChangeType
SysFreeString

dbghelp

MakeSureDirectoryPathExists
ImageNtHeader

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

wininet

FtpFindFirstFileA
GopherCreateLocatorA
FtpCommandA
FtpOpenFileA
GopherGetAttributeA
HttpSendRequestExA
HttpEndRequestA
HttpSendRequestA
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
GopherFindFirstFileA
InternetGetLastResponseInfoA
InternetFindNextFileA
HttpAddRequestHeadersA
InternetErrorDlg
FtpGetFileA
FtpPutFileA
GopherOpenFileA
FtpSetCurrentDirectoryA
FtpRemoveDirectoryA
InternetConnectA
FtpRenameFileA
FtpDeleteFileA
InternetQueryDataAvailable
InternetGetCookieA
InternetSetOptionExA
InternetQueryOptionA
InternetCanonicalizeUrlA
InternetCrackUrlA
InternetSetCookieA
InternetGetConnectedState
InternetOpenA
InternetCloseHandle
InternetOpenUrlA
HttpQueryInfoA
InternetReadFile
HttpOpenRequestA
FtpGetCurrentDirectoryA
FtpCreateDirectoryA

imagehlp

CheckSumMappedFile

iphlpapi

GetBestRoute
GetIpAddrTable
GetBestInterface

rpcrt4

UuidToStringA
UuidCreate
RpcStringFreeA

Exports

Exports

CreateLiveNetworkInstance
DestroyLiveNetworkInstance
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 294KB - Virtual size: 294KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 500KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c3026e98e1cc28b840b7b1327168dc50

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

3f:ba:a1:10:b3:5d:98:65:83:3d:2d:3f:38:6b:8f:44Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

ws2_32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

dbghelp

version

wininet

imagehlp

iphlpapi

rpcrt4

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 294KB - Virtual size: 294KB

.data Size: 22KB - Virtual size: 500KB

.rsrc Size: 41KB - Virtual size: 41KB

.reloc Size: 83KB - Virtual size: 82KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

3f:ba:a1:10:b3:5d:98:65:83:3d:2d:3f:38:6b:8f:44
Certificate

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 294KB - Virtual size: 294KB

.data
Size: 22KB - Virtual size: 500KB

.rsrc
Size: 41KB - Virtual size: 41KB

.reloc
Size: 83KB - Virtual size: 82KB