4449a9913cd8f6784516939bdace931fc63305f454f68b530225e2a71b1e7e30

Sharing

Copy URL Twitter E-mail

General

Target

4449a9913cd8f6784516939bdace931fc63305f454f68b530225e2a71b1e7e30
Size

1.4MB
MD5

daf905bc7bda4913723a394417cadc0c
SHA1

ae6d0fcdf14ff9fe80fbf82a29018e65d27bd1e6
SHA256

4449a9913cd8f6784516939bdace931fc63305f454f68b530225e2a71b1e7e30
SHA512

91ddf9ba0ff46cf21f8d68e61e32b6ef91404c2190fddced9def5889a5ecc9c6b5c75d2f601010c6b577d70e62764bd0b2015c240aa86b9873a51b715e94fc3d
SSDEEP

24576:eSx56kbVN0gGdA5mRypJpThsITxHyckZQc3Lramx4/Ut7PA3UOHRxXtJ7oo4hAx4:9D6kvHGdAURypJpThsI51kZRL/x4/Ut7

Score

N/A

Malware Config

Signatures

Files

4449a9913cd8f6784516939bdace931fc63305f454f68b530225e2a71b1e7e30
.dll regsvr32 windows x86

350dd11584bcec7a710a1c6e074d729a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3f:ba:a1:10:b3:5d:98:65:83:3d:2d:3f:38:6b:8f:44
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

03/07/2009, 00:00

Not After

03/07/2011, 23:59

Subject

CN=SHANGHAI ZHONGYUAN NETWORKS LIMITED,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=SHANGHAI ZHONGYUAN NETWORKS LIMITED,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
GetFullPathNameA
lstrcmpW
lstrcatA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
FreeResource
VirtualProtect
EnumResourceLanguagesA
ConvertDefaultLocale
GetCurrentThread
GlobalReAlloc
GlobalHandle
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
SetErrorMode
GlobalFlags
GetCPInfo
GetOEMCP
GetCurrentDirectoryA
RtlUnwind
VirtualAlloc
DuplicateHandle
ExitProcess
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
ExitThread
GetFileType
IsBadReadPtr
GetCommandLineA
SetStdHandle
HeapSize
SetUnhandledExceptionFilter
LCMapStringW
VirtualFree
IsBadWritePtr
GetCurrentProcessId
GetTimeZoneInformation
UnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetStartupInfoA
GetStringTypeA
GetStringTypeW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
IsBadCodePtr
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetLocaleInfoW
SetEnvironmentVariableA
FlushFileBuffers
FileTimeToLocalFileTime
GlobalFree
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
GetLocalTime
GlobalMemoryStatus
OpenFile
HeapCreate
HeapDestroy
GetSystemInfo
lstrcpynA
TerminateProcess
lstrcmpA
CopyFileA
GetLogicalDriveStringsA
GetDriveTypeA
SetFileAttributesA
LCMapStringA
InterlockedCompareExchange
QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentThreadId
GetVolumeInformationA
InitializeCriticalSectionAndSpinCount
LoadLibraryExA
DeviceIoControl
FindFirstFileA
FindNextFileA
FindClose
MoveFileA
CreateFileA
LockFile
WriteFile
UnlockFile
ReadFile
GetFileSize
SetFilePointer
SetEndOfFile
CreateThread
ResumeThread
LocalFree
LocalAlloc
ResetEvent
TerminateThread
GetExitCodeThread
lstrcpyA
CreateEventA
SetLastError
GetFileAttributesA
GetFileTime
FileTimeToSystemTime
GetDiskFreeSpaceExA
DeleteFileA
RemoveDirectoryA
CreateDirectoryA
InterlockedExchangeAdd
Sleep
InterlockedDecrement
GetModuleHandleA
GetModuleFileNameA
OutputDebugStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
SetEvent
InterlockedIncrement
FindResourceExA
CreateProcessA
CompareStringW
CompareStringA
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
GetPrivateProfileStringA
OpenMutexA
CloseHandle
WaitForSingleObject
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
FreeLibrary
lstrlenA
lstrcmpiA
GetVersion
FindResourceA
LoadResource
LockResource
SizeofResource
GetLastError
RaiseException
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetTickCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
VirtualQuery
InitializeCriticalSection

user32

DestroyMenu
LoadCursorA
GetSysColorBrush
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
ValidateRect
SetCursor
PostQuitMessage
MapDialogRect
GetActiveWindow
GetAsyncKeyState
EndPaint
BeginPaint
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
ReleaseDC
GetDC
GetDesktopWindow
ShowWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextA
GetForegroundWindow
SetActiveWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
LoadIconA
MapWindowPoints
CharUpperA
UnregisterClassA
PostThreadMessageA
PostMessageA
IsWindow
MessageBoxA
MsgWaitForMultipleObjects
DispatchMessageA
PeekMessageA
GetParent
GetMenuItemCount
GetKeyState
SetForegroundWindow
GetClientRect
GetMenu
AdjustWindowRectEx
GetClassInfoA
RegisterClassA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SystemParametersInfoA
IsIconic
GetWindowPlacement
CopyRect
PtInRect
GetLastActivePopup
IsWindowEnabled
UnhookWindowsHookEx
GetMenuState
GetSubMenu
GetFocus
GetMenuItemID
ModifyMenuA
GetWindow
SetDlgItemTextA
SendDlgItemMessageA
UpdateWindow
wsprintfA
GetMessageA
SendMessageA
GetWindowRect
ScreenToClient
EnableWindow
SetWindowPos
GetSysColor
GetCursorPos
GetSystemMetrics
TranslateMessage
IsWindowVisible
SetTimer
SetWindowLongA
GetWindowLongA
KillTimer

gdi32

EnumFontFamiliesExA
GetStockObject
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
GetObjectA
RectVisible
PtVisible
DeleteObject
SetMapMode
SetBkMode
RestoreDC
SaveDC
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
GetTextExtentPoint32A
TextOutA

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegQueryValueA
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
RegSetValueExA
RegCreateKeyA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyA
RegQueryInfoKeyA
RegEnumValueA
CryptDestroyHash
CryptGetHashParam
CryptHashData
RegCreateKeyExA
RegCloseKey
CryptReleaseContext
CryptCreateHash

shell32

SHGetSpecialFolderLocation
SHGetMalloc
SHGetPathFromIDListA

comctl32

ord17
ImageList_Destroy
PropertySheetA
DestroyPropertySheetPage
CreatePropertySheetPageA

shlwapi

UrlUnescapeA
PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA

ws2_32

getservbyport
ntohs
gethostbyaddr
htons
getservbyname
WSACleanup
inet_ntoa
gethostbyname
WSAGetLastError
WSASend
WSARecv
WSACloseEvent
WSAEnumNetworkEvents
WSAConnect
htonl
WSAEventSelect
WSASetEvent
WSACreateEvent
WSAStartup
closesocket
WSASocketA
setsockopt
shutdown
inet_addr
WSAResetEvent
recvfrom
sendto
gethostname
ioctlsocket
select
__WSAFDIsSet
send
recv
connect
socket
bind
getsockname
listen
WSAWaitForMultipleEvents
WSAGetOverlappedResult

ole32

CoCreateGuid
StringFromCLSID
CoTaskMemFree

oleaut32

SysAllocString
SystemTimeToVariantTime
VarDateFromStr
VariantClear
VariantChangeType
VariantInit
SysFreeString

wininet

InternetCanonicalizeUrlA
InternetCrackUrlA
InternetGetLastResponseInfoA
InternetGetConnectedState
InternetOpenA
InternetCloseHandle
InternetOpenUrlA
HttpQueryInfoA
InternetReadFile
InternetSetCookieA

winmm

timeGetTime

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Exports

Exports

CreatePublicVodInstance
CreateVodInstance
CreateVodInstanceByPPSAP
CreateVodInstanceByPPSDownloader
DestroyVodInstance
Disconnect
DllRegisterServer
DllUnregisterServer
EventNotify
GetChannelName
GetChannelOnlineCount
GetHttpURL
GetHttpURL2
GetPlayingURL
GetRecvWndMsgThreadID
GetStatus
GetStreamingType
PlayURL
PlayURLForTest
SetEchoSvr
SetParam
SetParamEx
ShowPropertyDlg
StopFile

Sections

.text
Size: 959KB - Virtual size: 959KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 161KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 216KB - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

350dd11584bcec7a710a1c6e074d729a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

3f:ba:a1:10:b3:5d:98:65:83:3d:2d:3f:38:6b:8f:44Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ws2_32

ole32

oleaut32

wininet

winmm

version

Exports

Exports

Sections

.text Size: 959KB - Virtual size: 959KB

.rdata Size: 161KB - Virtual size: 160KB

.data Size: 10KB - Virtual size: 173KB

.rsrc Size: 216KB - Virtual size: 215KB

.reloc Size: 76KB - Virtual size: 75KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

3f:ba:a1:10:b3:5d:98:65:83:3d:2d:3f:38:6b:8f:44
Certificate

.text
Size: 959KB - Virtual size: 959KB

.rdata
Size: 161KB - Virtual size: 160KB

.data
Size: 10KB - Virtual size: 173KB

.rsrc
Size: 216KB - Virtual size: 215KB

.reloc
Size: 76KB - Virtual size: 75KB