3ae6806a8da931c543d2dcbe19451d68e8a4abd8f70784921271fcc39f7ab274

Sharing

Copy URL Twitter E-mail

General

Target

3ae6806a8da931c543d2dcbe19451d68e8a4abd8f70784921271fcc39f7ab274
Size

1.9MB
MD5

7bb9821d364f08a17dece3cabd16bf35
SHA1

6edc0f9ed3599975bea7eacf7defd1471596a094
SHA256

3ae6806a8da931c543d2dcbe19451d68e8a4abd8f70784921271fcc39f7ab274
SHA512

7e947e2fa7ec0d2fc202d41ec367773808b8ff9c175d1b941a4cda497d5532acecad3f5fc2e85a01ae80c980c28b84528030f3847ed5941daf96f1230ce39297
SSDEEP

24576:dBToHV1MfjIH1xLwVpA3gWtU5nn/B4HCzFFSatRusYsqleJBoLVw0AngeGOBif7o:dyVW+1x8DAptW547atYYJ220efDfDP

Score

N/A

Malware Config

Signatures

Files

3ae6806a8da931c543d2dcbe19451d68e8a4abd8f70784921271fcc39f7ab274
.exe windows x86

851d091b5eeaa0389c8b2287b69a6a94

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1e:2e:72:ef:a5:cc:0d:52:89:df:f5:3d:a8:7a:35:eb
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

13/08/2012, 00:00

Not After

13/08/2015, 23:59

Subject

CN=VNG Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=VNG Corporation,L=Ho Chi Minh,ST=Vietnam,C=VN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3f:f6:1f:d1:d7:6a:30:1b:b8:dd:49:f6:a9:a3:bf:c4:3c:8f:7c:e9
Signer

Actual PE Digest

3f:f6:1f:d1:d7:6a:30:1b:b8:dd:49:f6:a9:a3:bf:c4:3c:8f:7c:e9

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=VNG Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=VNG Corporation,L=Ho Chi Minh,ST=Vietnam,C=VN

05/03/2014, 10:27
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
RtlUnwind
RaiseException
ExitProcess
SetStdHandle
GetFileType
HeapSize
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetTimeFormatA
GetTimeZoneInformation
LCMapStringA
GetStartupInfoW
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetCurrentDirectoryA
GetDriveTypeA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
MultiByteToWideChar
GetVolumeInformationW
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
GetProcessHeap
InterlockedCompareExchange
CreateToolhelp32Snapshot
VirtualAllocEx
ReadProcessMemory
VirtualFreeEx
RemoveDirectoryW
GetLocalTime
lstrcpynW
SetErrorMode
GetFileTime
GetFileSizeEx
SetFileTime
LCMapStringW
FlushFileBuffers
SetFilePointer
ReadFile
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
GlobalFlags
GetThreadLocale
FindFirstFileW
FileTimeToLocalFileTime
FindNextFileW
FindClose
GetModuleHandleA
GetCurrentProcessId
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
GetLocaleInfoW
LoadLibraryExW
CompareStringA
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
TlsGetValue
InterlockedIncrement
lstrlenA
lstrcmpA
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
LoadLibraryA
GetVersionExA
SetLastError
LocalFree
MulDiv
GetVersionExW
SetFileAttributesW
GlobalMemoryStatus
FreeLibrary
GetDiskFreeSpaceW
GetProcAddress
GetDriveTypeW
GetLogicalDrives
LoadLibraryW
CompareStringW
WinExec
lstrcatW
GetCurrentDirectoryW
GetSystemDirectoryW
DeviceIoControl
InterlockedDecrement
LocalAlloc
FormatMessageW
Sleep
GlobalFree
GlobalUnlock
FreeResource
GlobalLock
GlobalAlloc
GetModuleHandleW
FileTimeToSystemTime
GetSystemTimeAsFileTime
GetFileAttributesW
DeleteFileW
SystemTimeToFileTime
GetTickCount
MoveFileExW
CopyFileW
WriteFile
CreateProcessW
TerminateThread
CreateFileW
lstrcmpiW
GetFullPathNameW
WaitForSingleObject
CreateThread
InterlockedExchange
LeaveCriticalSection
EnterCriticalSection
CreateDirectoryW
CreateMutexW
SetCurrentDirectoryW
GetModuleFileNameW
GetLastError
WideCharToMultiByte
lstrlenW
CloseHandle
OpenProcess
lstrcmpW
lstrcpyW
FindResourceW
LoadResource
LockResource
SizeofResource
GetDateFormatA

user32

EndPaint
BeginPaint
GetWindowDC
DestroyMenu
GetWindowThreadProcessId
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
MessageBeep
GetNextDlgGroupItem
GetActiveWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
MoveWindow
SetWindowTextW
SetWindowContextHelpId
MapDialogRect
GetDesktopWindow
SetCapture
InvalidateRgn
IsWindowEnabled
SetRect
IsRectEmpty
CopyAcceleratorTableW
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
GetPropW
RemovePropW
GetFocus
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
PeekMessageW
MapWindowPoints
TrackPopupMenu
GetKeyState
SetMenu
IsWindowVisible
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
FindWindowW
GetMessageW
DispatchMessageW
AdjustWindowRectEx
EqualRect
CallWindowProcW
CopyRect
GetMenu
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetMenuState
CharNextW
GetSysColorBrush
RegisterClipboardFormatW
CharUpperW
UnregisterClassW
PostThreadMessageW
SetPropW
TranslateMessage
SetForegroundWindow
IsDialogMessageW
SendMessageW
LoadIconW
EnumWindows
EnumChildWindows
GetSystemMenu
AppendMenuW
SetWindowLongW
GetWindowLongW
SetLayeredWindowAttributes
GetParent
ShowWindow
PostMessageW
GetWindow
GetDlgCtrlID
GetWindowRect
SetActiveWindow
SetWindowRgn
PostQuitMessage
SetTimer
BringWindowToTop
FindWindowExW
GetCursorPos
ClientToScreen
GetSubMenu
EnableWindow
LoadImageW
GetDC
ReleaseDC
ReleaseCapture
SetWindowPos
UpdateLayeredWindow
GetClientRect
GetDlgItem
GetDlgItemTextW
GetMenuItemID
GetMenuItemCount
GrayStringW
DrawTextExW
TabbedTextOutW
RedrawWindow
DrawTextW
WindowFromPoint
IsWindow
GetSysColor
SetCursor
PtInRect
ScreenToClient
GetMessagePos
TrackMouseEvent
KillTimer
wsprintfW
MessageBoxW
SetDlgItemTextW
UpdateWindow
InvalidateRect
InflateRect
FrameRect
GetSystemMetrics
RegisterClassExW
LoadCursorW
DefWindowProcW
OffsetRect

gdi32

ScaleWindowExtEx
ExtSelectClipRgn
CreatePen
SetWindowExtEx
GetMapMode
GetBkColor
GetTextColor
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
GetWindowExtEx
GetViewportExtEx
SelectClipRgn
SetMapMode
SetBkMode
RestoreDC
SaveDC
CreateBitmap
GetRgnBox
CreateRectRgnIndirect
SetBkColor
SetTextColor
GetClipBox
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
CreateBrushIndirect
CreateSolidBrush
GetTextExtentPoint32W
CreateFontIndirectW
GetStockObject
CreateCompatibleBitmap
SetBitmapBits
GetBitmapBits
GetDeviceCaps
GetObjectW
SetDIBColorTable
GetDIBColorTable
StretchBlt
CreateDIBSection
CombineRgn
CreateRectRgn
SelectObject
DeleteObject
BitBlt
MoveToEx
DeleteDC
CreateCompatibleDC
LineTo

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegDeleteValueW
RegOpenKeyW
RegEnumKeyW
RegEnumKeyExW
RegQueryValueW
RegSetValueExW
RegOpenKeyExW
RegDeleteKeyW
RegCloseKey
RegQueryValueExW
RegCreateKeyExW

shell32

ShellExecuteW
Shell_NotifyIconW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFolderPathW

shlwapi

PathFileExistsW
PathRemoveFileSpecW
PathAppendW
StrFormatByteSizeW
PathFindFileNameW
PathFindExtensionW
PathStripToRootW
StrChrW
PathIsUNCW

oledlg

OleUIBusyW

ole32

CLSIDFromString
CLSIDFromProgID
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
CoTaskMemAlloc
CoTaskMemFree
CoGetMalloc
CoInitializeEx
CoSetProxyBlanket
CreateStreamOnHGlobal
CoUninitialize
CoInitialize
CoCreateInstance
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

VarDateFromStr
VariantTimeToSystemTime
SysAllocString
SysFreeString
VariantClear
VariantInit
SysStringLen
SysAllocStringLen
VariantChangeType
SystemTimeToVariantTime
SafeArrayDestroy
OleCreateFontIndirect
VariantCopy

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

gdiplus

GdipDisposeImage
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipCreateFromHDC
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipCreateSolidFill
GdipDrawString
GdipDrawImageI
GdipCreateFontFamilyFromName
GdipGetGenericFontFamilySansSerif
GdipDeleteFontFamily
GdipCreateFont
GdipDeleteFont
GdipCloneImage
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipBitmapLockBits
GdipBitmapUnlockBits
GdiplusStartup
GdipDeleteBrush
GdipAlloc
GdipFree
GdiplusShutdown
GdipReleaseDC
GdipDrawImagePointRectI

wsock32

ioctlsocket
gethostbyname
gethostname
WSAStartup
inet_addr

iphlpapi

GetAdaptersInfo
SendARP

psapi

EnumProcessModules
EnumProcesses
GetModuleBaseNameW

wininet

InternetReadFile
HttpQueryInfoW
InternetCloseHandle
InternetOpenUrlW
InternetOpenW
DeleteUrlCacheEntryW

Sections

.text
Size: 442KB - Virtual size: 441KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

851d091b5eeaa0389c8b2287b69a6a94

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

1e:2e:72:ef:a5:cc:0d:52:89:df:f5:3d:a8:7a:35:ebCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

3f:f6:1f:d1:d7:6a:30:1b:b8:dd:49:f6:a9:a3:bf:c4:3c:8f:7c:e9Signer

Signature Validations

Verification

05/03/2014, 10:27 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

oledlg

ole32

oleaut32

version

gdiplus

wsock32

iphlpapi

psapi

wininet

Sections

.text Size: 442KB - Virtual size: 441KB

.rdata Size: 106KB - Virtual size: 105KB

.data Size: 13KB - Virtual size: 30KB

.rsrc Size: 1.3MB - Virtual size: 1.3MB

.reloc Size: 49KB - Virtual size: 49KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

1e:2e:72:ef:a5:cc:0d:52:89:df:f5:3d:a8:7a:35:eb
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

3f:f6:1f:d1:d7:6a:30:1b:b8:dd:49:f6:a9:a3:bf:c4:3c:8f:7c:e9
Signer

05/03/2014, 10:27
Valid: false

.text
Size: 442KB - Virtual size: 441KB

.rdata
Size: 106KB - Virtual size: 105KB

.data
Size: 13KB - Virtual size: 30KB

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 49KB - Virtual size: 49KB