c381f78e84b557f41688027a37c841dcb38580c060976f5cbe40ba5a420e2b83

Sharing

Copy URL Twitter E-mail

General

Target

c381f78e84b557f41688027a37c841dcb38580c060976f5cbe40ba5a420e2b83
Size

97KB
MD5

e35ad110c6e17d77bc84131f0997ec52
SHA1

82318b4f8d1ede83b1e848b81d4b347e5aa3bbaa
SHA256

c381f78e84b557f41688027a37c841dcb38580c060976f5cbe40ba5a420e2b83
SHA512

10e325267565686ea3d4ff81b7df323d6faec864f9871bd98fdc66e99ae5c131dc04a6b3779b6cad4b97e3e31348e25755b0dce89e555d70976856ccdbb51d6f
SSDEEP

1536:pY53HFHJWFzc0uyOxMfD1HybPC82uP2Z3GOpBMlSFu1Ssa:gpgzctDwuOEOpBMlSFD9

Score

N/A

Malware Config

Signatures

Files

c381f78e84b557f41688027a37c841dcb38580c060976f5cbe40ba5a420e2b83
.exe windows x86

41696c4bdcdf4fe19444365ef05aa167

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

07:e2:51:4c:ed:6a:6c:b6:1e:6f:88:f1:f9:54:2b:41
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

16/07/2012, 00:00

Not After

16/07/2013, 23:59

Subject

CN=PPStream Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=PPStream Inc.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5e:48:e9:76:13:04:f9:26:ef:b8:b2:35:f7:19:a4:6b:11:a0:06:27
Signer

Actual PE Digest

5e:48:e9:76:13:04:f9:26:ef:b8:b2:35:f7:19:a4:6b:11:a0:06:27

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=PPStream Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=PPStream Inc.,L=Shanghai,ST=Shanghai,C=CN

07/06/2013, 07:32
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExW
Sleep
GetLastError
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
GetProcessHeap
HeapAlloc
HeapFree
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
WaitForSingleObject
MultiByteToWideChar
lstrlenA
lstrlenW
HeapReAlloc
GetTempPathW
CreateProcessW
RaiseException
CreateDirectoryW
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetStartupInfoW
RtlUnwind
GetCurrentProcess
GetOEMCP
ReadFile
SetEndOfFile
GetCPInfo
CreateFileW
SetFilePointer
FlushFileBuffers
SetStdHandle
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
GetStringTypeA
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameW
TerminateProcess
UnhandledExceptionFilter
GetStdHandle
LCMapStringW
LCMapStringA
WriteFile
CloseHandle
IsBadWritePtr
VirtualFree
HeapCreate
SetUnhandledExceptionFilter
GetModuleFileNameA
GetVersionExA
HeapDestroy
HeapSize
ExitProcess
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetModuleHandleA
GetSystemTimeAsFileTime

shlwapi

PathRemoveFileSpecW
PathIsDirectoryW

ws2_32

WSASetLastError
closesocket
WSAStartup
WSACreateEvent
WSASetEvent
WSAEventSelect
WSARecv
WSAResetEvent
WSASend
WSAGetOverlappedResult
WSAConnect
WSAEnumNetworkEvents
WSACloseEvent
WSACleanup
getservbyport
ntohs
gethostbyaddr
htons
getservbyname
htonl
inet_ntoa
gethostbyname
WSAGetLastError
inet_addr
WSASocketW

wininet

InternetGetLastResponseInfoW
InternetOpenW
InternetSetOptionW
InternetOpenUrlW
InternetCloseHandle
HttpQueryInfoW
InternetQueryOptionW
InternetReadFile

Sections

.text
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

41696c4bdcdf4fe19444365ef05aa167

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

07:e2:51:4c:ed:6a:6c:b6:1e:6f:88:f1:f9:54:2b:41Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

5e:48:e9:76:13:04:f9:26:ef:b8:b2:35:f7:19:a4:6b:11:a0:06:27Signer

Signature Validations

Verification

07/06/2013, 07:32 Valid: false

Headers

File Characteristics

Imports

kernel32

shlwapi

ws2_32

wininet

Sections

.text Size: 70KB - Virtual size: 69KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 3KB - Virtual size: 9KB

.rsrc Size: 6KB - Virtual size: 6KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

07:e2:51:4c:ed:6a:6c:b6:1e:6f:88:f1:f9:54:2b:41
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

5e:48:e9:76:13:04:f9:26:ef:b8:b2:35:f7:19:a4:6b:11:a0:06:27
Signer

07/06/2013, 07:32
Valid: false

.text
Size: 70KB - Virtual size: 69KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 3KB - Virtual size: 9KB

.rsrc
Size: 6KB - Virtual size: 6KB