118ae314d0a41b634e9c0b225d46f85d20dcdd9e7200f01192ff3ca7af5cd0a0

Sharing

Copy URL Twitter E-mail

General

Target

118ae314d0a41b634e9c0b225d46f85d20dcdd9e7200f01192ff3ca7af5cd0a0
Size

4.3MB
MD5

be88d72be6d855a808f525ebd2170225
SHA1

f683c3e4af41d63cad528f59d25c4e5361be08bf
SHA256

118ae314d0a41b634e9c0b225d46f85d20dcdd9e7200f01192ff3ca7af5cd0a0
SHA512

3fd905c00385e2db5213c5f62d5ddf2a8e35e891a6e0ff592d9b4979fd1ad36549cce344c71325c77a753832d41f674d8bf9d0b1438db5685499ed6f72600d1e
SSDEEP

98304:jiNP0+o1i9NAaOVinE+QXvSmEQvmozmy7ry5sEC5u1xzqLKzz:MPto1P+QfJmoG5CYD2LKzz

Score

N/A

Malware Config

Signatures

Files

118ae314d0a41b634e9c0b225d46f85d20dcdd9e7200f01192ff3ca7af5cd0a0
.exe windows x86

28ff2ebd4eee61de30bbcb30ba19bb41

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

fa:33:b7:9d:d4:96:cf:d1:0c:84:65:39:a4:9d:63:b5
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

20/09/2011, 11:04

Not After

20/09/2026, 23:59

Subject

CN=Certum Code Signing CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:05:33:69:53:6b:4b:a0:61:c2:cc:a2:7f:5b:54:7f
Certificate

Issuer

CN=Certum Code Signing CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

30/04/2014, 09:41

Not After

30/04/2015, 09:41

Subject

CN=SHISHI LIU,O=SHISHI LIU,C=CN,1.2.840.113549.1.9.1=#0c103330343230393836384071712e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment

39:db:87:10:f2:0c:72:03:e1:ef:e8:d3:8d:09:61:5c:2f:40:18:87
Signer

Actual PE Digest

39:db:87:10:f2:0c:72:03:e1:ef:e8:d3:8d:09:61:5c:2f:40:18:87

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=SHISHI LIU,O=SHISHI LIU,C=CN,1.2.840.113549.1.9.1=#0c103330343230393836384071712e636f6d

27/12/2014, 10:46
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleMode
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
RtlUnwind
RaiseException
ExitThread
CreateThread
ExitProcess
HeapSize
SetStdHandle
GetFileType
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapDestroy
GetConsoleCP
VirtualFree
QueryPerformanceCounter
CreateFileA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetCPInfo
GetACP
GetOEMCP
GetTimeZoneInformation
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetCurrentDirectoryA
GetDriveTypeA
SetEnvironmentVariableA
GetStartupInfoW
GetProcessHeap
HeapAlloc
HeapFree
SetErrorMode
GetVolumeInformationW
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
ReadFile
GetFullPathNameW
GetFileTime
InterlockedIncrement
TlsFree
LocalReAlloc
GlobalHandle
GlobalReAlloc
GetThreadLocale
GlobalGetAtomNameW
GlobalFlags
lstrlenA
LocalAlloc
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetCurrentThread
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileW
CreateEventW
SetEvent
WaitForSingleObject
SetThreadPriority
InterlockedDecrement
GetCurrentProcessId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LoadLibraryA
lstrcmpW
GetVersionExA
LocalFree
MulDiv
GetModuleHandleA
GlobalFree
SetLastError
TlsAlloc
FreeResource
GlobalUnlock
GlobalAlloc
GlobalLock
WritePrivateProfileStringW
lstrcpyW
WriteProcessMemory
VirtualAllocEx
lstrlenW
TerminateProcess
GetVersionExW
ReadProcessMemory
VirtualFreeEx
OpenProcess
GetCurrentProcess
Sleep
LocalFileTimeToFileTime
SetFileAttributesW
ResumeThread
SuspendThread
DeleteFileW
CloseHandle
GetCurrentThreadId
lstrcatW
LockResource
FindClose
GetProcAddress
GetLastError
GetTempPathW
MultiByteToWideChar
CreateFileW
GetModuleFileNameW
GetFileAttributesW
FormatMessageW
SizeofResource
LoadLibraryW
WideCharToMultiByte
TlsSetValue
WriteFile
SetFileTime
GetTickCount
GetModuleHandleW
CreateDirectoryW
LoadResource
FreeLibrary
FindResourceW
TlsGetValue
FindFirstFileW
HeapCreate
DosDateTimeToFileTime

user32

InsertMenuItemW
CreatePopupMenu
SetRectEmpty
BringWindowToTop
SetMenu
TranslateAcceleratorW
InvalidateRgn
SetRect
CopyAcceleratorTableW
UnregisterClassW
DestroyMenu
GetMenuItemInfoW
InflateRect
GetSysColorBrush
ShowOwnedPopups
PostQuitMessage
ReleaseCapture
SetCapture
KillTimer
SetWindowRgn
IsRectEmpty
SystemParametersInfoW
GetMessageW
GetCursorPos
ValidateRect
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
GetLastActivePopup
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
LoadAcceleratorsW
TrackPopupMenu
GetKeyState
GetScrollRange
SetForegroundWindow
ShowScrollBar
GetMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
CopyRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
LoadMenuW
ReuseDDElParam
UnpackDDElParam
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetSysColor
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
ScreenToClient
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
GetWindowTextLengthW
GetWindowTextW
GetScrollPos
SetScrollPos
CharNextW
MapDialogRect
SetWindowContextHelpId
PostThreadMessageW
MessageBeep
GetNextDlgGroupItem
GetWindow
SetFocus
SetMenuItemBitmaps
RegisterClipboardFormatW
ScrollWindow
CharUpperW
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
UpdateWindow
UpdateLayeredWindow
GetDC
ReleaseDC
SetCursor
SetTimer
GetParent
LoadCursorW
PtInRect
TranslateMessage
PeekMessageW
DispatchMessageW
FindWindowW
InvalidateRect
GetWindowLongW
SetWindowLongW
SetLayeredWindowAttributes
FindWindowExW
MessageBoxW
GetWindowThreadProcessId
IsWindowVisible
IsIconic
DrawIcon
GetClientRect
LoadIconW
GetSystemMetrics
PostMessageW
GetWindowRect
FillRect
SendMessageW
EnableWindow
SetScrollRange
UnregisterClassA

gdi32

CreateEllipticRgn
LPtoDP
Ellipse
GetTextExtentPoint32W
CreateRectRgnIndirect
GetMapMode
GetRgnBox
GetBkColor
GetTextColor
GetPixel
GetWindowExtEx
GetViewportExtEx
GetDeviceCaps
GetStockObject
CreatePatternBrush
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW
RectVisible
CreateSolidBrush
GetClipBox
SetMapMode
SetTextColor
SetBkMode
SetBkColor
RestoreDC
SaveDC
CreateBitmap
DeleteDC
CreateDIBSection
SelectObject
CreateFontIndirectW
GetObjectW
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
DeleteObject
PtVisible

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

advapi32

RegCreateKeyExW
RegQueryValueW
RegEnumKeyW
RegOpenKeyW
RegDeleteKeyW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW

shell32

ShellExecuteW
SHGetSpecialFolderPathW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetDesktopFolder
SHBindToParent
DragQueryFileW
DragFinish

comctl32

InitCommonControlsEx
_TrackMouseEvent

shlwapi

PathFileExistsW
StrRetToBufW
StrRetToStrW
PathFindExtensionW
PathFindFileNameW
UrlUnescapeW
PathStripToRootW
PathIsUNCW

oledlg

OleUIBusyW

ole32

OleFlushClipboard
OleIsCurrentClipboard
CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemFree
CreateStreamOnHGlobal
CoTaskMemAlloc
CoRegisterMessageFilter
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CLSIDFromProgID
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject

oleaut32

OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocString
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SysFreeString
SysStringLen

urlmon

URLDownloadToFileW

gdiplus

GdipAlloc
GdipCreateFont
GdipDeletePath
GdipDrawString
GdipCreateFontFamilyFromName
GdipCreateFromHDC
GdipCreateStringFormat
GdipCreatePath
GdipReleaseDC
GdipDeleteStringFormat
GdipGetImageHeight
GdipDrawImageRectRectI
GdipGetImageWidth
GdipSetSmoothingMode
GdipCreateSolidFill
GdiplusStartup
GdipLoadImageFromStream
GdipBitmapSetPixel
GdipCreateBitmapFromScan0
GdipLoadImageFromFile
GdipDisposeImage
GdipBitmapGetPixel
GdipFillRectangleI
GdipCloneImage
GdipMeasureString
GdipSetStringFormatAlign
GdipDeleteGraphics
GdiplusShutdown
GdipDeleteFontFamily
GdipDeleteFont
GdipCloneBrush
GdipDeleteBrush
GdipFree

wininet

InternetQueryDataAvailable
InternetQueryOptionW
InternetCanonicalizeUrlW
InternetCrackUrlW
InternetOpenUrlW
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetOpenW
InternetGetLastResponseInfoW
InternetCloseHandle
DeleteUrlCacheEntryW

psapi

GetModuleFileNameExW
EnumProcesses

Sections

.text
Size: 344KB - Virtual size: 340KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

28ff2ebd4eee61de30bbcb30ba19bb41

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

fa:33:b7:9d:d4:96:cf:d1:0c:84:65:39:a4:9d:63:b5Certificate

Extended Key Usages

Key Usages

33:05:33:69:53:6b:4b:a0:61:c2:cc:a2:7f:5b:54:7fCertificate

Extended Key Usages

Key Usages

39:db:87:10:f2:0c:72:03:e1:ef:e8:d3:8d:09:61:5c:2f:40:18:87Signer

Signature Validations

Verification

27/12/2014, 10:46 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

urlmon

gdiplus

wininet

psapi

Sections

.text Size: 344KB - Virtual size: 340KB

.rdata Size: 96KB - Virtual size: 95KB

.data Size: 16KB - Virtual size: 29KB

.rsrc Size: 3.8MB - Virtual size: 3.8MB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

fa:33:b7:9d:d4:96:cf:d1:0c:84:65:39:a4:9d:63:b5
Certificate

33:05:33:69:53:6b:4b:a0:61:c2:cc:a2:7f:5b:54:7f
Certificate

39:db:87:10:f2:0c:72:03:e1:ef:e8:d3:8d:09:61:5c:2f:40:18:87
Signer

27/12/2014, 10:46
Valid: false

.text
Size: 344KB - Virtual size: 340KB

.rdata
Size: 96KB - Virtual size: 95KB

.data
Size: 16KB - Virtual size: 29KB

.rsrc
Size: 3.8MB - Virtual size: 3.8MB