e4152ca924b79782ccf1a0608c11be14dc158c8dfe6c1d369f53346b2c3c95ae

Sharing

Copy URL

Twitter E-mail

General

Target

e4152ca924b79782ccf1a0608c11be14dc158c8dfe6c1d369f53346b2c3c95ae
Size

997KB
MD5

3117f37b4de68b1f636692e77c2040f0
SHA1

f5eadcda13224c9c5c9ec3cd57f8493e01e56581
SHA256

e4152ca924b79782ccf1a0608c11be14dc158c8dfe6c1d369f53346b2c3c95ae
SHA512

da5c04f85ebeb578fdac9bc952ed5a74326967ed074839a29ec47cf8cca4bcb374731d21f0c9a266d54eb5c2be9406316c460b74e0aca2718351bae9a2e61247
SSDEEP

12288:xAHUuGYlk9Qz78atIo7NKJ5Pqf3yl+6itzV5mujee+Dv+rssQVD11Cmcckq:xSUQL7H7NKJbE6itR5m3ebrWUmR

Score

N/A

Malware Config

Signatures

Files

e4152ca924b79782ccf1a0608c11be14dc158c8dfe6c1d369f53346b2c3c95ae
.dll windows x86

c885ba32c6dbb2238e87640375b18052

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

59:a8:81:79:c1:49:1a:88:6c:4a:07:6c:ae:f4:dc:81
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

12/08/2013, 00:00

Not After

11/10/2015, 23:59

Subject

CN=广东一一五科技有限公司,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=运营中心,O=广东一一五科技有限公司,L=东莞,ST=广东,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

be:01:8c:7e:24:64:18:db:75:f7:73:2d:76:ad:30:af:85:ed:27:cd
Signer

Actual PE Digest

be:01:8c:7e:24:64:18:db:75:f7:73:2d:76:ad:30:af:85:ed:27:cd

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=广东一一五科技有限公司,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=运营中心,O=广东一一五科技有限公司,L=东莞,ST=广东,C=CN

20/08/2014, 08:50
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

zlibwapi

ord135
ord82
ord83
ord84
ord130

kernel32

GetDriveTypeA
GetTempPathW
GetFileAttributesW
GetLastError
WideCharToMultiByte
MultiByteToWideChar
GetTickCount
GetFileAttributesA
GetModuleFileNameA
GetCurrentThreadId
GetDiskFreeSpaceExA
GetLogicalDriveStringsA
Sleep
CreateMutexW
CloseHandle
WaitForSingleObject
ReleaseMutex
FindClose
FileTimeToDosDateTime
FileTimeToLocalFileTime
FindFirstFileA
QueryPerformanceCounter
CreateEventW
SetEvent
GetConsoleOutputCP
WriteConsoleA
CreateFileW
SetEndOfFile
GetTimeZoneInformation
GetProcessHeap
CreateFileA
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
InitializeCriticalSectionAndSpinCount
LoadLibraryA
SetStdHandle
FlushFileBuffers
HeapReAlloc
VirtualAlloc
GetConsoleMode
GetConsoleCP
IsValidCodePage
GetOEMCP
GetACP
LoadLibraryW
GetCurrentDirectoryA
HeapSize
GetModuleHandleA
GetCurrentProcessId
VirtualFree
HeapDestroy
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetLocaleInfoW
RaiseException
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedCompareExchange
GetLocaleInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
RtlUnwind
SetEnvironmentVariableA
FileTimeToSystemTime
GetDriveTypeW
FindFirstFileW
WriteConsoleW
GetFileType
GetStdHandle
GetModuleFileNameW
GetLocalTime
DeleteFileW
MoveFileW
CreateDirectoryW
ExitThread
CreateThread
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
GetFullPathNameW
FindNextFileW
ReadFile
SetFilePointer
GetModuleHandleW
GetProcAddress
ExitProcess
LCMapStringA
LCMapStringW
GetCPInfo
GetTimeFormatA
GetDateFormatA
CompareStringA
CompareStringW
GetStringTypeW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
WriteFile
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings

user32

MessageBoxA
PostMessageW
DefWindowProcW
SetWindowLongW

comdlg32

GetOpenFileNameW

shell32

SHGetPathFromIDListW
ShellExecuteA
ShellExecuteW
ShellExecuteExW
SHGetFolderPathW
SHGetFolderPathA
SHBrowseForFolderW

ws2_32

closesocket
send
sendto
shutdown
inet_addr
setsockopt
WSAStartup
socket
recvfrom
recv
ioctlsocket
WSAGetLastError
__WSAFDIsSet
select
connect
htons
gethostbyname
getsockname
getpeername
getsockopt

iphlpapi

GetAdaptersInfo

Exports

Exports

NP_GetEntryPoints
NP_GetMIMEDescription
NP_Initialize
NP_Shutdown

Sections

.text
Size: 815KB - Virtual size: 814KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c885ba32c6dbb2238e87640375b18052

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

59:a8:81:79:c1:49:1a:88:6c:4a:07:6c:ae:f4:dc:81Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

be:01:8c:7e:24:64:18:db:75:f7:73:2d:76:ad:30:af:85:ed:27:cdSigner

Signature Validations

Verification

20/08/2014, 08:50 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

zlibwapi

kernel32

user32

comdlg32

shell32

ws2_32

iphlpapi

Exports

Exports

Sections

.text Size: 815KB - Virtual size: 814KB

.rdata Size: 118KB - Virtual size: 117KB

.data Size: 14KB - Virtual size: 45KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 39KB - Virtual size: 39KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

59:a8:81:79:c1:49:1a:88:6c:4a:07:6c:ae:f4:dc:81
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

be:01:8c:7e:24:64:18:db:75:f7:73:2d:76:ad:30:af:85:ed:27:cd
Signer

20/08/2014, 08:50
Valid: false

.text
Size: 815KB - Virtual size: 814KB

.rdata
Size: 118KB - Virtual size: 117KB

.data
Size: 14KB - Virtual size: 45KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 39KB - Virtual size: 39KB