d892769f2550fdc473cf42e3336192f5632e379e980e548db13695134bcbf4db

Sharing

Copy URL Twitter E-mail

General

Target

d892769f2550fdc473cf42e3336192f5632e379e980e548db13695134bcbf4db
Size

18.2MB
MD5

9c164878c33ca1ed9544c2f06e5df375
SHA1

7f08ad8117866e588ed3ab8dceb45cf7dea1e324
SHA256

d892769f2550fdc473cf42e3336192f5632e379e980e548db13695134bcbf4db
SHA512

2514b32497cd43541c5d5d9e8a3fe4a920e7bd4f529efd5019b98fba0b685a85badd5f87c687f9c2df1c5ef3db9350009a3cfbe3fa071b67aa7a8d5ee07e732a
SSDEEP

393216:R31ZOHVOG/cXFmpsPDGHK5+6aoJaVvE8d2kIGrNJbU2C/PAITZqAZ:R31ZOHoXFO22wBTkIGrNC/PtTwAZ

Score

N/A

Malware Config

Signatures

Files

d892769f2550fdc473cf42e3336192f5632e379e980e548db13695134bcbf4db
.dll windows x86

ba9b28b4e03d921ea18084a1dd999839

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

19:9d:f8:9e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

12:51:1c:86:3b:fa:13
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

01/07/2013, 10:20

Not After

04/10/2016, 09:41

Subject

CN=北京世界星辉科技有限责任公司,O=北京世界星辉科技有限责任公司,L=北京市,ST=北京市,C=CN,1.2.840.113549.1.9.1=#0c13737570706f727440746865776f726c642e636e

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

3d
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

16:ed:e5:2c:01:93:3b:2b:5b:36:d2:af:4f:a8:97:37:35:5a:34:99
Signer

Actual PE Digest

16:ed:e5:2c:01:93:3b:2b:5b:36:d2:af:4f:a8:97:37:35:5a:34:99

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=北京世界星辉科技有限责任公司,O=北京世界星辉科技有限责任公司,L=北京市,ST=北京市,C=CN,1.2.840.113549.1.9.1=#0c13737570706f727440746865776f726c642e636e

17/04/2014, 09:46
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathW
GetPrivateProfileIntW
GetFileTime
lstrlenW
RaiseException
OpenProcess
MoveFileExW
CreateDirectoryW
FindFirstFileExW
CopyFileW
FindClose
FindNextFileW
DeleteFileW
SetFileAttributesW
CompareFileTime
LoadLibraryExW
FindResourceExW
FindResourceW
LoadResource
SizeofResource
LockResource
CreateFileA
VirtualFree
VirtualAlloc
InitializeCriticalSection
GetLongPathNameW
lstrlenA
ReadProcessMemory
lstrcmpiA
VirtualProtect
WriteProcessMemory
FlushInstructionCache
TerminateThread
GetExitCodeThread
DuplicateHandle
SuspendThread
FindFirstFileW
VirtualQuery
GlobalLock
GlobalAlloc
GetVersionExW
GlobalUnlock
GlobalFree
LocalAlloc
RemoveDirectoryW
lstrcmpiW
GetPrivateProfileStringW
GetWindowsDirectoryW
FileTimeToLocalFileTime
LocalFree
WaitForSingleObject
SetEvent
SetThreadPriority
CreateEventW
ResumeThread
GlobalSize
DisableThreadLibraryCalls
SetCurrentDirectoryW
GetThreadContext
SetThreadContext
GetTempFileNameW
GetModuleHandleA
CreateProcessW
GetCommandLineW
CreateMutexW
FormatMessageA
OutputDebugStringA
ReleaseMutex
GetEnvironmentVariableW
InterlockedExchangeAdd
TryEnterCriticalSection
GetModuleHandleExW
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
ReadFile
FileTimeToSystemTime
QueryPerformanceFrequency
SetEnvironmentVariableW
RtlCaptureStackBackTrace
MapViewOfFile
UnmapViewOfFile
GetFileAttributesW
GetCurrentDirectoryW
CreateFileMappingW
QueryDosDeviceW
GetFileAttributesExW
SetEndOfFile
GetFileInformationByHandle
GetUserDefaultLangID
ExpandEnvironmentStringsW
GetNativeSystemInfo
ResetEvent
WaitForMultipleObjects
AllocConsole
AttachConsole
GetModuleHandleExA
HeapSetInformation
CreateThread
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
GetSystemDirectoryW
RegisterWaitForSingleObject
UnregisterWaitEx
CreateToolhelp32Snapshot
GetFullPathNameW
GetFullPathNameA
UnlockFile
LockFile
UnlockFileEx
FormatMessageW
GetFileAttributesA
LockFileEx
GetDiskFreeSpaceW
LoadLibraryA
GetDiskFreeSpaceA
GetSystemInfo
GetTempPathA
GetSystemTime
AreFileApisANSI
DeleteFileA
GetThreadLocale
GetTimeZoneInformation
GetDateFormatW
GetDriveTypeW
GetUserDefaultUILanguage
ConnectNamedPipe
CreateNamedPipeW
GetNamedPipeInfo
CancelIo
GetFileSizeEx
GetSystemDirectoryA
ReleaseSemaphore
CreateSemaphoreW
GetTempFileNameA
GetThreadTimes
OpenThread
CreateSemaphoreA
GlobalDeleteAtom
GlobalAddAtomW
HeapReAlloc
HeapAlloc
HeapFree
HeapCreate
HeapSize
GetEnvironmentVariableA
SwitchToThread
Module32First
Module32Next
HeapDestroy
GetProcessHeap
InterlockedPushEntrySList
InterlockedPopEntrySList
GetFileSize
InterlockedCompareExchange
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
FlushFileBuffers
CloseHandle
CreateFileW
GetStringTypeW
LCMapStringW
MultiByteToWideChar
WriteConsoleW
SetStdHandle
RtlUnwind
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetConsoleMode
GetConsoleCP
SetFilePointer
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetModuleFileNameA
GetStartupInfoW
GetFileType
SetHandleCount
Sleep
GetModuleFileNameW
GetStdHandle
WriteFile
GetLocaleInfoW
InterlockedExchange
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetCurrentThread
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedDecrement
InterlockedIncrement
IsProcessorFeaturePresent
SetConsoleCtrlHandler
GetLastError
GetCommandLineA
GetCurrentThreadId
ExitProcess
GetModuleHandleW
GetProcAddress
GetCurrentProcess
TerminateProcess
DecodePointer
EncodePointer
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLocalTime
GetNumberFormatW
GetCurrencyFormatW
GetTimeFormatW
GetVolumeInformationA
GetLogicalDrives
GlobalMemoryStatus
GetComputerNameA
CreateFileMappingA
ExitThread
CreateDirectoryA
GetDriveTypeA
FindFirstFileExA
PeekNamedPipe
SetEnvironmentVariableA
CompareStringW
DefineDosDeviceW
DeviceIoControl
GetOverlappedResult
TzSpecificLocalTimeToSystemTime
MoveFileA
SetFileAttributesA
LoadLibraryW
SetErrorMode

urlmon

CoInternetCombineUrl
CoInternetGetSession
URLDownloadToFileW
RegisterBindStatusCallback
RevokeBindStatusCallback

gdiplus

GdipSaveImageToFile
GdipLoadImageFromStream
GdipFree
GdipAlloc
GdipGetImageEncodersSize
GdipDisposeImage
GdipGetImageEncoders
GdiplusShutdown
GdipCloneImage
GdiplusStartup

wininet

HttpQueryInfoW
InternetSetOptionA
HttpAddRequestHeadersA
InternetQueryOptionA
GetUrlCacheEntryInfoW
DeleteUrlCacheEntryW
InternetCanonicalizeUrlW
HttpQueryInfoA
GetUrlCacheEntryInfoExW
InternetCreateUrlW
InternetCrackUrlW
DeleteUrlCacheEntryA

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

ws2_32

recvfrom
sendto
shutdown
accept
inet_ntoa
inet_addr
htonl
ntohs
getservbyport
getservbyname
__WSAFDIsSet
WSASetLastError
gethostbyaddr
getsockopt
select
htons
recv
socket
gethostbyname
send
listen
WSACloseEvent
getpeername
connect
WSARecvFrom
getsockname
setsockopt
bind
WSAGetOverlappedResult
WSACreateEvent
WSAResetEvent
WSASendTo
WSAStartup
WSAGetLastError
WSASocketW
ioctlsocket
closesocket

usp10

ScriptShape
ScriptCPtoX
ScriptFreeCache
ScriptItemize
ScriptPlace
ScriptGetFontProperties
ScriptXtoCP
ScriptJustify

psapi

GetModuleInformation
GetProcessMemoryInfo
QueryWorkingSet

winmm

timeBeginPeriod
timeEndPeriod
timeGetTime

shlwapi

PathGetCharTypeW
PathMatchSpecW
PathIsURLW
UrlIsOpaqueW
StrCmpIW
StrStrW
UrlCombineW
PathFileExistsW
PathRemoveFileSpecW
PathIsRootW
SHDeleteValueW
SHGetValueA
SHGetValueW
StrStrIW
StrStrA
PathAppendW
SHRegGetPathW

gdi32

DeleteObject
CreateSolidBrush
CreateDCA
GetCurrentObject
CreateCompatibleDC
GetObjectW
GetFontData
GetStockObject
SetMiterLimit
SetStretchBltMode
CreateCompatibleBitmap
SelectObject
StretchBlt
CreateDIBSection
DeleteDC
GetBitmapBits
GetCharWidthI
EnumFontFamiliesW
EndPage
GetEnhMetaFileW
ExtEscape
GetEnhMetaFileBits
StartPage
GetEnhMetaFileHeader
GetWorldTransform
PlayEnhMetaFile
SetEnhMetaFileBits
SaveDC
PlayEnhMetaFileRecord
GdiComment
RestoreDC
DeleteEnhMetaFile
StrokeAndFillPath
GetTextColor
GetStretchBltMode
CreatePen
Rectangle
ExtCreatePen
StrokePath
EnumEnhMetaFile
CloseEnhMetaFile
CreateEnhMetaFileW
CreateFontW
GdiAlphaBlend
CreateBitmap
StretchDIBits
ModifyWorldTransform
BeginPath
AbortPath
SetBrushOrgEx
SetDCBrushColor
SetBkColor
SetArcDirection
SelectClipRgn
CreateRectRgnIndirect
EndPath
SetDCPenColor
SetPolyFillMode
CreateRectRgn
PolyBezier
SetROP2
PathToRegion
SetGraphicsMode
GetTextMetricsW
SetTextColor
CreateFontIndirectW
GdiFlush
RemoveFontMemResourceEx
SetBkMode
ExtTextOutW
GetOutlineTextMetricsW
GetTextExtentPointI
GetFontUnicodeRanges
GetCharABCWidthsW
AddFontMemResourceEx
GetTextFaceW
SetWorldTransform
EnumFontFamiliesExW
GetGlyphOutlineW
SetTextAlign
GetGlyphIndicesW
BitBlt
GetDeviceCaps
GetDIBits

winspool.drv

ord203
DeviceCapabilitiesW
ClosePrinter
EnumPrintersW
DocumentPropertiesW
OpenPrinterW
GetPrinterDriverW
GetPrinterW

advapi32

RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW
RegCreateKeyExW
RegCloseKey
RegOpenKeyW
RegQueryValueExW
CryptHashData
CryptDestroyHash
CryptDecrypt
CryptDestroyKey
CryptCreateHash
CryptEncrypt
CryptAcquireContextA
CryptDeriveKey
RegEnumValueW
GetTraceEnableFlags
GetTraceLoggerHandle
TraceEvent
CryptSignHashW
CryptGetHashParam
CryptSetHashParam
CryptReleaseContext
UnregisterTraceGuids
GetTraceEnableLevel
RegisterTraceGuidsW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegQueryValueExA
RegOpenKeyExA

ole32

OleSetContainedObject
GetHGlobalFromStream
OleCreate
StringFromGUID2
CoUninitialize
OleUninitialize
CoTaskMemAlloc
CoCreateGuid
StringFromCLSID
OleInitialize
CoTaskMemFree
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoMarshalInterface
OleDraw
CoGetMalloc
ReleaseStgMedium
CoTaskMemRealloc
CoInitializeEx
CoInitialize
CreateStreamOnHGlobal
CoCreateInstance
PropVariantClear

oleaut32

VarUI4FromStr
VariantChangeType
VarBstrCat
SysStringLen
SafeArrayPutElement
SysAllocStringLen
VariantInit
SafeArrayCreate
SafeArrayDestroy
SafeArrayCreateVector
VariantClear
SysAllocString
SysFreeString

imm32

ImmDisableIME
ImmGetContext
ImmAssociateContextEx
ImmReleaseContext
ImmGetCompositionStringW
ImmSetOpenStatus
ImmSetCandidateWindow

crypt32

CertFreeCertificateContext
CryptUnprotectData
CryptHashCertificate

Exports

Exports

ChromeMain
_ChromeIE_SetIEXMode@4
_ChromeIE_wWinMain@16

Sections

.text
Size: 13.8MB - Virtual size: 13.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 244KB - Virtual size: 537KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.unwante
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 861KB - Virtual size: 860KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ba9b28b4e03d921ea18084a1dd999839

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

19:9d:f8:9eCertificate

Key Usages

12:51:1c:86:3b:fa:13Certificate

Extended Key Usages

Key Usages

3dCertificate

Key Usages

16:ed:e5:2c:01:93:3b:2b:5b:36:d2:af:4f:a8:97:37:35:5a:34:99Signer

Signature Validations

Verification

17/04/2014, 09:46 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

urlmon

gdiplus

wininet

version

ws2_32

usp10

psapi

winmm

shlwapi

gdi32

winspool.drv

advapi32

ole32

oleaut32

imm32

crypt32

Exports

Exports

Sections

.text Size: 13.8MB - Virtual size: 13.8MB

.rdata Size: 3.2MB - Virtual size: 3.2MB

.data Size: 244KB - Virtual size: 537KB

.tls Size: 512B - Virtual size: 2B

.unwante Size: 4KB - Virtual size: 3KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 861KB - Virtual size: 860KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

19:9d:f8:9e
Certificate

12:51:1c:86:3b:fa:13
Certificate

3d
Certificate

16:ed:e5:2c:01:93:3b:2b:5b:36:d2:af:4f:a8:97:37:35:5a:34:99
Signer

17/04/2014, 09:46
Valid: false

.text
Size: 13.8MB - Virtual size: 13.8MB

.rdata
Size: 3.2MB - Virtual size: 3.2MB

.data
Size: 244KB - Virtual size: 537KB

.tls
Size: 512B - Virtual size: 2B

.unwante
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 861KB - Virtual size: 860KB