4710909fc7044913a2f40313da92ef0abf78b6e98727ec94b6afb88c2c0979ab

Sharing

Copy URL Twitter E-mail

General

Target

4710909fc7044913a2f40313da92ef0abf78b6e98727ec94b6afb88c2c0979ab
Size

10.8MB
MD5

7bf2f0c4cd58eabca534a761be515ec0
SHA1

96ad1e6335af9fc5e925f2e52ad5467f5da978e7
SHA256

4710909fc7044913a2f40313da92ef0abf78b6e98727ec94b6afb88c2c0979ab
SHA512

57e6557b60a786110db567c0ef9544f3bc1a91b936ce1e38144e6af0ad6ef6ed20f7f64ab2bcfc687d213e77e703d65d6f3ca2bde12ea6802c69d34ccbc5c1d4
SSDEEP

196608:8w3cQekVyGbt0CAOGB88rukwN52jxjsY0ymigSXt0YxD/Yd0/kUpa+br:8RW8GpZYpwv2jWYJlt0YSd0/kUkkr

Score

N/A

Malware Config

Signatures

Files

4710909fc7044913a2f40313da92ef0abf78b6e98727ec94b6afb88c2c0979ab
.exe windows x86

45ee6633099ce0b3302e43599e6fe755

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:83:ef:09:6f:14:d7:bc:f9:f0:69:9c:ea:15:6b:7f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

22/02/2012, 00:00

Not After

21/02/2015, 23:59

Subject

CN=Beijing Baofeng Technology Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing Baofeng Technology Co.\, Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

cf:97:67:26:64:64:26:82:29:c4:63:27:51:f8:78:8f:ce:36:cd:25
Signer

Actual PE Digest

cf:97:67:26:64:64:26:82:29:c4:63:27:51:f8:78:8f:ce:36:cd:25

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Beijing Baofeng Technology Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing Baofeng Technology Co.\, Ltd.,L=Beijing,ST=Beijing,C=CN

23/12/2014, 03:13
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winhttp

WinHttpCloseHandle
WinHttpOpen
WinHttpSetTimeouts
WinHttpCrackUrl
WinHttpConnect
WinHttpSetOption
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpWriteData
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpQueryOption

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

kernel32

FindNextFileW
DeleteFileW
FindClose
HeapAlloc
GetProcessHeap
HeapFree
GlobalFree
lstrlenA
GetCurrentProcessId
lstrcpyA
TerminateThread
CreateDirectoryW
GetLocalTime
MoveFileW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OpenProcess
LoadLibraryExW
GetLogicalDriveStringsW
GetDriveTypeW
SetErrorMode
GetDiskFreeSpaceExW
MoveFileExW
CopyFileW
GetCommandLineW
LocalFree
InitializeCriticalSectionAndSpinCount
lstrcmpW
RaiseException
CreateProcessW
GetSystemInfo
GetTickCount
LeaveCriticalSection
SystemTimeToFileTime
RemoveDirectoryW
GetFileTime
SetEndOfFile
FileTimeToSystemTime
lstrcmpA
GlobalAlloc
GlobalLock
GlobalUnlock
InterlockedDecrement
InterlockedIncrement
GetCurrentThreadId
SetLastError
FlushInstructionCache
MulDiv
HeapDestroy
HeapReAlloc
HeapSize
InterlockedCompareExchange
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
IsProcessorFeaturePresent
DecodePointer
GetVersionExW
EncodePointer
CreateThread
ExitThread
IsDebuggerPresent
ExitProcess
GetModuleHandleExW
VirtualAlloc
VirtualFree
FindFirstFileW
lstrcatW
GetFileAttributesW
lstrcpynW
GetModuleFileNameW
MultiByteToWideChar
GetTempPathW
Sleep
GetModuleHandleA
TerminateProcess
CreateProcessA
GetSystemDirectoryA
CreatePipe
lstrcpyW
LoadLibraryW
CreateMutexW
GetModuleHandleW
OpenMutexW
GetProcAddress
FreeLibrary
GetCurrentProcess
CreateEventW
SetEvent
WaitForSingleObject
SetFileAttributesW
CreateDirectoryA
SetFileTime
WideCharToMultiByte
DeleteCriticalSection
CompareFileTime
EnterCriticalSection
CloseHandle
GetLastError
CreateFileW
ReadFile
WriteFile
SetFilePointer
GetFileSize
CreateFileA
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrcmpiW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
lstrlenW
GetConsoleMode
GetFileType
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
OutputDebugStringW
SetFilePointerEx
SetStdHandle
WriteConsoleW
FlushFileBuffers
GetSystemTime
GetConsoleCP
GetStringTypeW
VirtualQuery
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStdHandle
ReadConsoleW

user32

UnregisterClassW
IsChild
GetFocus
GetWindow
IsWindow
GetClassNameW
GetSysColor
CharNextW
RedrawWindow
LoadCursorW
GetClassInfoExW
RegisterClassExW
CreateWindowExW
DestroyWindow
CreateAcceleratorTableW
ClientToScreen
GetParent
MoveWindow
SetCapture
ReleaseCapture
InvalidateRgn
GetDC
ReleaseDC
DestroyAcceleratorTable
EndPaint
FillRect
GetClientRect
BeginPaint
InvalidateRect
SetFocus
GetDesktopWindow
SendMessageTimeoutW
RegisterWindowMessageW
GetWindowThreadProcessId
ScreenToClient
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
CallWindowProcW
DefWindowProcW
GetWindowLongW
SetWindowLongW
GetDlgItem
SendMessageW
SetWindowPos
PostMessageW
FindWindowExW
IsWindowVisible
MessageBoxW
FindWindowW
wsprintfW

advapi32

RegEnumKeyExW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
GetTokenInformation
LookupAccountNameW
GetFileSecurityW
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
GetAclInformation
GetLengthSid
InitializeAcl
GetAce
EqualSid
AddAce
AddAccessAllowedAce
SetSecurityDescriptorDacl
GetSecurityDescriptorControl
SetFileSecurityW
RegOpenKeyExW
RegQueryValueExW
GetNamedSecurityInfoW
GetExplicitEntriesFromAclW
GetUserNameW
DeleteAce
BuildExplicitAccessWithNameW
SetEntriesInAclW
SetNamedSecurityInfoW
RegCloseKey
AddAccessAllowedAceEx
SetSecurityDescriptorControl
RegDeleteKeyW
RegQueryInfoKeyW

ole32

CoInitializeEx
CoCreateInstance
CoUninitialize
PropVariantClear
CoFreeLibrary
CoLoadLibrary
CoInitialize
OleInitialize
OleUninitialize
CoTaskMemAlloc
CoTaskMemFree
CreateStreamOnHGlobal
StringFromGUID2
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoTaskMemRealloc

shell32

ShellExecuteW
ShellExecuteExW
SHChangeNotify
SHGetSpecialFolderPathW

oleaut32

VariantClear
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
SysAllocString
SysFreeString
SysStringLen
SysAllocStringLen
SysStringByteLen
SysAllocStringByteLen
VariantInit

shlwapi

PathIsDirectoryW
PathAppendA
PathFileExistsW
SHStrDupW
PathFindFileNameW
PathAddBackslashW
PathStripToRootW
wnsprintfW
SHGetValueW
SHSetValueW
SHDeleteKeyW
SHDeleteValueW
StrStrIA
StrStrA
StrStrIW
PathAppendW
StrCmpW

comctl32

InitCommonControlsEx

gdi32

DeleteDC
DeleteObject
GetStockObject
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
GetDeviceCaps
GetObjectW
CreateSolidBrush
SelectObject

urlmon

ObtainUserAgentString
UrlMkGetSessionOption

gdiplus

GdiplusShutdown
GdiplusStartup

ws2_32

WSACleanup
socket
setsockopt
inet_addr
gethostbyname
htonl
inet_ntoa
htons
connect
WSAGetLastError
closesocket
recv
send
ioctlsocket
select
__WSAFDIsSet
WSAStartup

wininet

InternetSetCookieA
InternetGetCookieA
InternetTimeToSystemTimeA
InternetCrackUrlW
InternetTimeFromSystemTimeW
InternetGetConnectedState

sensapi

IsNetworkAlive

Sections

.text
Size: 298KB - Virtual size: 298KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10.4MB - Virtual size: 10.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

45ee6633099ce0b3302e43599e6fe755

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

11:83:ef:09:6f:14:d7:bc:f9:f0:69:9c:ea:15:6b:7fCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

cf:97:67:26:64:64:26:82:29:c4:63:27:51:f8:78:8f:ce:36:cd:25Signer

Signature Validations

Verification

23/12/2014, 03:13 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

winhttp

wtsapi32

kernel32

user32

advapi32

ole32

shell32

oleaut32

shlwapi

comctl32

gdi32

urlmon

gdiplus

ws2_32

wininet

sensapi

Sections

.text Size: 298KB - Virtual size: 298KB

.rdata Size: 84KB - Virtual size: 83KB

.data Size: 10KB - Virtual size: 28KB

.rsrc Size: 10.4MB - Virtual size: 10.4MB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

11:83:ef:09:6f:14:d7:bc:f9:f0:69:9c:ea:15:6b:7f
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

cf:97:67:26:64:64:26:82:29:c4:63:27:51:f8:78:8f:ce:36:cd:25
Signer

23/12/2014, 03:13
Valid: false

.text
Size: 298KB - Virtual size: 298KB

.rdata
Size: 84KB - Virtual size: 83KB

.data
Size: 10KB - Virtual size: 28KB

.rsrc
Size: 10.4MB - Virtual size: 10.4MB