0887723f6e946df348da7352d9a4e61939dfba06d601e7d4feabd551844be20a

Sharing

Copy URL

Twitter E-mail

General

Target

0887723f6e946df348da7352d9a4e61939dfba06d601e7d4feabd551844be20a
Size

198KB
MD5

f43d139fe0fc3ddaade2121f7d8d9dfb
SHA1

47e4849b8870455bf1b59fbe4b05b5671f40099b
SHA256

0887723f6e946df348da7352d9a4e61939dfba06d601e7d4feabd551844be20a
SHA512

624eb168eb1573e861bff9f898a6f657e36bfb1f456223ed60f1dfbe0dc900a88bbc6faa6caefaa1095b43eb69f610dc34b52f92f736fc0e51f89e11b03686ae
SSDEEP

3072:/NZ+Y7Ye3pK1bn2eQmEkC7g48/tk+LFSonjAskxKKS9EzxWOfmn2ad+NxEamH7tC:/L+fAm87gxgekpibiSaoeOxo

Score

N/A

Malware Config

Signatures

Files

0887723f6e946df348da7352d9a4e61939dfba06d601e7d4feabd551844be20a
.exe windows x86

aae9b57ba73bda2f76bce53e5247faae

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

34:8a:4d:46:c9:a1:a9:ed:c2:b4:81:84:65:a6:6b:ed
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23-05-2014 00:00

Not After

21-06-2016 23:59

Subject

CN=TAOBAO (CHINA) SOFTWARE CO.\,LTD.,OU=RDC,O=TAOBAO (CHINA) SOFTWARE CO.\,LTD.,L=Hangzhou,ST=Zhejiang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

97:7e:ad:1e:04:cd:38:4e:cb:6b:af:68:8e:7b:72:8f:70:48:dd:9a
Signer

Actual PE Digest

97:7e:ad:1e:04:cd:38:4e:cb:6b:af:68:8e:7b:72:8f:70:48:dd:9a

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=TAOBAO (CHINA) SOFTWARE CO.\,LTD.,OU=RDC,O=TAOBAO (CHINA) SOFTWARE CO.\,LTD.,L=Hangzhou,ST=Zhejiang,C=CN

02-02-2015 08:58
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcr80

_invoke_watson
_controlfp_s
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_crt_debugger_hook
__set_app_type
_encode_pointer
__p__fmode
_strnicmp
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_except_handler4_common
calloc
_snprintf
_beginthreadex
atol
mbstowcs
wcstombs
_errno
_mbscmp
_mbsstr
sprintf
strncmp
atoi
realloc
strncat
srand
rand
_time64
strncpy
??0exception@std@@QAE@ABV01@@Z
_invalid_parameter_noinfo
strrchr
??_U@YAPAXI@Z
free
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
malloc
strchr
memmove
ceil
strstr
memcpy
memset
??3@YAXPAX@Z
_CxxThrowException
__CxxFrameHandler3
??2@YAPAXI@Z

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
CreateEventA
CloseHandle
TerminateThread
Sleep
WaitForSingleObject
SetEvent
GetProcAddress
LoadLibraryA
CreateThread
InitializeCriticalSection
DeleteCriticalSection
VirtualFree
VirtualAlloc
LeaveCriticalSection
EnterCriticalSection
InterlockedExchange
CancelIo
lstrlenA
GetPrivateProfileSectionNamesA
lstrcatA
lstrcpyA
FreeLibrary
MultiByteToWideChar
WideCharToMultiByte
lstrcmpA
GetPrivateProfileStringA
GetVersionExA
GetLastError
CreateDirectoryA
GetFileAttributesA
CreateProcessA
GetDiskFreeSpaceExA
GetVolumeInformationA
GetLogicalDriveStringsA
LocalFree
LocalReAlloc
FindFirstFileA
LocalAlloc
RemoveDirectoryA
DeleteFileA
CreateFileA
WriteFile
SetFilePointer
MoveFileA
ReadFile
GetModuleFileNameA
GetCurrentProcess
CreateRemoteThread
ExitThread
GetTickCount
ExitProcess
GetSystemDirectoryA
GetLocalTime
LocalSize
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
DisconnectNamedPipe
TerminateProcess
PeekNamedPipe
WaitForMultipleObjects
GetStartupInfoA
CreatePipe
GlobalMemoryStatus
GetSystemInfo
OpenEventA
SetErrorMode
CreateMutexA
lstrcpyW
GlobalMemoryStatusEx
Process32Next
lstrcmpiA
Process32First
Module32First
GetModuleHandleA
GetCurrentThreadId
InterlockedCompareExchange
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent

user32

WindowFromPoint
DestroyCursor
LoadCursorA
CloseClipboard
GetForegroundWindow
GetWindowTextA
wsprintfA
GetMessageA
SetClipboardData
OpenClipboard
GetSystemMetrics
SendMessageA
GetCursorInfo
ReleaseDC
GetDC
SetRect
SetProcessWindowStation
GetProcessWindowStation
GetWindowThreadProcessId
IsWindowVisible
EnumWindows
CloseDesktop
SetThreadDesktop
OpenInputDesktop
GetUserObjectInformationA
GetThreadDesktop
OpenDesktopA
PostMessageA
CloseWindow
IsWindow
CreateWindowExA
GetKeyState
DispatchMessageA
TranslateMessage
SystemParametersInfoA

gdi32

DeleteDC
GetDIBits
CreateCompatibleBitmap
BitBlt
SelectObject
CreateDIBSection
CreateCompatibleDC
DeleteObject

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
ClearEventLogA
CloseEventLog
RegOpenKeyA
RegQueryValueExA
RegSetValueExA
OpenServiceA
QueryServiceStatus
ControlService
DeleteService
CloseServiceHandle
RegOpenKeyExA
RegQueryValueA
RegCloseKey
LsaOpenPolicy
LsaRetrievePrivateData
LookupAccountNameA
IsValidSid
GetTokenInformation
LookupAccountSidA
GetUserNameA
AbortSystemShutdownA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
CreateServiceA
ChangeServiceConfig2A
OpenProcessToken
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegQueryInfoKeyA
QueryServiceConfigA
UnlockServiceDatabase
ChangeServiceConfigA
LockServiceDatabase
StartServiceA
EnumServicesStatusA

shell32

SHGetSpecialFolderPathA
SHGetFileInfoA

winmm

waveOutPrepareHeader
waveOutOpen
waveOutGetNumDevs
waveInAddBuffer
waveOutWrite
waveInStop
waveOutClose
waveInStart
waveInPrepareHeader
waveInOpen
waveInGetNumDevs
waveInReset
waveInUnprepareHeader
waveInClose
waveOutUnprepareHeader
waveOutReset

ws2_32

select
recv
send
WSAIoctl
ioctlsocket
listen
accept
setsockopt
closesocket
WSAStartup
getpeername
__WSAFDIsSet
recvfrom
bind
ntohs
getsockname
WSAGetLastError
WSACleanup
htonl
gethostname
inet_ntoa
WSASocketA
inet_addr
sendto
socket
gethostbyname
htons
connect

msvcp80

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

wininet

InternetCloseHandle
InternetOpenUrlA
InternetOpenA
InternetReadFile

msvfw32

ICSeqCompressFrame
ICSeqCompressFrameStart
ICSendMessage
ICOpen
ICClose
ICCompressorFree
ICSeqCompressFrameEnd

iphlpapi

GetIfTable

netapi32

NetUserGetInfo
NetApiBufferFree
NetUserEnum
NetUserGetLocalGroups
NetUserSetInfo
NetLocalGroupAddMembers
NetUserAdd
NetUserDel

psapi

GetModuleFileNameExA
EnumProcessModules

wtsapi32

WTSQuerySessionInformationA
WTSFreeMemory
WTSQuerySessionInformationW
WTSEnumerateSessionsA
WTSLogoffSession
WTSDisconnectSession

Sections

.CCC
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 112KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.VVV
Size: 4KB - Virtual size: 867B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.BBB
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.XXX
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.MMM
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ZZZ
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aae9b57ba73bda2f76bce53e5247faae

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

34:8a:4d:46:c9:a1:a9:ed:c2:b4:81:84:65:a6:6b:edCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

97:7e:ad:1e:04:cd:38:4e:cb:6b:af:68:8e:7b:72:8f:70:48:dd:9aSigner

Signature Validations

Verification

02-02-2015 08:58 Valid: false

Headers

File Characteristics

Imports

msvcr80

kernel32

user32

gdi32

advapi32

shell32

winmm

ws2_32

msvcp80

wininet

msvfw32

iphlpapi

netapi32

psapi

wtsapi32

Sections

.CCC Size: 4KB - Virtual size: 1KB

.text Size: 112KB - Virtual size: 108KB

.VVV Size: 4KB - Virtual size: 867B

.BBB Size: 4KB - Virtual size: 1KB

.XXX Size: 4KB - Virtual size: 3KB

.MMM Size: 8KB - Virtual size: 4KB

.ZZZ Size: 8KB - Virtual size: 6KB

.rdata Size: 24KB - Virtual size: 22KB

.data Size: 8KB - Virtual size: 24KB

.rsrc Size: 12KB - Virtual size: 9KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

34:8a:4d:46:c9:a1:a9:ed:c2:b4:81:84:65:a6:6b:ed
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

97:7e:ad:1e:04:cd:38:4e:cb:6b:af:68:8e:7b:72:8f:70:48:dd:9a
Signer

02-02-2015 08:58
Valid: false

.CCC
Size: 4KB - Virtual size: 1KB

.text
Size: 112KB - Virtual size: 108KB

.VVV
Size: 4KB - Virtual size: 867B

.BBB
Size: 4KB - Virtual size: 1KB

.XXX
Size: 4KB - Virtual size: 3KB

.MMM
Size: 8KB - Virtual size: 4KB

.ZZZ
Size: 8KB - Virtual size: 6KB

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 8KB - Virtual size: 24KB

.rsrc
Size: 12KB - Virtual size: 9KB