fecb07b0e19f5b57bc1a7cc020cf3f4f5434ccb7576b299dba4ef82dee09d4a2

Sharing

Copy URL Twitter E-mail

General

Target

fecb07b0e19f5b57bc1a7cc020cf3f4f5434ccb7576b299dba4ef82dee09d4a2
Size

106KB
MD5

a6c91a7e025367626cfd420d6cbaff82
SHA1

9916381010a07b24b30361e3f0a588253156de50
SHA256

fecb07b0e19f5b57bc1a7cc020cf3f4f5434ccb7576b299dba4ef82dee09d4a2
SHA512

3b074f1b19a2ab3144fe5cbd026d07b3f83f055fbe5c3c1741af60171ca9b231c4b53c20b17df47b096ee4c9f94a17c3ef9a8df380b3c4521713454393b97766
SSDEEP

1536:IRtxXnig5/VUJyWryEXe8T1g6hypxc/lkJ5jj1fV8cGDmts70zH9w:IhN5/VmbTC6hyQ/OJRj1V8cGCts70q

Score

N/A

Malware Config

Signatures

Files

fecb07b0e19f5b57bc1a7cc020cf3f4f5434ccb7576b299dba4ef82dee09d4a2
.exe windows x86

2f42d9bf2e4bd6a55ae0fba78a741ee5

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:83:ef:09:6f:14:d7:bc:f9:f0:69:9c:ea:15:6b:7f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

22/02/2012, 00:00

Not After

21/02/2015, 23:59

Subject

CN=Beijing Baofeng Technology Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing Baofeng Technology Co.\, Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ae:15:5d:32:00:5a:26:75:bf:4f:8d:78:7c:5c:1a:a5:8f:76:d4:ad
Signer

Actual PE Digest

ae:15:5d:32:00:5a:26:75:bf:4f:8d:78:7c:5c:1a:a5:8f:76:d4:ad

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Beijing Baofeng Technology Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing Baofeng Technology Co.\, Ltd.,L=Beijing,ST=Beijing,C=CN

26/08/2014, 06:32
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

inet_addr
inet_ntoa
gethostname
closesocket
sendto
htonl
htons
setsockopt
WSAGetLastError
WSASocketA
select
__WSAFDIsSet
recv
WSAIoctl
connect
send
socket
WSAStartup
gethostbyname

pdh

PdhAddCounterA
PdhCollectQueryData
PdhGetFormattedCounterValue
PdhEnumObjectItemsA
PdhOpenQueryA
PdhCloseQuery

iphlpapi

GetAdaptersInfo
GetIfTable

user32

wsprintfA

advapi32

CreateServiceA
OpenServiceA
StartServiceA
RegSetValueExA
CloseServiceHandle
RegOpenKeyExA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
RegOpenKeyA
RegQueryValueExA
RegCloseKey
OpenSCManagerA

kernel32

GetStringTypeA
MultiByteToWideChar
FlushFileBuffers
SetFilePointer
SetUnhandledExceptionFilter
WriteFile
GetEnvironmentStringsW
GetEnvironmentStrings
GetStringTypeW
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
HeapSize
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
SetStdHandle
LCMapStringA
LCMapStringW
CompareStringA
CompareStringW
SetEnvironmentVariableA
WideCharToMultiByte
SetPriorityClass
GetTickCount
GetLocalTime
Sleep
ExitThread
GetCurrentProcessId
GetLastError
GetSystemTimes
GetVersionExA
CreateThread
WinExec
GetProcAddress
GetTempPathA
LoadLibraryA
ResumeThread
CreateProcessA
SetThreadPriority
GetCurrentThread
GetCurrentProcess
lstrcatA
lstrcpyA
GetEnvironmentVariableA
GetShortPathNameA
GetModuleFileNameA
SetFileAttributesA
GetWindowsDirectoryA
CloseHandle
WaitForSingleObject
ExitProcess
CreateMutexA
lstrlenA
CopyFileA
RtlUnwind
GetTimeZoneInformation
GetSystemTime
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
CreateDirectoryA
TerminateProcess
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
RaiseException
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy

Sections

.text
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2f42d9bf2e4bd6a55ae0fba78a741ee5

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

11:83:ef:09:6f:14:d7:bc:f9:f0:69:9c:ea:15:6b:7fCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

ae:15:5d:32:00:5a:26:75:bf:4f:8d:78:7c:5c:1a:a5:8f:76:d4:adSigner

Signature Validations

Verification

26/08/2014, 06:32 Valid: false

Headers

File Characteristics

Imports

ws2_32

pdh

iphlpapi

user32

advapi32

kernel32

Sections

.text Size: 64KB - Virtual size: 62KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 16KB - Virtual size: 19KB

.sxdata Size: 4KB - Virtual size: 24B

.rsrc Size: 4KB - Virtual size: 4KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

11:83:ef:09:6f:14:d7:bc:f9:f0:69:9c:ea:15:6b:7f
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

ae:15:5d:32:00:5a:26:75:bf:4f:8d:78:7c:5c:1a:a5:8f:76:d4:ad
Signer

26/08/2014, 06:32
Valid: false

.text
Size: 64KB - Virtual size: 62KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 16KB - Virtual size: 19KB

.sxdata
Size: 4KB - Virtual size: 24B

.rsrc
Size: 4KB - Virtual size: 4KB