9ee2f5417b810c1073ed47691e8be03bbd6ac58f7ed7a554ec4f736d73fb0b83

Sharing

Copy URL

Twitter E-mail

General

Target

9ee2f5417b810c1073ed47691e8be03bbd6ac58f7ed7a554ec4f736d73fb0b83
Size

162KB
MD5

3a98b2d6963bed73e59e8bb6b55c9e65
SHA1

7ca9c71b40ed18e053a44839d75ba5601b0d5c93
SHA256

9ee2f5417b810c1073ed47691e8be03bbd6ac58f7ed7a554ec4f736d73fb0b83
SHA512

e0aa61c72e16891268abd697e02fc1b99f179c7a6ba91673e7cbfec602c0ef6311850f1858372dae0fd98e20cbdca53fbd68f7e9d1a21f67d9f9710aa1f8086c
SSDEEP

3072:UBBTRR3DxoMbfJLMf3pl7glw4tSCwAjQM4jygMBE8OT1M:UBHin7glNXlUygELOT1M

Score

N/A

Malware Config

Signatures

Files

9ee2f5417b810c1073ed47691e8be03bbd6ac58f7ed7a554ec4f736d73fb0b83
.exe windows x86

fde6a0d5ec43b149b9b08965033f3849

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

26:cf:6f:8a:41:9c:ad:3b:3b:de:ca:09:2b:cb:a3:fa
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

02-02-2012 00:00

Not After

01-02-2015 23:59

Subject

CN=Guangzhou KuGou Computer Technology Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Guangzhou KuGou Computer Technology Co.\, Ltd.,L=Guangzhou,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4b:a2:53:77:e0:1a:3f:46:96:b5:e7:82:fb:d6:47:04:4c:94:2c:da
Signer

Actual PE Digest

4b:a2:53:77:e0:1a:3f:46:96:b5:e7:82:fb:d6:47:04:4c:94:2c:da

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Guangzhou KuGou Computer Technology Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Guangzhou KuGou Computer Technology Co.\, Ltd.,L=Guangzhou,ST=Guangdong,C=CN

06-01-2015 07:17
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcr90

_controlfp_s
_invoke_watson
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_crt_debugger_hook
_strnicmp
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_except_handler4_common
calloc
_snprintf
_beginthreadex
atol
mbstowcs
wcstombs
_errno
sprintf
strncmp
atoi
realloc
strncat
srand
rand
_time64
strncpy
??0exception@std@@QAE@ABV01@@Z
_invalid_parameter_noinfo
strrchr
??_U@YAPAXI@Z
free
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
malloc
strchr
memmove
ceil
strstr
memcpy
memset
??3@YAXPAX@Z
_CxxThrowException
__CxxFrameHandler3
??2@YAPAXI@Z

kernel32

SetEvent
GetProcAddress
LoadLibraryA
CreateThread
InitializeCriticalSection
DeleteCriticalSection
VirtualFree
VirtualAlloc
LeaveCriticalSection
EnterCriticalSection
InterlockedExchange
TerminateThread
lstrlenA
lstrcatA
lstrcpyA
FreeLibrary
MultiByteToWideChar
WideCharToMultiByte
lstrcmpA
GetPrivateProfileStringA
GetVersionExA
GetLastError
CreateDirectoryA
GetFileAttributesA
CreateProcessA
GetDriveTypeA
GetDiskFreeSpaceExA
GetVolumeInformationA
GetLogicalDriveStringsA
FindClose
LocalFree
LocalReAlloc
FindFirstFileA
LocalAlloc
RemoveDirectoryA
DeleteFileA
CreateFileA
WriteFile
SetFilePointer
MoveFileA
CloseHandle
GetModuleFileNameA
GetCurrentProcess
CreateRemoteThread
WaitForSingleObject
OpenProcess
ExitThread
GetTickCount
ExitProcess
GetSystemDirectoryA
GetLocalTime
LocalSize
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
DisconnectNamedPipe
TerminateProcess
PeekNamedPipe
WaitForMultipleObjects
GetStartupInfoA
CreatePipe
GlobalMemoryStatus
GetSystemInfo
OpenEventA
SetErrorMode
CreateMutexA
lstrcpyW
GlobalMemoryStatusEx
Process32Next
lstrcmpiA
Process32First
Module32First
GetModuleHandleA
CreateToolhelp32Snapshot
GetCurrentThreadId
InterlockedCompareExchange
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
CreateEventA
Sleep
ReadFile
CancelIo

user32

EmptyClipboard
SetClipboardData
CloseClipboard
WindowFromPoint
OpenClipboard
GetUserObjectInformationA
DestroyCursor
LoadCursorA
GetKeyState
GetAsyncKeyState
GetSystemMetrics
SendMessageA
GetCursorInfo
ReleaseDC
GetDC
GetDesktopWindow
SetRect
GetCursorPos
SetProcessWindowStation
GetProcessWindowStation
GetWindowThreadProcessId
IsWindowVisible
EnumWindows
CloseDesktop
SetThreadDesktop
SetCapture
OpenInputDesktop
GetThreadDesktop
DispatchMessageA
OpenDesktopA
PostMessageA
CloseWindow
IsWindow
CreateWindowExA
MapVirtualKeyA
TranslateMessage
GetMessageA
SystemParametersInfoA
wsprintfA
CharNextA
GetWindowTextA
GetForegroundWindow

gdi32

GetDIBits
SelectObject
CreateDIBSection
DeleteDC
BitBlt
CreateCompatibleBitmap
DeleteObject
CreateCompatibleDC

advapi32

OpenEventLogA
ClearEventLogA
CloseEventLog
RegQueryValueExA
RegSetValueExA
OpenServiceA
QueryServiceStatus
ControlService
DeleteService
CloseServiceHandle
RegOpenKeyExA
RegQueryValueA
RegCloseKey
LsaFreeMemory
LsaOpenPolicy
LsaRetrievePrivateData
LsaClose
LookupAccountNameA
IsValidSid
GetTokenInformation
LookupAccountSidA
GetUserNameA
AbortSystemShutdownA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
CreateServiceA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegQueryInfoKeyA
QueryServiceConfigA
UnlockServiceDatabase
ChangeServiceConfigA
LockServiceDatabase
StartServiceA
EnumServicesStatusA
ChangeServiceConfig2A

shell32

SHGetSpecialFolderPathA
SHGetFileInfoA

winmm

waveInStop
waveOutPrepareHeader
waveOutOpen
waveOutGetNumDevs
waveInAddBuffer
waveInReset
waveInStart
waveInPrepareHeader
waveInOpen
waveInGetNumDevs
waveOutClose
waveInUnprepareHeader
waveInClose
waveOutReset
waveOutWrite
waveOutUnprepareHeader

ws2_32

socket
sendto
inet_addr
connect
WSAIoctl
select
recv
send
setsockopt
closesocket
WSAStartup
ioctlsocket
listen
accept
getpeername
__WSAFDIsSet
recvfrom
bind
ntohs
getsockname
WSAGetLastError
WSACleanup
htonl
gethostname
inet_ntoa
gethostbyname
WSASocketA
htons

msvcp90

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

wininet

InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetCloseHandle

avicap32

capGetDriverDescriptionA
capCreateCaptureWindowA

msvfw32

ICSeqCompressFrameStart
ICOpen
ICSeqCompressFrame
ICClose
ICCompressorFree
ICSeqCompressFrameEnd
ICSendMessage

iphlpapi

GetIfTable

netapi32

NetUserDel
NetApiBufferFree
NetUserEnum
NetUserGetLocalGroups
NetUserGetInfo
NetUserSetInfo
NetLocalGroupAddMembers
NetUserAdd

psapi

GetModuleFileNameExA
EnumProcessModules

wtsapi32

WTSQuerySessionInformationW
WTSEnumerateSessionsA
WTSLogoffSession
WTSDisconnectSession
WTSFreeMemory
WTSQuerySessionInformationA

Sections

.text
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.AAA
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fde6a0d5ec43b149b9b08965033f3849

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

26:cf:6f:8a:41:9c:ad:3b:3b:de:ca:09:2b:cb:a3:faCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

4b:a2:53:77:e0:1a:3f:46:96:b5:e7:82:fb:d6:47:04:4c:94:2c:daSigner

Signature Validations

Verification

06-01-2015 07:17 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

msvcr90

kernel32

user32

gdi32

advapi32

shell32

winmm

ws2_32

msvcp90

wininet

avicap32

msvfw32

iphlpapi

netapi32

psapi

wtsapi32

Sections

.text Size: 120KB - Virtual size: 119KB

.AAA Size: 4KB - Virtual size: 3KB

.rdata Size: 22KB - Virtual size: 22KB

.data Size: 8KB - Virtual size: 24KB

.rsrc Size: 1024B - Virtual size: 688B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

26:cf:6f:8a:41:9c:ad:3b:3b:de:ca:09:2b:cb:a3:fa
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

4b:a2:53:77:e0:1a:3f:46:96:b5:e7:82:fb:d6:47:04:4c:94:2c:da
Signer

06-01-2015 07:17
Valid: false

.text
Size: 120KB - Virtual size: 119KB

.AAA
Size: 4KB - Virtual size: 3KB

.rdata
Size: 22KB - Virtual size: 22KB

.data
Size: 8KB - Virtual size: 24KB

.rsrc
Size: 1024B - Virtual size: 688B