fa7b30b6d1c5e169c3b824faf87ee7c7af4031a1aaade80be04c561c9bcbfe8d

Sharing

Copy URL

Twitter E-mail

General

Target

fa7b30b6d1c5e169c3b824faf87ee7c7af4031a1aaade80be04c561c9bcbfe8d
Size

2.3MB
MD5

a5699668b8fc8054d2bc609754da67ed
SHA1

b13b14e15815113eeecf6cc3bd075f8cc0e1c430
SHA256

fa7b30b6d1c5e169c3b824faf87ee7c7af4031a1aaade80be04c561c9bcbfe8d
SHA512

f07444e84375a2fe2624f377f6e06ec3afd2d22bddb0e228b399a990ce6a045cec802ca0c93abab57fdc66605df6000a8a2272321f99d1cdf514e30e91041066
SSDEEP

49152:lwFIMVJuI8uDmJQGgXCY7RJEm7oCUz70zQjok/AS5ASW:lMVUruDmJQGgyYlJOCUYMok/AS5ASW

Score

N/A

Malware Config

Signatures

Files

fa7b30b6d1c5e169c3b824faf87ee7c7af4031a1aaade80be04c561c9bcbfe8d
.exe windows x86

4b5354f11fbdb89da1f4d2924b752569

Code Sign

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1b
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

08-04-2015 01:00

Not After

08-04-2023 01:00

Subject

CN=WoSign Time Stamping Signer G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

1d:27:67:31:19:fb:06:96:27:6c:d8:bb:c3:cb:1c:50
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Not Before

23-01-2017 05:07

Not After

23-04-2018 05:07

Subject

CN=Kunshan Kuaila Information Technology Co.\, Ltd.,O=Kunshan Kuaila Information Technology Co.\, Ltd.,L=Kunshan,ST=Jiangsu,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08-08-2009 01:00

Not After

08-08-2039 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08-11-2014 00:58

Not After

08-11-2029 00:58

Subject

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

19:c2:85:30:e9:3b:36
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17-09-2006 22:46

Not After

31-12-2019 23:59

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17-09-2006 19:46

Not After

17-09-2036 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1b
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

08-04-2015 01:00

Not After

08-04-2023 01:00

Subject

CN=WoSign Time Stamping Signer G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08-08-2009 01:00

Not After

08-08-2039 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:3f:01:dc:59:72:f4:0d:2c:cd:4c:7a:1e:be:6d:62:e2:ed:8f:30:ae:8d:14:18:01:c1:d4:d4:39:9d:eb:6c
Signer

Actual PE Digest

4c:3f:01:dc:59:72:f4:0d:2c:cd:4c:7a:1e:be:6d:62:e2:ed:8f:30:ae:8d:14:18:01:c1:d4:d4:39:9d:eb:6c

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Kunshan Kuaila Information Technology Co.\, Ltd.,O=Kunshan Kuaila Information Technology Co.\, Ltd.,L=Kunshan,ST=Jiangsu,C=CN

23-08-2017 02:32
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFullPathNameW
GlobalFlags
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GetFileSizeEx
GetFileTime
SetErrorMode
GetStartupInfoW
UnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
ExitProcess
HeapFree
HeapAlloc
HeapReAlloc
RtlUnwind
HeapSize
SetStdHandle
GetFileType
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStartupInfoA
UnlockFile
VirtualFree
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
LCMapStringW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
LCMapStringA
GetStringTypeA
GetStringTypeW
GetVolumeInformationW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
GetCurrentDirectoryA
GetDriveTypeA
SetEnvironmentVariableA
LockFile
FlushFileBuffers
GetThreadLocale
LocalAlloc
FileTimeToLocalFileTime
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LoadLibraryA
GetVersionExA
FormatMessageW
LocalFree
GlobalFree
GetModuleHandleA
GetCurrentProcessId
ResumeThread
WaitForMultipleObjects
ExitThread
CreateSemaphoreW
ReleaseSemaphore
SetEvent
GetCurrentThreadId
DeleteCriticalSection
EnterCriticalSection
SetLastError
RaiseException
DuplicateHandle
SetEndOfFile
lstrcmpW
MulDiv
LeaveCriticalSection
InitializeCriticalSection
FileTimeToSystemTime
UnmapViewOfFile
GetFileSize
FreeLibrary
FreeResource
GlobalUnlock
GetModuleFileNameW
TerminateProcess
GetVersionExW
GlobalAlloc
GlobalLock
LocalFileTimeToFileTime
GetCurrentDirectoryW
ReadFile
SetFileTime
SystemTimeToFileTime
SetFilePointer
CreateEventW
ResetEvent
lstrlenW
GetModuleHandleW
CreateThread
SetFileAttributesW
DeleteFileW
CreateToolhelp32Snapshot
FindNextFileW
Process32NextW
SetProcessWorkingSetSize
RemoveDirectoryW
Process32FirstW
FindClose
GetFileAttributesW
OpenProcess
WaitForSingleObject
GetCurrentProcess
FindFirstFileW
GetProcAddress
LoadLibraryW
GetTickCount
lstrlenA
IsBadWritePtr
InterlockedDecrement
InterlockedIncrement
GetPrivateProfileIntW
GetLastError
WideCharToMultiByte
CloseHandle
WritePrivateProfileStringW
MultiByteToWideChar
CreateFileW
CopyFileW
Sleep
WriteFile
GetPrivateProfileStringW
CreateDirectoryW
SetUnhandledExceptionFilter
GetCommandLineW
LockResource
SizeofResource
LoadResource
HeapCreate
FindResourceW

user32

SetWindowContextHelpId
MapDialogRect
PostQuitMessage
IsDialogMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
GetKeyState
SetMenu
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
ValidateRect
GetDlgCtrlID
GetMenu
OffsetRect
SystemParametersInfoA
GetWindowPlacement
MapVirtualKeyW
GetKeyNameTextW
RegisterClipboardFormatW
GetMenuItemID
CopyAcceleratorTableW
GetMenuItemCount
IntersectRect
GetActiveWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
GetWindowDC
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetWindowThreadProcessId
GetLastActivePopup
IsWindowEnabled
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
GetMenuState
EnableMenuItem
EndPaint
ClientToScreen
DestroyWindow
CharNextW
RegisterWindowMessageW
IsChild
SetCapture
UnregisterClassW
GetFocus
GetMessageW
GetParent
InvalidateRgn
SetFocus
BeginPaint
GetClassInfoExW
GetWindowTextW
GetClassNameW
GetDlgItem
GetSysColor
CreateWindowExW
SetWindowTextW
CallWindowProcW
DefWindowProcW
TrackPopupMenu
CharUpperW
PostThreadMessageW
MessageBeep
GetNextDlgGroupItem
IsRectEmpty
GetDesktopWindow
GetWindow
wsprintfW
ScreenToClient
GetSysColorBrush
WindowFromPoint
DestroyMenu
GetClientRect
SystemParametersInfoW
CopyRect
SetRectEmpty
TranslateMessage
PeekMessageW
DispatchMessageW
SetCursor
UpdateLayeredWindow
SetTimer
IsIconic
KillTimer
GetSubMenu
SetForegroundWindow
GetDC
LoadIconW
SetRect
LoadMenuW
GetWindowLongW
ReleaseDC
SetWindowLongW
GetCursorPos
MessageBoxW
ReleaseCapture
GetSystemMetrics
IsWindowVisible
CheckMenuItem
MoveWindow
GetWindowRect
PostMessageW
LoadCursorW
SetParent
SetWindowPos
ShowWindow
IsWindow
UpdateWindow
PtInRect
InvalidateRect
SendMessageW
EnableWindow
UnregisterHotKey
RegisterHotKey
SetActiveWindow
UnregisterClassA

gdi32

CreateFontIndirectW
CreateRectRgnIndirect
GetMapMode
RectVisible
GetBkColor
GetTextColor
GetRgnBox
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
DPtoLP
CreateCompatibleBitmap
PtVisible
GetWindowExtEx
GetViewportExtEx
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateBitmap
GetDeviceCaps
GetObjectW
GetStockObject
DeleteDC
CreateDIBSection
DeleteObject
SelectObject
BitBlt
CreateCompatibleDC
TextOutW

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegOpenKeyW
RegQueryValueW
RegEnumKeyW
RegCreateKeyExW
RegDeleteKeyW
RegQueryValueExW
AdjustTokenPrivileges
RegOpenKeyExW
LookupPrivilegeValueW
OpenProcessToken
RegSetValueExW
RegCloseKey

shell32

CommandLineToArgvW
Shell_NotifyIconW
SHGetSpecialFolderPathW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
ShellExecuteW

comctl32

_TrackMouseEvent

shlwapi

PathFindFileNameW
UrlUnescapeW
PathStripToRootW
PathIsUNCW
PathFindExtensionW

oledlg

OleUIBusyW

ole32

OleIsCurrentClipboard
CoRevokeClassObject
CreateILockBytesOnHGlobal
CLSIDFromProgID
CoTaskMemFree
CreateStreamOnHGlobal
CoFreeUnusedLibraries
OleFlushClipboard
CoRegisterMessageFilter
CoInitialize
CoUninitialize
CoCreateInstance
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoTaskMemAlloc
CoGetClassObject
OleUninitialize
OleInitialize
CLSIDFromString

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
VariantInit
SysAllocStringLen
SysFreeString
SysAllocString
VariantClear
VariantChangeType
SysStringLen
OleCreateFontIndirect

wininet

InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetGetLastResponseInfoW
InternetCrackUrlW
DeleteUrlCacheEntryW
FindNextUrlCacheEntryW
FindFirstUrlCacheEntryW
InternetOpenW
InternetReadFile
InternetConnectW
HttpSendRequestW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetCloseHandle
InternetCanonicalizeUrlW
InternetQueryDataAvailable

gdiplus

GdipCloneImage
GdipDisposeImage
GdipLoadImageFromStream
GdipDeleteBrush
GdipFree
GdipCloneBrush
GdipDrawImageRectRectI
GdipSetTextRenderingHint
GdipDeleteFont
GdipDeleteGraphics
GdipDeleteFontFamily
GdipCreateSolidFill
GdipAlloc
GdipCreateFont
GdipDrawString
GdipCreateFontFamilyFromName
GdipCreateFromHDC
GdipCreateStringFormat
GdipDeleteStringFormat
GdiplusShutdown
GdiplusStartup
GdipGetImageHeight
GdipGetImageWidth
GdipReleaseDC
GdipDeletePen
GdipFillRectangle
GdipDrawImageRectI
GdipCreatePen1
GdipDrawImageRectRect
GdipDrawLineI

psapi

EmptyWorkingSet
EnumProcesses
EnumProcessModules
GetModuleFileNameExW
GetModuleBaseNameW

iphlpapi

GetAdaptersInfo
GetAdaptersAddresses

netapi32

Netbios

snmpapi

SnmpUtilOidCpy
SnmpUtilVarBindFree
SnmpUtilOidNCmp

sensapi

IsNetworkAlive

ws2_32

WSAStartup

Sections

.text
Size: 360KB - Virtual size: 359KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4b5354f11fbdb89da1f4d2924b752569

Code Sign

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1bCertificate

Extended Key Usages

Key Usages

1d:27:67:31:19:fb:06:96:27:6c:d8:bb:c3:cb:1c:50Certificate

Extended Key Usages

Key Usages

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91Certificate

Key Usages

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54Certificate

Extended Key Usages

Key Usages

19:c2:85:30:e9:3b:36Certificate

Key Usages

01Certificate

Key Usages

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1bCertificate

Extended Key Usages

Key Usages

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91Certificate

Key Usages

4c:3f:01:dc:59:72:f4:0d:2c:cd:4c:7a:1e:be:6d:62:e2:ed:8f:30:ae:8d:14:18:01:c1:d4:d4:39:9d:eb:6cSigner

Signature Validations

Verification

23-08-2017 02:32 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

wininet

gdiplus

psapi

iphlpapi

netapi32

snmpapi

sensapi

ws2_32

Sections

.text Size: 360KB - Virtual size: 359KB

.rdata Size: 91KB - Virtual size: 91KB

.data Size: 12KB - Virtual size: 29KB

.rsrc Size: 1.7MB - Virtual size: 1.7MB

.reloc Size: 56KB - Virtual size: 56KB

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1b
Certificate

1d:27:67:31:19:fb:06:96:27:6c:d8:bb:c3:cb:1c:50
Certificate

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54
Certificate

19:c2:85:30:e9:3b:36
Certificate

01
Certificate

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1b
Certificate

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

4c:3f:01:dc:59:72:f4:0d:2c:cd:4c:7a:1e:be:6d:62:e2:ed:8f:30:ae:8d:14:18:01:c1:d4:d4:39:9d:eb:6c
Signer

23-08-2017 02:32
Valid: false

.text
Size: 360KB - Virtual size: 359KB

.rdata
Size: 91KB - Virtual size: 91KB

.data
Size: 12KB - Virtual size: 29KB

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

.reloc
Size: 56KB - Virtual size: 56KB