90d45470e15dff131942bd278bc4af60ae21f488a2619abf038740545aa74412

Sharing

Copy URL

Twitter E-mail

General

Target

90d45470e15dff131942bd278bc4af60ae21f488a2619abf038740545aa74412
Size

1.7MB
MD5

cf1b21d93eb734bbccb766c2d89ac9ca
SHA1

4641b716a16243cea8d0f340f13338db9d8d6d4d
SHA256

90d45470e15dff131942bd278bc4af60ae21f488a2619abf038740545aa74412
SHA512

1cf5fa0ac6759ec07d328cf9c79418cb40005fc5ba7b05fa74a975605e8a8848651dac0f49123893bd49ff7c82e2c045834973968ed9fae0f866c2cb045646e0
SSDEEP

49152:NO/zEztjxTyRhdsB4NmC7EXnzPYmaJEXaeGrkUScUzl2W+AAMA4m8wcgwk1mb8Zo:XCfdsB171

Score

N/A

Malware Config

Signatures

Files

90d45470e15dff131942bd278bc4af60ae21f488a2619abf038740545aa74412
.exe windows x86

60938333858b81a1f0068c05259a8961

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

72:d3:ce:02:eb:71:f7:99:ec:b5:f8:bb:79:66:28:a6
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

10/07/2009, 00:00

Not After

14/07/2012, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

QueryPerformanceFrequency
WaitNamedPipeW
FindResourceW
LoadResource
SizeofResource
LockResource
SetWaitableTimer
SetFilePointer
WriteFile
GlobalAlloc
FormatMessageW
GetModuleFileNameW
CreateFileW
ExitThread
GetLastError
SetLastError
GlobalFree
CreateEventW
WaitForMultipleObjects
DuplicateHandle
LocalFree
CreateThread
WideCharToMultiByte
MultiByteToWideChar
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
InterlockedCompareExchange
GetCommandLineW
LoadLibraryW
GetTempPathW
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
GetCurrentProcessId
InterlockedIncrement
SystemTimeToFileTime
MoveFileExW
WaitForSingleObject
SetFileTime
GetExitCodeProcess
GetFileTime
SetFileAttributesW
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
OpenProcess
GetSystemDirectoryW
LocalAlloc
CreateMutexW
OpenMutexW
ReleaseMutex
GetFileSize
ReadFile
FlushFileBuffers
FreeLibrary
GetVersionExW
GetTickCount
GetLogicalDriveStringsW
QueryDosDeviceW
GetWindowsDirectoryW
VirtualQuery
SetUnhandledExceptionFilter
lstrlenW
GetLocalTime
lstrcatW
IsDebuggerPresent
lstrcpyW
GlobalLock
GlobalUnlock
GlobalHandle
GlobalReAlloc
CreateFileA
CreateFileMappingA
OpenFileMappingA
GetWindowsDirectoryA
SetEvent
ResetEvent
HeapAlloc
HeapFree
GetProcessHeap
LoadLibraryExW
ExpandEnvironmentStringsW
GetEnvironmentVariableW
CompareStringW
GetTimeZoneInformation
HeapReAlloc
FileTimeToLocalFileTime
GetDriveTypeW
GetStartupInfoW
ResumeThread
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedDecrement
TerminateProcess
UnhandledExceptionFilter
RtlUnwind
GetDriveTypeA
FindFirstFileA
GetFileType
RaiseException
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
ExitProcess
Module32NextW
VirtualFree
VirtualAlloc
GetStdHandle
GetModuleFileNameA
GetFullPathNameW
GetCurrentDirectoryA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStartupInfoA
QueryPerformanceCounter
GetTimeFormatA
GetDateFormatA
LCMapStringA
LCMapStringW
GetModuleHandleA
GetFullPathNameA
SetStdHandle
GetConsoleCP
GetConsoleMode
SetEndOfFile
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
LoadLibraryA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringA
SetEnvironmentVariableA
InitializeCriticalSection
DeleteFileW
OpenEventW
FindNextFileW
RemoveDirectoryW
FindClose
GetSystemTimeAsFileTime
CreateDirectoryW
GetCurrentProcess
FindFirstFileW
GetSystemInfo
GetProcAddress
GetModuleHandleW
CloseHandle
GetCurrentThreadId
CopyFileW
Sleep
CreateProcessW
Module32FirstW
FileTimeToSystemTime
HeapCreate

user32

IsWindow
DispatchMessageW
MonitorFromRect
EnableWindow
CloseWindow
AdjustWindowRectEx
SetLayeredWindowAttributes
TranslateMessage
SetFocus
PostQuitMessage
GetMessageW
LoadStringW
UnloadKeyboardLayout
ScreenToClient
LoadCursorW
BeginPaint
GetAsyncKeyState
ReleaseDC
RedrawWindow
SetWindowPos
GetCursorPos
ShowWindow
GetCursor
ReleaseCapture
DialogBoxParamW
MoveWindow
PtInRect
OffsetRect
SetRect
SetCursorPos
wvsprintfW
WindowFromPoint
GetWindowThreadProcessId
GetSystemMetrics
MessageBoxW
EndDialog
CheckDlgButton
CreateDialogParamW
GetClientRect
InvalidateRect
KillTimer
MonitorFromPoint
SubtractRect
EnumThreadWindows
DefWindowProcW
CreateWindowExW
SetWindowLongW
GetClassNameW
GetWindowLongW
IntersectRect
GetMonitorInfoW
GetDesktopWindow
LoadImageW
RegisterClassExW
FindWindowW
GetParent
SetForegroundWindow
DrawTextW
InflateRect
EndPaint
DestroyWindow
SetWindowTextW
SendMessageW
IsDlgButtonChecked
SetCursor
UpdateLayeredWindow
SetWindowRgn
SetTimer
FillRect
SetCapture
GetDlgItem
GetDC
PostMessageW
IsWindowVisible
GetWindowRect
GetForegroundWindow
LoadKeyboardLayoutW
SystemParametersInfoW
GetKeyboardLayoutList

gdi32

Rectangle
OffsetRgn
ExtCreateRegion
GetCharABCWidthsFloatW
StretchDIBits
SetTextColor
GetTextExtentPointW
SelectObject
DeleteDC
CreateDIBSection
StretchBlt
CreateFontIndirectW
DeleteObject
SetBkMode
SelectClipRgn
RestoreDC
FillPath
EndPath
SaveDC
AngleArc
CreateCompatibleBitmap
GetObjectW
GetTextExtentExPointW
CreateRectRgn
CreatePen
RoundRect
GetFontData
MoveToEx
GetTextMetricsW
LineTo
GetTextExtentPoint32W
CombineRgn
GetPixel
GetStockObject
CreateSolidBrush
BeginPath
BitBlt
CreateCompatibleDC
CreateRoundRectRgn
SetViewportOrgEx

comdlg32

GetSaveFileNameW

advapi32

RegEnumKeyW
RegQueryValueExW
RegQueryInfoKeyW
RegFlushKey
LookupAccountSidW
AddAccessAllowedAceEx
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetNamedSecurityInfoW
GetNamedSecurityInfoW
InitializeAcl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
SetEntriesInAclW
GetSidLengthRequired
GetSecurityDescriptorSacl
BuildExplicitAccessWithNameW
SetSecurityDescriptorSacl
RegOpenKeyW
GetTokenInformation
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegEnumValueW
RegDeleteKeyW
RegCreateKeyExW
OpenProcessToken

ole32

CoInitializeEx
OleSetContainedObject
OleCreate
CoInitializeSecurity
CoUninitialize
OleInitialize
CoCreateInstance

oleaut32

VariantClear
VariantInit
SysAllocString
SysFreeString

imm32

ImmDisableIME

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

msimg32

TransparentBlt
GradientFill
AlphaBlend

wininet

InternetSetOptionW
InternetOpenW
InternetOpenUrlW
InternetReadFile
HttpQueryInfoW
InternetCloseHandle

shlwapi

SHDeleteKeyW

psapi

GetModuleFileNameExW

shell32

ShellExecuteW
ShellExecuteExW
SHFileOperationW
SHGetSpecialFolderPathW
SHGetFolderPathW

comctl32

InitCommonControlsEx

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 302KB - Virtual size: 302KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 30KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.wtq
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

60938333858b81a1f0068c05259a8961

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

72:d3:ce:02:eb:71:f7:99:ec:b5:f8:bb:79:66:28:a6Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

ole32

oleaut32

imm32

version

msimg32

wininet

shlwapi

psapi

shell32

comctl32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 302KB - Virtual size: 302KB

.data Size: 30KB - Virtual size: 63KB

.rsrc Size: 57KB - Virtual size: 56KB

.wtq Size: 1KB - Virtual size: 4KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

72:d3:ce:02:eb:71:f7:99:ec:b5:f8:bb:79:66:28:a6
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 302KB - Virtual size: 302KB

.data
Size: 30KB - Virtual size: 63KB

.rsrc
Size: 57KB - Virtual size: 56KB

.wtq
Size: 1KB - Virtual size: 4KB