153cccb809db84d8c9d677256cc407b3b8628afcefce276a094ad9e3e1ec0398

Sharing

Copy URL Twitter E-mail

General

Target

153cccb809db84d8c9d677256cc407b3b8628afcefce276a094ad9e3e1ec0398
Size

149KB
MD5

a1dac665cb41dd2ce925171b4f4dec9b
SHA1

fbf8a78a39009425d2ae768241677df57050ab0a
SHA256

153cccb809db84d8c9d677256cc407b3b8628afcefce276a094ad9e3e1ec0398
SHA512

9c3b62cfd848910b45a68e020ec103c65d7aac5aa196b53a3496f0162abe9bbe050a5c78e518bd96c90ad6c23046ed5396e4860bad0e580ccec914f78d88b794
SSDEEP

3072:RquYMtS+SpBehfzapRc5nelaVLVLVLVLVzcSLe3Zd0D10z:4uxSiBWpOe3ZLz

Score

N/A

Malware Config

Signatures

Files

153cccb809db84d8c9d677256cc407b3b8628afcefce276a094ad9e3e1ec0398
.exe windows x86

abb2c9522709d4d817b651e94cadabeb

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c2:55:bd:3f:d5:1f:04:ba:c3:f6:d7:b0:18:a1:a7:b2
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

02/02/2010, 00:00

Not After

02/02/2011, 23:59

Subject

CN=厦门安讯达系统集成有限公司,OU=Class 3 - for Microsoft Authenticode Signing,O=厦门安讯达系统集成有限公司,L=厦门市,ST=福建省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

e7:c3:19:a0:01:31:e2:1a:07:f4:47:17:91:20:ef:71:a3:e5:4a:7a
Signer

Actual PE Digest

e7:c3:19:a0:01:31:e2:1a:07:f4:47:17:91:20:ef:71:a3:e5:4a:7a

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=厦门安讯达系统集成有限公司,OU=Class 3 - for Microsoft Authenticode Signing,O=厦门安讯达系统集成有限公司,L=厦门市,ST=福建省,C=CN

24/01/2011, 03:35
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadFile
LocalFree
GetStdHandle
GetSystemInfo
IsBadCodePtr
VirtualProtect
DeleteFileA
CreateDirectoryA
GetFileAttributesA
GetFileTime
SetFileTime
GetProcAddress
GetCommandLineA
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetCurrentProcess
GetCurrentThreadId
SetEnvironmentVariableA
FlushFileBuffers
GetStringTypeW
GetStringTypeA
IsBadReadPtr
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
SetStdHandle
SetEndOfFile
SetHandleCount
GetTimeZoneInformation
LCMapStringW
LCMapStringA
GetCPInfo
GetOEMCP
HeapSize
SetUnhandledExceptionFilter
IsBadWritePtr
VirtualFree
HeapCreate
HeapDestroy
HeapReAlloc
GetStartupInfoA
GetFileType
ExitProcess
RtlUnwind
VirtualAlloc
HeapFree
HeapAlloc
VirtualQuery
FileTimeToLocalFileTime
FileTimeToSystemTime
GetLocalTime
GetTickCount
SetFilePointer
WriteFile
GetModuleFileNameA
SetLastError
WaitForSingleObject
GetExitCodeProcess
FindFirstFileA
FindClose
CompareFileTime
QueryPerformanceCounter
GetCurrentProcessId
CreateProcessA
TerminateProcess
GetModuleHandleA
LoadLibraryA
SetFileAttributesA
CopyFileA
GetDriveTypeA
CreateFileA
GetPrivateProfileStringA
GetSystemTimeAsFileTime
WritePrivateProfileStringA
DeviceIoControl
CreateThread
CloseHandle
CompareStringW
CompareStringA
DeleteCriticalSection
InitializeCriticalSection
GetLastError
RaiseException
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetLocaleInfoA
GetACP
InterlockedExchange

user32

EndDialog
SetWindowTextA
SendMessageA
GetDesktopWindow
DialogBoxParamA
LoadIconA
MessageBoxA
GetActiveWindow

shell32

SHGetFolderPathA
ShellExecuteExA

oleaut32

VariantClear

shlwapi

PathCombineA
PathIsDirectoryA
PathFileExistsA
SHSetValueA

urlmon

URLDownloadToFileA

wininet

GetUrlCacheEntryInfoA
DeleteUrlCacheEntryA

cabinet

ord23
ord21
ord22
ord20

Sections

.text
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

abb2c9522709d4d817b651e94cadabeb

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04Certificate

Extended Key Usages

Key Usages

c2:55:bd:3f:d5:1f:04:ba:c3:f6:d7:b0:18:a1:a7:b2Certificate

Extended Key Usages

Key Usages

e7:c3:19:a0:01:31:e2:1a:07:f4:47:17:91:20:ef:71:a3:e5:4a:7aSigner

Signature Validations

Verification

24/01/2011, 03:35 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

shell32

oleaut32

shlwapi

urlmon

wininet

cabinet

Sections

.text Size: 60KB - Virtual size: 56KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 20KB - Virtual size: 126KB

.rsrc Size: 48KB - Virtual size: 47KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

c2:55:bd:3f:d5:1f:04:ba:c3:f6:d7:b0:18:a1:a7:b2
Certificate

e7:c3:19:a0:01:31:e2:1a:07:f4:47:17:91:20:ef:71:a3:e5:4a:7a
Signer

24/01/2011, 03:35
Valid: false

.text
Size: 60KB - Virtual size: 56KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 20KB - Virtual size: 126KB

.rsrc
Size: 48KB - Virtual size: 47KB