9796599a4c2e1088433cdd9332f46f7b61574c09dc015aa21c4537e3bf656100

Sharing

Copy URL Twitter E-mail

General

Target

9796599a4c2e1088433cdd9332f46f7b61574c09dc015aa21c4537e3bf656100
Size

193KB
MD5

e0b70e5559839c9797a34bec682d95a0
SHA1

b46e9a98a4c5314aff40387889504fa6b850c350
SHA256

9796599a4c2e1088433cdd9332f46f7b61574c09dc015aa21c4537e3bf656100
SHA512

cc6dd54f75af052e29bbb1ca123951c6aae6c173e6cc059f0641cccf1b88c31067278b67696212d10acb32fd5bcccf1a44a9ed90527b0796c64cf206569fb726
SSDEEP

6144:wy6j/0oz/1RQSDOzHo4aNd5X8SqgcHoYT+P:t6j/1z/1uO2ZibGT+P

Score

N/A

Malware Config

Signatures

Files

9796599a4c2e1088433cdd9332f46f7b61574c09dc015aa21c4537e3bf656100
.exe windows x86

3c610f6d13190849b2d72d1992f786b7

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetThreadContext
SuspendThread
VirtualAlloc
SetFilePointer
GetThreadContext
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
CreateEventW
EnterCriticalSection
WaitForMultipleObjects
FlushInstructionCache
VirtualProtect
GetCurrentThreadId
VirtualQuery
GetStartupInfoW
ResumeThread
lstrlenA
OutputDebugStringW
DebugBreak
InterlockedIncrement
FormatMessageW
LocalFree
GetCurrentThread
OpenProcess
GetVersionExW
GetCurrentProcessId
InterlockedCompareExchange
Sleep
GetModuleFileNameW
GetCurrentProcess
GetModuleHandleW
LoadLibraryW
GetProcAddress
FreeLibrary
SetLastError
OpenEventW
SetEvent
CloseHandle
GetLastError
lstrlenW
SetCurrentDirectoryW
InterlockedDecrement
SetUnhandledExceptionFilter
GetCommandLineW
GetSystemTimeAsFileTime
DeviceIoControl
CreateFileA
SystemTimeToFileTime
LocalFileTimeToFileTime
SetFilePointerEx
GetFileSizeEx
TlsGetValue
OpenThread
ExitProcess
TlsSetValue
GetEnvironmentVariableW
GetProcessHeap
HeapAlloc
TlsAlloc
SetEnvironmentVariableW
TlsFree
HeapFree
ReleaseMutex
WaitForSingleObject
CreateMutexW
ReadFile
GetACP
MultiByteToWideChar
GetSystemTime
lstrcmpA
GetFileType
CreateFileW

user32

CharUpperW
wvsprintfW
CharNextW
LoadStringW

advapi32

RegCreateKeyExA
RegCreateKeyExW
RegDeleteKeyA
RegDeleteKeyW
RegDeleteValueA
RegDeleteValueW
RegEnumKeyA
RegEnumKeyW
RegEnumKeyExA
RegEnumKeyExW
RegEnumValueA
RegEnumValueW
RegOpenKeyExA
RegOpenKeyExW
RegQueryInfoKeyA
RegQueryInfoKeyW
RegQueryValueExA
RegQueryValueExW
RegSetValueExA
RegSetValueExW
RegCloseKey
RegFlushKey
RegCreateKeyA
RegCreateKeyW
RegOpenKeyA
RegOpenKeyW
RegQueryValueA
RegQueryValueW
RegSetValueW
RegSetValueA
OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceStatus
ControlService
DeleteService

shell32

CommandLineToArgvW

ole32

CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromString
CoInitialize
CoUninitialize

shlwapi

StrCmpIW
PathRemoveFileSpecW
PathCombineW
PathFileExistsW
StrRChrW
SHGetValueW
SHDeleteKeyW
PathAppendW

version

VerQueryValueW
GetFileVersionInfoSizeW

psapi

GetModuleFileNameExW

setupapi

SetupCopyOEMInfW

msvcrt

_vsnwprintf
wcscmp
_wsplitpath
iswdigit
_wcsicmp
_except_handler3
memmove
_purecall
free
wcsncmp
_CxxThrowException
malloc
wcscpy
_errno
wcstok
strerror
wcsncpy
_snwprintf
swprintf
strncpy
qsort
memchr
_wcslwr
swscanf
wcscat
_vsnprintf
_exit
_XcptFilter
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
__dllonexit
_onexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_controlfp
??2@YAPAXI@Z
__CxxFrameHandler
wcslen
wcsrchr
wcschr
iswprint
tolower
_wtoi

Sections

.text
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3c610f6d13190849b2d72d1992f786b7

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

version

psapi

setupapi

msvcrt

Sections

.text Size: 120KB - Virtual size: 119KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 20KB - Virtual size: 21KB

.rsrc Size: 24KB - Virtual size: 20KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

.text
Size: 120KB - Virtual size: 119KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 20KB - Virtual size: 21KB

.rsrc
Size: 24KB - Virtual size: 20KB