e47dc329aa317289a2522758ad964f06d512638c9b90189cb317006216d018de

Sharing

Copy URL

Twitter E-mail

General

Target

e47dc329aa317289a2522758ad964f06d512638c9b90189cb317006216d018de
Size

529KB
MD5

333043e73289f43db666af4b7f7ba4e3
SHA1

8f3110ccf2bb4c7ff3b0c323e2553490ce1fad52
SHA256

e47dc329aa317289a2522758ad964f06d512638c9b90189cb317006216d018de
SHA512

17c66cd829eab08dfeaf14fad5660d9d46512c29ea29493df21b7f7d470cbde9d82676656c2a0fa1d6cc8b1606ce5d05b7d2710d3ecea0cd1f62b67c0b77bd79
SSDEEP

12288:6sXEt5ZVVs6nZmpbgTF2V7zoeSXMHTn7fTi0nC:6sXETVsGZmpUx2V7FSXYu0nC

Score

N/A

Malware Config

Signatures

Files

e47dc329aa317289a2522758ad964f06d512638c9b90189cb317006216d018de
.dll windows x86

59f1059ad58490ceb16625109fff9af3

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathW
GetTempFileNameW
GetCurrentProcessId
GetSystemTimeAsFileTime
DeviceIoControl
CreateFileA
SystemTimeToFileTime
LocalFileTimeToFileTime
SetFilePointerEx
GetFileSizeEx
TlsGetValue
OpenThread
TlsSetValue
OutputDebugStringW
GetProcessHeap
HeapAlloc
TlsAlloc
SetEnvironmentVariableW
TlsFree
HeapFree
ReleaseMutex
CreateMutexW
GetACP
FormatMessageW
GetSystemTime
lstrcmpA
GetFileType
VirtualAlloc
VirtualFree
LocalFree
CreateThread
GetPrivateProfileIntW
GlobalAlloc
GlobalLock
GlobalUnlock
MultiByteToWideChar
ResetEvent
GetSystemDirectoryW
GetWindowsDirectoryW
GetModuleHandleA
GetSystemInfo
CopyFileW
MoveFileW
DeleteFileW
MoveFileExW
WideCharToMultiByte
WinExec
WritePrivateProfileStringW
SetEvent
Sleep
FlushInstructionCache
CompareStringW
lstrcpyW
lstrcmpiW
GetTickCount
WaitForSingleObject
MulDiv
CreateEventW
InterlockedIncrement
lstrlenA
InitializeCriticalSection
SetLastError
GetVersionExW
GetCurrentThreadId
GetCurrentProcess
SetProcessWorkingSetSize
DisableThreadLibraryCalls
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
HeapDestroy
LoadLibraryExW
LoadLibraryW
GetProcAddress
FreeLibrary
GetModuleFileNameW
lstrlenW
InterlockedDecrement
CreateFileW
GetLastError
GetFileSize
ReadFile
SetFilePointer
CloseHandle
GetEnvironmentVariableW

user32

SetWindowTextW
LoadCursorW
GetClassNameW
GetDC
LoadBitmapW
PostMessageW
FindWindowW
LoadImageW
GetActiveWindow
ExitWindowsEx
CharLowerW
IsRectEmpty
GetWindow
DrawIconEx
EndDialog
DispatchMessageW
TranslateMessage
GetMessageW
DialogBoxParamW
DestroyIcon
SetRect
LockWindowUpdate
IntersectRect
IsIconic
EnableWindow
GetSubMenu
LoadMenuW
OpenClipboard
DestroyMenu
TrackPopupMenu
GetMonitorInfoW
ReleaseDC
SetClipboardData
CloseClipboard
MoveWindow
RegisterClassExW
GetDlgItemInt
SetDlgItemInt
CopyRect
SetLayeredWindowAttributes
DeleteMenu
ModifyMenuW
EnableMenuItem
MonitorFromPoint
OffsetRect
SetCursor
SetFocus
GetCursorPos
ScreenToClient
SetRectEmpty
MapWindowPoints
GetDlgItem
ShowWindow
IsWindowVisible
FillRect
wsprintfW
GetClassInfoExW
RedrawWindow
CreateWindowExW
GetWindowLongW
SetWindowLongW
GetMenu
AdjustWindowRectEx
DrawEdge
InflateRect
DrawFocusRect
GetWindowTextLengthW
GetWindowTextW
IsWindowEnabled
DrawTextW
BeginPaint
EndPaint
IsWindow
SendMessageW
SetCapture
CallWindowProcW
GetCapture
InvalidateRect
UpdateWindow
SystemParametersInfoW
SetTimer
GetDlgCtrlID
GetParent
ReleaseCapture
ClientToScreen
GetWindowRect
PtInRect
KillTimer
DefWindowProcW
GetSysColor
GetSysColorBrush
CharNextW
LoadStringW
GetSystemMetrics
CreateDialogParamW
GetClientRect
SetWindowPos
DestroyWindow
MessageBoxW
EmptyClipboard

gdi32

BitBlt
DeleteDC
SetViewportOrgEx
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontIndirectW
GetObjectW
GetStockObject
CreateFontW
SetBkColor
StretchBlt
ExtTextOutW
GetClipBox
GetCurrentObject
LineTo
MoveToEx
SaveDC
SetTextColor
SetBkMode
CreateSolidBrush
DeleteObject
RestoreDC
CreatePen

advapi32

CloseServiceHandle
RegQueryValueExA
OpenSCManagerW
OpenServiceW
QueryServiceStatus
RegOpenKeyW
RegEnumKeyExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegOpenKeyExW
RegCloseKey
RegQueryValueExW

shell32

ord680
ShellExecuteW
SHGetFolderPathW
SHGetFileInfoW
SHFileOperationW
ExtractIconExW

ole32

CoUninitialize
CoInitialize

oleaut32

SysFreeString
SysStringLen
SysAllocString
SysAllocStringLen
SysAllocStringByteLen
SysStringByteLen
VariantClear

comctl32

_TrackMouseEvent
ImageList_Draw
ImageList_GetIconSize
ImageList_LoadImageW
ImageList_Destroy

msimg32

TransparentBlt

shlwapi

PathCombineW
PathRemoveFileSpecW
StrStrIW
SHGetValueW
PathIsRelativeW
PathFileExistsW
PathFindFileNameW
PathIsDirectoryW
PathRenameExtensionW
PathRemoveBackslashW
StrCmpNIW
StrCmpNW
StrCmpIW
PathAppendW

msvcrt

wcscat
tolower
swscanf
_wcslwr
memchr
qsort
strncpy
swprintf
wcschr
_snwprintf
wcsrchr
strerror
wcstok
_errno
wcsncmp
_wcsset
??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
?terminate@@YAXXZ
_onexit
__dllonexit
_except_handler3
_CxxThrowException
rand
_vsnprintf
realloc
_wcsicmp
_vsnwprintf
_beginthreadex
_purecall
wcsncpy
memmove
wcscpy
wcscmp
_wtoi
iswdigit
wcslen
malloc
vswprintf
free
__CxxFrameHandler
??2@YAPAXI@Z
wcsstr

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

sfc

SfcIsFileProtected

urlmon

URLDownloadToFileW

wininet

InternetGetConnectedState
DeleteUrlCacheEntryW

iphlpapi

GetAdaptersInfo

crypt32

CryptMsgClose
CertGetNameStringW
CertGetCertificateContextProperty
CertCloseStore
CryptMsgUpdate
CryptMsgOpenToDecode
CertOpenStore

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain

Exports

Exports

CreatePage
InitPage
IsSupported
UnInitPage

Sections

.text
Size: 288KB - Virtual size: 286KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 160KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

59f1059ad58490ceb16625109fff9af3

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

msimg32

shlwapi

msvcrt

version

sfc

urlmon

wininet

iphlpapi

crypt32

wintrust

Exports

Exports

Sections

.text Size: 288KB - Virtual size: 286KB

.rdata Size: 32KB - Virtual size: 28KB

.data Size: 20KB - Virtual size: 22KB

.rsrc Size: 160KB - Virtual size: 158KB

.reloc Size: 20KB - Virtual size: 19KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

.text
Size: 288KB - Virtual size: 286KB

.rdata
Size: 32KB - Virtual size: 28KB

.data
Size: 20KB - Virtual size: 22KB

.rsrc
Size: 160KB - Virtual size: 158KB

.reloc
Size: 20KB - Virtual size: 19KB