f619eac4500fccd65732d51e68b39ff245dc0a837ba8c2464c05d89ece8a8fa8

Sharing

Copy URL Twitter E-mail

General

Target

f619eac4500fccd65732d51e68b39ff245dc0a837ba8c2464c05d89ece8a8fa8
Size

1.1MB
MD5

285112d6f5f8f0ae82d69b4937426565
SHA1

83a4319657d383afc06c6a26513c5d94e3f75041
SHA256

f619eac4500fccd65732d51e68b39ff245dc0a837ba8c2464c05d89ece8a8fa8
SHA512

b21ce9b1ae57f2d5507455e9aaac82176b027c10a1ca54b7088c6912875aaafa9617c124f5aa32046498b2b2edb51afa44ab412c0c0ccb1c0d64438b70251f88
SSDEEP

24576:XLTZOx2YVXhbbwa+jhRaCtjJmMjwhsWTjE3fmp:Ba+tFmMjwvTwOp

Score

N/A

Malware Config

Signatures

Files

f619eac4500fccd65732d51e68b39ff245dc0a837ba8c2464c05d89ece8a8fa8
.exe windows x86

2744ca499af70314d50423134f21123a

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/01/2010, 00:00

Not After

25/01/2013, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

fc:cf:36:08:27:a5:c9:78:f2:f2:fc:63:f7:2f:d8:86:f3:4a:78:bc
Signer

Actual PE Digest

fc:cf:36:08:27:a5:c9:78:f2:f2:fc:63:f7:2f:d8:86:f3:4a:78:bc

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

18/05/2012, 13:54
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetQueryOptionA

kernel32

LocalFree
ProcessIdToSessionId
OutputDebugStringW
MulDiv
InterlockedDecrement
GetCPInfo
GetFullPathNameW
GetFileTime
lstrcmpiW
CompareStringW
lstrlenA
CreateThread
lstrcpynW
WriteConsoleW
GetStdHandle
SetEvent
WaitForMultipleObjects
CreateEventW
ExitProcess
GetStringTypeW
GetStringTypeA
RtlUnwind
GetStartupInfoW
ExitThread
GetFileType
GetModuleHandleA
CreateDirectoryW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetSystemTimeAsFileTime
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
lstrlenW
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetOEMCP
IsValidCodePage
HeapCreate
GetTimeZoneInformation
GetTimeFormatA
GetDateFormatA
GetCurrentDirectoryA
SetHandleCount
GetStartupInfoA
GetConsoleCP
GetConsoleMode
SetStdHandle
FlushFileBuffers
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
QueryPerformanceCounter
GetUserDefaultLCID
EnumSystemLocalesA
QueryDosDeviceW
IsValidLocale
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
CompareStringA
SetEnvironmentVariableA
GetDriveTypeA
GetDriveTypeW
GetLogicalDrives
CopyFileW
GetDiskFreeSpaceExW
DeviceIoControl
GetModuleFileNameA
WritePrivateProfileStringW
ReadProcessMemory
GetCurrentProcessId
LCMapStringA
VirtualQueryEx
SetUnhandledExceptionFilter
GetThreadSelectorEntry
CreateFileA
MultiByteToWideChar
GetCurrentThread
VirtualQuery
GetVersionExW
OpenFileMappingW
MapViewOfFile
LoadLibraryW
GetProcAddress
MapViewOfFileEx
UnmapViewOfFile
SystemTimeToFileTime
GetLocalTime
SetFilePointer
CreateFileMappingW
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
GetSystemDefaultLangID
GetModuleFileNameW
FindClose
FindNextFileW
FindFirstFileW
FreeLibrary
GetCommandLineW
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
RaiseException
SetLastError
FlushInstructionCache
GetCurrentProcess
GetTickCount
Sleep
ReleaseMutex
WideCharToMultiByte
CreateMutexW
OpenMutexW
WaitForSingleObject
FindResourceExW
LoadResource
LockResource
SizeofResource
GlobalSize
GlobalFlags
FindResourceW
WriteFile
CloseHandle
GetLastError
ReadFile
DeleteFileW
GlobalFree
GlobalAlloc
GetFileSize
CreateFileW
GlobalUnlock
GlobalLock
VirtualAlloc
LCMapStringW

user32

GetSysColor
CharNextW
GetFocus
DrawFocusRect
GetClassNameW
SetWindowTextW
SetCapture
SetScrollPos
ShowScrollBar
SetScrollInfo
ScrollWindow
SendInput
GetMessageExtraInfo
ClientToScreen
DestroyMenu
GetWindowTextW
SetDlgItemTextW
EndDialog
MessageBoxW
SetRect
IsWindowEnabled
UpdateWindow
CreateWindowExW
RegisterClassExW
ReleaseCapture
UnregisterClassA
SetForegroundWindow
GetForegroundWindow
LoadMenuW
GetSubMenu
TrackPopupMenu
GetKeyState
GetClassInfoExW
UnregisterClassW
DestroyWindow
UpdateLayeredWindow
SetWindowPos
GetDlgCtrlID
OffsetRect
IsIconic
MapWindowPoints
SystemParametersInfoW
SetRectEmpty
EnableWindow
GetSystemMetrics
RedrawWindow
TrackMouseEvent
LoadCursorW
SetCursor
PtInRect
GetPropW
GetWindow
GetDesktopWindow
SetPropW
GetMonitorInfoW
GetCursorPos
MonitorFromPoint
ReleaseDC
GetDC
IsWindowVisible
SetTimer
KillTimer
EndPaint
BeginPaint
FillRect
GetClientRect
CallWindowProcW
DefWindowProcW
GetWindowLongW
GetParent
DrawIconEx
ScreenToClient
GetDlgItem
PostQuitMessage
CopyRect
LoadIconW
DialogBoxParamW
InvalidateRect
SetFocus
MoveWindow
LoadImageW
GetWindowRect
DestroyIcon
LoadBitmapW
SetWindowRgn
DrawTextW
SetWindowLongW
PostMessageW
ShowWindow
CreateDialogParamW
DispatchMessageW
RegisterWindowMessageW
TranslateMessage
GetMessageW
OpenClipboard
SendMessageW
ChangeClipboardChain
SetClipboardViewer
IsWindow
SetClipboardData
EmptyClipboard
RegisterClipboardFormatW
EnumClipboardFormats
CloseClipboard
GetClipboardData
GetWindowTextLengthW
GetCapture

gdi32

SetDIBitsToDevice
SetStretchBltMode
SetBkMode
SetTextColor
CreateRoundRectRgn
CreateSolidBrush
CreateCompatibleDC
CreateFontW
DeleteObject
StretchBlt
DeleteDC
SelectObject
Rectangle
GetObjectW
BitBlt
CreateDIBSection
GetDeviceCaps
CreateFontIndirectW
PatBlt
MoveToEx
LineTo
CreatePen
SaveDC
GetClipBox
RestoreDC
GetStockObject
SetBkColor

advapi32

RegOpenKeyExW
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
SetEntriesInAclW
BuildExplicitAccessWithNameW
GetSecurityInfo
RegCreateKeyExW
ConvertSidToStringSidW
GetTokenInformation
LookupAccountSidW
RegDeleteValueW
RegSetValueExW
LookupAccountNameW
OpenProcessToken
RegOpenKeyExA
RegQueryValueExA
RegQueryValueExW
RegCloseKey

shell32

ShellExecuteExW
ShellExecuteW
Shell_NotifyIconW
SHCreateDirectoryExW
SHGetFolderPathW
SHGetSpecialFolderPathW
DragQueryFileW

ole32

CoCreateGuid
CoInitialize
OleInitialize
OleUninitialize
CoCreateInstance
CoUninitialize

shlwapi

PathFileExistsW

comctl32

ord17
_TrackMouseEvent

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

ws2_32

inet_ntoa
WSACancelAsyncRequest
WSAGetLastError
ntohs
recv
send
WSAAsyncGetHostByName
inet_addr
ntohl
WSAStartup
socket
htons
closesocket
gethostbyname
sendto
WSACleanup
WSAAsyncSelect
connect
shutdown
setsockopt
htonl

netapi32

Netbios
NetApiBufferFree
NetWkstaTransportEnum

Sections

.text
Size: 672KB - Virtual size: 668KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 307KB - Virtual size: 307KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2744ca499af70314d50423134f21123a

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0Certificate

Extended Key Usages

Key Usages

fc:cf:36:08:27:a5:c9:78:f2:f2:fc:63:f7:2f:d8:86:f3:4a:78:bcSigner

Signature Validations

Verification

18/05/2012, 13:54 Valid: false

Headers

File Characteristics

Imports

wininet

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

comctl32

wtsapi32

version

ws2_32

netapi32

Sections

.text Size: 672KB - Virtual size: 668KB

.rdata Size: 160KB - Virtual size: 157KB

.data Size: 20KB - Virtual size: 33KB

.rsrc Size: 307KB - Virtual size: 307KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

fc:cf:36:08:27:a5:c9:78:f2:f2:fc:63:f7:2f:d8:86:f3:4a:78:bc
Signer

18/05/2012, 13:54
Valid: false

.text
Size: 672KB - Virtual size: 668KB

.rdata
Size: 160KB - Virtual size: 157KB

.data
Size: 20KB - Virtual size: 33KB

.rsrc
Size: 307KB - Virtual size: 307KB