bf8f0d7e13721b7f8347628b385dcb73463a38ae4537a20da5a3fd852606debe

Sharing

Copy URL Twitter E-mail

General

Target

bf8f0d7e13721b7f8347628b385dcb73463a38ae4537a20da5a3fd852606debe
Size

1.3MB
MD5

e14e18dc135e3fa32880f6e2c6038689
SHA1

0f279dfa3522138287c20b1b8bb9aed0866b3e32
SHA256

bf8f0d7e13721b7f8347628b385dcb73463a38ae4537a20da5a3fd852606debe
SHA512

9f98149aa9527bc0c2fb126e7abd3d10a20db0f77fd339f23f3886715dd043671fd366bcbe4510b3c446d9d5f13be76b4f69fa00064cc362008922bed5781602
SSDEEP

24576:IHOOnKnLlwQHpvoqAfiTHq7lD4elFExvv58atOHfMTicjXLR:IHol0kKqqExvv5qETjLR

Score

N/A

Malware Config

Signatures

Files

bf8f0d7e13721b7f8347628b385dcb73463a38ae4537a20da5a3fd852606debe
.exe windows x86

ce347ac4001c28842ea58589e1c3f1da

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

59:b9:5d:55:8c:2d:cc:52:35:72:e3:f8:f9:a5:f7:9d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/06/2012, 00:00

Not After

24/08/2015, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Desktop,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msimg32

GradientFill
TransparentBlt
AlphaBlend

imm32

ImmGetContext
ImmDisableIME
ImmSetConversionStatus

kernel32

GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualProtect
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
IsValidLocale
EnumSystemLocalesA
GetLastError
SuspendThread
CreateEventW
FindClose
FindFirstFileW
CreateThread
CloseHandle
Sleep
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
GetCurrentThread
GlobalFree
GlobalAlloc
GetModuleFileNameW
InitializeCriticalSection
GetCurrentThreadId
FindNextFileW
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetLocaleInfoW
GetProcessHeap
SetEndOfFile
SetStdHandle
GetFullPathNameA
GetConsoleMode
GetConsoleCP
GetModuleHandleA
LCMapStringA
GetStartupInfoA
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
LoadLibraryA
GetCurrentDirectoryA
GetFullPathNameW
HeapSize
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetModuleFileNameA
GetStdHandle
VirtualAlloc
VirtualFree
HeapCreate
Module32FirstW
RaiseException
FreeLibrary
GetFileType
FindFirstFileA
GetDriveTypeA
QueryPerformanceCounter
LCMapStringW
QueryPerformanceFrequency
WaitForSingleObject
InterlockedCompareExchange
SetEvent
InterlockedExchange
CreateFileW
CreateDirectoryW
WideCharToMultiByte
GetCommandLineW
GetCurrentProcess
GetTempPathW
GetProcAddress
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
GetCurrentProcessId
CreateProcessW
MoveFileExW
CopyFileW
FileTimeToSystemTime
GetFileTime
DeleteFileW
SetFileAttributesW
SetFilePointer
WriteFile
FormatMessageW
ExitThread
SetLastError
LocalFree
GetFileSize
ReadFile
FlushFileBuffers
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
FindResourceW
Module32NextW
LoadResource
SizeofResource
LockResource
LocalAlloc
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
InterlockedIncrement
OpenEventW
CreateMutexW
OpenMutexW
ReleaseMutex
GetSystemDirectoryW
RemoveDirectoryW
InterlockedDecrement
OutputDebugStringW
GetVersionExW
GetTickCount
VirtualQuery
SetUnhandledExceptionFilter
lstrlenW
GetLocalTime
lstrcatW
IsDebuggerPresent
lstrcpyW
GlobalLock
GlobalUnlock
GlobalReAlloc
GlobalHandle
CreateFileA
CreateFileMappingA
OpenFileMappingA
GetWindowsDirectoryA
HeapFree
HeapAlloc
HeapReAlloc
TerminateProcess
UnhandledExceptionFilter
GetSystemTimeAsFileTime
FileTimeToLocalFileTime
GetDriveTypeW
ExitProcess
ResumeThread
GetStartupInfoW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
RtlUnwind
GetTimeZoneInformation

user32

IsWindow
SetWindowLongW
GetWindowLongW
GetClientRect
GetKeyState
PostMessageW
MoveWindow
SetWindowTextW
GetDlgCtrlID
SendMessageW
ReleaseCapture
GetCursorPos
GetClassNameW
OffsetRect
SetCapture
GetWindowRect
SetWindowRgn
ShowWindow
RedrawWindow
GetKeyboardLayoutList
ActivateKeyboardLayout
GetMessageW
SetForegroundWindow
FindWindowW
GetParent
SetCursor
LoadCursorW
GetWindowTextW
IsWindowEnabled
IsDlgButtonChecked
CreateWindowExW
TrackPopupMenu
GetSystemMetrics
LoadStringW
wvsprintfW
SetClassLongW
DrawFocusRect
PtInRect
TrackMouseEvent
DefWindowProcW
IsWindowVisible
RegisterClassExW
BeginPaint
EndPaint
CallWindowProcW
GetCursor
SetRect
EndDialog
UpdateLayeredWindow
LoadImageW
GetDesktopWindow
SetCursorPos
GetMonitorInfoW
SubtractRect
MonitorFromPoint
GetAsyncKeyState
CreateDialogParamW
CheckDlgButton
DialogBoxParamW
DrawTextW
InflateRect
IntersectRect
InvalidateRect
AppendMenuW
SetWindowPos
CreatePopupMenu
SetMenuInfo
MessageBoxW
GetDlgItemTextW
SetDlgItemTextW
DestroyMenu
SetMenuItemInfoW
DestroyWindow
SetTimer
FillRect
KillTimer
SetFocus
WaitMessage
GetDC
TranslateMessage
IsDialogMessageW
PeekMessageW
ReleaseDC
EnumChildWindows
EnableWindow
DispatchMessageW
PostQuitMessage
GetDlgItem

gdi32

CreateSolidBrush
GetStockObject
CreateRoundRectRgn
SetBkMode
SetTextColor
DeleteObject
GetObjectW
CreateCompatibleDC
DeleteDC
SetBkColor
SelectObject
GetDeviceCaps
BitBlt
CreatePen
Rectangle
CreateFontIndirectW
LineTo
MoveToEx
GetTextExtentPoint32W
CreateCompatibleBitmap
GetPixel
StretchDIBits
GetTextMetricsW
GetCharABCWidthsFloatW
OffsetRgn
ExtCreateRegion
StretchBlt
CreateDIBSection
SelectClipRgn
GetTextExtentExPointW
CreateRectRgn
CombineRgn

ole32

OleUninitialize
OleInitialize
OleCreate
OleSetContainedObject

oleaut32

VariantInit
VariantClear
SysAllocString

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

wininet

HttpOpenRequestW
HttpSendRequestW
InternetCloseHandle
InternetReadFile
InternetOpenUrlW
InternetOpenW
InternetCanonicalizeUrlW
InternetConnectW
HttpQueryInfoW
InternetQueryOptionW
InternetSetOptionW
InternetErrorDlg

comctl32

InitCommonControlsEx

shlwapi

StrStrIW

advapi32

RegSetValueExW
GetTokenInformation
LookupAccountSidW
AddAccessAllowedAceEx
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetNamedSecurityInfoW
GetNamedSecurityInfoW
InitializeAcl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
SetEntriesInAclW
GetSidLengthRequired
GetSecurityDescriptorSacl
BuildExplicitAccessWithNameW
SetSecurityDescriptorSacl
RegCreateKeyExW
RegQueryValueExW
RegQueryInfoKeyW
RegEnumValueW
RegOpenKeyExW
OpenProcessToken
RegCloseKey

shell32

SHFileOperationW
ShellExecuteW
SHGetFolderPathW

Sections

.text
Size: 938KB - Virtual size: 937KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 277KB - Virtual size: 277KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ce347ac4001c28842ea58589e1c3f1da

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

59:b9:5d:55:8c:2d:cc:52:35:72:e3:f8:f9:a5:f7:9dCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

msimg32

imm32

kernel32

user32

gdi32

ole32

oleaut32

version

wininet

comctl32

shlwapi

advapi32

shell32

Sections

.text Size: 938KB - Virtual size: 937KB

.rdata Size: 277KB - Virtual size: 277KB

.data Size: 22KB - Virtual size: 63KB

.rsrc Size: 122KB - Virtual size: 122KB

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

59:b9:5d:55:8c:2d:cc:52:35:72:e3:f8:f9:a5:f7:9d
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

.text
Size: 938KB - Virtual size: 937KB

.rdata
Size: 277KB - Virtual size: 277KB

.data
Size: 22KB - Virtual size: 63KB

.rsrc
Size: 122KB - Virtual size: 122KB