bea42cd17cf231c848e850edc9de5e5da65befd647815815826926049b2df1bd

Sharing

Copy URL Twitter E-mail

General

Target

bea42cd17cf231c848e850edc9de5e5da65befd647815815826926049b2df1bd
Size

312KB
MD5

40239b45083cc7bcc0ea6ea6ef5c5c9b
SHA1

975c6facf7b0f830d188e260f2249e5e0d47a32a
SHA256

bea42cd17cf231c848e850edc9de5e5da65befd647815815826926049b2df1bd
SHA512

f2b6558a1255a7911e03f6f015f60dfefc85f7b5d13767f840525ccd6ef08cfc3214b1c9366d254a81391d753001265e2bc4b2f0e6617042fb7189319f3abd02
SSDEEP

6144:rQLwEngNrl8MiPDmqMx4jX/8uJ4f5jlBjvjlBjPS:McEngNrWPo4zLGZBjZBz

Score

N/A

Malware Config

Signatures

Files

bea42cd17cf231c848e850edc9de5e5da65befd647815815826926049b2df1bd
.exe windows x86

d6c33dc06ec5e9273a6c25468f6d4a49

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:f4:37:cb:40:e7:c3:e6:b6:63:b3:e3:ba:45:2f:de
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/05/2009, 00:00

Not After

26/05/2011, 23:59

Subject

CN=ShenZhen Thunder Networking Technologies Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ShenZhen Thunder Networking Technologies Ltd.,L=ShenZhen,ST=GuangDong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:ae:b6:82:86:63:fe:d9:75:55:f8:fe:24:f3:3b:1a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority - G2+OU=(c) 1998 VeriSign\, Inc. - For authorized use only+OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US

Not Before

01/04/2009, 00:00

Not After

31/03/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

dbghelp

MakeSureDirectoryPathExists

kernel32

GlobalAlloc
CloseHandle
FlushFileBuffers
WritePrivateProfileStringW
WriteFile
SetFilePointer
GetTempPathA
CreateFileW
WritePrivateProfileStringA
GetPrivateProfileIntW
GetPrivateProfileStringA
GetPrivateProfileStringW
FindCloseChangeNotification
WaitForSingleObject
FindFirstChangeNotificationW
OutputDebugStringW
TlsGetValue
GetCurrentThreadId
GetLocalTime
TlsSetValue
ReleaseMutex
UnmapViewOfFile
InterlockedDecrement
TlsFree
DeleteCriticalSection
InterlockedExchangeAdd
InitializeCriticalSection
ExitProcess
MapViewOfFile
CreateFileMappingW
CreateMutexW
ExitThread
TlsAlloc
RaiseException
FlushInstructionCache
GetCurrentProcess
HeapFree
GetProcessHeap
HeapAlloc
InterlockedIncrement
lstrlenA
LockResource
LoadResource
FindResourceW
GetCommandLineW
FreeResource
SizeofResource
GlobalLock
Sleep
DeleteFileA
GetProcAddress
LoadLibraryW
GetExitCodeProcess
SetCurrentDirectoryW
CreateThread
GetModuleFileNameW
LCMapStringW
LCMapStringA
GetCPInfo
GetOEMCP
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
GetStringTypeA
LoadLibraryA
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
GetCurrentDirectoryA
GetFullPathNameW
HeapSize
TerminateProcess
SetUnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
SetLastError
GetModuleFileNameA
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetStartupInfoW
GetModuleHandleA
FindFirstFileW
GetLastError
DeleteFileW
FindNextFileW
FindClose
GetCurrentProcessId
MultiByteToWideChar
lstrlenW
GetFileAttributesW
CreateDirectoryW
GetFileAttributesA
FindResourceA
CreateDirectoryA
GlobalUnlock
GlobalFree
LeaveCriticalSection
EnterCriticalSection
HeapReAlloc
GetDriveTypeW
FileTimeToLocalFileTime
FileTimeToSystemTime
RtlUnwind
CompareStringW
CompareStringA
GetDriveTypeA
SetStdHandle
GetVersionExA
VirtualQuery
WideCharToMultiByte
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
SetEnvironmentVariableA
GetTimeZoneInformation
GetCurrentDirectoryW
VirtualProtect
GetSystemInfo

user32

GetSystemMetrics
LoadImageW
EnableMenuItem
BeginPaint
DrawTextW
EndPaint
PostQuitMessage
GetDlgItem
KillTimer
InvalidateRect
GetSystemMenu
FindWindowW
GetActiveWindow
SendMessageW
ShowWindowAsync
SetForegroundWindow
DefWindowProcW
IsDialogMessageW
DestroyWindow
SendDlgItemMessageW
GetWindowLongW
GetWindow
GetWindowRect
SystemParametersInfoW
GetClientRect
MapWindowPoints
SetWindowPos
GetParent
EndDialog
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
DialogBoxParamW
CreateDialogParamW
ShowWindow
SetWindowLongW
PostMessageW
MessageBoxW
SetTimer
wsprintfW

gdi32

CreateCompatibleDC
SelectObject
CreateFontW
SetTextColor
TextOutW
BitBlt
DeleteDC
StretchBlt
DeleteObject
GetObjectW
SetBkColor
SetBkMode

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW

shell32

SHFileOperationW
SHGetFolderPathW
ShellExecuteExA
ShellExecuteW

ole32

CreateStreamOnHGlobal
CoInitialize
CoUninitialize
CoCreateInstance
StringFromIID
CoTaskMemFree

oleaut32

OleLoadPicture

atl71

ord44
ord23
ord65
ord66
ord61
ord43
ord64

shlwapi

PathFileExistsW
PathAppendA
PathAddBackslashA
PathFileExistsA

comctl32

InitCommonControlsEx

msimg32

TransparentBlt

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

urlmon

URLDownloadToFileA

Sections

.text
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d6c33dc06ec5e9273a6c25468f6d4a49

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

1b:f4:37:cb:40:e7:c3:e6:b6:63:b3:e3:ba:45:2f:deCertificate

Extended Key Usages

Key Usages

2e:ae:b6:82:86:63:fe:d9:75:55:f8:fe:24:f3:3b:1aCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

dbghelp

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

atl71

shlwapi

comctl32

msimg32

version

urlmon

Sections

.text Size: 100KB - Virtual size: 96KB

.rdata Size: 36KB - Virtual size: 34KB

.data Size: 8KB - Virtual size: 53KB

.rsrc Size: 164KB - Virtual size: 164KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

1b:f4:37:cb:40:e7:c3:e6:b6:63:b3:e3:ba:45:2f:de
Certificate

2e:ae:b6:82:86:63:fe:d9:75:55:f8:fe:24:f3:3b:1a
Certificate

.text
Size: 100KB - Virtual size: 96KB

.rdata
Size: 36KB - Virtual size: 34KB

.data
Size: 8KB - Virtual size: 53KB

.rsrc
Size: 164KB - Virtual size: 164KB