4b8801d07b9d11e5da52f38831cd4bd5f51bcca383770ce1fc5a2ab86923ec8b

Sharing

Copy URL Twitter E-mail

General

Target

4b8801d07b9d11e5da52f38831cd4bd5f51bcca383770ce1fc5a2ab86923ec8b
Size

2.0MB
MD5

94e8df3e7b8dc59ab8375d874fb25c77
SHA1

2476de017ec8ca78f02382eef0e700ff80f413f8
SHA256

4b8801d07b9d11e5da52f38831cd4bd5f51bcca383770ce1fc5a2ab86923ec8b
SHA512

93452f8f3bbaf50ed5e445bd12d5799a41986d22874f018cf25ed81423308b78ac401909604a8ee59006db40a391ba81799ad3df7b7ae6d98bcd7459ff5925c7
SSDEEP

49152:zkezoV727v98FHVLC1zdPT5G03tQR2+KSusPOp:zkLUkHw15G03gKSuui

Score

N/A

Malware Config

Signatures

Files

4b8801d07b9d11e5da52f38831cd4bd5f51bcca383770ce1fc5a2ab86923ec8b
.dll regsvr32 windows x86

dc842513ed3f1d9f5ff98812a2ae69fb

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:b8:e3:5b:53:60:1a:f5:36:c5:c4:f8:ec:98:28:cf
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/05/2012, 00:00

Not After

23/05/2013, 23:59

Subject

CN=Elf Network Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=QQAPP,O=Elf Network Co.\,Ltd,L=TianMen,ST=HUBEI,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6a:42:d0:66:12:f5:77:a0:ef:29:a4:98:d6:f4:6a:66:02:b4:d2:2c
Signer

Actual PE Digest

6a:42:d0:66:12:f5:77:a0:ef:29:a4:98:d6:f4:6a:66:02:b4:d2:2c

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Elf Network Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=QQAPP,O=Elf Network Co.\,Ltd,L=TianMen,ST=HUBEI,C=CN

04/06/2012, 06:13
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathW
GetPrivateProfileIntW
WriteFile
InterlockedExchange
GetExitCodeThread
ResetEvent
CreateDirectoryW
lstrcmpW
MulDiv
MapViewOfFile
OpenFileMappingA
OutputDebugStringW
ResumeThread
TerminateThread
FindClose
FindNextFileW
FindFirstFileW
GetTempFileNameA
GetTempPathA
GetPrivateProfileIntA
GetPrivateProfileStringA
DeleteFileA
CopyFileA
CopyFileW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
UnmapViewOfFile
UnlockFileEx
UnlockFile
SystemTimeToFileTime
SetFilePointer
SetEndOfFile
QueryPerformanceCounter
LockFileEx
LockFile
LocalFree
LoadLibraryA
HeapValidate
HeapSize
HeapReAlloc
HeapFree
HeapDestroy
HeapCreate
HeapAlloc
GetVersionExA
GetSystemTimeAsFileTime
GetSystemTime
GetSystemInfo
GetFullPathNameW
GetFullPathNameA
GetFileAttributesExW
GetFileAttributesW
GetFileAttributesA
GetDiskFreeSpaceW
GetDiskFreeSpaceA
GetCurrentProcessId
FormatMessageW
FormatMessageA
FlushFileBuffers
CreateFileMappingW
CreateFileA
AreFileApisANSI
InterlockedCompareExchange
MoveFileA
SetCurrentDirectoryW
CreatePipe
GetTempFileNameW
GetExitCodeProcess
QueryPerformanceFrequency
OutputDebugStringA
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetTimeZoneInformation
GetDateFormatA
GetTimeFormatA
GetConsoleMode
GetConsoleCP
GetStringTypeW
GetStringTypeA
GetStdHandle
ExitProcess
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetCommandLineA
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
LCMapStringW
LCMapStringA
GetStringTypeExW
GetStringTypeExA
GetUserDefaultLCID
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
GetProcessHeap
GetModuleHandleA
VirtualProtect
IsBadReadPtr
GetModuleFileNameA
lstrcpyA
GetSystemWindowsDirectoryW
DeviceIoControl
lstrcatA
GetVersionExW
CreateEventW
Sleep
GetPrivateProfileStringW
CreateThread
WaitForSingleObject
LoadLibraryExW
DisableThreadLibraryCalls
GetModuleFileNameW
lstrcmpiW
OpenEventW
SetEvent
GetTickCount
DeleteFileW
GlobalAlloc
GlobalLock
GlobalUnlock
CreateFileW
GetFileSize
ReadFile
CreateMutexW
lstrlenW
FreeResource
SetLastError
ReleaseMutex
GetCurrentThreadId
lstrlenA
GetVersion
CloseHandle
InterlockedDecrement
InterlockedIncrement
IsBadWritePtr
GetModuleHandleW
LoadLibraryW
GetProcAddress
FreeLibrary
WideCharToMultiByte
DeleteCriticalSection
InitializeCriticalSection
MultiByteToWideChar
GetCurrentProcess
SizeofResource
FlushInstructionCache
LeaveCriticalSection
EnterCriticalSection
GetLastError
RaiseException
FindResourceExW
FindResourceW
LoadResource
LockResource
CreateProcessA

user32

SendMessageW
MoveWindow
GetWindowRect
CallWindowProcA
SetWindowLongA
GetWindowLongW
GetPropW
GetWindowTextA
UnregisterClassA
LoadStringA
LoadStringW
CreateWindowExW
IsWindowUnicode
wsprintfW
SetWindowLongW
PeekMessageW
GetWindowDC
EnableWindow
GetActiveWindow
wsprintfA
GetSysColor
ScreenToClient
InvalidateRgn
RedrawWindow
IsChild
GetClassNameW
FillRect
DestroyAcceleratorTable
CreateAcceleratorTableW
DefWindowProcA
GetMessageW
TranslateMessage
GetClientRect
InvalidateRect
ShowWindow
IsWindow
SetWindowPos
MapWindowPoints
GetMonitorInfoW
MonitorFromWindow
GetWindow
GetParent
GetClassInfoExW
LoadCursorW
CopyRect
SetRect
InflateRect
GetDlgItem
RegisterWindowMessageW
GetClassNameA
EnumChildWindows
IsWindowVisible
DestroyWindow
DefWindowProcW
ReleaseDC
GetDC
RegisterClassExW
SetTimer
KillTimer
CallWindowProcW
SetWindowTextW
GetWindowTextLengthW
IsWindowEnabled
SetCursor
DrawTextW
PostMessageW
GetFocus
GetKeyState
BeginPaint
EndPaint
LoadBitmapW
LoadImageW
PtInRect
GetDesktopWindow
DestroyIcon
EqualRect
GetDlgCtrlID
DrawFrameControl
LoadIconW
DrawIconEx
OffsetRect
FrameRect
FindWindowExW
RemovePropW
SetPropW
SetCapture
ReleaseCapture
GetWindowTextW
ClientToScreen
SetWindowRgn
SetActiveWindow
PostQuitMessage
DispatchMessageW
PostThreadMessageW
MessageBoxW
CharNextW
SetFocus
GetSystemMetrics
SetForegroundWindow

gdi32

SetTextColor
CreateCompatibleDC
CreateDIBSection
BitBlt
DeleteDC
GetStockObject
GetObjectW
CreateFontIndirectW
CreateRectRgn
CreatePen
SetBkColor
StretchBlt
Rectangle
SelectClipRgn
SelectObject
RestoreDC
SaveDC
DeleteObject
SetRectRgn
OffsetRgn
GetDeviceCaps
EnumFontFamiliesW
CreateBitmap
CreateCompatibleBitmap
RectInRegion
RoundRect
CreateRectRgnIndirect
GetClipRgn
MoveToEx
LineTo
TextOutW
GetTextExtentPoint32W
CreateSolidBrush
ExtTextOutW
CombineRgn
SetBkMode

advapi32

RegQueryValueExW
RegDeleteKeyW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegOpenKeyExA

shell32

SHGetFileInfoA
ShellExecuteW
ShellExecuteA
SHGetFolderPathW

ole32

CoInitialize
OleUninitialize
OleInitialize
CoMarshalInterThreadInterfaceInStream
CoInitializeEx
CoGetInterfaceAndReleaseStream
CoUninitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
CoCreateInstance
CoTaskMemFree
CreateStreamOnHGlobal
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

SysFreeString
VariantClear
SysAllocString
SysStringLen
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
LoadRegTypeLi
DispCallFunc
OleCreateFontIndirect
SafeArrayCreate
SafeArrayPutElement
SafeArrayDestroy
VarBstrCmp
VariantInit
SysAllocStringLen

shlwapi

StrToIntA
PathFileExistsW
StrToIntW
PathFileExistsA
PathRemoveFileSpecW
SHSetValueW
SHGetValueW
SHGetValueA
SHSetValueA

comctl32

_TrackMouseEvent

gdiplus

GdipImageSelectActiveFrame
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipFree
GdipImageGetFrameDimensionsCount
GdipSaveImageToFile
GdipLoadImageFromFileICM
GdipLoadImageFromFile
GdipDrawImageI
GdiplusShutdown
GdiplusStartup
GdipCloneImage
GdipDrawImageRectRectI
GdipDrawImageRectI
GdipCreateFromHDC
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipDeleteGraphics
GdipAlloc
GdipImageGetFrameDimensionsList

ws2_32

__WSAFDIsSet
select
setsockopt
shutdown
WSAGetLastError
WSAStartup
gethostbyname
socket
htons
connect
closesocket
send
recv
WSACleanup

urlmon

URLDownloadToFileA

wininet

InternetSetOptionW
InternetGetCookieW
InternetSetCookieW
HttpSendRequestA
InternetOpenUrlW
InternetAttemptConnect
InternetCheckConnectionW
InternetOpenW
InternetConnectW
HttpOpenRequestW
HttpSendRequestW
HttpQueryInfoA
InternetReadFile
InternetCloseHandle
InternetCanonicalizeUrlW
InternetCrackUrlW

iphlpapi

GetAdaptersInfo

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 225KB - Virtual size: 225KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 490KB - Virtual size: 489KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dc842513ed3f1d9f5ff98812a2ae69fb

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

25:b8:e3:5b:53:60:1a:f5:36:c5:c4:f8:ec:98:28:cfCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

6a:42:d0:66:12:f5:77:a0:ef:29:a4:98:d6:f4:6a:66:02:b4:d2:2cSigner

Signature Validations

Verification

04/06/2012, 06:13 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

ws2_32

urlmon

wininet

iphlpapi

Exports

Exports

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 225KB - Virtual size: 225KB

.data Size: 31KB - Virtual size: 71KB

.rsrc Size: 490KB - Virtual size: 489KB

.reloc Size: 69KB - Virtual size: 68KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

25:b8:e3:5b:53:60:1a:f5:36:c5:c4:f8:ec:98:28:cf
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

6a:42:d0:66:12:f5:77:a0:ef:29:a4:98:d6:f4:6a:66:02:b4:d2:2c
Signer

04/06/2012, 06:13
Valid: false

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 225KB - Virtual size: 225KB

.data
Size: 31KB - Virtual size: 71KB

.rsrc
Size: 490KB - Virtual size: 489KB

.reloc
Size: 69KB - Virtual size: 68KB