67b190702339f78f2019d30de0b5b6268e874e277a94dee211194c04e0352e16

Sharing

Copy URL Twitter E-mail

General

Target

67b190702339f78f2019d30de0b5b6268e874e277a94dee211194c04e0352e16
Size

536KB
MD5

ce096b4913af8c16ab10dff4ecb36f5c
SHA1

37bd8c31f5d0863f8d3b692ed50a32a52d4cbb5e
SHA256

67b190702339f78f2019d30de0b5b6268e874e277a94dee211194c04e0352e16
SHA512

efd14cfb338b48e763ef898788f113b63c332de62cbb9270abeffba0688af6b99bdf2d437bde7c24efdc9a684f38f4356218c1553f69170fe2fab6618f195c08
SSDEEP

12288:5wXQ0Mi0NLhNiaqomNjx8P7D164gbZB2Ttm0m6UT8333mG33333m5G333mG33336:WQ0QNLhdnP7564gbZh

Score

N/A

Malware Config

Signatures

Files

67b190702339f78f2019d30de0b5b6268e874e277a94dee211194c04e0352e16
.exe windows x86

1c6d8ea30e5fd30efeef304f75ed6960

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:16:5e:50:24:9f:f6:ad:03:9d:77:06:ec:59:bf:8d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

31/07/2009, 00:00

Not After

30/07/2012, 23:59

Subject

CN=Baidu Online Network Technology (Beijing) Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing) Co.\, Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetCrackUrlW
InternetSetOptionW
InternetCloseHandle
InternetReadFile
HttpQueryInfoW
InternetOpenUrlW
InternetOpenW

kernel32

LockResource
LoadResource
FindResourceW
FindResourceExW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
FindResourceA
GetModuleHandleW
LoadLibraryA
Sleep
SetLastError
ResumeThread
GetLastError
GetCurrentThread
GetCommandLineW
InterlockedDecrement
InterlockedIncrement
CreateProcessW
CloseHandle
FlushFileBuffers
WriteFile
SetFilePointer
GetFileSize
CreateFileW
ReadFile
DeleteFileW
GetFullPathNameW
CreateDirectoryW
GetLongPathNameW
GetModuleFileNameW
FindClose
FindNextFileW
RtlZeroMemory
FindFirstFileW
RemoveDirectoryW
WaitForSingleObject
OpenProcess
GetCurrentProcessId
lstrlenW
GetCurrentProcess
LocalFree
LoadLibraryExW
ExpandEnvironmentStringsW
MultiByteToWideChar
GetFileTime
HeapFree
HeapAlloc
GetProcessHeap
GetPrivateProfileStringW
WideCharToMultiByte
GetFileAttributesW
GetTempFileNameW
GetTempPathW
GetProcAddress
SizeofResource
SearchPathW
lstrlenA
VirtualQuery
VirtualProtect
VirtualAlloc
GetCurrentThreadId
FlushInstructionCache
SetThreadContext
GetThreadContext
SuspendThread
GetCPInfo
GetOEMCP
IsBadCodePtr
IsBadReadPtr
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
LCMapStringW
LCMapStringA
GetSystemInfo
HeapSize
TerminateProcess
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
IsBadWritePtr
VirtualFree
HeapCreate
HeapDestroy
SetUnhandledExceptionFilter
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameA
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetVersionExA
GetStartupInfoW
GetModuleHandleA
HeapReAlloc
RtlUnwind
ExitProcess
FreeLibrary
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetTickCount
LoadLibraryW
SetStdHandle
GetStringTypeW
InterlockedCompareExchange
GetStringTypeA

user32

UnhookWinEvent
IsWindow
EnumWindows
GetWindowTextW
IsWindowVisible
IsIconic
GetWindowRect
DialogBoxIndirectParamW
PostMessageA
PostMessageW
MessageBoxW
LoadStringW
LoadAcceleratorsW
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
GetWindowThreadProcessId
LoadIconW
RegisterClassExW
DefWindowProcW
DestroyWindow
DialogBoxParamW
BeginPaint
KillTimer
PostQuitMessage
LoadCursorW
SetCursor
EndDialog
CreateWindowExW
SetWindowPos
ShowWindow
UpdateWindow
GetDC
GetSystemMetrics
SetWindowRgn
ReleaseDC
FindWindowExW
GetWindow
FindWindowW
EndPaint

gdi32

CreateDIBSection
SelectObject
GetDeviceCaps
DeleteDC
CreateRectRgn
GetPixel
CombineRgn
DeleteObject
CreateCompatibleDC

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW

shell32

ShellExecuteExW

ole32

CoCreateInstance
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoInitialize

oleaut32

SysFreeString
SysAllocString
VariantInit
SysAllocStringByteLen
SysStringByteLen
VariantClear

ws2_32

htons
inet_ntoa
inet_addr

oleacc

WindowFromAccessibleObject
AccessibleObjectFromWindow

Sections

.text
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

share
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 356KB - Virtual size: 354KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1c6d8ea30e5fd30efeef304f75ed6960

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

65:16:5e:50:24:9f:f6:ad:03:9d:77:06:ec:59:bf:8dCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

wininet

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

ws2_32

oleacc

Sections

.text Size: 136KB - Virtual size: 135KB

.rdata Size: 32KB - Virtual size: 30KB

.data Size: 4KB - Virtual size: 11KB

share Size: 4KB - Virtual size: 4B

.rsrc Size: 356KB - Virtual size: 354KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

65:16:5e:50:24:9f:f6:ad:03:9d:77:06:ec:59:bf:8d
Certificate

.text
Size: 136KB - Virtual size: 135KB

.rdata
Size: 32KB - Virtual size: 30KB

.data
Size: 4KB - Virtual size: 11KB

share
Size: 4KB - Virtual size: 4B

.rsrc
Size: 356KB - Virtual size: 354KB