07aea050d8accfce9db8450cc597c97958f174718f01d3c94cd7fd4561491233

Sharing

Copy URL Twitter E-mail

General

Target

07aea050d8accfce9db8450cc597c97958f174718f01d3c94cd7fd4561491233
Size

117KB
MD5

656ca2e6c62414ed6013ee81a3fad140
SHA1

3d422ab2a06c44363801cf2d77f2aa11df883fe4
SHA256

07aea050d8accfce9db8450cc597c97958f174718f01d3c94cd7fd4561491233
SHA512

86925cddf6cb689c230987b58c909f1db99b2ddca7e4221134869e4a8a5f41ddfd556e0539d542bd452a221c1f815abffc635cd46d9f1d5cb9866b23840a95d2
SSDEEP

1536:lItvqWjHg6O/Wm1Ef6+WfP/vs9EEMZA+1lGXpVA+c9abfEK6dtmdMACv3b476:lIRqWDs/WIH+WfHo95++aarEK6d8yr42

Score

N/A

Malware Config

Signatures

Files

07aea050d8accfce9db8450cc597c97958f174718f01d3c94cd7fd4561491233
.exe windows x86

e450a9050e9d6b41cc1595bc2a7f0a53

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07
Certificate

Issuer

CN=TrustAsia Code Signing CA,O=TrustAsia Technologies\, Inc.,C=CN

Not Before

19/05/2013, 10:54

Not After

19/05/2015, 10:54

Subject

CN=亚洲诚信代码签名测试证书,O=亚数信息科技（上海）有限公司,L=上海市,ST=上海市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

05
Certificate

Issuer

CN=TrustAsia Root CA,O=TrustAsia Technologies\, Inc.,C=CN

Not Before

19/05/2010, 10:43

Not After

19/05/2020, 10:43

Subject

CN=TrustAsia Code Signing CA,O=TrustAsia Technologies\, Inc.,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7e:95:0d:2c:ce:b9:f9:98:19:fc:f7:9b:0d:d2:51:09:67:68:07:99
Signer

Actual PE Digest

7e:95:0d:2c:ce:b9:f9:98:19:fc:f7:9b:0d:d2:51:09:67:68:07:99

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=亚洲诚信代码签名测试证书,O=亚数信息科技（上海）有限公司,L=上海市,ST=上海市,C=CN

30/08/2013, 10:38
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

atoi
strncpy
strcat
strcpy
strcmp
strrchr
_except_handler3
malloc
rand
memcmp
??2@YAPAXI@Z
memset
__CxxFrameHandler
strstr
strlen
_ftol
ceil
memmove
srand
time
printf
exit
strchr
realloc
strncat
clock
_beginthreadex
calloc
__dllonexit
_onexit
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
free
_controlfp
memcpy
_strcmpi
_strnicmp
??3@YAXPAX@Z

kernel32

CreateRemoteThread
RaiseException
GetStartupInfoA
GetModuleHandleA
lstrcmpiA
Process32First
Process32Next
LocalSize
CreateMutexA
CopyFileA
SetFileAttributesA
SetErrorMode
OpenEventA
ReleaseMutex
GetVersionExA
GetSystemInfo
GlobalMemoryStatus
WaitForMultipleObjects
PeekNamedPipe
TerminateProcess
DisconnectNamedPipe
CreatePipe
GetSystemDirectoryA
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetProcessHeap
HeapAlloc
HeapFree
GetModuleFileNameA
OutputDebugStringA
WinExec
TerminateThread
GetTickCount
CreateThread
OpenProcess
FreeLibrary
VirtualAllocEx
WriteProcessMemory
LocalFree
GetCurrentProcess
SetLastError
InitializeCriticalSection
DeleteCriticalSection
VirtualFree
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
GetProcAddress
LoadLibraryA
CloseHandle
lstrcpyA
SetEvent
InterlockedExchange
CancelIo
Sleep
DeleteFileA
GetLastError
CreateDirectoryA
GetFileAttributesA
lstrlenA
CreateProcessA
lstrcatA
GetLogicalDriveStringsA
FindClose
LocalAlloc
RemoveDirectoryA
GetFileSize
CreateFileA
ReadFile
SetFilePointer
WriteFile
MoveFileA

msvcp60

?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB

mfc42

ord6648
ord2764
ord4129
ord926
ord924
ord922
ord535
ord858
ord6663
ord860
ord4278
ord2818
ord939
ord6877
ord800
ord540
ord537

msvfw32

ICClose
ICCompressorFree
ICSeqCompressFrameEnd
ICSendMessage
ICSeqCompressFrameStart
ICSeqCompressFrame
ICOpen

Sections

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e450a9050e9d6b41cc1595bc2a7f0a53

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

07Certificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

05Certificate

Extended Key Usages

Key Usages

7e:95:0d:2c:ce:b9:f9:98:19:fc:f7:9b:0d:d2:51:09:67:68:07:99Signer

Signature Validations

Verification

30/08/2013, 10:38 Valid: false

Headers

File Characteristics

Imports

msvcrt

kernel32

msvcp60

mfc42

msvfw32

Sections

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 80KB - Virtual size: 82KB

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 8KB - Virtual size: 5KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

07
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

05
Certificate

7e:95:0d:2c:ce:b9:f9:98:19:fc:f7:9b:0d:d2:51:09:67:68:07:99
Signer

30/08/2013, 10:38
Valid: false

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 80KB - Virtual size: 82KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 8KB - Virtual size: 5KB