694806d3450685ae1962e6207e40d6f5fe6807b5a7bfd73e3265d964804f4169

Sharing

Copy URL Twitter E-mail

General

Target

694806d3450685ae1962e6207e40d6f5fe6807b5a7bfd73e3265d964804f4169
Size

1.2MB
MD5

46186b1f4b40472d78a4526565d03f19
SHA1

abdab0a48361b4ee39d879e4e7c606c705e82fa2
SHA256

694806d3450685ae1962e6207e40d6f5fe6807b5a7bfd73e3265d964804f4169
SHA512

e0ef2f7576ef674e464cb78e52cd13381f7aef1c4a3ac55f09d473ab0a153f947f691ecbb5ddb79788393bf1cb5c12cf04df86eee9b9e4c1113dde75d83fe78f
SSDEEP

24576:v3hH9NTNEvxG7pyrc+mvPLKsBzOIMPC9gubi9kjeU9TvXHCCJVTI+:5dNTNEsyQvBmd8i9eTvS0VTI+

Score

N/A

Malware Config

Signatures

Files

694806d3450685ae1962e6207e40d6f5fe6807b5a7bfd73e3265d964804f4169
.exe windows x86

cba702aff217da18bfdb9ba1d1e01d52

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c6:14:09:91:04:86:81:ca:ce:41:65:20:6d:a5:0e:6f:ed:87:e1:8f
Signer

Actual PE Digest

c6:14:09:91:04:86:81:ca:ce:41:65:20:6d:a5:0e:6f:ed:87:e1:8f

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

23/01/2013, 13:12
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalAlloc
lstrcpynW
lstrcpyW
VirtualAlloc
lstrcmpA
InterlockedExchange
LoadLibraryExW
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
GlobalUnlock
WriteFile
GetTempFileNameW
ReadFile
GetFileSize
WritePrivateProfileStringW
SetFilePointer
DebugBreak
UnmapViewOfFile
DeleteFileW
GetPrivateProfileIntW
Process32FirstW
Process32NextW
GetLongPathNameW
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
GetLocaleInfoW
GetConsoleMode
GetConsoleCP
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
SetConsoleCtrlHandler
CreateToolhelp32Snapshot
LCMapStringW
LCMapStringA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
FatalAppExitA
HeapCreate
GetStartupInfoA
SetHandleCount
GetModuleFileNameA
GetStdHandle
GetCurrentThread
IsValidCodePage
GetOEMCP
GetCPInfo
GetModuleHandleA
ExitProcess
GetStartupInfoW
RtlUnwind
IsDebuggerPresent
UnhandledExceptionFilter
FileTimeToLocalFileTime
FileTimeToSystemTime
LocalFileTimeToFileTime
OpenFileMappingW
UnlockFileEx
LockFileEx
GetACP
lstrlenA
SetEndOfFile
GetFileSizeEx
SetFilePointerEx
GetEnvironmentVariableW
SetEnvironmentVariableW
TlsFree
TlsAlloc
TlsSetValue
TlsGetValue
GetFileType
CreateFileA
GetSystemTimeAsFileTime
FormatMessageW
GetSystemTime
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
Thread32First
OpenThread
Thread32Next
GetSystemWindowsDirectoryW
HeapFree
GetProcessHeap
HeapAlloc
GlobalFree
GlobalAlloc
GlobalReAlloc
FreeResource
FlushInstructionCache
SetLastError
GlobalSize
GlobalLock
CreateThread
ReleaseMutex
CreateMutexW
ResetEvent
WaitForSingleObject
LocalFree
SetEvent
GetFullPathNameW
GetTickCount
Sleep
ReleaseSemaphore
CreateEventW
DeleteCriticalSection
InitializeCriticalSection
LoadLibraryW
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
GetShortPathNameW
OpenProcess
SetUnhandledExceptionFilter
TerminateProcess
GetProcAddress
GetCurrentThreadId
GetCurrentProcess
OutputDebugStringW
CreateDirectoryW
GetPrivateProfileStringW
GetVersionExW
GetLastError
HeapSize
HeapReAlloc
HeapDestroy
InitializeCriticalSectionAndSpinCount
MapViewOfFile
GetLocalTime
SystemTimeToFileTime
CreateProcessW
GetModuleHandleW
GetModuleFileNameW
GetCurrentProcessId
CreateFileW
DeviceIoControl
CloseHandle
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
MultiByteToWideChar
RaiseException
WideCharToMultiByte
lstrlenW
GetCommandLineW
GetTimeZoneInformation
VirtualQuery

user32

MonitorFromWindow
SendMessageTimeoutW
IsWindow
FindWindowW
PostMessageW
GetWindowThreadProcessId
GetShellWindow
DispatchMessageW
MessageBoxW
UnregisterClassA
TranslateMessage
PeekMessageW
CharNextW
GetMessageW
GetClassInfoW
EnumWindows
RegisterClassExW
GetClassInfoExW
GetDlgItem
CallWindowProcW
DrawTextW
DrawIconEx
WindowFromPoint
GetDlgCtrlID
SetFocus
CreateWindowExW
GetClassLongW
FillRect
UpdateLayeredWindow
EndPaint
BeginPaint
OffsetRect
UpdateWindow
ReleaseCapture
GetCapture
SetCapture
GetDC
ReleaseDC
IsRectEmpty
CopyRect
DestroyWindow
CreateDialogIndirectParamW
DialogBoxIndirectParamW
SetWindowLongW
GetWindow
GetWindowRect
GetCursorPos
GetMonitorInfoW
MapWindowPoints
SetWindowRgn
IsDialogMessageW
ScreenToClient
LoadCursorW
SetCursor
SystemParametersInfoW
RedrawWindow
ShowWindow
InvalidateRect
GetClientRect
SetWindowPos
GetWindowLongW
PtInRect
GetParent
SendMessageW
EndDialog
DestroyIcon
GetActiveWindow
GetSystemMetrics
LoadImageW
AdjustWindowRectEx
IntersectRect
SetTimer
KillTimer
PostQuitMessage
DefWindowProcW
RegisterClassW

gdi32

SetStretchBltMode
OffsetViewportOrgEx
CreateRectRgnIndirect
IntersectClipRect
SetViewportOrgEx
ExcludeClipRect
SetBkColor
CreateRoundRectRgn
GetTextExtentPoint32W
CreatePolygonRgn
GetStockObject
CreateSolidBrush
DeleteObject
TextOutW
SetBkMode
GetTextColor
GetClipBox
SetTextColor
BitBlt
SelectObject
CreateCompatibleDC
DeleteDC
GetObjectW
StretchBlt
CreateDIBSection
CreateCompatibleBitmap
CreateRectRgn
CombineRgn
ExtTextOutW
CreateFontIndirectW

advapi32

RegQueryValueExA
RegEnumKeyExW
RegSetValueExW
RegQueryInfoKeyW
AllocateAndInitializeSid
SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
RegDeleteValueW
DuplicateTokenEx
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegDeleteKeyW
RegCreateKeyExW

shell32

SHGetSpecialFolderPathW
ShellExecuteW
SHGetFileInfoW
ShellExecuteExW
CommandLineToArgvW

ole32

CoTaskMemAlloc
CoCreateInstance
GetHGlobalFromStream
CreateStreamOnHGlobal
CoTaskMemRealloc
CoTaskMemFree
CoUninitialize
CoInitialize

oleaut32

SysAllocString
CreateErrorInfo
SetErrorInfo
SysStringByteLen
VariantInit
VariantClear
SysAllocStringLen
SysAllocStringByteLen
SysFreeString
VarUI4FromStr
VariantChangeType
GetErrorInfo

shlwapi

PathFileExistsW
PathAppendW
StrCmpIW
SHGetValueW
SHSetValueW
StrCmpW
StrCmpNIW
PathFindExtensionW
StrRChrIW
PathCombineW
PathIsDirectoryW
StrCmpNW
StrChrW
StrStrIW
PathRemoveFileSpecW
PathFindFileNameW

comctl32

InitCommonControlsEx
ImageList_Destroy
ImageList_Create
_TrackMouseEvent

msimg32

AlphaBlend

psapi

EnumProcessModules
GetModuleFileNameExW

urlmon

URLDownloadToCacheFileW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

crypt32

CertGetCertificateContextProperty
CertGetCertificateChain
CertFreeCertificateChain
CertOpenStore
CryptMsgOpenToDecode
CryptMsgUpdate
CertFindCertificateInStore
CertGetNameStringW
CertCloseStore
CertFreeCertificateContext
CryptMsgGetParam
CryptQueryObject
CryptDecodeObject
CryptMsgClose

imm32

ImmDisableIME

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain

Sections

.text
Size: 898KB - Virtual size: 898KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 155KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cba702aff217da18bfdb9ba1d1e01d52

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

c6:14:09:91:04:86:81:ca:ce:41:65:20:6d:a5:0e:6f:ed:87:e1:8fSigner

Signature Validations

Verification

23/01/2013, 13:12 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

psapi

urlmon

version

crypt32

imm32

wintrust

Sections

.text Size: 898KB - Virtual size: 898KB

.rdata Size: 122KB - Virtual size: 122KB

.data Size: 21KB - Virtual size: 48KB

.rsrc Size: 155KB - Virtual size: 155KB

.reloc Size: 28KB - Virtual size: 27KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

c6:14:09:91:04:86:81:ca:ce:41:65:20:6d:a5:0e:6f:ed:87:e1:8f
Signer

23/01/2013, 13:12
Valid: false

.text
Size: 898KB - Virtual size: 898KB

.rdata
Size: 122KB - Virtual size: 122KB

.data
Size: 21KB - Virtual size: 48KB

.rsrc
Size: 155KB - Virtual size: 155KB

.reloc
Size: 28KB - Virtual size: 27KB