70d1aea1ce681f00fab3bffee911f9421bca948618228d0d05235a47e24f27e3

Sharing

Copy URL Twitter E-mail

General

Target

70d1aea1ce681f00fab3bffee911f9421bca948618228d0d05235a47e24f27e3
Size

340KB
MD5

1af863e02cf7b5ed193364dede53bf70
SHA1

1fb474cb1d8e418cd8ab16afb0c61a3eea680deb
SHA256

70d1aea1ce681f00fab3bffee911f9421bca948618228d0d05235a47e24f27e3
SHA512

189cdbb064011a832f8f2d080818a636725693591316b7bfe6925b090992c767e5a7e739c2b12ed5e0fdf6397e9bed94fc9873e6e0afce9c664ccdb95f2f8b42
SSDEEP

6144:NJfAVYsfEDJMp/7P3W0opSgOe1KxwbP869OPW8ql23S8tTBZfiBJ7:NJ4VY51Mp/7vW0+SgnwWbU6h8tTvI

Score

N/A

Malware Config

Signatures

Files

70d1aea1ce681f00fab3bffee911f9421bca948618228d0d05235a47e24f27e3
.exe windows x86

4a3a5d9a9a79484ac6543fce9adee902

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

9f:cf:2b:3a:2c:32:b2:8a:ca:83:da:d0:c3:12:a8:6a
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

26/10/2009, 00:00

Not After

25/10/2012, 23:59

Subject

CN=深圳市世强电脑科技有限公司,OU=Class 3 - for Microsoft Authenticode Signing,O=深圳市世强电脑科技有限公司,L=深圳市,ST=广东省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

ef:64:27:7f:af:64:78:48:8e:b3:26:34:af:82:f1:74:20:96:c7:f6
Signer

Actual PE Digest

ef:64:27:7f:af:64:78:48:8e:b3:26:34:af:82:f1:74:20:96:c7:f6

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=深圳市世强电脑科技有限公司,OU=Class 3 - for Microsoft Authenticode Signing,O=深圳市世强电脑科技有限公司,L=深圳市,ST=广东省,C=CN

26/06/2011, 03:01
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStartupInfoW
HeapAlloc
HeapFree
GetFileType
DeleteFileA
ExitProcess
RtlUnwind
GetSystemTimeAsFileTime
TerminateProcess
HeapReAlloc
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
SetStdHandle
QueryPerformanceCounter
GetCurrentProcessId
SetUnhandledExceptionFilter
GetTimeZoneInformation
GetOEMCP
GetCPInfo
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetFileTime
GetFileAttributesW
SetErrorMode
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
GlobalFlags
DeleteCriticalSection
InitializeCriticalSection
RaiseException
SetLastError
MulDiv
FormatMessageW
InterlockedDecrement
GetCurrentThread
GlobalAlloc
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
GetLocaleInfoW
GetFullPathNameW
GetVolumeInformationW
lstrcpyW
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
lstrcmpiW
lstrcpynW
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
lstrlenA
GetModuleHandleA
LoadLibraryA
lstrlenW
lstrcatW
lstrcmpW
GetVersionExA
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
WaitForMultipleObjects
GetTempPathW
GetSystemDirectoryW
SystemTimeToTzSpecificLocalTime
FindResourceW
LoadResource
LockResource
SizeofResource
GetModuleHandleW
GetCurrentProcess
ReleaseMutex
CreateMutexW
FreeLibrary
WritePrivateProfileStringW
LocalAlloc
LocalFree
MoveFileW
SystemTimeToFileTime
FileTimeToSystemTime
GetLastError
GetPrivateProfileIntW
FindFirstFileW
FindClose
WideCharToMultiByte
CreateDirectoryW
WaitForSingleObject
GetExitCodeProcess
CreateProcessW
GetPrivateProfileStringW
GetModuleFileNameW
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
CreateThread
Sleep
GetExitCodeThread
TerminateThread
LoadLibraryW
GetProcAddress
RemoveDirectoryW
GetTickCount
MultiByteToWideChar
DeleteFileW
CreateFileW
GetFileSize
ReadFile
SetFilePointer
WriteFile
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
SetFileAttributesA
CreateFileA
GetFileInformationByHandle
CloseHandle
FileTimeToLocalFileTime
FileTimeToDosDateTime
GetStartupInfoA
GetFileAttributesA

user32

MessageBeep
GetNextDlgGroupItem
InvalidateRgn
InvalidateRect
CopyAcceleratorTableW
SetRect
IsRectEmpty
CharNextW
ReleaseCapture
SetCapture
DestroyMenu
LoadCursorW
GetSysColorBrush
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
SetWindowContextHelpId
MapDialogRect
GetMessageW
TranslateMessage
GetCursorPos
ValidateRect
SetCursor
PostQuitMessage
wsprintfW
CharUpperW
SetMenuItemBitmaps
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapW
ShowWindow
MoveWindow
IsDialogMessageW
SetDlgItemTextW
RegisterWindowMessageW
WinHelpW
GetCapture
CreateWindowExW
CallNextHookEx
GetClassInfoExW
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SendDlgItemMessageW
SendDlgItemMessageA
GetFocus
SetFocus
IsChild
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
DispatchMessageW
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
LoadIconW
MapWindowPoints
GetKeyState
SetForegroundWindow
IsWindowVisible
UpdateWindow
GetClientRect
GetMenu
PostMessageW
GetSubMenu
GetMenuItemID
GetMenuItemCount
GetSysColor
AdjustWindowRectEx
EqualRect
GetClassInfoW
RegisterClassW
UnregisterClassW
RegisterClipboardFormatW
SetWindowTextW
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
SetWindowLongW
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
CopyRect
PtInRect
GetWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetWindowLongW
GetDlgItem
IsWindowEnabled
GetParent
GetNextDlgTabItem
EndDialog
SendMessageW
GetSystemMetrics
MessageBoxW
PostThreadMessageW
PeekMessageW
FindWindowW
GetDesktopWindow
GetWindowRect
SetWindowPos
EnableWindow
KillTimer
SetWindowsHookExW

gdi32

Escape
GetMapMode
GetRgnBox
CreateRectRgnIndirect
GetTextColor
GetBkColor
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetStockObject
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
GetWindowExtEx
GetViewportExtEx
DeleteObject
SetMapMode
RestoreDC
SaveDC
GetDeviceCaps
CreateBitmap
GetObjectW
SetBkColor
SetTextColor
GetClipBox
SelectObject

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegOpenKeyW
RegDeleteKeyW
RegEnumKeyW
RegQueryValueW
RegCreateKeyExW
RegCloseKey

shell32

SHGetSpecialFolderPathW

comctl32

ord17

shlwapi

PathStripToRootW
PathIsUNCW
PathFindExtensionW
PathFileExistsW
PathFindFileNameW

oledlg

OleUIBusyW

ole32

CreateILockBytesOnHGlobal
CLSIDFromString
StgCreateDocfileOnILockBytes
OleUninitialize
CoTaskMemAlloc
CoGetClassObject
StgOpenStorageOnILockBytes
CLSIDFromProgID
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CoTaskMemFree

oleaut32

VariantCopy
SysAllocString
SafeArrayDestroy
SystemTimeToVariantTime
OleCreateFontIndirect
SysStringLen
SysFreeString
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen

urlmon

URLDownloadToFileW

cabinet

ord14
ord11
ord13
ord22
ord21
ord23
ord20
ord10

wininet

HttpSendRequestExW
InternetWriteFile
HttpEndRequestW
InternetOpenUrlW
InternetReadFile
InternetSetFilePointer
HttpQueryInfoW
InternetOpenW
InternetCloseHandle
HttpOpenRequestW
InternetConnectW
InternetQueryDataAvailable
HttpAddRequestHeadersW

Sections

.text
Size: 224KB - Virtual size: 220KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4a3a5d9a9a79484ac6543fce9adee902

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04Certificate

Extended Key Usages

Key Usages

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

9f:cf:2b:3a:2c:32:b2:8a:ca:83:da:d0:c3:12:a8:6aCertificate

Extended Key Usages

Key Usages

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0dCertificate

Extended Key Usages

Key Usages

ef:64:27:7f:af:64:78:48:8e:b3:26:34:af:82:f1:74:20:96:c7:f6Signer

Signature Validations

Verification

26/06/2011, 03:01 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

urlmon

cabinet

wininet

Sections

.text Size: 224KB - Virtual size: 220KB

.rdata Size: 68KB - Virtual size: 65KB

.data Size: 12KB - Virtual size: 24KB

.rsrc Size: 25KB - Virtual size: 28KB

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

9f:cf:2b:3a:2c:32:b2:8a:ca:83:da:d0:c3:12:a8:6a
Certificate

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

ef:64:27:7f:af:64:78:48:8e:b3:26:34:af:82:f1:74:20:96:c7:f6
Signer

26/06/2011, 03:01
Valid: false

.text
Size: 224KB - Virtual size: 220KB

.rdata
Size: 68KB - Virtual size: 65KB

.data
Size: 12KB - Virtual size: 24KB

.rsrc
Size: 25KB - Virtual size: 28KB