b1c5166c76f157ce9f7eaee0caf68ce6b17c07a0900dd1314088f31d14ff7a7d

Sharing

Copy URL Twitter E-mail

General

Target

b1c5166c76f157ce9f7eaee0caf68ce6b17c07a0900dd1314088f31d14ff7a7d
Size

287KB
MD5

4330f2c056b6bac2a4e9e16ad1a5a8c4
SHA1

014601f42e0ef6485d4b7b4fa0658084415d2b4f
SHA256

b1c5166c76f157ce9f7eaee0caf68ce6b17c07a0900dd1314088f31d14ff7a7d
SHA512

967eca0f86a91991c5ae272792175e2283c4578c9a7dae019547f09a94aae4fe5bbdb1649e7f38db4fea8b609a4016a09eaf10101f6eed33ea05659fd3e85557
SSDEEP

6144:t8y3jSf/oW/cclr8FvgQ2HDxcD+sTsx4IRKSRg12CjxjNIrGy80:t8yQhlQvYHDG+AcRKSCPduy70

Score

N/A

Malware Config

Signatures

Files

b1c5166c76f157ce9f7eaee0caf68ce6b17c07a0900dd1314088f31d14ff7a7d
.exe windows x86

debc47c8b023be9eb6b19ee20c6a7d6d

Code Sign

04:00:00:00:00:01:15:4b:5a:c3:94
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

01/09/1998, 12:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:23:9e:0f:ac:b3
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:2a:60:4f:b6:b4
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

11/08/2010, 08:15

Not After

11/08/2011, 08:15

Subject

CN=Tsingsoft Imagination Information Technology Co.\, Ltd.,O=Tsingsoft Imagination Information Technology Co.\, Ltd.,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

93:d9:04:fe:fb:93:87:f4:8a:ff:87:f4:e4:be:23:6d:21:11:23:ec
Signer

Actual PE Digest

93:d9:04:fe:fb:93:87:f4:8a:ff:87:f4:e4:be:23:6d:21:11:23:ec

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Tsingsoft Imagination Information Technology Co.\, Ltd.,O=Tsingsoft Imagination Information Technology Co.\, Ltd.,C=CN

28/05/2011, 13:46
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptVerifySignatureW
CryptHashData
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptReleaseContext
CryptAcquireContextW
CryptCreateHash
RegQueryValueExW
RegOpenCurrentUser
OpenProcessToken
GetTokenInformation
RegCreateKeyExW
RegEnumValueW
RegDeleteValueW
OpenThreadToken
ImpersonateLoggedOnUser
RevertToSelf
RegSetValueExW
RegOpenKeyExW
RegCloseKey

gdi32

Rectangle
GetStockObject
CreateSolidBrush
CreatePen
IntersectClipRect
GetBkColor
ExtTextOutW
SetBkColor
PathToRegion
CreateFontIndirectW
PtInRegion
Arc
GetObjectW
DeleteDC
StretchBlt
SetStretchBltMode
SetLayout
CreateCompatibleDC
GetDeviceCaps
GetLayout
RoundRect
SetTextColor
SetBkMode
GetRgnBox
CreateRectRgnIndirect
CreatePatternBrush
GetTextExtentPoint32W
SetBrushOrgEx
GetClipBox
ExcludeClipRect
SetTextAlign
GetTextAlign
CreateCompatibleBitmap
RectVisible
CreateFontW
SetDIBits
CreateDIBSection
ExtCreateRegion
CombineRgn
OffsetRgn
CreateBitmap
GetTextColor
StrokeAndFillPath
AbortPath
GetTextMetricsW
SetViewportOrgEx
GetViewportOrgEx
GdiGradientFill
GdiDrawStream
ClearBitmapAttributes
BeginPath
Ellipse
EndPath
SelectClipPath
BitBlt
SelectClipRgn
CreateRectRgn
GetClipRgn
SelectObject
CreateDIBitmap
GetDIBits
GetRegionData
DeleteObject

kernel32

QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
TerminateProcess
IsBadCodePtr
SetUnhandledExceptionFilter
SizeofResource
LoadResource
LockResource
GetFileAttributesW
ReadFile
GetFileSize
ExpandEnvironmentStringsW
GetProcAddress
ReleaseActCtx
DeactivateActCtx
ActivateActCtx
FindFirstFileW
FindNextFileW
FindClose
IsBadStringPtrW
IsBadWritePtr
WaitForSingleObject
GetExitCodeThread
CreateFileMappingW
ExitThread
IsDebuggerPresent
GetACP
MapViewOfFile
GetCurrentProcess
DuplicateHandle
CreateSemaphoreW
UnmapViewOfFile
GetSystemDirectoryW
GetFullPathNameW
InterlockedExchange
GetModuleHandleW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalReAlloc
GlobalFree
InterlockedCompareExchange
InterlockedDecrement
IsBadReadPtr
InterlockedIncrement
lstrcmpW
GetSystemInfo
VirtualFree
GetUserDefaultUILanguage
GetFileTime
LoadLibraryW
LocalAlloc
GetCurrentThread
CreateThread
FreeLibrary
LocalFree
FreeLibraryAndExitThread
lstrcpynW
VirtualAlloc
SetLastError
GetAtomNameW
GetLastError
MulDiv
GetCurrentThreadId
GetCurrentProcessId
GetModuleFileNameW
CreateFileW
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
lstrcmpiW
lstrlenW
WriteFile
WideCharToMultiByte
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
CloseHandle
CreateActCtxW
LoadLibraryExW
GetStringTypeW
SetFilePointer
FindResourceW
AddAtomW
DeleteAtom
MultiByteToWideChar
CompareStringW
UnhandledExceptionFilter
GetLocalTime

msvcrt

wcsstr
swscanf
wcschr
_vsnwprintf
memmove
free
realloc
_wsplitpath
floor
malloc
_initterm

ntdll

NtConnectPort
RtlInitUnicodeString
NtRequestWaitReplyPort
RtlUnhandledExceptionFilter
RtlCreateUserThread
NtQueryInformationProcess
RtlInitializeCriticalSection

user32

GetSubMenu
LoadMenuW
NotifyWinEvent
InvertRect
DrawFrameControl
SetTimer
GetDoubleClickTime
GetMessagePos
DispatchMessageW
TranslateMessage
CallMsgFilterW
GetMessageW
ShowCaret
KillTimer
GetKeyState
EnableWindow
GetScrollInfo
DestroyMenu
TrackPopupMenuEx
SystemParametersInfoA
SystemParametersInfoW
AdjustWindowRectEx
RegisterUserApiHook
UnregisterUserApiHook
GetScrollBarInfo
LoadCursorW
RegisterClassW
CreateWindowExW
SetWindowTextW
DestroyWindow
IsServerSideWindow
LoadStringW
PaintMenuBar
SetWindowPos
GetMenuBarInfo
GetMenuItemCount
DrawMenuBar
TrackMouseEvent
DrawIconEx
IsWindowVisible
DrawEdge
SetCapture
MsgWaitForMultipleObjectsEx
ReleaseCapture
GetCapture
LoadIconW
InflateRect
CalcMenuBar
GetForegroundWindow
IsZoomed
MonitorFromWindow
GetMonitorInfoW
InvalidateRect
DrawTextW
GetClientRect
IsWindowInDestroy
SetWindowRgn
WindowFromDC
GetParent
GetWindowInfo
SetMenuItemInfoW
DefWindowProcW
OffsetRect
GetWindowRect
InternalGetWindowText
GetWindowTextW
SetRectEmpty
GetSysColor
GetWindowRgnBox
GetClassLongW
GetTitleBarInfo
GetSystemMenu
GetMenuItemInfoW
SendMessageW
GetDCEx
IsRectEmpty
GetAncestor
MapWindowPoints
GetDesktopWindow
PostMessageW
SetSysColors
GetDC
GetClassNameW
OpenDesktopW
EnumDesktopWindows
CloseDesktop
GetWindow
EnumChildWindows
GetWindowLongW
SetWindowLongW
RemovePropW
SetPropW
GetPropW
GetWindowThreadProcessId
DrawTextExW
GetWindowDC
ReleaseDC
GetGUIThreadInfo
GetProcessWindowStation
GetUserObjectInformationW
GetSystemMetrics
CopyRect
PtInRect
IntersectRect
FillRect
SetRect
IsWindow
IsChild
CharNextW
SendMessageTimeoutW
GetThreadDesktop
EnumDisplaySettingsW
EnumDisplayDevicesW
LoadImageW
IsCharAlphaNumericW
IsIconic

msls31

LsFetchAppendToCurrentSublineResume
LsdnDistribute
LssbGetPlsrunsFromSubline
LsFetchAppendToCurrentSubline
LsDestroySubline
LsdnFinishByOneChar
LssbGetObjDimSubline

ole32

OleConvertOLESTREAMToIStorageEx
HBRUSH_UserMarshal
DllDebugObjectRPCHook
CLIPFORMAT_UserUnmarshal
CoQueryReleaseObject
CLIPFORMAT_UserFree
StgCreateStorageEx
CoUnmarshalHresult
OleNoteObjectVisible
OleCreateLinkToFile
CoCancelCall
UtConvertDvtd16toDvtd32
HBITMAP_UserMarshal
CreateObjrefMoniker
PropVariantClear
OleCreateLinkFromData
CoGetCallContext
StgOpenStorage
CoRegisterMessageFilter
DoDragDrop
WriteFmtUserTypeStg
GetDocumentBitStg
CoDeactivateObject
CoRegisterSurrogateEx
OleLockRunning
CoGetInterceptorFromTypeInfo
StgConvertVariantToProperty
HGLOBAL_UserMarshal
OleQueryLinkFromData
STGMEDIUM_UserUnmarshal
RegisterDragDrop
GetConvertStg
STGMEDIUM_UserMarshal
DllRegisterServer
HMETAFILE_UserSize
IIDFromString
GetHookInterface
OleConvertOLESTREAMToIStorage
CoRevertToSelf
CoCreateGuid
HGLOBAL_UserUnmarshal
OleSaveToStream
CreateDataAdviseHolder
CoReleaseMarshalData
WriteOleStg

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 237KB - Virtual size: 275KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

debc47c8b023be9eb6b19ee20c6a7d6d

Code Sign

04:00:00:00:00:01:15:4b:5a:c3:94Certificate

Key Usages

04:00:00:00:00:01:23:9e:0f:ac:b3Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:20:19:c1:90:66Certificate

Key Usages

01:00:00:00:00:01:25:b0:b4:cc:01Certificate

Extended Key Usages

Key Usages

01:00:00:00:00:01:2a:60:4f:b6:b4Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:1e:44:a5:ec:beCertificate

Key Usages

93:d9:04:fe:fb:93:87:f4:8a:ff:87:f4:e4:be:23:6d:21:11:23:ecSigner

Signature Validations

Verification

28/05/2011, 13:46 Valid: false

Headers

File Characteristics

Imports

advapi32

gdi32

kernel32

msvcrt

ntdll

user32

msls31

ole32

Sections

.text Size: 13KB - Virtual size: 13KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 237KB - Virtual size: 275KB

.rsrc Size: 17KB - Virtual size: 17KB

04:00:00:00:00:01:15:4b:5a:c3:94
Certificate

04:00:00:00:00:01:23:9e:0f:ac:b3
Certificate

04:00:00:00:00:01:20:19:c1:90:66
Certificate

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

01:00:00:00:00:01:2a:60:4f:b6:b4
Certificate

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

93:d9:04:fe:fb:93:87:f4:8a:ff:87:f4:e4:be:23:6d:21:11:23:ec
Signer

28/05/2011, 13:46
Valid: false

.text
Size: 13KB - Virtual size: 13KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 237KB - Virtual size: 275KB

.rsrc
Size: 17KB - Virtual size: 17KB