823a4c5920324de659180ef3e4075b4c884801d31b7cf8ff27c3a1c2e16206fa

Sharing

Copy URL Twitter E-mail

General

Target

823a4c5920324de659180ef3e4075b4c884801d31b7cf8ff27c3a1c2e16206fa
Size

164KB
MD5

2989586f8840794fdc5f0490bb936a30
SHA1

f8140747d1611cff6dc1acf0ef98fec456a5e888
SHA256

823a4c5920324de659180ef3e4075b4c884801d31b7cf8ff27c3a1c2e16206fa
SHA512

a1b2b230cc5776916bc568217bc90551c9ed55d0c1aec95a95c4b38519d3aca1b14eeb18e4e2b99d1a9140af07d47bb5369ec090413202a28298d33e87dec673
SSDEEP

3072:pvf1SUO0U7kTJeYF9EWrzLqOOMoxo619lQOlitV:pvfwX4VrqOOMao6rhit

Score

N/A

Malware Config

Signatures

Files

823a4c5920324de659180ef3e4075b4c884801d31b7cf8ff27c3a1c2e16206fa
.exe windows x86

258fc415e908942f3d19560698229330

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:b2:b8:99:29:47:c5:ea:5b:27:d5:fc:4a:79:a4:7f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/05/2012, 00:00

Not After

23/05/2013, 23:59

Subject

CN=Hangzhou Chuanen Network Technology Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IT Dept.,O=Hangzhou Chuanen Network Technology Co.\, Ltd.,L=HangZhou,ST=ZheJiang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

30:80:48:a4:6d:bb:e2:3f:99:22:16:0e:71:d9:08:7d:29:86:6f:e3
Signer

Actual PE Digest

30:80:48:a4:6d:bb:e2:3f:99:22:16:0e:71:d9:08:7d:29:86:6f:e3

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Hangzhou Chuanen Network Technology Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IT Dept.,O=Hangzhou Chuanen Network Technology Co.\, Ltd.,L=HangZhou,ST=ZheJiang,C=CN

23/07/2012, 17:15
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc80

ord3207
ord4265
ord4486
ord2955
ord2862
ord5200
ord1599
ord1655
ord1656
ord1964
ord1362
ord4967
ord3345
ord6277
ord3802
ord6279
ord1522
ord2172
ord2178
ord2405
ord2387
ord2385
ord2403
ord2415
ord2392
ord2408
ord2413
ord2396
ord2398
ord2400
ord2394
ord2410
ord2390
ord934
ord930
ord932
ord928
ord923
ord5233
ord5235
ord5960
ord1600
ord4277
ord4722
ord3403
ord1306
ord2173
ord5205
ord4185
ord6275
ord5073
ord1908
ord5148
ord4244
ord1402
ord3945
ord1617
ord1620
ord5915
ord6725
ord1557
ord4019
ord2424
ord2425
ord2992
ord5356
ord943
ord4904
ord2939
ord4135
ord4309
ord5012
ord5009
ord2615
ord1913
ord2246
ord3997
ord5529
ord2272
ord5491
ord354
ord1063
ord1024
ord3641
ord4580
ord4118
ord6063
ord501
ord709
ord4749
ord2469
ord5403
ord4125
ord4129
ord3182
ord4262
ord5175
ord4282
ord5203
ord5152
ord1401
ord3946
ord5912
ord6724
ord1551
ord1670
ord1671
ord4890
ord4735
ord4212
ord5182
ord1482
ord3441
ord6090
ord1903
ord6065
ord6283
ord2803
ord297
ord3596
ord572
ord760
ord3210
ord3161
ord3684
ord347
ord602
ord1279
ord1280
ord5637
ord1934
ord1929
ord2468
ord2372
ord3255
ord6703
ord299
ord1489
ord911
ord1191
ord3477
ord4768
ord3650
ord410
ord648
ord2095
ord1591
ord4240
ord2991
ord3317
ord741
ord6119
ord5613
ord4353
ord5206
ord4273
ord2717
ord1562
ord5166
ord1360
ord3344
ord2420
ord2419
ord2421
ord2418
ord2417
ord1619
ord5914
ord6764
ord3974
ord4860
ord4863
ord4379
ord4384
ord4381
ord4399
ord4401
ord4386
ord4776
ord4587
ord4178
ord4171
ord4980
ord4389
ord4781
ord4204
ord4790
ord4443
ord4444
ord3740
ord4914
ord4519
ord4520
ord4920
ord4559
ord5049
ord4439
ord4368
ord4501
ord4846
ord4970
ord4529
ord4480
ord4971
ord4516
ord4673
ord4200
ord4948
ord4794
ord4287
ord4376
ord4377
ord4963
ord4796
ord4710
ord4364
ord4805
ord5053
ord4964
ord4649
ord4946
ord4507
ord4961
ord4674
ord4131
ord1302
ord2008
ord4132
ord784
ord496
ord795
ord3602
ord2141
ord2815
ord1230
ord1207
ord4038
ord4014
ord6278
ord3801
ord6276
ord4326
ord2063
ord2018
ord5583
ord3806
ord1010
ord5102
ord6219
ord5382
ord3832
ord1920
ord2931
ord5224
ord5226
ord3948
ord4568
ord5230
ord5213
ord5566
ord2537
ord2731
ord2835
ord4307
ord2714
ord2838
ord2540
ord2646
ord2533
ord3718
ord3719
ord3709
ord2644
ord3949
ord4481
ord4261
ord3333
ord265
ord5331
ord6297
ord266
ord5320
ord1181
ord6286
ord1185
ord1187
ord762
ord2248
ord1084
ord304
ord605
ord2020
ord781
ord2322
ord578
ord310
ord1054
ord3830
ord1126
ord757
ord566
ord3683
ord4541
ord5165
ord635
ord395
ord5214
ord764

msvcr80

_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
_exit
_cexit
__getmainargs
_amsg_exit
_decode_pointer
_onexit
_lock
__dllonexit
_encode_pointer
_unlock
__CxxFrameHandler3
_recalloc
_resetstkoflw
malloc
calloc
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler4_common
atoi
_time64
strftime
_localtime64_s
free
?terminate@@YAXXZ
_crt_debugger_hook
_controlfp_s
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
memcpy_s
rand
srand
_setmbcp
_purecall
memcpy
sscanf
memmove_s
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
_invalid_parameter_noinfo
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
memset

kernel32

MapViewOfFile
OpenFileMappingA
Sleep
CloseHandle
GetModuleFileNameA
GetLastError
CreateMutexA
EnterCriticalSection
GetWindowsDirectoryA
InterlockedCompareExchange
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
LoadLibraryA
FreeLibrary
MultiByteToWideChar
lstrlenA
LeaveCriticalSection
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
InitializeCriticalSection
DeleteCriticalSection

user32

IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
SystemParametersInfoA
EnableWindow
KillTimer
SetTimer
CopyIcon
LoadCursorA
SetCursor
PostMessageA
GetParent
GetWindowRect
IsWindowVisible
LoadIconA
GetAsyncKeyState
SendMessageA

gdi32

SelectObject
DeleteObject
CreateDIBSection
DeleteDC
GetObjectA
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
SetDIBColorTable

advapi32

RegOpenKeyA
RegCreateKeyA
RegCloseKey
RegSetValueExA

shell32

ShellExecuteA

comctl32

InitCommonControlsEx
_TrackMouseEvent

oleaut32

SysAllocStringLen
SysFreeString
VariantClear
VariantInit

msvcp80

??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD0@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z

gdiplus

GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipGetImagePalette
GdipGetImagePaletteSize
GdipFree
GdipAlloc
GdipDisposeImage
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipDrawImageI
GdipCloneImage
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdiplusShutdown

Sections

.text
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

fvgdwwc
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

258fc415e908942f3d19560698229330

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:b2:b8:99:29:47:c5:ea:5b:27:d5:fc:4a:79:a4:7fCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

30:80:48:a4:6d:bb:e2:3f:99:22:16:0e:71:d9:08:7d:29:86:6f:e3Signer

Signature Validations

Verification

23/07/2012, 17:15 Valid: false

Headers

File Characteristics

Imports

mfc80

msvcr80

kernel32

user32

gdi32

advapi32

shell32

comctl32

oleaut32

msvcp80

gdiplus

Sections

.text Size: 60KB - Virtual size: 58KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 68KB - Virtual size: 68KB

fvgdwwc Size: - Virtual size: 4KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:b2:b8:99:29:47:c5:ea:5b:27:d5:fc:4a:79:a4:7f
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

30:80:48:a4:6d:bb:e2:3f:99:22:16:0e:71:d9:08:7d:29:86:6f:e3
Signer

23/07/2012, 17:15
Valid: false

.text
Size: 60KB - Virtual size: 58KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 68KB - Virtual size: 68KB

fvgdwwc
Size: - Virtual size: 4KB