b07171dec4385d8cde5fac4df8d572878bd7ce090d3159f27d323336767380ec

Sharing

Copy URL

Twitter E-mail

General

Target

b07171dec4385d8cde5fac4df8d572878bd7ce090d3159f27d323336767380ec
Size

411KB
MD5

5bd5faa0971996d90ce6c39a4633eb80
SHA1

84a9c1e6e260a04c5c9ea694611a6226cc976bc3
SHA256

b07171dec4385d8cde5fac4df8d572878bd7ce090d3159f27d323336767380ec
SHA512

26deed1ad9190a121831bac4958825aed4115f2777088a72e52b0fae74003f843b24661967e32f03a9cf577449bfda7ec17f29bc4d750474edc9f591bfcb6fb9
SSDEEP

6144:oXw9rtRA9lDRMtr3+6L+NFWxYqcFKMC0JLURqDn7zf:oXwhAHRMlu6KNFYKginf

Score

N/A

Malware Config

Signatures

Files

b07171dec4385d8cde5fac4df8d572878bd7ce090d3159f27d323336767380ec
.exe windows x86

490c8b7135855ce9817893b8ff4627ff

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

30:d3:c1:67:26:5b:52:0c:b8:7f:25:84:4f:95:cb:04
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

29/10/2013, 00:00

Not After

27/12/2016, 23:59

Subject

CN=Shanda Games,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Security Labs,O=Shanda Games,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

84:3c:fa:8d:a4:74:81:aa:6d:47:53:fd:5f:b9:e7:46:76:f7:3e:d6
Signer

Actual PE Digest

84:3c:fa:8d:a4:74:81:aa:6d:47:53:fd:5f:b9:e7:46:76:f7:3e:d6

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Shanda Games,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Security Labs,O=Shanda Games,L=Shanghai,ST=Shanghai,C=CN

31/03/2016, 06:16
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MapViewOfFile
OpenFileMappingW
lstrcmpW
CreateMutexW
InterlockedExchange
DeleteCriticalSection
GetACP
GetLocaleInfoW
GetSystemDefaultUILanguage
FindClose
FindNextFileW
FindFirstFileW
GetModuleHandleW
InitializeCriticalSection
MultiByteToWideChar
LoadLibraryExW
GetEnvironmentVariableW
CreateEventW
GetLocalTime
FileTimeToSystemTime
CreateFileMappingW
lstrcatW
LeaveCriticalSection
EnterCriticalSection
FreeLibrary
InterlockedIncrement
FlushInstructionCache
GetVersionExW
RaiseException
SetLastError
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
InitializeCriticalSectionAndSpinCount
UnmapViewOfFile
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetDriveTypeW
SetFilePointer
LCMapStringW
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
WriteFile
HeapSize
HeapReAlloc
HeapCreate
ExitProcess
IsValidCodePage
GetOEMCP
GetCPInfo
GetModuleHandleA
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
CreateThread
ExitThread
RtlUnwind
GetSystemDirectoryW
GetLocaleInfoA
CopyFileW
lstrcmpiW
GetTickCount
GetCommandLineW
GetCurrentThreadId
GetPrivateProfileStringW
SetEnvironmentVariableW
SetEvent
ResetEvent
CloseHandle
WaitForSingleObject
GetModuleFileNameW
lstrcpyW
LoadLibraryW
GetProcAddress
Sleep
GetPrivateProfileIntW
GetCurrentThread
GetLastError
GetCurrentProcess
LocalAlloc
LocalFree
InterlockedDecrement
lstrlenW
lstrlenA
OutputDebugStringW
DebugBreak
LoadResource
LockResource
SizeofResource
GetModuleFileNameA
WideCharToMultiByte
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
FindResourceW
CreateDirectoryW
WritePrivateProfileStringW
ExpandEnvironmentStringsW
GetConsoleCP

user32

BringWindowToTop
EndDialog
GetParent
SetWindowPos
LoadIconW
CallWindowProcW
GetDlgItemTextW
GetWindowTextLengthW
GetWindowTextW
SetDlgItemTextW
SetWindowTextW
wsprintfW
DefWindowProcW
FindWindowW
IsWindow
IsDialogMessageW
ShowWindow
PostMessageW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
MonitorFromPoint
MapWindowPoints
GetMenuContextHelpId
SetMenuContextHelpId
InsertMenuItemW
GetMenuItemInfoW
ModifyMenuW
GetSubMenu
GetMenuItemCount
EnableMenuItem
AppendMenuW
TrackPopupMenu
DestroyMenu
CreatePopupMenu
DestroyWindow
CreateDialogParamW
DialogBoxParamW
CreateMenu
GetCursorPos
PostQuitMessage
RegisterWindowMessageW
GetActiveWindow
LoadStringW
CharNextW
SetWindowLongW
MessageBoxW
GetDlgItem
IsDlgButtonChecked
CheckDlgButton
SetFocus
EnableWindow
IsWindowEnabled
SendMessageW
GetSystemMetrics
LoadImageW
SystemParametersInfoW
SetForegroundWindow
GetWindow
GetWindowRect
UnregisterClassA
GetWindowLongW
MonitorFromWindow
GetMonitorInfoW
GetClientRect

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegQueryValueExW
RegQueryValueW
RegSetValueW
RegOpenKeyW
RegCreateKeyW
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCloseKey
RegOpenKeyExW
ImpersonateSelf
OpenThreadToken
OpenProcessToken
AllocateAndInitializeSid
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
IsValidSecurityDescriptor
AccessCheck
RevertToSelf
FreeSid

shell32

ShellExecuteW
DragQueryFileW
DragFinish
CommandLineToArgvW
ShellExecuteExW
SHBrowseForFolderW
SHChangeNotify
SHGetPathFromIDListW
Shell_NotifyIconW

ole32

CoInitialize
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoUninitialize

oleaut32

SysAllocString
SysAllocStringLen
SysStringLen
SysAllocStringByteLen
SysStringByteLen
VarBstrCat
VarUI4FromStr
SysFreeString

shlwapi

StrCmpNIW
StrStrIW
PathIsDirectoryW
PathAppendW
PathFindExtensionW
PathFindFileNameW
PathFileExistsW

comctl32

CreatePropertySheetPageW
DestroyPropertySheetPage
InitCommonControlsEx
PropertySheetW

imagehlp

MapFileAndCheckSumW

Sections

.text
Size: 176KB - Virtual size: 175KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 174KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

490c8b7135855ce9817893b8ff4627ff

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

30:d3:c1:67:26:5b:52:0c:b8:7f:25:84:4f:95:cb:04Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

84:3c:fa:8d:a4:74:81:aa:6d:47:53:fd:5f:b9:e7:46:76:f7:3e:d6Signer

Signature Validations

Verification

31/03/2016, 06:16 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

imagehlp

Sections

.text Size: 176KB - Virtual size: 175KB

.rdata Size: 34KB - Virtual size: 33KB

.data Size: 7KB - Virtual size: 14KB

.rsrc Size: 174KB - Virtual size: 173KB

.reloc Size: 12KB - Virtual size: 12KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

30:d3:c1:67:26:5b:52:0c:b8:7f:25:84:4f:95:cb:04
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

84:3c:fa:8d:a4:74:81:aa:6d:47:53:fd:5f:b9:e7:46:76:f7:3e:d6
Signer

31/03/2016, 06:16
Valid: false

.text
Size: 176KB - Virtual size: 175KB

.rdata
Size: 34KB - Virtual size: 33KB

.data
Size: 7KB - Virtual size: 14KB

.rsrc
Size: 174KB - Virtual size: 173KB

.reloc
Size: 12KB - Virtual size: 12KB