b02f4d1c1660cd8a53064ff3ef5221749ff2439c80565b76a2b6729043640ec5

Sharing

Copy URL

Twitter E-mail

General

Target

b02f4d1c1660cd8a53064ff3ef5221749ff2439c80565b76a2b6729043640ec5
Size

3.8MB
MD5

04d239171dd8a5bb8dc47be0d09af53a
SHA1

f7cf95351b9d56d97754dd1d1fa8b8ec0e7a7bdf
SHA256

b02f4d1c1660cd8a53064ff3ef5221749ff2439c80565b76a2b6729043640ec5
SHA512

f1ca7c70e35d527ac4cb32f186aef12c8f9ae57583cbd09af54653fce101efc626698904454fb395b035b234d92ece9e582623b65e5e5c0c252f3ea21ebd8feb
SSDEEP

98304:vgggTkVQzLzyQPs3pL4ycW4q4KTCf1GDBannGx5scwefG8LjLFj:QPicy8qt4QDBanGfPfVLtj

Score

N/A

Malware Config

Signatures

Files

b02f4d1c1660cd8a53064ff3ef5221749ff2439c80565b76a2b6729043640ec5
.exe windows x86

0968f6fb9fa53cc7372930bb4a691f37

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

43:6f:25:2d:3a:04:d8:d9:7e:1a:cb:45:36:3e:7f:1a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

18-05-2012 00:00

Not After

18-05-2014 23:59

Subject

CN=Shenzhen Thinksky Technology Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen Thinksky Technology Co.\,Ltd,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:cb:a4:62:83:75:27:13:1e:1c:96:ad:62:48:aa:95:c5:16:2e:ea
Signer

Actual PE Digest

44:cb:a4:62:83:75:27:13:1e:1c:96:ad:62:48:aa:95:c5:16:2e:ea

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Shenzhen Thinksky Technology Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen Thinksky Technology Co.\,Ltd,L=Shenzhen,ST=Guangdong,C=CN

28-02-2014 11:07
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TerminateThread
GlobalAlloc
WideCharToMultiByte
MultiByteToWideChar
GetTempPathW
GetModuleFileNameW
GlobalReAlloc
GlobalFree
InterlockedIncrement
InterlockedDecrement
GetTickCount
GetModuleHandleW
GetProcAddress
lstrlenW
DeleteFileW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
WaitForSingleObject
OpenProcess
RemoveDirectoryW
TerminateProcess
GetVersionExW
LocalFree
GetCommandLineW
Sleep
FindResourceExW
CloseHandle
LoadResource
LockResource
SizeofResource
SetFilePointer
ReadFile
GetFileSize
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
FreeResource
GlobalLock
GlobalUnlock
GetCurrentThreadId
MulDiv
RaiseException
EnterCriticalSection
LeaveCriticalSection
FindResourceW
CreateFileW
GetCurrentProcess

user32

LoadCursorW
SetCursor
PtInRect
ReleaseCapture
ReleaseDC
DispatchMessageW
GetCapture
GetMessageW
SetCapture
SendMessageTimeoutW
SetWindowPos
SendMessageW
PostQuitMessage
MessageBoxW
TranslateMessage
UpdateWindow
MoveWindow
IsWindowVisible
GetDC
RegisterClassExW
GetParent
GetPropW
IsWindow
ScreenToClient
OffsetRect
InvalidateRect
PostMessageW
DefWindowProcW
DestroyWindow
CreateWindowExW
SetPropW
SetWindowLongW
RemovePropW
EndDialog
GetWindowLongW
GetDesktopWindow
GetWindowRect
GetClientRect
IsRectEmpty
BeginPaint
EndPaint
SetFocus
GetCursorPos
SetRect
UpdateLayeredWindow
SetRectEmpty
SetTimer
SystemParametersInfoW
KillTimer
GetCursor
EqualRect
IntersectRect
SetWindowRgn
IsZoomed
EnumThreadWindows
EnumChildWindows
DrawTextW
InflateRect
UnregisterClassA
ShowWindow

gdi32

CreateRectRgn
SelectClipRgn
CreateCompatibleDC
SetBkMode
CreateDIBSection
CreateCompatibleBitmap
BitBlt
CombineRgn
OffsetRgn
DeleteDC
GetObjectA
SetTextColor
RectVisible
RestoreDC
ExtCreateRegion
SaveDC
DeleteObject
PatBlt
SelectObject
CreateFontIndirectW
GetTextExtentPoint32W

advapi32

GetTokenInformation
RegCloseKey
RegSetValueExW
CheckTokenMembership
OpenProcessToken
CreateWellKnownSid
RegOpenKeyExW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW

shell32

SHGetPathFromIDListW
SHFileOperationW
SHCreateDirectoryExW
CommandLineToArgvW
ShellExecuteW
ShellExecuteExW
SHGetSpecialFolderPathW
SHGetMalloc
SHBrowseForFolderW

ole32

CoInitialize
CoUninitialize
CoCreateInstance
CreateStreamOnHGlobal
CoCreateGuid

shlwapi

PathFindFileNameW
PathRemoveFileSpecW
PathFileExistsW
UrlGetPartW
PathIsDirectoryEmptyW
PathIsDirectoryW
PathStripToRootW

gdiplus

GdipMeasureString
GdipDrawString
GdipSetClipRectI
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDrawImageRectI
GdipCloneImage
GdiplusStartup
GdiplusShutdown
GdipCreateBitmapFromStream
GdipGetImagePixelFormat
GdipDrawLineI
GdipDeletePen
GdipFree
GdipCreatePen1
GdipCloneBrush
GdipFillRectangleI
GdipAlloc
GdipCreateSolidFill
GdipDeleteBrush
GdipCreateFromHDC
GdipDeleteGraphics

msimg32

AlphaBlend
TransparentBlt

msvcp80

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD0@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?push_back@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEX_W@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ

comctl32

_TrackMouseEvent
InitCommonControlsEx

msvfw32

DrawDibClose
DrawDibOpen
DrawDibDraw

msvcr80

_wfopen_s
malloc
sscanf_s
_invalid_parameter_noinfo
isalpha
_vscprintf
??0exception@std@@QAE@ABQBD@Z
vsprintf_s
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@XZ
tolower
??1exception@std@@UAE@XZ
wcsrchr
atoi
_atoi64
_stricmp
atof
sprintf_s
strpbrk
wcscpy_s
_beginthread
_purecall
_mbscmp
__RTDynamicCast
memset
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
wcsstr
fclose
free
iswspace
fwrite
memmove_s
memcpy_s
_wcsicmp
vswprintf_s
??_V@YAXPAX@Z
_vscwprintf
??2@YAPAXI@Z
??3@YAXPAX@Z
memcpy
fopen
_wfopen
fread
_ftelli64
_fseeki64
ferror
__CxxFrameHandler3
?what@exception@std@@UBEPBDXZ
_CxxThrowException

ws2_32

WSAStartup
ioctlsocket
connect
htons
WSACleanup
inet_ntoa
gethostbyname
socket
ntohl
__WSAFDIsSet
closesocket
select
inet_addr
send
recv

Sections

.text
Size: 180KB - Virtual size: 178KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 216KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0968f6fb9fa53cc7372930bb4a691f37

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

43:6f:25:2d:3a:04:d8:d9:7e:1a:cb:45:36:3e:7f:1aCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

44:cb:a4:62:83:75:27:13:1e:1c:96:ad:62:48:aa:95:c5:16:2e:eaSigner

Signature Validations

Verification

28-02-2014 11:07 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

gdiplus

msimg32

msvcp80

comctl32

msvfw32

msvcr80

ws2_32

Sections

.text Size: 180KB - Virtual size: 178KB

.rdata Size: 52KB - Virtual size: 49KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 216KB - Virtual size: 214KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

43:6f:25:2d:3a:04:d8:d9:7e:1a:cb:45:36:3e:7f:1a
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

44:cb:a4:62:83:75:27:13:1e:1c:96:ad:62:48:aa:95:c5:16:2e:ea
Signer

28-02-2014 11:07
Valid: false

.text
Size: 180KB - Virtual size: 178KB

.rdata
Size: 52KB - Virtual size: 49KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 216KB - Virtual size: 214KB