0be7af3c1a90bb03bb53ca89432d297f88986d0232b071ef930f652f1b1536fd

Sharing

Copy URL

Twitter E-mail

General

Target

0be7af3c1a90bb03bb53ca89432d297f88986d0232b071ef930f652f1b1536fd
Size

79KB
MD5

c8e688b77302d7c0fa3a401691610922
SHA1

d50b65aaf587ed3b843399c0719b1a2afa946ac8
SHA256

0be7af3c1a90bb03bb53ca89432d297f88986d0232b071ef930f652f1b1536fd
SHA512

9ba743fb976235a250d65549a5c94049c534bc4f8e50c2296212e3b17c70f26177acf68334ef8eee82f5f372be4c6a6eea3ea9195c82d320dd619deef5ecdd51
SSDEEP

1536:yYeYecm8M7fEWH4wgWbs7fOaRnUBAawYVJlO1ZvaS5asyDMX2J5q:yYgcsHdbifOaRUBA9KXO1ZvaSUsyAr

Score

N/A

Malware Config

Signatures

Files

0be7af3c1a90bb03bb53ca89432d297f88986d0232b071ef930f652f1b1536fd
.dll windows x86

a7a16d10244a964ef7b57b8898edcf29

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

79:40:da:4a:a5:93:87:1c:a5:35:16:7a:93:64:9c:ac
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/03/2013, 00:00

Not After

05/04/2014, 23:59

Subject

CN=Shenzhen Paojiaosizhi Information Technology Co.\,Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=产品组,O=Shenzhen Paojiaosizhi Information Technology Co.\,Ltd.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5e:f4:70:0f:e0:80:10:b0:09:7a:32:05:30:92:85:e1:5b:8b:3f:a1
Signer

Actual PE Digest

5e:f4:70:0f:e0:80:10:b0:09:7a:32:05:30:92:85:e1:5b:8b:3f:a1

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Shenzhen Paojiaosizhi Information Technology Co.\,Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=产品组,O=Shenzhen Paojiaosizhi Information Technology Co.\,Ltd.,L=Shenzhen,ST=Guangdong,C=CN

27/04/2013, 10:14
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc90

ord3479
ord1358
ord3612
ord2106
ord1183
ord3534
ord6153
ord6494
ord1603
ord3528
ord3477
ord1357
ord6074
ord5997
ord3213
ord305
ord6613
ord1611
ord941
ord6670
ord2481
ord4507
ord899
ord4311
ord2672
ord942
ord6681
ord4506
ord2539
ord3178
ord2691
ord5835
ord5963
ord4392
ord316
ord820
ord5924
ord2480
ord6077
ord6078
ord525
ord4396
ord4527
ord6170
ord636
ord334
ord367
ord3718
ord663
ord1555
ord5753
ord5520
ord404
ord1252
ord910
ord601
ord265
ord310
ord817
ord300
ord266
ord1254
ord1258
ord1137
ord1152
ord391
ord1241
ord798
ord781
ord580
ord945
ord800

msvcr90

malloc
free
_stat64i32
memset
sscanf
__CxxFrameHandler3
fclose
fseek
ftell
fopen
sprintf
isdigit
_invalid_parameter_noinfo
isspace
isalnum
fgetc
fputc
strncpy
_localtime64_s
_resetstkoflw
_mkdir
_access
memcpy
atol
?terminate@@YAXXZ
_except_handler4_common
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_fcloseall
__CppXcptFilter
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__clean_type_info_names_internal
_adjust_fdiv

kernel32

CreateToolhelp32Snapshot
Process32First
Process32Next
CreateProcessA
WaitForSingleObject
lstrlenA
VirtualQuery
CreateFileA
GetFileTime
CloseHandle
FileTimeToSystemTime
lstrlenW
GetFileAttributesA
WideCharToMultiByte
GetTempPathA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
WinExec
Sleep
GetTempFileNameA
CreatePipe
GetStartupInfoA
ReadFile
GetModuleFileNameA
MultiByteToWideChar

user32

SetWindowPos
GetWindowRect
FillRect
GetSystemMetrics

gdi32

StretchBlt
GetTextExtentPoint32A
BitBlt
RoundRect
Rectangle
CreateCompatibleDC
GetObjectA
CreateCompatibleBitmap
GetStockObject
CreateFontA
CreatePen

advapi32

RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegDeleteValueA
RegEnumKeyExA
RegQueryInfoKeyA
RegCreateKeyA
RegSetValueA
RegCloseKey
RegDeleteKeyA

shell32

SHGetSpecialFolderPathA

shlwapi

PathFileExistsA

ole32

CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

VariantInit
SysAllocString
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
VariantCopy
VariantClear
SysFreeString

msvcp90

??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_WI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?open@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXPB_WHH@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@XZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z

netapi32

Netbios

wininet

InternetTimeFromSystemTime

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Exports

Exports

??0CMd5A@@QAE@ABV0@@Z
??0CMd5A@@QAE@XZ
??0CVersionManager@@QAE@ABV0@@Z
??0CVersionManager@@QAE@PBD@Z
??0CVersionManager@@QAE@XZ
??1CMd5A@@UAE@XZ
??1CVersionManager@@UAE@XZ
??4CMd5A@@QAEAAV0@ABV0@@Z
??4CVersionManager@@QAEAAV0@ABV0@@Z
??8CVersionManager@@QAEHAAV0@@Z
??MCVersionManager@@QAEHAAV0@@Z
??NCVersionManager@@QAEHAAV0@@Z
??OCVersionManager@@QAEHAAV0@@Z
??PCVersionManager@@QAEHAAV0@@Z
??_7CMd5A@@6B@
??_7CVersionManager@@6B@
?CallJavaScritpFunction@@YAJPAUIHTMLDocument2@@PADZZ
?CenterWindowToScreen@@YAXPAUHWND__@@@Z
?CloseAllAdbService@@YAHXZ
?ConvertUtf8ToANSI@@YAXABV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@AAV12@@Z
?CreateShortcut@@YAJPBDPAD1110H@Z
?Decode@CMd5A@@AAEXPAKPAEI@Z
?DecodeBase64@@YAHV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@0@Z
?DecodeBase64_string@@YAHV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@AAV12@@Z
?DrawBitmapInRect@@YAXPAVCDC@@VCRect@@AAVCBitmap@@I@Z
?DrawLine@@YAXPAVCDC@@HKHHHH@Z
?DrawNoFillRect@@YAXPAVCDC@@VCRect@@HK@Z
?DrawNoFillRoundRect@@YAXPAVCDC@@HKPAUtagRECT@@HH@Z
?DrawTextInRect@@YAXPAVCDC@@PBDVCRect@@HKHI@Z
?Encode@CMd5A@@AAEXPAEPAKI@Z
?FileExist@@YA_NPBD@Z
?FileExists@@YAHPBDH@Z
?FindStringInString@@YA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBD00@Z
?Gb2312ToUtf8@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@HABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@@Z
?GetApkFileIconFileName@@YA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBD@Z
?GetApkFileSoftID@@YA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBD@Z
?GetApkFileSoftName@@YA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBD@Z
?GetApkFilesPath@@YA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?GetApkImageCache@@YA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?GetAppExeFileName@@YA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?GetAppExePath@@YA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?GetAppExePathName@@YA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?GetCacheDirectory@@YA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?GetCmdOutPut@@YAHPBDAAV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?GetDesktopPath@@YA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?GetDriverCache@@YA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?GetFileCreateDate@@YA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBD@Z
?GetFileSize@@YAKPBD@Z
?GetFileSizeString@@YA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@_K@Z
?GetFileVersion@@YAHPBDAAV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?GetFileWorkDirectory@@YAXAAV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?GetMAC@@YAHPAD@Z
?GetMd5@@YA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@V12@@Z
?GetMyDocumentsPath@@YA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?GetTempFilePathName@@YA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?GetTextNeedSize@@YA?AVCSize@@PAVCDC@@PBDHH@Z
?IsHasAdbService@@YAHAAK@Z
?IsPathExists@@YAHPBD@Z
?IsStackPointer@@YAHPAX@Z
?MD5Final@CMd5A@@AAEXQAEPAUMD5_CTX@@@Z
?MD5Init@CMd5A@@AAEXPAUMD5_CTX@@@Z
?MD5Transform@CMd5A@@AAEXQAKQAE@Z
?MD5Update@CMd5A@@AAEXPAUMD5_CTX@@PAEI@Z
?MD5_memcpy@CMd5A@@AAEXPAE0I@Z
?MD5_memset@CMd5A@@AAEXPAEHI@Z
?MDFile@CMd5A@@QAE?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@V23@@Z
?MDString@CMd5A@@QAEPADPAD@Z
?ObtainVersionNumFromVersionString@CVersionManager@@QAEHPBD@Z
?RegWebProtocol@@YAHPBD0H@Z
?RegisterFileRelation@@YAXPAD0000@Z
?RestartAdbService@@YAXXZ
?RunAdbService@@YAXXZ
?RunAndWaitForClose@@YAXPBD@Z
?Split@@YAHABV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@AAVCStringArray@@D@Z
?URLDecode@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV12@@Z
?URLEncode@@YA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@V12@@Z
?UTF8Convert@@YA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@V12@HH@Z
?UnRegWebProtocol@@YAHPBD@Z
?UrlDecode@@YA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBD@Z
?Utf8ToGb2312@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@@Z
?Utf8ToStringT@@YA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PAD@Z
?hmac_md5@CMd5A@@QAEPADPAD0@Z
?mkdirEx@@YAHPBD@Z

Sections

.text
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a7a16d10244a964ef7b57b8898edcf29

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

79:40:da:4a:a5:93:87:1c:a5:35:16:7a:93:64:9c:acCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

5e:f4:70:0f:e0:80:10:b0:09:7a:32:05:30:92:85:e1:5b:8b:3f:a1Signer

Signature Validations

Verification

27/04/2013, 10:14 Valid: false

Headers

File Characteristics

Imports

mfc90

msvcr90

kernel32

user32

gdi32

advapi32

shell32

shlwapi

ole32

oleaut32

msvcp90

netapi32

wininet

version

Exports

Exports

Sections

.text Size: 37KB - Virtual size: 36KB

.rdata Size: 29KB - Virtual size: 29KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 952B

.reloc Size: 3KB - Virtual size: 3KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

79:40:da:4a:a5:93:87:1c:a5:35:16:7a:93:64:9c:ac
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

5e:f4:70:0f:e0:80:10:b0:09:7a:32:05:30:92:85:e1:5b:8b:3f:a1
Signer

27/04/2013, 10:14
Valid: false

.text
Size: 37KB - Virtual size: 36KB

.rdata
Size: 29KB - Virtual size: 29KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 952B

.reloc
Size: 3KB - Virtual size: 3KB