3f9cf3d548ce93b6b87eccda869328b954ec7236edd1bc97ec24bf8accad1954

Sharing

Copy URL Twitter E-mail

General

Target

3f9cf3d548ce93b6b87eccda869328b954ec7236edd1bc97ec24bf8accad1954
Size

748KB
MD5

6e1fadac0e9c91e6d2d1ee2abcc3392c
SHA1

9fb48d2159b202e3c5e9e62f65bffa5f3db7232f
SHA256

3f9cf3d548ce93b6b87eccda869328b954ec7236edd1bc97ec24bf8accad1954
SHA512

4b0ac3bfdd7847675d397d7c7da5b3e8694790dfed2e6f32299fc7c39aa5a8f92e378063a6916547e04a81aeeac8efc83ad0cffa8ad28903ed132262237f2ccf
SSDEEP

12288:Ds7CXqdKmml+6DlggbdrZWBgReoizwtUlW6svUx:DsmXqdvmlHZdWBgRe3wtUlWdMx

Score

N/A

Malware Config

Signatures

Files

3f9cf3d548ce93b6b87eccda869328b954ec7236edd1bc97ec24bf8accad1954
.exe windows x86

4eca302406ced3f40cbdecfe72d4085a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:92:ae:b3:83:26:5c:7c:64:53:bd:92:a0:40:a0:20
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

15/02/2009, 00:00

Not After

15/02/2010, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tencent,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2f:0d:2b:89:6a:fc:46:78:56:cb:a1:e1:bc:50:45:83:b3:de:25:cd
Signer

Actual PE Digest

2f:0d:2b:89:6a:fc:46:78:56:cb:a1:e1:bc:50:45:83:b3:de:25:cd

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tencent,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

04/11/2009, 11:43
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc80u

ord2381
ord2379
ord2397
ord2409
ord2386
ord2402
ord2407
ord2390
ord2392
ord2394
ord2388
ord2404
ord2384
ord931
ord927
ord929
ord925
ord920
ord5229
ord5231
ord5956
ord1591
ord4276
ord4714
ord3397
ord5207
ord4179
ord6271
ord5067
ord1899
ord5148
ord4238
ord1392
ord3940
ord1608
ord1611
ord5908
ord6720
ord1542
ord1661
ord1662
ord2011
ord4884
ord4730
ord4207
ord5178
ord4184
ord4838
ord4611
ord5064
ord5066
ord6744
ord1555
ord6115
ord3390
ord6751
ord6749
ord1079
ord3204
ord1118
ord1925
ord3155
ord2366
ord1894
ord572
ord3311
ord2985
ord4716
ord5210
ord4234
ord1393
ord5911
ord6721
ord1582
ord2086
ord416
ord1785
ord4026
ord6086
ord6061
ord4098
ord6063
ord1959
ord1271
ord715
ord5065
ord3286
ord1572
ord1634
ord620
ord4791
ord3198
ord3189
ord663
ord865
ord426
ord4060
ord3946
ord5867
ord5869
ord587
ord2155
ord3158
ord4226
ord1536
ord2077
ord2652
ord3756
ord1403
ord2651
ord3546
ord3547
ord721
ord4266
ord1512
ord4274
ord5208
ord1573
ord2027
ord1318
ord5699
ord4101
ord2260
ord287
ord2365
ord977
ord524
ord1386
ord2255
ord5558
ord2161
ord6279
ord2422
ord4112
ord3662
ord6040
ord4577
ord4109
ord3157
ord519
ord718
ord3126
ord516
ord4861
ord5727
ord4312
ord3661
ord4574
ord3678
ord1058
ord778
ord2399
ord1178
ord2151
ord2362
ord1270
ord2361
ord3223
ord4231
ord1561
ord2082
ord4093
ord1475
ord1924
ord6262
ord1388
ord657
ord3400
ord2254
ord3984
ord602
ord2074
ord326
ord347
ord3983
ord589
ord5638
ord330
ord3395
ord290
ord2648
ord5829
ord5426
ord3016
ord4347
ord2159
ord605
ord354
ord3176
ord5199
ord5609
ord4314
ord3635
ord4729
ord4206
ord3281
ord3296
ord5633
ord3208
ord4230
ord1549
ord1628
ord2081
ord642
ord2364
ord6116
ord2066
ord3995
ord4117
ord5637
ord502
ord5635
ord4755
ord709
ord1920
ord501
ord5711
ord3224
ord2952
ord4232
ord2083
ord658
ord5862
ord2860
ord2788
ord2867
ord3789
ord3869
ord2876
ord5742
ord3873
ord557
ord3645
ord4642
ord3331
ord760
ord5630
ord558
ord746
ord1002
ord5434
ord5399
ord2462
ord304
ord2321
ord2322
ord903
ord2313
ord783
ord310
ord629
ord1430
ord5319
ord5083
ord384
ord284
ord277
ord281
ord745
ord777
ord5480
ord5416
ord2461
ord6002
ord6284
ord1156
ord3508
ord261
ord1707
ord1194
ord807
ord1086
ord2310
ord6201
ord747
ord559
ord3168
ord5462
ord4057
ord862
ord5423
ord4038
ord548
ord660
ord423
ord5117
ord334
ord5119
ord593
ord5121
ord5120
ord3227
ord1175
ord1147
ord1182
ord1077
ord2444
ord6096
ord288
ord1908
ord2468
ord6166
ord2463
ord2169
ord2163
ord1513
ord6273
ord3796
ord6275
ord3339
ord4961
ord1353
ord5171
ord1955
ord1647
ord1646
ord1590
ord5196
ord2856
ord4480
ord4256
ord651
ord741
ord5524
ord3990
ord5485
ord305
ord578
ord6293
ord5327
ord6282
ord1571
ord5316
ord1172
ord3249
ord1105
ord2340
ord5484
ord4078
ord6167
ord6173
ord899
ord896
ord1476
ord774
ord265
ord266
ord1472
ord1049
ord6700
ord282
ord6111
ord1479
ord900
ord762
ord4535
ord3677
ord757
ord5113
ord4032
ord4008
ord6272
ord3795
ord6274
ord4320
ord2054
ord2009
ord5579
ord3800
ord1007
ord5096
ord6215
ord5378
ord3826
ord1911
ord2925
ord5220
ord5222
ord2239
ord3942
ord4562
ord5226
ord5209
ord5562
ord3824
ord2531
ord2725
ord2829
ord4301
ord2708
ord2832
ord2534
ord2640
ord2527
ord2984
ord3712
ord3713
ord3703
ord2638
ord3943
ord4475
ord4255
ord3327
ord566
ord283
ord280
ord860
ord3927
ord4074
ord870
ord2261
ord1176
ord293
ord2311
ord577
ord776
ord2460
ord5398
ord2895
ord2121
ord764
ord1198

msvcr80

_initterm
_wcmdln
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
_waccess
_snwprintf_s
wcsstr
_mktime64
_beginthreadex
_itow_s
fgetc
free
calloc
_initterm_e
__iob_func
fputc
_wtol
strcpy_s
strncpy_s
_wsplitpath_s
wcsncat_s
wcstoul
_localtime64_s
wcsftime
srand
rand
fputws
feof
fgetws
__CxxFrameHandler3
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_except_handler4_common
?terminate@@YAXXZ
_invoke_watson
_controlfp_s
?_type_info_dtor_internal_method@type_info@@QAEXXZ
exit
memset
fwrite
fread
fseek
ftell
fclose
_rmtmp
tmpfile_s
_wfopen_s
_time64
_purecall
wcscmp
__wargv
__argc
memcpy
strlen
memcmp
__RTDynamicCast
_wtoi
wcsncpy_s
_itoa_s
wcschr
memcpy_s
labs
wcslen
memmove_s
_crt_debugger_hook

kernel32

DeleteCriticalSection
InitializeCriticalSection
Sleep
OpenMutexW
CreateMutexW
WaitForSingleObject
CloseHandle
ReleaseMutex
GetVersion
GetSystemDirectoryW
GetWindowsDirectoryW
lstrlenW
CreatePipe
GetStdHandle
GetVolumeInformationW
GetDriveTypeW
GetLogicalDrives
GetFileAttributesW
CreateEventW
ResetEvent
SetEvent
SetWaitableTimer
CreateWaitableTimerW
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrcmpiW
OpenProcess
LoadLibraryA
GetPrivateProfileIntW
GetPrivateProfileStructW
EnterCriticalSection
MultiByteToWideChar
lstrlenA
GetProcessHeap
HeapFree
HeapAlloc
SetThreadPriority
TerminateThread
WaitForMultipleObjects
CreateDirectoryW
SetEndOfFile
GlobalFree
SetFileAttributesW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
lstrcatW
GetShortPathNameW
MoveFileExW
GetTempPathW
InterlockedExchange
InterlockedCompareExchange
GetStartupInfoW
SetUnhandledExceptionFilter
GetTickCount
GetCurrentThreadId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
LeaveCriticalSection
DeleteFileW
QueryPerformanceFrequency
QueryPerformanceCounter
GetLastError
CopyFileW
LoadLibraryW
GetModuleHandleW
GetProcAddress
SetLastError
lstrcpynW
GetVersionExW
GetModuleFileNameW
WideCharToMultiByte
GetFileAttributesExW
GetComputerNameW
WriteFile
SetFilePointer
CreateFileW
GetFileSize
GetCurrentProcessId
ReadFile
FreeLibrary
CreateProcessW
WritePrivateProfileStructW
GetCurrentProcess
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
DuplicateHandle

user32

GetDC
DrawFocusRect
FillRect
OffsetRect
CopyRect
ReleaseDC
GetSysColor
TranslateMessage
InvalidateRect
LoadBitmapW
DispatchMessageW
ClientToScreen
GetCursorPos
ShowCursor
GetMessagePos
LoadCursorW
GetKeyState
DestroyWindow
DrawStateW
RegisterWindowMessageW
GetWindowRect
GetParent
EnableWindow
GetMessageW
CreateWindowExW
FindWindowW
GetDesktopWindow
SetCursor
ScreenToClient
PtInRect
GetTopWindow
GetWindow
InsertMenuW
DestroyIcon
GetWindowLongW
AdjustWindowRectEx
LoadIconW
KillTimer
SetTimer
RedrawWindow
GetClientRect
GetSystemMenu
PostMessageW
SetRect
LoadImageW
IsWindow
SendMessageW

gdi32

BitBlt
CreateRectRgnIndirect
CreateCompatibleBitmap
CreatePatternBrush
GetTextExtentPoint32W
GetCurrentObject
GetTextMetricsW
CreateCompatibleDC
GetObjectW
GetStockObject
CreateSolidBrush
CreateFontIndirectW
DeleteObject
CreateRoundRectRgn

advapi32

RegEnumKeyW
RegQueryValueExW
RegSetValueExW
GetUserNameW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW

shell32

Shell_NotifyIconW
ShellExecuteW
SHGetSpecialFolderPathW
ShellExecuteExW

comctl32

ImageList_GetIconSize
_TrackMouseEvent

shlwapi

StrCmpW
PathFileExistsW

ole32

CoUninitialize
CoCreateInstance
CoFreeLibrary
CoLoadLibrary
CoInitialize

oleaut32

VariantClear
SysFreeString

msvcp80

?_Unlock@_Mutex@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?length@?$char_traits@D@std@@SAIPBD@Z
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??$?5DU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@PAD@Z
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
?sync@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Lock@_Mutex@std@@QAEXXZ

wininet

HttpAddRequestHeadersW
InternetQueryOptionW
InternetErrorDlg
HttpSendRequestW
HttpOpenRequestW
InternetReadFileExA
HttpQueryInfoW
InternetConnectW
InternetSetOptionW
InternetSetStatusCallbackW
InternetOpenW
InternetCloseHandle

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

netapi32

Netbios

ws2_32

WSACleanup
htonl
closesocket
sendto
socket
gethostbyname
htons
ntohl
inet_addr
WSAStartup
inet_ntoa
gethostname

Sections

.text
Size: 292KB - Virtual size: 290KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

�d�
Size: 240KB - Virtual size: 240KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4eca302406ced3f40cbdecfe72d4085a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

7b:92:ae:b3:83:26:5c:7c:64:53:bd:92:a0:40:a0:20Certificate

Extended Key Usages

Key Usages

2f:0d:2b:89:6a:fc:46:78:56:cb:a1:e1:bc:50:45:83:b3:de:25:cdSigner

Signature Validations

Verification

04/11/2009, 11:43 Valid: false

Headers

File Characteristics

Imports

mfc80u

msvcr80

kernel32

user32

gdi32

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

msvcp80

wininet

version

netapi32

ws2_32

Sections

.text Size: 292KB - Virtual size: 290KB

.rdata Size: 96KB - Virtual size: 95KB

.data Size: 12KB - Virtual size: 18KB

.rsrc Size: 96KB - Virtual size: 95KB

�d� Size: 240KB - Virtual size: 240KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

7b:92:ae:b3:83:26:5c:7c:64:53:bd:92:a0:40:a0:20
Certificate

2f:0d:2b:89:6a:fc:46:78:56:cb:a1:e1:bc:50:45:83:b3:de:25:cd
Signer

04/11/2009, 11:43
Valid: false

.text
Size: 292KB - Virtual size: 290KB

.rdata
Size: 96KB - Virtual size: 95KB

.data
Size: 12KB - Virtual size: 18KB

.rsrc
Size: 96KB - Virtual size: 95KB

�d�
Size: 240KB - Virtual size: 240KB