General

Malware Config

Signatures

Files

• a9b6da98731e3e9ffd32cfbf6dc1a13d82e88bcaa747595dab154a74de39289c

  .exe windows x86

  3491b26aed5084eedb3d5885bbfbeb08

  
  

  Code Sign

  26:b6:e9:91:a8:cb:a9:84:47:fb:8e:39:3d:c0:4b:fe

  Certificate

  Issuer

  CN=junguoguo.com,O=junguoguo.com,1.2.840.113549.1.9.1=#0c15737570706f7274406a756e67756f67756f2e636f6d

  Not Before

  11-12-2011 16:00

  Not After

  31-12-2017 16:00

  Subject

  CN=junguoguo.com,O=junguoguo.com,1.2.840.113549.1.9.1=#0c15737570706f7274406a756e67756f67756f2e636f6d

  79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed

  Certificate

  Issuer

  CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

  Not Before

  01-05-2012 00:00

  Not After

  31-12-2012 23:59

  Subject

  CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4

  Certificate

  Issuer

  CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

  Not Before

  04-12-2003 00:00

  Not After

  03-12-2013 23:59

  Subject

  CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  Signer

  Actual PE Digest

  Digest Algorithm

  PE Digest Matches

  false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  wsock32

  send

  version

  GetFileVersionInfoSizeW

  winmm

  timeGetTime

  comctl32

  ImageList_SetDragCursorImage

  mpr

  WNetGetConnectionW

  wininet

  InternetConnectW

  psapi

  GetModuleBaseNameW

  userenv

  DestroyEnvironmentBlock

  kernel32

  HeapAlloc

  GetModuleFileNameW

  GetModuleHandleA

  LoadLibraryA

  LocalAlloc

  LocalFree

  GetModuleFileNameA

  ExitProcess

  user32

  IsDlgButtonChecked

  gdi32

  SetPixel

  comdlg32

  GetSaveFileNameW

  advapi32

  CreateProcessAsUserW

  shell32

  ShellExecuteW

  ole32

  CreateStreamOnHGlobal

  oleaut32

  SysStringLen

  Sections

  .text

  Size: - Virtual size: 535KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: - Virtual size: 103KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: - Virtual size: 106KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .vmp0

  Size: - Virtual size: 874KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .vmp1

  Size: 1.2MB - Virtual size: 1.2MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 276KB - Virtual size: 276KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ