a028403da95918581482a94f86a3ed1d92f53755a1558e3908cdab74a44b709a

Sharing

Copy URL Twitter E-mail

General

Target

a028403da95918581482a94f86a3ed1d92f53755a1558e3908cdab74a44b709a
Size

757KB
MD5

00d148b6f4a84462e3fb6c7f3349cc8c
SHA1

8860c97bd2726f4446dfd04f6f35e9aa07f034dc
SHA256

a028403da95918581482a94f86a3ed1d92f53755a1558e3908cdab74a44b709a
SHA512

9956bd7e403790708d07db1e474e8d5e37995108f1e490ed7fc3bbf9c6ab182b06af7fe95eccea5be8a88190b5a3647dc0677fe7317f4b6fcbdb82e2db1f0a08
SSDEEP

12288:CFhsnMOlGRxuYHTR9qNpNTEjAfos+4fDPwr83DqpNxyxIWTH2psLColv:CL9LL9qNpNTtAsl4r8zQTyxTTHksLCQv

Score

N/A

Malware Config

Signatures

Files

a028403da95918581482a94f86a3ed1d92f53755a1558e3908cdab74a44b709a
.exe windows x86

ef1129288fa6f7013ae307d4f0e4dea5

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

59:d7:21:95:2a:a2:09:ee:3e:7b:d3:82:4f:7f:b6:e4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

22/04/2010, 00:00

Not After

17/05/2011, 23:59

Subject

CN=Alibaba (China) Co. Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Alibaba (China) Co. Ltd.,L=HangZhou,ST=ZheJiang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

00:3d:4b:50:eb:7c:dc:c9:8c:06:a1:63:79:a1:97:a0:c9:47:9f:c9
Signer

Actual PE Digest

00:3d:4b:50:eb:7c:dc:c9:8c:06:a1:63:79:a1:97:a0:c9:47:9f:c9

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Alibaba (China) Co. Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Alibaba (China) Co. Ltd.,L=HangZhou,ST=ZheJiang,C=CN

20/08/2010, 05:23
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmDisableIME

rpcrt4

UuidCreate

wininet

InternetQueryOptionW

kernel32

WideCharToMultiByte
lstrcmpA
CreateFileW
ReadFile
LocalAlloc
WriteFile
RemoveDirectoryW
SystemTimeToFileTime
LocalFree
SetFileTime
lstrcpynW
SetFilePointer
GetTickCount
GetVersionExW
SetEndOfFile
FileTimeToLocalFileTime
FileTimeToSystemTime
CopyFileW
DeleteFileW
FindFirstFileW
FindClose
FindNextFileW
GetTempPathW
GetFileAttributesW
GetTempFileNameW
SetFileAttributesW
EnterCriticalSection
GetExitCodeProcess
SetUnhandledExceptionFilter
GetCurrentProcessId
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
OpenMutexW
CreateMutexW
ReleaseMutex
GlobalLock
GlobalUnlock
lstrcmpW
GetCurrentProcess
FlushInstructionCache
MulDiv
GlobalAlloc
SetLastError
ResetEvent
SetFilePointerEx
GetFileSize
GetExitCodeThread
ResumeThread
SuspendThread
GetFileSizeEx
FlushFileBuffers
LoadLibraryA
GetVersionExA
GetProcAddress
SleepEx
TerminateThread
CreateEventA
WaitForMultipleObjects
CreateMutexA
MoveFileExW
GetFileType
PeekNamedPipe
GetStdHandle
ExpandEnvironmentStringsA
FormatMessageA
TerminateProcess
GetStartupInfoW
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedCompareExchange
HeapSize
HeapReAlloc
HeapAlloc
HeapDestroy
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
CreateFileA
LocalFileTimeToFileTime
GetFileTime
DosDateTimeToFileTime
CreateProcessW
LeaveCriticalSection
GetCurrentThreadId
Sleep
CreateThread
FreeLibrary
LoadResource
FindResourceW
GetCommandLineW
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
UnhandledExceptionFilter
GetProcessHeap
HeapFree
lstrcmpiW
lstrlenW
SetEvent
WaitForSingleObject
GetModuleFileNameW
OpenEventW
RaiseException
CreateEventW
GetLastError
InterlockedIncrement
InitializeCriticalSection
lstrlenA
InterlockedDecrement
DeleteCriticalSection
MultiByteToWideChar
CloseHandle
GetModuleHandleW
FindResourceExW
SizeofResource
LoadLibraryExW
LockResource
DuplicateHandle

user32

CreateAcceleratorTableW
CreateWindowExW
GetMessageW
RegisterClassExW
LoadCursorW
GetSysColor
GetClassInfoExW
GetClientRect
DestroyWindow
RegisterWindowMessageW
GetWindowRect
ReleaseDC
MoveWindow
GetParent
SetFocus
DefWindowProcW
IsChild
SetCapture
UnregisterClassA
FillRect
GetWindow
PostThreadMessageW
MsgWaitForMultipleObjects
PeekMessageW
GetDC
GetDesktopWindow
GetDlgItem
ClientToScreen
GetFocus
DestroyAcceleratorTable
RedrawWindow
GetWindowTextLengthW
GetClassNameW
GetWindowTextW
SetWindowTextW
CallWindowProcW
PostMessageW
InvalidateRgn
GetForegroundWindow
ReleaseCapture
ShowWindow
EndPaint
BeginPaint
SetWindowLongW
ScreenToClient
LoadStringW
SetWindowPos
SetTimer
GetSystemMetrics
LoadImageW
TranslateMessage
CharUpperW
DispatchMessageW
CharNextW
FindWindowW
MessageBoxW
GetActiveWindow
wsprintfW
KillTimer
GetWindowLongW
CreateDialogParamW
IsWindow
SendMessageW
InvalidateRect
DrawTextW

gdi32

SetROP2
SetBkMode
BitBlt
GetObjectW
SelectObject
CreateCompatibleDC
CreateFontIndirectW
DeleteObject
DeleteDC
CreateCompatibleBitmap
GetStockObject
GetDeviceCaps
CreateSolidBrush

advapi32

RegCloseKey
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegDeleteValueW

shell32

ShellExecuteExW
SHCreateDirectoryExW
ord92

ole32

OleInitialize
OleUninitialize
OleLockRunning
CreateStreamOnHGlobal
CoGetClassObject
CLSIDFromProgID
OleRun
CLSIDFromString
CoRegisterClassObject
CoTaskMemRealloc
CoUninitialize
CoTaskMemAlloc
CoInitialize
CoRevokeClassObject
CoTaskMemFree
StringFromGUID2
CoCreateInstance

oleaut32

VariantTimeToSystemTime
VarUdateFromDate
SystemTimeToVariantTime
VarDateFromStr
SysStringByteLen
VariantClear
SysAllocStringByteLen
VariantInit
DispCallFunc
OleCreateFontIndirect
LoadRegTypeLi
SysAllocStringLen
RegisterTypeLi
VarUI4FromStr
LoadTypeLi
UnRegisterTypeLi
SysFreeString
SysStringLen
SysAllocString

shlwapi

PathCanonicalizeW
PathMatchSpecW
PathFileExistsW

msvcp80

??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?at@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z

msvcr80

__iob_func
_open
_close
_read
_fileno
_stricmp
_strnicmp
_strdup
_controlfp_s
_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_except_handler4_common
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
_CxxThrowException
_wmkdir
iswspace
_wfopen_s
wcspbrk
qsort
fabs
ftell
fprintf
atof
ferror
_vsnprintf_s
srand
rand
_stat64
isalpha
isalnum
strerror
__sys_nerr
_lseeki64
_fstat64
getenv
fflush
_gmtime64
strtol
strcat
sprintf
fputc
isdigit
isspace
fseek
memchr
fputs
_strtoi64
strncmp
strcmp
fopen
fgets
memmove
strrchr
sscanf
strcpy
__CxxFrameHandler3
??3@YAXPAX@Z
_purecall
wcscpy_s
free
??_V@YAXPAX@Z
_beginthreadex
wcscat_s
wcslen
wcsncpy_s
_wfopen
fclose
??2@YAPAXI@Z
wcsrchr
memcmp
wcscmp
memcpy_s
memmove_s
_recalloc
memset
calloc
malloc
wcsstr
_wcsupr_s
_invalid_parameter_noinfo
_wsplitpath
floor
strchr
exit
_vsnwprintf_s
_errno
strlen
swprintf_s
_vscwprintf
??0exception@std@@QAE@ABQBD@Z
vswprintf_s
??1exception@std@@UAE@XZ
_wtoi
wprintf
_wcsicmp
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABV01@@Z
_wcslwr_s
_localtime64_s
?what@exception@std@@UBEPBDXZ
memcpy
_time64
_wcsnicmp
wcsftime
ceil
_wcslwr
_ultow
wcscat
sprintf_s
wcsncpy
wcsspn
wcscspn
wcschr
realloc
tolower
strncpy
atoi
strtoul
fread
strstr
isxdigit
fwrite

crypt32

CryptMsgClose
CertCloseStore
CertFindCertificateInStore
CryptMsgGetParam
CryptQueryObject
CertGetNameStringW
CertFreeCertificateContext
CryptDecodeObject

wintrust

WinVerifyTrust

ws2_32

gethostbyname
WSASetLastError
select
__WSAFDIsSet
sendto
recvfrom
listen
accept
getsockopt
htons
ntohs
getsockname
setsockopt
bind
socket
recv
send
WSAGetLastError
closesocket
WSACleanup
WSAStartup
ioctlsocket
connect

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_init
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_maprintf
curl_mfprintf
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape

Sections

.text
Size: 376KB - Virtual size: 372KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 248KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ef1129288fa6f7013ae307d4f0e4dea5

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

59:d7:21:95:2a:a2:09:ee:3e:7b:d3:82:4f:7f:b6:e4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

00:3d:4b:50:eb:7c:dc:c9:8c:06:a1:63:79:a1:97:a0:c9:47:9f:c9Signer

Signature Validations

Verification

20/08/2010, 05:23 Valid: false

Headers

File Characteristics

Imports

imm32

rpcrt4

wininet

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

msvcp80

msvcr80

crypt32

wintrust

ws2_32

Exports

Exports

Sections

.text Size: 376KB - Virtual size: 372KB

.rdata Size: 116KB - Virtual size: 113KB

.data Size: 8KB - Virtual size: 8KB

.rsrc Size: 248KB - Virtual size: 244KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

59:d7:21:95:2a:a2:09:ee:3e:7b:d3:82:4f:7f:b6:e4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

00:3d:4b:50:eb:7c:dc:c9:8c:06:a1:63:79:a1:97:a0:c9:47:9f:c9
Signer

20/08/2010, 05:23
Valid: false

.text
Size: 376KB - Virtual size: 372KB

.rdata
Size: 116KB - Virtual size: 113KB

.data
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 248KB - Virtual size: 244KB