a885c743f4d97090a5feeb100cfb115c80d664e961c0c816c6ea4d798331bdef

Sharing

Copy URL Twitter E-mail

General

Target

a885c743f4d97090a5feeb100cfb115c80d664e961c0c816c6ea4d798331bdef
Size

266KB
MD5

288e2c9449290f86bdb6b346d5964472
SHA1

693baacdc0abbd6c57fcd9708a3068089f10c9a3
SHA256

a885c743f4d97090a5feeb100cfb115c80d664e961c0c816c6ea4d798331bdef
SHA512

21e2b59b62d36b27e3d79d77544a9b74a8913512e869f2d17eabc84d4b9b1d37a7306d2b3ed559c342331882b7baccd0b4f30cac75da164edc45c6f8f2a3814b
SSDEEP

3072:El0JOVFdPioyUd3fjSk7n4jzz9QzUCa8TQeNSyLYdSI4lHOhF9kFmKeGCAiTXsBX:UX12K6z+zUt+LUyYAijEX

Score

N/A

Malware Config

Signatures

Files

a885c743f4d97090a5feeb100cfb115c80d664e961c0c816c6ea4d798331bdef
.dll windows x86

c575ed08f5d4f08a5368a47f439c71a4

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

56:f5:1b:61:d9:7d:b2:8c:df:fd:e6:ba:2d:15:90:4a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

13/08/2010, 00:00

Not After

12/08/2013, 23:59

Subject

CN=T.E.C Solutions (G.Z.)Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=T.E.C Solutions (G.Z.)Limited,L=Guangzhou,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

9d:89:2b:ea:d0:6c:a6:7a:19:fe:ca:c9:c2:1a:93:67:ea:c0:e9:c4
Signer

Actual PE Digest

9d:89:2b:ea:d0:6c:a6:7a:19:fe:ca:c9:c2:1a:93:67:ea:c0:e9:c4

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=T.E.C Solutions (G.Z.)Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=T.E.C Solutions (G.Z.)Limited,L=Guangzhou,ST=Guangdong,C=CN

25/10/2012, 10:46
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
OutputDebugStringW
GetFileSize
SetFilePointer
ReadFile
CreateFileW
WriteFile
Sleep
WideCharToMultiByte
GetModuleHandleW
GetFileInformationByHandle
GetModuleHandleA
GetFileAttributesExW
CreateThread
GetCurrentProcess
LoadLibraryW
FindClose
FindNextFileA
FindFirstFileA
FindNextFileW
FindFirstFileW
InterlockedIncrement
lstrlenA
InterlockedDecrement
LocalFree
FormatMessageA
LoadResource
FindResourceExW
GetACP
lstrlenW
FormatMessageW
GetVersionExW
GetWindowsDirectoryA
GetSystemDirectoryA
GetWindowsDirectoryW
FreeConsole
AllocConsole
WriteConsoleW
GetStdHandle
OutputDebugStringA
WaitForSingleObject
CreateSemaphoreW
ReleaseSemaphore
CreateMutexW
ReleaseMutex
CreateEventW
SetEvent
PulseEvent
ResetEvent
CopyFileW
FlushFileBuffers
GetLocaleInfoW
SetStdHandle
SetConsoleCtrlHandler
GetOEMCP
GetStringTypeW
GetStringTypeA
GetVersionExA
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
GetCPInfo
UnhandledExceptionFilter
IsBadCodePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
GetStartupInfoA
GetFileType
SetHandleCount
SetUnhandledExceptionFilter
LCMapStringW
LCMapStringA
FatalAppExitA
GetCurrentThread
GetLastError
CompareStringA
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
HeapSize
HeapAlloc
HeapReAlloc
TerminateProcess
ExitProcess
HeapFree
GetVersion
GetCommandLineA
GetLocalTime
OpenProcess
VirtualQueryEx
VirtualProtectEx
LoadLibraryA
GetProcAddress
GetCurrentProcessId
GlobalLock
GlobalSize
GlobalAlloc
GlobalUnlock
GlobalFree
IsBadReadPtr
IsBadStringPtrW
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
SetEndOfFile
InitializeCriticalSection
CreateFileA
CloseHandle
DeleteCriticalSection
IsBadWritePtr
GetTickCount
GetModuleFileNameW
WaitForMultipleObjects
GetSystemDirectoryW
GetSystemTime
GetTimeZoneInformation
RaiseException
RtlUnwind
CompareStringW
GetSystemInfo
GetFileAttributesW
CreateFileMappingW
GetFileAttributesA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
VirtualQuery
FreeLibrary
FlushInstructionCache
SetEnvironmentVariableA

user32

SetWindowsHookExW
RegisterWindowMessageW
MsgWaitForMultipleObjects
MessageBoxW
OpenWindowStationW
SetProcessWindowStation
CloseWindowStation
OpenDesktopW
GetUserObjectInformationW
OpenInputDesktop
GetThreadDesktop
SetThreadDesktop
CloseDesktop
GetDC
LoadCursorW
SetCursor
GetCursorPos
WindowFromPoint
RegisterClipboardFormatW
GetClassNameW
SetKeyboardState
GetKeyboardState
GetForegroundWindow
GetWindowLongW
GetWindowThreadProcessId
GetSystemMetrics
PostMessageW
EnumClipboardFormats
IsClipboardFormatAvailable
GetClipboardData
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
SetFocus
SetCaretPos
TranslateMessage
DispatchMessageW
GetWindowRect
GetCaretPos
GetFocus
FindWindowExW
GetScrollInfo
WindowFromDC
SetTimer
KillTimer
IsWindow
SendMessageW
ReleaseDC
SetWindowsHookExA

gdi32

GetDIBits
SetDIBits
CreateDIBSection
SetDIBColorTable
BitBlt
SetStretchBltMode
StretchBlt
GdiFlush
GetStockObject
GetPaletteEntries
GetDeviceCaps
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
SetPixel
DeleteObject
DeleteDC
GetObjectW

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
RegCreateKeyW
RegQueryValueExW
RegCloseKey
OpenProcessToken

shell32

SHGetSpecialFolderPathW

oleaut32

SysFreeString

gdiplus

GdipDisposeImage
GdipFree
GdipAlloc
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdiplusStartup
GdiplusShutdown
GdipCloneImage

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Exports

Exports

IMHAInit
IMWndActivated
INJInstallDetours
INJUninstallDetours
InstallDetours
InstallDetoursOne
ModifyPassthruThread
SetCtrlPhotoFlag
SetFlags
SetRecordPhotoFlag
SetStatus
SyncIMWnd
TGetLogConfig
TSetLogConfig
TencentUserNameSet
TencentWindowClose
UninstallDetours
UninstallDetoursOne

Sections

.text
Size: 180KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

TLCONFIG
Size: 4KB - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c575ed08f5d4f08a5368a47f439c71a4

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

56:f5:1b:61:d9:7d:b2:8c:df:fd:e6:ba:2d:15:90:4aCertificate

Extended Key Usages

Key Usages

9d:89:2b:ea:d0:6c:a6:7a:19:fe:ca:c9:c2:1a:93:67:ea:c0:e9:c4Signer

Signature Validations

Verification

25/10/2012, 10:46 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

oleaut32

gdiplus

version

Exports

Exports

Sections

.text Size: 180KB - Virtual size: 176KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 28KB - Virtual size: 56KB

TLCONFIG Size: 4KB - Virtual size: 536B

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 16KB - Virtual size: 12KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

56:f5:1b:61:d9:7d:b2:8c:df:fd:e6:ba:2d:15:90:4a
Certificate

9d:89:2b:ea:d0:6c:a6:7a:19:fe:ca:c9:c2:1a:93:67:ea:c0:e9:c4
Signer

25/10/2012, 10:46
Valid: false

.text
Size: 180KB - Virtual size: 176KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 28KB - Virtual size: 56KB

TLCONFIG
Size: 4KB - Virtual size: 536B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 16KB - Virtual size: 12KB