2475b889b3b006b6fa76e18984458dd2d4e22900f546deb9fbde7c818d73c3b6

Sharing

Copy URL Twitter E-mail

General

Target

2475b889b3b006b6fa76e18984458dd2d4e22900f546deb9fbde7c818d73c3b6
Size

257KB
MD5

fed271c0eb3987d33e9a45a5b91d43b8
SHA1

4fe86c958a2c018fe78147837da853ee02004eed
SHA256

2475b889b3b006b6fa76e18984458dd2d4e22900f546deb9fbde7c818d73c3b6
SHA512

5909837b9af89fc5d614895936b7942805698d31ffaf841b4c325ca8d700d326d81172e9dfb9c4ab1699a9631fa8f39ae38d121dfe8f2d3e6f3a15ade921dddf
SSDEEP

6144:S4mkhn9KfKQLxUH8Ln+lUA1vswSdjStWMw:S0GdL+lUshsjStWMw

Score

N/A

Malware Config

Signatures

Files

2475b889b3b006b6fa76e18984458dd2d4e22900f546deb9fbde7c818d73c3b6
.exe windows x86

c1de773efb8448304523dc397249f2d5

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:07:67:b2:bb:8c:aa:66:75:bc:db:9e:fd:c5:db:de
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

16/06/2011, 00:00

Not After

15/06/2014, 23:59

Subject

CN=Yozosoft Co.\, Ltd.,OU=WoSign Class 3 Code Signing,O=Yozosoft Co.\, Ltd.,L=WuXi,ST=JiangSu,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

45:d9:3a:1b:f7:4f:60:72:d7:f0:0c:06:e9:a5:ae:ac:d2:96:3e:1a
Signer

Actual PE Digest

45:d9:3a:1b:f7:4f:60:72:d7:f0:0c:06:e9:a5:ae:ac:d2:96:3e:1a

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Yozosoft Co.\, Ltd.,OU=WoSign Class 3 Code Signing,O=Yozosoft Co.\, Ltd.,L=WuXi,ST=JiangSu,C=CN

17/06/2011, 01:35
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetModuleFileNameExA
EnumProcessModules

kernel32

WritePrivateProfileStringA
GetCurrentDirectoryA
RtlUnwind
HeapFree
HeapAlloc
RaiseException
GetStartupInfoA
GetCommandLineA
ExitProcess
HeapSize
HeapReAlloc
GetTimeZoneInformation
GetACP
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStringTypeA
GetStringTypeW
GetDriveTypeA
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetErrorMode
SystemTimeToFileTime
LocalFileTimeToFileTime
GetFileSize
FileTimeToLocalFileTime
FileTimeToSystemTime
GetOEMCP
GetCPInfo
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
GetProcessVersion
GlobalFlags
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetDiskFreeSpaceA
GetFileTime
SetFileTime
GetTempFileNameA
GetFileAttributesA
GlobalAlloc
lstrcmpA
GetCurrentThread
GetModuleFileNameA
GetShortPathNameA
GetThreadLocale
GetStringTypeExA
GetFullPathNameA
GetVolumeInformationA
DeleteFileA
MoveFileA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
DuplicateHandle
FindNextFileA
FindFirstFileA
FindClose
LocalFree
LoadLibraryA
FreeLibrary
GetCurrentThreadId
lstrcmpiA
GlobalFindAtomA
GlobalDeleteAtom
GlobalFree
LockResource
FindResourceA
LoadResource
lstrcatA
lstrcpyA
GlobalGetAtomNameA
GlobalAddAtomA
lstrcpynA
GlobalLock
GlobalUnlock
GetModuleHandleA
GetProcAddress
SetLastError
MultiByteToWideChar
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
MulDiv
lstrlenA
CreateMutexA
GetLastError
OpenProcess
TerminateProcess
CreateToolhelp32Snapshot
Process32First
Process32Next
CloseHandle
Sleep
GetVersion
GetVersionExA
VirtualAlloc

user32

EndDeferWindowPos
BeginDeferWindowPos
GetClientRect
DeferWindowPos
AdjustWindowRectEx
DispatchMessageA
MapWindowPoints
SendDlgItemMessageA
SetDlgItemTextA
IsDialogMessageA
SetWindowTextA
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
ValidateRect
TranslateMessage
GetMessageA
CharUpperA
PostQuitMessage
ShowOwnedPopups
LoadStringA
GetClassNameA
PtInRect
LoadCursorA
GetSysColorBrush
DestroyIcon
GetTopWindow
MessageBoxA
IsChild
RegisterClassA
TrackPopupMenu
GetWindowTextLengthA
GetWindowTextA
DefWindowProcA
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetNextDlgTabItem
EndDialog
GetSystemMetrics
CreateDialogIndirectParamA
DestroyWindow
GetLastActivePopup
BringWindowToTop
IsIconic
GetFocus
EqualRect
GetDlgItem
SetWindowLongA
wsprintfA
GetKeyState
SetWindowPos
GetDlgCtrlID
GetMenuItemCount
GetSubMenu
GetMenuItemID
UnpackDDElParam
ReuseDDElParam
SetActiveWindow
WinHelpA
SetMenu
GetMenu
GetClassInfoA
SetFocus
GetParent
GetActiveWindow
ShowWindow
IsWindow
GetDesktopWindow
IsWindowEnabled
SetCursor
PeekMessageA
GetCapture
ReleaseCapture
TranslateAcceleratorA
LoadAcceleratorsA
SetRectEmpty
UnhookWindowsHookEx
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
ClientToScreen
ScreenToClient
DestroyMenu
DrawStateA
SetRect
FillRect
GetWindowLongA
InvalidateRect
UpdateWindow
EnableWindow
SendMessageA
GetWindow
GetForegroundWindow
GetCursorPos
GetWindowThreadProcessId
IsWindowVisible
CreatePopupMenu
AppendMenuA
PostMessageA
KillTimer
SetForegroundWindow
FindWindowA
EnumWindows
SetTimer
RegisterWindowMessageA
GetDC
ReleaseDC
CopyRect
LoadIconA
OffsetRect
DrawIconEx
GetSysColor
LoadMenuA
UnregisterClassA

gdi32

MoveToEx
LineTo
ScaleWindowExtEx
CreatePen
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
CreateBitmap
DPtoLP
GetObjectA
GetClipBox
DeleteDC
GetDeviceCaps
GetTextExtentPoint32A
RoundRect
CreateSolidBrush
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetBkMode
SetBkColor
GetStockObject
RestoreDC
DeleteObject
CreateFontIndirectA
Rectangle
SelectObject
GetTextMetricsA
SaveDC

comdlg32

GetSaveFileNameA
GetFileTitleA
GetOpenFileNameA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegCreateKeyA
GetFileSecurityA
SetFileSecurityA
RegQueryValueA
RegOpenKeyA
RegCreateKeyExA
OpenProcessToken
GetTokenInformation
LookupAccountSidA
GetUserNameA
RegDeleteValueA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueA

shell32

ExtractIconA
Shell_NotifyIconA
ShellExecuteExA
DragQueryFileA
SHGetFileInfoA
DragFinish

comctl32

_TrackMouseEvent
ord17

Sections

.text
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c1de773efb8448304523dc397249f2d5

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04Certificate

Extended Key Usages

Key Usages

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0dCertificate

Extended Key Usages

Key Usages

c1:07:67:b2:bb:8c:aa:66:75:bc:db:9e:fd:c5:db:deCertificate

Extended Key Usages

Key Usages

45:d9:3a:1b:f7:4f:60:72:d7:f0:0c:06:e9:a5:ae:ac:d2:96:3e:1aSigner

Signature Validations

Verification

17/06/2011, 01:35 Valid: false

Headers

File Characteristics

Imports

psapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

Sections

.text Size: 136KB - Virtual size: 135KB

.rdata Size: 36KB - Virtual size: 33KB

.data Size: 8KB - Virtual size: 22KB

.rsrc Size: 68KB - Virtual size: 67KB

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

c1:07:67:b2:bb:8c:aa:66:75:bc:db:9e:fd:c5:db:de
Certificate

45:d9:3a:1b:f7:4f:60:72:d7:f0:0c:06:e9:a5:ae:ac:d2:96:3e:1a
Signer

17/06/2011, 01:35
Valid: false

.text
Size: 136KB - Virtual size: 135KB

.rdata
Size: 36KB - Virtual size: 33KB

.data
Size: 8KB - Virtual size: 22KB

.rsrc
Size: 68KB - Virtual size: 67KB