10de576d81e669abbd75791ebe91d7271ca25a8e733e663c53a8e2afb2096ac2

Sharing

Copy URL Twitter E-mail

General

Target

10de576d81e669abbd75791ebe91d7271ca25a8e733e663c53a8e2afb2096ac2
Size

1.1MB
MD5

f68afb6efe44532336a1ddcca2a11ace
SHA1

fecb187eac600ae5cef97737fc3cb2be407af426
SHA256

10de576d81e669abbd75791ebe91d7271ca25a8e733e663c53a8e2afb2096ac2
SHA512

7ef6c7ce4dcc4ca46defc8bfcd31c4ce1b9e1d72d936ab005955d13e8754690f47cb375d7f6934afa0cdad3aa6b358da9f26a9b4a53f1994d16451b30ef75823
SSDEEP

24576:cCHqa0+hsyfuzIaLBz/SztLxHXw+f5xUjNmT1wpsNEkSZo:3qeOyS0ztLxHtcmTipsNbSy

Score

N/A

Malware Config

Signatures

Files

10de576d81e669abbd75791ebe91d7271ca25a8e733e663c53a8e2afb2096ac2
.dll windows x86

81cc7f3083726234493ef3fc79bed105

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

50:da:15:04:90:9f:72:73:48:6d:47:ac:0a:b7:46:75
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/11/2013, 00:00

Not After

02/01/2017, 23:59

Subject

CN=BEIJING KUWO TECHNOLOGY CO.\,LTD.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=KUWO MUSIC,O=BEIJING KUWO TECHNOLOGY CO.\,LTD.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:07:fe:08:c1:99:af:5a:f1:a1:fe:a3:64:57:cf:ea:80:a1:71:d7
Signer

Actual PE Digest

76:07:fe:08:c1:99:af:5a:f1:a1:fe:a3:64:57:cf:ea:80:a1:71:d7

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=BEIJING KUWO TECHNOLOGY CO.\,LTD.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=KUWO MUSIC,O=BEIJING KUWO TECHNOLOGY CO.\,LTD.,L=Beijing,ST=Beijing,C=CN

21/04/2016, 06:12
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

kernel32

MapViewOfFile
UnmapViewOfFile
GetTickCount
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetLogicalDriveStringsA
GetDriveTypeA
GetLogicalDrives
DeviceIoControl
GetModuleFileNameA
FindFirstFileA
FindClose
SetFileAttributesA
RemoveDirectoryA
FindNextFileA
GetTempFileNameA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateEventA
WaitForSingleObject
SetEvent
ResetEvent
InitializeCriticalSectionAndSpinCount
RaiseException
GetCurrentThreadId
OutputDebugStringA
DecodePointer
Sleep
WritePrivateProfileStringA
GetPrivateProfileStringA
OutputDebugStringW
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
lstrlenA
lstrcpyA
lstrcatA
LocalAlloc
lstrcmpiA
LocalFree
lstrcpynA
GetCommandLineA
CreateToolhelp32Snapshot
Process32First
Process32Next
CreateMutexA
DeleteFileW
GetTempFileNameW
GetTempPathW
SetLastError
TerminateProcess
GetExitCodeProcess
CreateProcessA
FreeLibrary
GetModuleFileNameW
GetProcAddress
LoadLibraryA
CopyFileW
FormatMessageW
LoadLibraryW
FormatMessageA
GetSystemTimeAsFileTime
UnlockFileEx
WaitForSingleObjectEx
LockFile
FlushViewOfFile
UnlockFile
QueryPerformanceCounter
SetEndOfFile
HeapCompact
CreateMutexW
GetFullPathNameA
GetFullPathNameW
CreateFileMappingA
GetSystemTime
GetCurrentProcessId
GetFileAttributesExW
GetSystemInfo
GetDiskFreeSpaceA
CreateFileMappingW
GetDiskFreeSpaceW
LockFileEx
FlushFileBuffers
CreateFileW
GetFileAttributesW
HeapValidate
HeapCreate
TryEnterCriticalSection
TerminateThread
SetUnhandledExceptionFilter
ExitProcess
GetVersionExA
GetModuleHandleA
GetCurrentProcess
FileTimeToLocalFileTime
IsDebuggerPresent
CreateThread
CreateDirectoryW
GetNativeSystemInfo
SetFilePointerEx
SetEnvironmentVariableA
TlsGetValue
TlsSetValue
TlsFree
FlushInstructionCache
SetThreadPriority
ResumeThread
SetStdHandle
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetTimeZoneInformation
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetFileType
GetOEMCP
GetACP
IsValidCodePage
GetStdHandle
GetModuleHandleExW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetModuleHandleW
GetStartupInfoW
UnhandledExceptionFilter
LoadLibraryExW
ExitThread
RtlUnwind
GetFileSize
FileTimeToSystemTime
SetFileTime
WriteFile
CreateDirectoryA
LocalFileTimeToFileTime
GetCurrentDirectoryA
SystemTimeToFileTime
ReadFile
CloseHandle
SetFilePointer
CreateFileA
GetTempPathA
GetFileAttributesA
DeleteFileA
CopyFileA
GetLastError
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
WriteConsoleW
EncodePointer
GetStringTypeW
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
AreFileApisANSI
TlsAlloc

user32

FindWindowExA
GetWindow
SystemParametersInfoA
IsRectEmpty
InflateRect
WindowFromPoint
PostThreadMessageA
GetMessageA
FindWindowA
UnregisterClassA
DispatchMessageA
PeekMessageA
TranslateMessage
SetWindowLongA
GetWindowLongA
CreateWindowExA
wsprintfA
SendMessageA
PostMessageA
SetTimer
KillTimer
CallWindowProcA
PostQuitMessage
SendMessageTimeoutA
RegisterClassExA
LoadCursorA
GetClassInfoExA
DefWindowProcA
IsWindow
DestroyWindow

advapi32

RegOpenKeyExA
RegQueryValueExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
GetUserNameA
RegCloseKey
RegEnumKeyExA
RegQueryInfoKeyA

shell32

SHFileOperationW
SHGetSpecialFolderPathW
SHGetSpecialFolderPathA

ole32

CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize

shlwapi

PathFileExistsW
PathFindFileNameA
StrStrIA
PathFileExistsA
PathAddBackslashA
PathIsURLA

wininet

InternetOpenA
InternetCloseHandle
InternetConnectA
InternetReadFile
HttpOpenRequestA
InternetCrackUrlA
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
FindCloseUrlCache
HttpSendRequestA

iphlpapi

GetAdaptersInfo

urlmon

URLOpenStreamA
URLDownloadToFileA

winmm

timeEndPeriod
timeGetTime
timeBeginPeriod

Exports

Exports

runDll

Sections

.text
Size: 845KB - Virtual size: 844KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

81cc7f3083726234493ef3fc79bed105

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

50:da:15:04:90:9f:72:73:48:6d:47:ac:0a:b7:46:75Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

76:07:fe:08:c1:99:af:5a:f1:a1:fe:a3:64:57:cf:ea:80:a1:71:d7Signer

Signature Validations

Verification

21/04/2016, 06:12 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

version

kernel32

user32

advapi32

shell32

ole32

shlwapi

wininet

iphlpapi

urlmon

winmm

Exports

Exports

Sections

.text Size: 845KB - Virtual size: 844KB

.rdata Size: 145KB - Virtual size: 145KB

.data Size: 17KB - Virtual size: 28KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 33KB - Virtual size: 33KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

50:da:15:04:90:9f:72:73:48:6d:47:ac:0a:b7:46:75
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

76:07:fe:08:c1:99:af:5a:f1:a1:fe:a3:64:57:cf:ea:80:a1:71:d7
Signer

21/04/2016, 06:12
Valid: false

.text
Size: 845KB - Virtual size: 844KB

.rdata
Size: 145KB - Virtual size: 145KB

.data
Size: 17KB - Virtual size: 28KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 33KB - Virtual size: 33KB