dc51f41c51f3ba6226191d994156040392a1dac3b1f9ac9a006205872916863d

Sharing

Copy URL Twitter E-mail

General

Target

dc51f41c51f3ba6226191d994156040392a1dac3b1f9ac9a006205872916863d
Size

198KB
MD5

5c9d109ae7172f3a831e65a6b67e43ac
SHA1

c32cd53ecfd37309241a45701e47c47b1a81996f
SHA256

dc51f41c51f3ba6226191d994156040392a1dac3b1f9ac9a006205872916863d
SHA512

89447b92435dc9ea85bcc616fc5516b681ce65a62ed19fc175b625bc1ec4cd3cbb23435180e9ab75643012f8a692c9cae307d4ee1d5e316f11490309bf2e3be3
SSDEEP

6144:rAQzteVJOwckk6ikmOOfLMWdTBV+UdvrEFp7hKdk:rZt3kk5kmMoBjvrEH7Ik

Score

N/A

Malware Config

Signatures

Files

dc51f41c51f3ba6226191d994156040392a1dac3b1f9ac9a006205872916863d
.dll windows x86

a58659d7651bb0ed69ed13bf151b2cb7

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

21:ab:7d:91:33:ad:7d:52:57:83:6d:c5:ab:b8:b7:fa
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

19/07/2017, 00:00

Not After

17/09/2019, 23:59

Subject

CN=暴风集团股份有限公司,OU=IT,O=暴风集团股份有限公司,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:ca:1a:70:ed:83:c7:f6:70:15:db:46:c2:ab:3a:b9:1b:be:77:c8
Signer

Actual PE Digest

0f:ca:1a:70:ed:83:c7:f6:70:15:db:46:c2:ab:3a:b9:1b:be:77:c8

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=暴风集团股份有限公司,OU=IT,O=暴风集团股份有限公司,L=Beijing,ST=Beijing,C=CN

05/06/2018, 02:54
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

sensapi

IsNetworkAlive

kernel32

SetErrorMode
LoadLibraryExW
FindResourceExW
GetPrivateProfileStringW
WritePrivateProfileStringW
WritePrivateProfileSectionW
GetUserDefaultLangID
HeapAlloc
GetProcessHeap
HeapFree
CreateFileA
CreateDirectoryA
CreateDirectoryW
CopyFileW
MoveFileW
MoveFileExW
lstrlenW
lstrcmpW
SetFileAttributesW
DeleteFileW
FindNextFileW
GetFileAttributesW
RemoveDirectoryW
FileTimeToLocalFileTime
WideCharToMultiByte
GetFileSize
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSectionAndSpinCount
RaiseException
DisableThreadLibraryCalls
LocalFileTimeToFileTime
lstrcpynW
GetCurrentThreadId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
Sleep
DecodePointer
EncodePointer
HeapSize
HeapReAlloc
HeapDestroy
FindClose
FindFirstFileW
GetCurrentProcess
SetProcessWorkingSetSize
WriteFile
LockResource
LoadResource
SizeofResource
FindResourceW
lstrlenA
MultiByteToWideChar
CreateProcessW
SetFilePointer
ReadFile
CreateFileW
GetSystemInfo
GetModuleHandleW
VerifyVersionInfoW
VerSetConditionMask
GetVersionExW
LoadLibraryW
FreeLibrary
GetModuleFileNameW
GetProcAddress
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CloseHandle
WaitForSingleObject
GetLocalTime
FileTimeToSystemTime
SystemTimeToFileTime
LocalFree
LocalAlloc
LoadLibraryA
InterlockedExchange
GetLastError
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
lstrcmpiW

user32

EnumDisplayDevicesW
CharNextW
ExitWindowsEx
SetForegroundWindow
wsprintfW

advapi32

RegCreateKeyExW
LookupAccountNameW
GetExplicitEntriesFromAclW
DeleteAce
GetNamedSecurityInfoW
BuildExplicitAccessWithNameW
SetEntriesInAclW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW
SetNamedSecurityInfoW
SetTokenInformation
GetTokenInformation
SetFileSecurityW
SetSecurityDescriptorControl
GetSecurityDescriptorControl
SetSecurityDescriptorDacl
AddAccessAllowedAceEx
AddAce
EqualSid
GetAce
InitializeAcl
GetLengthSid
GetAclInformation
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetFileSecurityW
RegCloseKey
RegOpenKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
GetUserNameW

shell32

SHGetFolderPathW

ole32

CoInitialize
CoInitializeEx
CoUninitialize
CoLoadLibrary
CoFreeUnusedLibraries
OleInitialize
OleUninitialize
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance

oleaut32

VarUI4FromStr
SysFreeString
VariantClear
SysAllocStringLen
SysAllocString

shlwapi

SHGetValueW
PathAppendW
SHSetValueW
SHDeleteValueW
PathFileExistsW
PathIsDirectoryW
SHDeleteKeyW
StrStrW
StrStrIW

msvcr100

memcpy
__CxxFrameHandler3
_CxxThrowException
__clean_type_info_names_internal
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
memset
??3@YAXPAX@Z
_snwprintf
swscanf_s
memcpy_s
_vscwprintf
vswprintf_s
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
memmove
_beginthreadex
??2@YAPAXI@Z
??0exception@std@@QAE@ABV01@@Z
?what@exception@std@@UBEPBDXZ
_purecall
_vswprintf_c_l
memmove_s
wcscpy_s
wcsrchr
_wcsicmp
wcsnlen
??_U@YAPAXI@Z
??_V@YAXPAX@Z
_wtoi
malloc
_resetstkoflw
free
_snwprintf_s
wcschr
wmemcpy_s
_wtol
_vswprintf
wcsncpy_s
wcsstr
_recalloc
strchr
sprintf
swprintf_s

msvcp100

?_Xlength_error@std@@YAXPBD@Z

crypt32

CryptMsgClose
CertCloseStore
CertFreeCertificateContext
CryptMsgGetParam
CryptQueryObject
CertFindCertificateInStore
CertGetNameStringW

Exports

Exports

ConfigDeleteValue
ConfigGetBOOL
ConfigGetBinary
ConfigGetDWORD
ConfigGetRegSubkey
ConfigGetString
ConfigGetStringEx
ConfigSetBOOL
ConfigSetBinary
ConfigSetDWORD
ConfigSetString
CrtAddInternetConnectionChangedEvent
CrtCloseDownloadFile
CrtCopyFile
CrtCreateDirectoryA
CrtCreateDirectoryW
CrtCreateFileA
CrtCreateFileW
CrtCreateInstance
CrtCreateObject
CrtCreateThread
CrtDllGetVersion
CrtDllGetVersionString
CrtDownloadFile
CrtExecuteApp
CrtExecuteAppAndCheckSign
CrtExecuteAppWithUAC
CrtExecuteAppWithUACAndCheckSign
CrtFreeLibrary
CrtGetCRC32
CrtGetFileMD5String
CrtGetFileSize
CrtGetGlobalConfig
CrtGetGlobalConfigDWORD
CrtGetGlobalServiceControl
CrtGetInstallDate
CrtGetInstallDaysCount
CrtGetProfileString
CrtGetResource
CrtGetResourceSize
CrtGetStringMD5A
CrtGetStringMD5W
CrtGetVideoMD5String
CrtGetWindowsVersion
CrtIERunUrl
CrtInitialize
CrtIsTodaySendLog
CrtLogDecrypt
CrtLogEncrypt
CrtLogPostDailyBOOL
CrtLogPostDailyCount
CrtLogPostUniqueCount
CrtLogPostXMLValue
CrtLogSendDate
CrtMoveFile
CrtMoveFileEx
CrtNavigateHttpUrl
CrtNavigateHttpUrl_Direct
CrtOutputLogStringA
CrtOutputLogStringW
CrtRegDeleteKeyValue
CrtRegDll
CrtRegGetBOOL
CrtRegGetDWORD
CrtRegGetString
CrtRegIsKeyExist
CrtRegSetBOOL
CrtRegSetDWORD
CrtRegSetString
CrtRemoveInternetConnectionChangedEvent
CrtReportActiveLive
CrtReportActiveLiveEx
CrtSetGlobalConfig
CrtSetGlobalConfigDWORD
CrtSetInstallDate
CrtTraceA
CrtTraceW
CrtUninitialize
CrtUrlEncodeA
CrtUrlEncodeW
CrtVersion
CrtWritePrivateProfileSection
CrtWriteProfileString
DllCanUnloadNow
EnableCrtOutputLog
EnableVirtualized
ExtractResourceToFile
ExtractResourceToXMLString
FileAddAccessRights
GetADChanelId
GetConfigFilePath
GetCurrentFilePath
GetDBFilePath
GetDBVersion
GetDBVersionString
GetDebugPrivilege
GetDllPathForClsid
GetFileInfomationString
GetFileTimeString
GetFileVersionString
GetFileVersionStringEx
GetMachineId
GetMediaTypeString
GetPartnerId
GetProductConfigFilePath
GetProductId
GetProductSubVersion
GetProductSubVersionString
GetProductVersion
GetProductVersionString
GetUserId
Is64bitDLL
IsConnectProjector
IsFileWritable
IsHasInternetConnection
IsHasInternetConnectionEx
IsHasUAC
IsProcessVirtualized
IsReportedActiveLive
IsSystemUACEnable
IsVMVare
IsWindow2000
IsWindow64
IsWindow7
IsWindow7Latter
IsWindow8
IsWindow8Latter
IsWindow8_1
IsWindowServer
IsWindowVista
IsWindowVistaLatter
IsWindowXP
IsWindows10
IsWindows10Later
MinimizeMemory
PathCreateDirectory
PathCreateDirectoryFromFile
RecurseRemoveDirectory
ShutdownWindow
TimeStringToFileTime
UACAllowWindowMeesage
UACExecuteApp
UACExecuteAppAndCheckSign
UnZipFileToDirectory

Sections

.text
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a58659d7651bb0ed69ed13bf151b2cb7

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

21:ab:7d:91:33:ad:7d:52:57:83:6d:c5:ab:b8:b7:faCertificate

Extended Key Usages

Key Usages

0f:ca:1a:70:ed:83:c7:f6:70:15:db:46:c2:ab:3a:b9:1b:be:77:c8Signer

Signature Validations

Verification

05/06/2018, 02:54 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

version

sensapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

msvcr100

msvcp100

crypt32

Exports

Exports

Sections

.text Size: 75KB - Virtual size: 74KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 1KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 9KB - Virtual size: 9KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

21:ab:7d:91:33:ad:7d:52:57:83:6d:c5:ab:b8:b7:fa
Certificate

0f:ca:1a:70:ed:83:c7:f6:70:15:db:46:c2:ab:3a:b9:1b:be:77:c8
Signer

05/06/2018, 02:54
Valid: false

.text
Size: 75KB - Virtual size: 74KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 1KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 9KB - Virtual size: 9KB