2cbb39bb9833005f5ec1e5c795292d38504d698d75929a04c90aaf3d20751c18

Sharing

Copy URL

Twitter E-mail

General

Target

2cbb39bb9833005f5ec1e5c795292d38504d698d75929a04c90aaf3d20751c18
Size

1.2MB
MD5

1fb8439c58d365fbbe47261093672c68
SHA1

6c4a2a729ec8cf2b1a4b3746bbc7ad0f7d97088b
SHA256

2cbb39bb9833005f5ec1e5c795292d38504d698d75929a04c90aaf3d20751c18
SHA512

4971072411aa6dff165e70cc2ef63bcb5882382a07e319ad9e828e1ccfc0d651b0d0ca621ec65aa633093bbcc813b029eca0ffc81d35701c959aeae3ea365305
SSDEEP

24576:nqtdsesf3DzdDsFUKJu9+EVmXDwyum1wziT0e76wuYJV6:nqtdseCnsUKk9lVgDw7GT

Score

1^/10

Malware Config

Signatures

Files

2cbb39bb9833005f5ec1e5c795292d38504d698d75929a04c90aaf3d20751c18
.exe windows x86

aab1555d0fcc4c5447ce57a09ecc5b68

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

22:92:48:99:cd:fc:a0:ab:28:cf:2f:91:c8:f2:24:8b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

16/06/2015, 00:00

Not After

25/07/2018, 23:59

Subject

CN=ShenZhen Thunder Networking Technologies Ltd.,OU=Operate,O=ShenZhen Thunder Networking Technologies Ltd.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d6:cd:d5:8b:aa:9e:19:28:5a:99:46:8d:0b:7e:64:b9:6e:55:62:ee
Signer

Actual PE Digest

d6:cd:d5:8b:aa:9e:19:28:5a:99:46:8d:0b:7e:64:b9:6e:55:62:ee

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=ShenZhen Thunder Networking Technologies Ltd.,OU=Operate,O=ShenZhen Thunder Networking Technologies Ltd.,L=Shenzhen,ST=Guangdong,C=CN

03/11/2015, 10:34
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rasapi32

RasEnumConnectionsW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

wininet

HttpQueryInfoW
InternetAttemptConnect
InternetOpenW
InternetOpenUrlW
InternetReadFile
InternetCloseHandle

minizip

mini_unzip_dll

kernel32

GetPriorityClass
GetCurrentProcess
OutputDebugStringA
OutputDebugStringW
VirtualProtect
GetModuleHandleW
InterlockedExchange
GetCurrentThread
CreateThread
CopyFileW
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExW
SetLastError
GetModuleFileNameW
WritePrivateProfileStringW
LocalFree
DeleteFileW
FreeLibrary
SetErrorMode
SetCurrentDirectoryW
SetEvent
ResetEvent
WideCharToMultiByte
TerminateProcess
OpenEventW
CreateMutexW
GetPrivateProfileIntW
lstrlenW
UnmapViewOfFile
ReleaseMutex
GetCurrentProcessId
WaitForMultipleObjects
GetTickCount
OpenMutexW
MapViewOfFile
CreateFileMappingW
CreateEventW
IsBadCodePtr
CreateDirectoryW
GetFileAttributesW
lstrcatW
SetPriorityClass
SuspendThread
ResumeThread
GetCurrentThreadId
WriteFile
CreateFileW
Sleep
FindClose
FindNextFileW
FindFirstFileW
RemoveDirectoryW
SetFileAttributesW
MultiByteToWideChar
GetExitCodeProcess
CreateProcessW
FileTimeToSystemTime
GetCommandLineW
lstrlenA
GetSystemDirectoryW
GetPrivateProfileStringW
SystemTimeToFileTime
GetLocalTime
GetPrivateProfileStructW
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
GetLastError
CloseHandle
LoadLibraryW
GetProcAddress
DeleteCriticalSection
InitializeCriticalSection
RaiseException
HeapSize
GetProcessHeap
GetTempPathW
WaitForSingleObject
ExitProcess
GetModuleHandleA
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
LoadLibraryA
DebugBreak
GetModuleFileNameA
VirtualAlloc
InterlockedCompareExchange
FlushInstructionCache
GetThreadContext
SetThreadContext
VirtualQuery

user32

GetMessageW
wsprintfW
LoadIconW
LoadCursorW
RegisterClassExW
CreateWindowExW
ShowWindow
UpdateWindow
PostQuitMessage
DefWindowProcW
DestroyWindow
TranslateMessage
DispatchMessageW
PostMessageW

gdi32

GetStockObject

advapi32

RegQueryValueExW
RegOpenKeyExW
GetNamedSecurityInfoW
GetAclInformation
GetAce
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
EqualSid
SetNamedSecurityInfoW
InitializeAcl
AddAce
GetLengthSid
CopySid
IsValidSid
AddAccessAllowedAce
LookupAccountNameW
InitializeSecurityDescriptor
SetSecurityInfo
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
SetSecurityDescriptorDacl

shell32

SHGetFolderPathW
ord680
ShellExecuteExW
ShellExecuteW

ole32

CoTaskMemFree

shlwapi

PathIsSameRootW
PathCombineW
PathFindExtensionW
PathFindFileNameW
PathRemoveFileSpecW
PathFileExistsW

msvcp71

?length@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
??_D?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?str@?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@G@Z
??0?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
?find_last_not_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?find_first_not_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?empty@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE_NXZ
?_Nomemory@std@@YAXXZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBEPAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?tie@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBEPAV?$basic_ostream@_WU?$char_traits@_W@std@@@2@XZ
?good@ios_base@std@@QBE_NXZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?width@ios_base@std@@QAEHH@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEAB_WI@Z
?eq_int_type@?$char_traits@_W@std@@SA_NABG0@Z
?eof@?$char_traits@_W@std@@SAGXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBEHXZ
?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??_D?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?str@?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z
??$?6_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@PB_W@Z
??0?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??$?5_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@PA_W@Z
??0?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@1@H@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
??1_Lockit@std@@QAE@XZ
?_Register@facet@locale@std@@QAEXXZ
?_Incref@facet@locale@std@@QAEXXZ
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@@Z
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
??Bid@locale@std@@QAEIXZ
?id@?$ctype@_W@std@@2V0locale@2@A
??0_Lockit@std@@QAE@H@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_WI@Z
?widen@?$ctype@_W@std@@QBE_WD@Z
??1locale@std@@QAE@XZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEX_NI@Z
??0?$_String_val@DV?$allocator@D@std@@@std@@IAE@V?$allocator@D@1@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ

msvcr71

fopen
_wtoi
wcsncat
_beginthread
_callnewh
__security_error_handler
__dllonexit
_onexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_c_exit
_exit
_XcptFilter
_cexit
exit
_wcmdln
_amsg_exit
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_CRT_RTC_INIT
_controlfp
_getpid
_itoa
__CxxFrameHandler
memset
_except_handler3
free
??3@YAXPAX@Z
??_V@YAXPAX@Z
wcsstr
_wcsupr
memcpy
??1exception@@UAE@XZ
??0exception@@QAE@XZ
_CxxThrowException
??0exception@@QAE@ABV0@@Z
_wcslwr
wcscpy
wcsncpy
fclose
wcslen
fgetws
_wfopen
malloc
_resetstkoflw
_purecall
tolower
memmove
??0bad_cast@@QAE@ABV0@@Z
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@PBD@Z
strlen
_itow
?swprintf@@YAHPA_WIPB_WZZ
_wcsnicmp
wcscmp
_wcsicmp
swprintf
swscanf
_ultow
wcscat
wcsrchr
fwrite
fgetwc
fseek
fread
sprintf
_wtol

Sections

.text
Size: 124KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aab1555d0fcc4c5447ce57a09ecc5b68

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

22:92:48:99:cd:fc:a0:ab:28:cf:2f:91:c8:f2:24:8bCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

d6:cd:d5:8b:aa:9e:19:28:5a:99:46:8d:0b:7e:64:b9:6e:55:62:eeSigner

Signature Validations

Verification

03/11/2015, 10:34 Valid: false

Headers

File Characteristics

Imports

rasapi32

version

wininet

minizip

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

msvcp71

msvcr71

Sections

.text Size: 124KB - Virtual size: 122KB

.rdata Size: 44KB - Virtual size: 42KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 1KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

22:92:48:99:cd:fc:a0:ab:28:cf:2f:91:c8:f2:24:8b
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

d6:cd:d5:8b:aa:9e:19:28:5a:99:46:8d:0b:7e:64:b9:6e:55:62:ee
Signer

03/11/2015, 10:34
Valid: false

.text
Size: 124KB - Virtual size: 122KB

.rdata
Size: 44KB - Virtual size: 42KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 1KB