58f8b98f123f03261b7ba970ae4c921d0e5b38c8c5caab567768c19f0e880108

Sharing

Copy URL Twitter E-mail

General

Target

58f8b98f123f03261b7ba970ae4c921d0e5b38c8c5caab567768c19f0e880108
Size

48KB
MD5

3fa9566b67860b7af502e4e80727a02b
SHA1

9e0f93456ae48944a0c9e1d8d09c6871f1e66700
SHA256

58f8b98f123f03261b7ba970ae4c921d0e5b38c8c5caab567768c19f0e880108
SHA512

2033c564716eda5340e4bb9f5b34a321fd75a2739434900ed208fd9c38040ff329c0ed901535bc2bb158b5caa1e897fddd79770d1aefafcf0db8b9a08af73f6e
SSDEEP

1536:V50+g6SGDgn6o8gDlQD0DZcCCrUntCOLV2iOKrZIv:bBgDlQD0DZcHGIOLV2irlm

Score

1^/10

Malware Config

Signatures

Files

58f8b98f123f03261b7ba970ae4c921d0e5b38c8c5caab567768c19f0e880108
.exe windows x86

fa9f8031f52fd5c6c9839cc491d301e7

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

06:0e:43:db:a0:97:a8:45:43:3c:ff:3a:5d:51:c2:5a
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

01/12/2010, 00:00

Not After

30/11/2012, 23:59

Subject

CN=Nanjing Naga Software Ltd.,OU=WoSign Class 3 Code Signing,O=南京纳加软件有限公司,L=南京市,ST=江苏省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

95:c4:05:b9:5e:c5:3e:dd:18:97:5c:6a:0b:38:aa:43:f7:2e:2d:58
Signer

Actual PE Digest

95:c4:05:b9:5e:c5:3e:dd:18:97:5c:6a:0b:38:aa:43:f7:2e:2d:58

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Nanjing Naga Software Ltd.,OU=WoSign Class 3 Code Signing,O=南京纳加软件有限公司,L=南京市,ST=江苏省,C=CN

06/08/2012, 07:21
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

EnumProcesses

kernel32

DeleteCriticalSection
GetModuleHandleA
lstrlenA
lstrcmpiA
Sleep
CreateThread
GetModuleHandleW
GetCurrentThreadId
IsDBCSLeadByte
InterlockedDecrement
SizeofResource
LoadResource
FindResourceA
InitializeCriticalSectionAndSpinCount
GetCommandLineA
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetStartupInfoW
HeapSetInformation
InterlockedCompareExchange
GetLastError
RaiseException
WaitForSingleObject
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
GetProcessId
CloseHandle
OpenProcess
TerminateProcess
GetModuleFileNameA
LoadLibraryA
GetProcAddress
FreeLibrary
SetEvent
CreateEventA
GetPrivateProfileStringA
EnterCriticalSection
GetSystemTimeAsFileTime
LoadLibraryExA
InterlockedExchange
DecodePointer
EncodePointer
LeaveCriticalSection

user32

DispatchMessageA
GetMessageA
PostThreadMessageA
LoadStringA
CharNextA
CharUpperA
CharNextW
MessageBoxA
TranslateMessage

advapi32

ChangeServiceConfigA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
RegQueryInfoKeyA
RegEnumKeyExA
ControlService
DeleteService
CreateServiceA
RegQueryInfoKeyW
RegSetValueExA
RegQueryValueExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA
SetServiceStatus
RegisterEventSourceA
ReportEventA
DeregisterEventSource
OpenSCManagerA
OpenServiceA
CloseServiceHandle

shell32

ShellExecuteExA

ole32

CoReleaseServerProcess
CoCreateInstance
CoInitialize
CoUninitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemFree
StringFromGUID2
CoAddRefServerProcess

oleaut32

VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysStringLen
SysFreeString

shlwapi

PathRemoveFileSpecA

msvcr100

_controlfp_s
_invoke_watson
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__set_app_type
_initterm
_fmode
_commode
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
__setusermatherr
_configthreadlocale
??3@YAXPAX@Z
??_V@YAXPAX@Z
_strdup
memset
??_U@YAPAXI@Z
_mbsnbcpy
_mbsstr
_mbsicmp
strtol
_initterm_e
__CxxFrameHandler3
puts
_vsnprintf_s
_mbsnbcpy_s
malloc
free
memcpy_s
_CxxThrowException
strcpy_s
wcsncpy_s
strcat_s
_resetstkoflw
calloc
_recalloc
?terminate@@YAXXZ
_except_handler4_common
_unlock
__dllonexit
_lock
_onexit

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fa9f8031f52fd5c6c9839cc491d301e7

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04Certificate

Extended Key Usages

Key Usages

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

06:0e:43:db:a0:97:a8:45:43:3c:ff:3a:5d:51:c2:5aCertificate

Extended Key Usages

Key Usages

95:c4:05:b9:5e:c5:3e:dd:18:97:5c:6a:0b:38:aa:43:f7:2e:2d:58Signer

Signature Validations

Verification

06/08/2012, 07:21 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

psapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

msvcr100

Sections

.text Size: 27KB - Virtual size: 27KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 3KB - Virtual size: 2KB

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

06:0e:43:db:a0:97:a8:45:43:3c:ff:3a:5d:51:c2:5a
Certificate

95:c4:05:b9:5e:c5:3e:dd:18:97:5c:6a:0b:38:aa:43:f7:2e:2d:58
Signer

06/08/2012, 07:21
Valid: false

.text
Size: 27KB - Virtual size: 27KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 3KB - Virtual size: 2KB