def632ad52686c2b883ad210a580ee86e2bebf0819435029e9aab966c67eacd5

Sharing

Copy URL Twitter E-mail

General

Target

def632ad52686c2b883ad210a580ee86e2bebf0819435029e9aab966c67eacd5
Size

1.1MB
MD5

7adad85092ce44ef78e2d0635384fd39
SHA1

2ea2fd5d4b6fb3fd2de2f2e2210fdb7d183ce475
SHA256

def632ad52686c2b883ad210a580ee86e2bebf0819435029e9aab966c67eacd5
SHA512

5128c1fd9fc925220a5736fb050e08e4f7e10a810767e7badf5a5bbc7724f33fd194c4b659657c747f921b14612115689a64c665e02ca376ce2c97b6abebd5df
SSDEEP

12288:jR/maJfC7A6yD3ijYyQVqJNxyXp1xp7pQNNpQForEJsBsJ54JZiTAgHGLxbwJAgi:jpmgfCs6yDSUyRjZUJsejTbmNbwfi

Score

1^/10

Malware Config

Signatures

Files

def632ad52686c2b883ad210a580ee86e2bebf0819435029e9aab966c67eacd5
.exe windows x86

7cd0de9b0e146bc61211a82c66226a43

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4a:9b:19:3d:fd:36:39:3e:94:0a:f7:54:51:21:52:9a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

07/09/2017, 00:00

Not After

27/09/2019, 23:59

Subject

CN=Beijing Sogou Technology Development Co.\, Ltd.,OU=Desktop Business Division,O=Beijing Sogou Technology Development Co.\, Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7d:c7:02:07:5f:cc:db:9e:63:38:5f:f5:13:14:c4:ce
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

30/09/2015, 00:00

Not After

28/09/2018, 23:59

Subject

CN=Sogou.com,OU=Desktop,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

40:00:5b:e1:f9:ee:36:b2:4a:7d:ac:26:06:76:c0:25:4c:ee:bf:90:81:bc:2d:a3:b0:aa:be:6b:34:ad:3d:5a
Signer

Actual PE Digest

40:00:5b:e1:f9:ee:36:b2:4a:7d:ac:26:06:76:c0:25:4c:ee:bf:90:81:bc:2d:a3:b0:aa:be:6b:34:ad:3d:5a

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Sogou.com,OU=Desktop,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

26/01/2018, 10:19
Valid: false

03:66:71:a1:93:2a:0f:77:8b:25:23:da:cd:5b:a2:80:00:42:f0:eb
Signer

Actual PE Digest

03:66:71:a1:93:2a:0f:77:8b:25:23:da:cd:5b:a2:80:00:42:f0:eb

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Beijing Sogou Technology Development Co.\, Ltd.,OU=Desktop Business Division,O=Beijing Sogou Technology Development Co.\, Ltd.,L=Beijing,ST=Beijing,C=CN

26/01/2018, 10:19
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
GlobalLock
GlobalUnlock
InterlockedCompareExchange
LoadLibraryW
GetProcAddress
GlobalFree
GetVersionExW
WriteConsoleW
WideCharToMultiByte
GetTickCount
GlobalAlloc
Sleep
WaitForSingleObject
FreeLibrary
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetModuleFileNameW
GetOEMCP
IsValidCodePage
FindFirstFileExW
SetEndOfFile
SetStdHandle
GetConsoleCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GetACP
GetStdHandle
ExitProcess
GetFileType
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
LoadLibraryExW
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
GetFileAttributesW
MultiByteToWideChar
OutputDebugStringW
QueryPerformanceCounter
GlobalHandle
GetCommandLineW
InitializeCriticalSectionAndSpinCount
TlsSetValue
TlsGetValue
TlsAlloc
TlsFree
GetCurrentProcess
GetTempPathW
GetSystemDirectoryW
GetLastError
GetCurrentProcessId
GetModuleHandleW
OpenMutexW
ReadFile
SetLastError
WriteFile
SetFilePointer
CreateFileW
GetCurrentThreadId
ExitThread
CreateEventW
FormatMessageW
CreateThread
LocalFree
GetFileSize
OpenEventW
FindNextFileW
FindClose
CreateDirectoryW
DeleteFileW
CreateProcessW
CopyFileW
LocalAlloc
RaiseException
DecodePointer
FlushFileBuffers
CreateMutexW
ReleaseMutex
VirtualAlloc
SetEvent
HeapFree
HeapSize
HeapReAlloc
HeapAlloc
GetProcessHeap
lstrlenW
TerminateProcess
lstrcatW
GetLocalTime
lstrcpyW
VirtualQuery
IsDebuggerPresent
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
EncodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
SetFileAttributesW

user32

DispatchMessageW
GetMonitorInfoW
TranslateMessage
FindWindowW
IsWindow
ShowWindow
MonitorFromPoint
SetForegroundWindow
GetMessageW
LoadImageW
GetCursorPos
NotifyWinEvent
GetPropW
SendInput
ShowScrollBar
GetScrollInfo
EndPaint
BeginPaint
IsIconic
ReleaseCapture
SetCursor
IsWindowEnabled
TrackMouseEvent
ClientToScreen
SetTimer
RegisterClassExW
ScreenToClient
GetKeyState
DrawTextW
UpdateLayeredWindow
GetFocus
KillTimer
MoveWindow
SetRectEmpty
wvsprintfW
SetClipboardData
MonitorFromRect
IntersectRect
LoadIconW
SubtractRect
GetWindowRect
GetForegroundWindow
GetClipboardData
PtInRect
GetDesktopWindow
GetWindowTextLengthW
DefWindowProcW
CallWindowProcW
DestroyWindow
GetDC
IsWindowVisible
SetWindowPos
CreateWindowExW
SendMessageW
GetSystemMetrics
SetWindowTextW
SetFocus
SetPropW
LoadCursorW
SetCapture
SetWindowLongW
GetParent
ReleaseDC
EnableWindow
GetWindowTextW
PostMessageW
OpenClipboard
CloseClipboard
EmptyClipboard

gdi32

GetStockObject
SetTextColor
DeleteObject
GetObjectW
CreateDIBSection
DeleteDC
SetTextCharacterExtra
SetBkMode
CreateCompatibleDC
SelectObject
BitBlt
CreateFontIndirectW
GetFontData

imm32

ImmNotifyIME
ImmGetContext
ImmDisableIME

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

psapi

GetProcessMemoryInfo

wininet

InternetCloseHandle
HttpOpenRequestA
InternetWriteFile
InternetCrackUrlA
InternetOpenW
HttpEndRequestW
HttpSendRequestExW
InternetGetConnectedState
InternetConnectA
InternetReadFile
HttpAddRequestHeadersW

msimg32

AlphaBlend

oleacc

LresultFromObject
AccessibleObjectFromWindow

advapi32

CryptAcquireContextW
RegQueryValueExW
RegOpenKeyW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegCreateKeyExW
CryptDecrypt
CryptSetKeyParam
CryptDestroyKey
CryptEncrypt
CryptImportKey
CryptReleaseContext
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
BuildExplicitAccessWithNameW
SetEntriesInAclW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetSecurityDescriptorSacl
InitializeSecurityDescriptor
InitializeAcl
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
AddAccessAllowedAceEx
GetLengthSid

shell32

SHGetFolderPathW

ole32

CoInitialize
CoUninitialize

oleaut32

SysAllocString

Sections

.text
Size: 663KB - Virtual size: 663KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 17KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 209KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7cd0de9b0e146bc61211a82c66226a43

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

4a:9b:19:3d:fd:36:39:3e:94:0a:f7:54:51:21:52:9aCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

7d:c7:02:07:5f:cc:db:9e:63:38:5f:f5:13:14:c4:ceCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6Certificate

Extended Key Usages

Key Usages

40:00:5b:e1:f9:ee:36:b2:4a:7d:ac:26:06:76:c0:25:4c:ee:bf:90:81:bc:2d:a3:b0:aa:be:6b:34:ad:3d:5aSigner

Signature Validations

Verification

26/01/2018, 10:19 Valid: false

03:66:71:a1:93:2a:0f:77:8b:25:23:da:cd:5b:a2:80:00:42:f0:ebSigner

Signature Validations

Verification

26/01/2018, 10:19 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

imm32

version

psapi

wininet

msimg32

oleacc

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 663KB - Virtual size: 663KB

.rdata Size: 162KB - Virtual size: 162KB

.data Size: 17KB - Virtual size: 54KB

.rsrc Size: 209KB - Virtual size: 208KB

.reloc Size: 32KB - Virtual size: 100KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

4a:9b:19:3d:fd:36:39:3e:94:0a:f7:54:51:21:52:9a
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

7d:c7:02:07:5f:cc:db:9e:63:38:5f:f5:13:14:c4:ce
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

40:00:5b:e1:f9:ee:36:b2:4a:7d:ac:26:06:76:c0:25:4c:ee:bf:90:81:bc:2d:a3:b0:aa:be:6b:34:ad:3d:5a
Signer

26/01/2018, 10:19
Valid: false

03:66:71:a1:93:2a:0f:77:8b:25:23:da:cd:5b:a2:80:00:42:f0:eb
Signer

26/01/2018, 10:19
Valid: false

.text
Size: 663KB - Virtual size: 663KB

.rdata
Size: 162KB - Virtual size: 162KB

.data
Size: 17KB - Virtual size: 54KB

.rsrc
Size: 209KB - Virtual size: 208KB

.reloc
Size: 32KB - Virtual size: 100KB