a5f6fdcbf8d5bf7247a05b80c7ad1237687580d52fcc9b98afd8986427f10136

Sharing

Copy URL

Twitter E-mail

General

Target

a5f6fdcbf8d5bf7247a05b80c7ad1237687580d52fcc9b98afd8986427f10136
Size

974KB
MD5

385fdd29719f3b060c2145053cefdb6d
SHA1

02da0120598d608763d061b20b2f7804f7965f3e
SHA256

a5f6fdcbf8d5bf7247a05b80c7ad1237687580d52fcc9b98afd8986427f10136
SHA512

bc835c62160b5aeb56a19ef231ef34c0a25b96c2abd48b914711c84f9850d77dd373d3a8aa140bdaec254df7cadae7314ef688dc0899c6d2d0a7a299f019a89e
SSDEEP

12288:bFdDjoJq/5kjZ59F7JYBToLOvUo+jOPLTC9O0IvomiIvomiN:bjXKjZ59FJYWMUzgTC9O0IHiIHiN

Score

1^/10

Malware Config

Signatures

Files

a5f6fdcbf8d5bf7247a05b80c7ad1237687580d52fcc9b98afd8986427f10136
.exe windows x86

da39e96e7dea1b79d3778201e9baccee

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

59:b9:5d:55:8c:2d:cc:52:35:72:e3:f8:f9:a5:f7:9d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/06/2012, 00:00

Not After

24/08/2015, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Desktop,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetModuleFileNameExW

netapi32

NetUserGetInfo
NetApiBufferFree

kernel32

GetWindowsDirectoryW
OpenProcess
LoadLibraryW
GetProcAddress
GetLogicalDriveStringsW
QueryDosDeviceW
FreeLibrary
SetFileAttributesW
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameW
DeleteCriticalSection
GetCommandLineW
LocalFree
CreateSemaphoreW
GetLastError
OutputDebugStringW
CreateFileA
GetTickCount
GetDriveTypeA
SetEnvironmentVariableA
CompareStringW
CompareStringA
OpenEventW
CreateEventW
Sleep
CloseHandle
GetModuleHandleW
InitializeCriticalSection
GetConsoleCP
GetConsoleMode
LCMapStringA
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetCurrentDirectoryA
GetFullPathNameW
LCMapStringW
RtlUnwind
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetTimeZoneInformation
GetProcessHeap
SetEndOfFile
SetFilePointer
SetStdHandle
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetSystemDirectoryW
SetEvent
GetCurrentThreadId
FindFirstFileW
FindClose
LocalAlloc
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
WriteFile
CreateFileW
CreateMutexW
WaitForSingleObject
OpenMutexW
ReleaseMutex
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
FindResourceW
LoadResource
SizeofResource
ReadFile
GetFileSizeEx
LockResource
GlobalLock
GlobalAlloc
GlobalUnlock
GlobalFree
GlobalHandle
WideCharToMultiByte
MultiByteToWideChar
CreateDirectoryW
FileTimeToSystemTime
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
FileTimeToLocalFileTime
GetDriveTypeW
ExitThread
CreateThread
ExitProcess
GetFileType
HeapReAlloc
ResumeThread
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetModuleHandleA
HeapSize
GetStdHandle
GetModuleFileNameA
HeapCreate
VirtualFree
VirtualAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStartupInfoA
QueryPerformanceCounter

user32

TranslateMessage
PeekMessageW
PostQuitMessage
PostMessageW
DispatchMessageW
BeginPaint
DefWindowProcW
DestroyWindow
EndDialog
FindWindowW
SetTimer
ShowWindow
GetSystemMetrics
EndPaint
ReleaseDC
GetDC
KillTimer
SetFocus
GetClientRect
MonitorFromRect
GetMonitorInfoW
GetWindowTextW
SubtractRect
MonitorFromPoint
IsRectEmpty
CallWindowProcW
GetPropW
SendMessageW
IsWindowVisible
CreateWindowExW
IsWindow
RedrawWindow
SetWindowLongW
UnionRect
LoadIconW
RegisterClassExW
SetPropW
GetClassInfoExW
SetRectEmpty
IsWindowEnabled
LoadCursorW
RemovePropW
SetCursor
MsgWaitForMultipleObjectsEx
InflateRect
DrawTextW
FillRect
LoadImageW
UpdateLayeredWindow
ReleaseCapture
SetCapture
GetCursorPos
ClientToScreen
PtInRect
OffsetRect
ScreenToClient
WindowFromPoint
GetWindowThreadProcessId
GetForegroundWindow
SystemParametersInfoW
GetWindowLongW
BringWindowToTop
GetWindowRect
IntersectRect
SetWindowPos

gdi32

SetTextColor
LineTo
GetTextExtentPoint32W
MoveToEx
GetStockObject
CreateSolidBrush
StretchBlt
BitBlt
GetObjectW
CreatePen
DeleteObject
CreateFontW
DeleteDC
SelectObject
CreateDIBSection
CreateCompatibleDC
SetBkMode

advapi32

AddAccessAllowedAceEx
RegOpenKeyExW
GetUserNameW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
InitializeAcl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
GetSidLengthRequired
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
RegCloseKey
RegQueryValueExW

shell32

ShellExecuteW
SHGetFolderPathW
CommandLineToArgvW

ole32

CoInitialize
CoUninitialize

imm32

ImmDisableIME

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

msimg32

AlphaBlend

comctl32

_TrackMouseEvent

Sections

.text
Size: 404KB - Virtual size: 403KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 295KB - Virtual size: 294KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

da39e96e7dea1b79d3778201e9baccee

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

59:b9:5d:55:8c:2d:cc:52:35:72:e3:f8:f9:a5:f7:9dCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

psapi

netapi32

kernel32

user32

gdi32

advapi32

shell32

ole32

imm32

version

msimg32

comctl32

Sections

.text Size: 404KB - Virtual size: 403KB

.rdata Size: 68KB - Virtual size: 67KB

.data Size: 7KB - Virtual size: 15KB

.rsrc Size: 295KB - Virtual size: 294KB

.reloc Size: 27KB - Virtual size: 18KB

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

59:b9:5d:55:8c:2d:cc:52:35:72:e3:f8:f9:a5:f7:9d
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

.text
Size: 404KB - Virtual size: 403KB

.rdata
Size: 68KB - Virtual size: 67KB

.data
Size: 7KB - Virtual size: 15KB

.rsrc
Size: 295KB - Virtual size: 294KB

.reloc
Size: 27KB - Virtual size: 18KB