2dd173fba87d2e2806ef7f12b35b56e3184a62900e0d056ef4da6fa87717876e

Sharing

Copy URL Twitter E-mail

General

Target

2dd173fba87d2e2806ef7f12b35b56e3184a62900e0d056ef4da6fa87717876e
Size

1.3MB
MD5

648cbab43ccbaa39d8753bcd20b47d28
SHA1

c0b28a2a138367136f3f1ebe683e19663ab1dbe4
SHA256

2dd173fba87d2e2806ef7f12b35b56e3184a62900e0d056ef4da6fa87717876e
SHA512

b07c00c33cc26232c6ba0adb97284ce816e8e2694ca8eb05b8220b20f84aba26675f39ad0b11b7f136959d9bbd180a8d7bd93efc5f44ddf1bfc02c5fd5ef89c6
SSDEEP

12288:QJrXfEv3U3jHKoKoaBm9cKvJMuC77uTretzSTJZzDQnT4IhLIA8dI/8wv5mkii:QJDo3OTKoK50lJ7eEP8MgICjv5mkii

Score

1^/10

Malware Config

Signatures

Files

2dd173fba87d2e2806ef7f12b35b56e3184a62900e0d056ef4da6fa87717876e
.exe windows x86

df97c18a40a45755d567e658fb7f6d53

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

05:12:7d:38:de:f5:a5:78:98:76:54:02:78:46:5e:29:99:57:a3:5d
Signer

Actual PE Digest

05:12:7d:38:de:f5:a5:78:98:76:54:02:78:46:5e:29:99:57:a3:5d

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileInformationByHandle
GetDriveTypeA
SetFileTime
FreeResource
GlobalFree
GlobalUnlock
GlobalLock
MultiByteToWideChar
MulDiv
LocalFree
FormatMessageA
GlobalAlloc
SetLastError
GetVersionExA
GetModuleHandleA
lstrcmpW
CompareStringA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetCurrentThreadId
GetModuleFileNameW
InterlockedDecrement
lstrcmpA
InterlockedExchange
GetLocaleInfoA
GetModuleFileNameA
EnumResourceLanguagesA
ConvertDefaultLocale
WriteFile
WaitForSingleObject
GetFullPathNameA
FlushFileBuffers
SetEndOfFile
GlobalFlags
FileTimeToSystemTime
GetModuleHandleW
InterlockedIncrement
LocalAlloc
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
GetCPInfo
GetOEMCP
WritePrivateProfileStringA
FileTimeToLocalFileTime
SetErrorMode
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
Sleep
ExitProcess
HeapFree
HeapAlloc
GetCommandLineA
GetStartupInfoA
RtlUnwind
HeapReAlloc
RaiseException
VirtualAlloc
ExitThread
CreateThread
HeapSize
GetACP
IsValidCodePage
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
HeapCreate
VirtualFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetProcessHeap
CompareStringW
SetEnvironmentVariableA
SleepEx
VerifyVersionInfoA
VerSetConditionMask
GetSystemDirectoryA
PeekNamedPipe
WaitForMultipleObjects
ExpandEnvironmentStringsA
CreateDirectoryA
GetFileAttributesA
LocalFileTimeToFileTime
lstrlenA
lstrcpyA
GetCurrentDirectoryA
SystemTimeToFileTime
ReadFile
SetFilePointer
GetCurrentProcess
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
lstrcatA
GetCurrentProcessId
FreeLibrary
GetProcAddress
LoadLibraryA
FindClose
FindFirstFileA
UnmapViewOfFile
CloseHandle
GetLastError
CreateFileA
GetCurrentThread
DeleteFileA

user32

CheckMenuItem
EnableMenuItem
ModifyMenuA
LoadBitmapA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
SetCursor
GetWindowThreadProcessId
DestroyMenu
GetCursorPos
ReleaseDC
GetDC
PostQuitMessage
ValidateRect
TranslateMessage
GetMessageA
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
ClientToScreen
BeginPaint
EndPaint
GetSysColorBrush
LoadCursorA
RegisterWindowMessageA
UnregisterClassA
GetWindowPlacement
GetSystemMetrics
GetWindowTextA
GetFocus
SetWindowPos
SetFocus
ShowWindow
GetDlgCtrlID
SetWindowTextA
IsDialogMessageA
SendDlgItemMessageA
GetWindow
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
WinHelpA
GetCapture
SetWindowsHookExA
SetWindowLongA
GetWindowLongA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
GetKeyState
SetMenu
SetForegroundWindow
IsWindowVisible
UpdateWindow
GetClientRect
PostMessageA
MessageBoxA
CreateWindowExA
GetClassInfoExA
RegisterClassA
GetSysColor
AdjustWindowRectEx
EnableWindow
SendMessageA
GetClassInfoA
LoadIconA
GetParent
wsprintfA
CopyRect
DefWindowProcA
CallWindowProcA
PtInRect
GetMenu
SystemParametersInfoA
IsIconic
GetWindowRect

advapi32

CryptEncrypt
CryptDestroyKey
CryptGetHashParam
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyA
RegOpenKeyA
RegQueryValueA
CryptDestroyHash
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA
RegCloseKey
RegSetValueExA
RegCreateKeyExA
CryptCreateHash
CryptHashData
CryptImportKey

shell32

ShellExecuteA

shlwapi

PathFindFileNameA
PathFindExtensionA

wininet

InternetOpenUrlA
InternetCloseHandle
InternetOpenA

wldap32

ord41
ord27
ord301
ord22
ord211
ord143
ord60
ord50
ord46
ord30
ord200
ord32
ord35
ord79
ord33
ord26

ws2_32

ntohl
htonl
gethostname
ioctlsocket
listen
accept
recvfrom
sendto
getaddrinfo
freeaddrinfo
connect
socket
closesocket
getpeername
getsockopt
htons
bind
ntohs
WSACleanup
WSAStartup
WSASetLastError
__WSAFDIsSet
WSAGetLastError
select
recv
send
WSAIoctl
setsockopt
getsockname

crypt32

CertFreeCertificateContext

oleacc

LresultFromObject
CreateStdAccessibleObject

gdi32

SetMapMode
RestoreDC
SaveDC
DeleteDC
DeleteObject
SelectObject
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetClipBox
GetStockObject
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetDeviceCaps

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

oleaut32

VariantClear
VariantChangeType
VariantInit

Sections

.text
Size: 420KB - Virtual size: 420KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 796KB - Virtual size: 795KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

df97c18a40a45755d567e658fb7f6d53

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0eCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

05:12:7d:38:de:f5:a5:78:98:76:54:02:78:46:5e:29:99:57:a3:5dSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

shlwapi

wininet

wldap32

ws2_32

crypt32

oleacc

gdi32

winspool.drv

oleaut32

Sections

.text Size: 420KB - Virtual size: 420KB

.rdata Size: 84KB - Virtual size: 84KB

.data Size: 9KB - Virtual size: 23KB

.rsrc Size: 796KB - Virtual size: 795KB

.reloc Size: 45KB - Virtual size: 44KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

05:12:7d:38:de:f5:a5:78:98:76:54:02:78:46:5e:29:99:57:a3:5d
Signer

.text
Size: 420KB - Virtual size: 420KB

.rdata
Size: 84KB - Virtual size: 84KB

.data
Size: 9KB - Virtual size: 23KB

.rsrc
Size: 796KB - Virtual size: 795KB

.reloc
Size: 45KB - Virtual size: 44KB