cc3d5ffea261d6c204fd2db650d543d6e75f089aaf056b8667c09611053378fc

Sharing

Copy URL Twitter E-mail

General

Target

cc3d5ffea261d6c204fd2db650d543d6e75f089aaf056b8667c09611053378fc
Size

631KB
MD5

aba846859489bd223a86f2e188348cf1
SHA1

e60428e4ea71b7ac6494dc959c996d3bf82f7965
SHA256

cc3d5ffea261d6c204fd2db650d543d6e75f089aaf056b8667c09611053378fc
SHA512

2097c5085c4bc2ba17c6b3cbe869dcb1b6ed4600f7c6d8aaaa0a85aa9540d67f3250baec0bc2a5f696ebbd3e12a506afc0861fd5179266371ba1a39b180625f4
SSDEEP

12288:SCLAzBd6D/VWasTUUeiYlrp9RZlYf0eQZuooZtUMBvOtdUkU8uF62cP:rL4Bd6DtWasn0lrpG0eQiUMBGtXU8k5y

Score

1^/10

Malware Config

Signatures

Files

cc3d5ffea261d6c204fd2db650d543d6e75f089aaf056b8667c09611053378fc
.exe windows x86

26fbce67dc1717a1e76265ac78aa5506

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7a:1f:e7:67:6a:48:49:da:ee:2b:ff:c4:a4:ff:4b:d3
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

29/12/2014, 00:00

Not After

28/01/2016, 23:59

Subject

CN=Beijing Kingsoft Security software Co.\,Ltd,OU=IT,O=Beijing Kingsoft Security software Co.\,Ltd,L=beijing,ST=beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b1:e4:f7:ff:17:3c:2d:fd:1b:a9:88:37:cf:8b:cf:ff:0d:2a:bf:c8
Signer

Actual PE Digest

b1:e4:f7:ff:17:3c:2d:fd:1b:a9:88:37:cf:8b:cf:ff:0d:2a:bf:c8

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TerminateProcess
TerminateThread
GetLogicalDriveStringsW
WaitForSingleObject
QueryDosDeviceW
GetSystemDirectoryW
SetFilePointer
GetPrivateProfileStringW
SetEndOfFile
CreateFileMappingW
MapViewOfFileEx
CreateProcessW
UnmapViewOfFile
GetCommandLineW
WriteFile
GetLocalTime
OutputDebugStringW
OpenEventW
FormatMessageA
ExpandEnvironmentStringsA
SleepEx
Process32NextW
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
ExpandEnvironmentStringsW
Process32FirstW
CreateToolhelp32Snapshot
DeleteFileW
CreateDirectoryW
GetFileAttributesW
GetTickCount
OpenProcess
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
FlushInstructionCache
GetModuleFileNameW
InitializeCriticalSection
LoadLibraryExW
FindResourceW
lstrlenA
LoadResource
SizeofResource
GetModuleHandleW
GetFileSize
lstrlenW
WideCharToMultiByte
GetLastError
CloseHandle
RaiseException
MultiByteToWideChar
GetWindowsDirectoryW
Sleep
LockResource
GetProcAddress
FreeResource
FindResourceExW
LoadLibraryW
InterlockedDecrement
GlobalAlloc
GetPrivateProfileIntW
GlobalLock
FreeLibrary
InterlockedIncrement
ReadFile
SetLastError
GlobalUnlock
CreateFileW
GetCurrentThreadId
GlobalFree
GetVersionExW
lstrcmpiW
GetCurrentProcess
GetSystemTimeAsFileTime

user32

DrawTextW
SetCursor
UnregisterClassA
GetClientRect
PeekMessageW
GetDlgItem
IsWindowVisible
IsWindow
GetMessageW
GetParent
GetWindowThreadProcessId
TranslateMessage
IsDialogMessageW
GetForegroundWindow
DispatchMessageW
SetWindowLongW
AttachThreadInput
GetClassInfoExW
GetWindowRect
ShowWindow
GetDC
SetWindowPos
ReleaseDC
SetForegroundWindow
InflateRect
CreateWindowExW
LoadImageW
DestroyWindow
SendMessageW
SetRect
IsChild
SetTimer
PostThreadMessageW
ReleaseCapture
PtInRect
UpdateLayeredWindow
DestroyIcon
SetCapture
LoadIconW
FindWindowW
GetDlgCtrlID
DrawFrameControl
GetMonitorInfoW
OffsetRect
MonitorFromWindow
IntersectRect
ScreenToClient
KillTimer
DrawIconEx
CallWindowProcW
SetRectEmpty
ClientToScreen
EndPaint
BeginPaint
EqualRect
GetNextDlgTabItem
SetFocus
GetCursorPos
WindowFromPoint
GetSystemMetrics
GetWindowLongW
GetFocus
SetActiveWindow
InvalidateRect
LoadBitmapW
GetActiveWindow
LoadCursorW
DefWindowProcW
GetDesktopWindow
IsWindowEnabled
EnableWindow
RegisterClassExW
MapWindowPoints
GetWindow
SystemParametersInfoW
CopyRect
CharNextW
PostMessageW
MoveWindow

gdi32

GetStockObject
CreateRectRgn
SetTextColor
GetObjectW
SelectObject
BitBlt
CreatePen
SetBkColor
DeleteObject
CreateBitmap
CreateCompatibleBitmap
CreateFontIndirectW
GetViewportOrgEx
CreateRectRgnIndirect
CombineRgn
ExtSelectClipRgn
Rectangle
CreateRoundRectRgn
GetCurrentObject
OffsetRgn
RoundRect
SetViewportOrgEx
LineTo
RectInRegion
GetTextColor
MoveToEx
SetBkMode
GetTextExtentPoint32W
TextOutW
SelectClipRgn
CreateDIBSection
ExtTextOutW
GetClipRgn
SaveDC
StretchBlt
SetStretchBltMode
RestoreDC
DeleteDC
CreateCompatibleDC

advapi32

RegOpenKeyW
RegSetValueExW
RegCreateKeyExW
RegEnumKeyExW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegQueryInfoKeyW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegDeleteKeyW
RegDeleteValueW

shell32

ShellExecuteW

ole32

CoTaskMemAlloc
CreateStreamOnHGlobal
CoCreateInstance
CoInitialize
CoTaskMemFree
CoTaskMemRealloc
CoUninitialize

oleaut32

VarUI4FromStr

shlwapi

StrToIntW
PathFileExistsW
PathAddBackslashW
StrToIntA
PathRemoveFileSpecW
PathAppendW

comctl32

_TrackMouseEvent

msimg32

AlphaBlend

msvcp80

??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?at@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z

gdiplus

GdipCreateBitmapFromStream
GdipDrawImageRectI
GdiplusStartup
GdipDrawImagePointsRectI
GdiplusShutdown
GdipDeletePen
GdipSetPenEndCap
GdipGetFamily
GdipNewPrivateFontCollection
GdipCreateHBITMAPFromBitmap
GdipDeletePrivateFontCollection
GdipPrivateAddFontFile
GdipGetFontCollectionFamilyCount
GdipAlloc
GdipSetPenDashStyle
GdipSetPenStartCap
GdipDeletePath
GdipResetWorldTransform
GdipSetPenMode
GdipCreatePath
GdipRotateWorldTransform
GdipDrawPath
GdipSetSmoothingMode
GdipSetPixelOffsetMode
GdipSetStringFormatTrimming
GdipTranslateWorldTransform
GdipGetImageHeight
GdipSetInterpolationMode
GdipSetStringFormatFlags
GdipFillRectangle
GdipGetImageGraphicsContext
GdipSetStringFormatLineAlign
GdipFillRectangleI
GdipCreateBitmapFromScan0
GdipCreateFontFromLogfontW
GdipCreatePen1
GdipCloneBrush
GdipDeleteFont
GdipAddPathStringI
GdipDeleteBrush
GdipGetFontSize
GdipAddPathPieI
GdipFillPath
GdipAddPathArcI
GdipDrawString
GdipGraphicsClear
GdipClosePathFigure
GdipAddPathRectangleI
GdipDrawLinesI
GdipDrawImageI
GdipSetClipPath
GdipMeasureString
GdipCreateFont
GdipSetStringFormatAlign
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipGetFontCollectionFamilyList
GdipCloneFontFamily
GdipDrawImageRectRectI
GdipSetImageAttributesColorMatrix
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetTextRenderingHint
GdipCreateSolidFill
GdipGetImageWidth
GdipDeleteGraphics
GdipImageRotateFlip
GdipLoadImageFromStream
GdipCreateFromHDC
GdipCloneImage
GdipDrawImageRectRect
GdipLoadImageFromFile
GdipDisposeImage
GdipFree
GdipDrawLine
GdipDeleteFontFamily
GdipSetCompositingQuality

msvcr80

labs
__CxxFrameHandler3
_strdup
_stat64
_gmtime64
__sys_nerr
strerror
getenv
fflush
memchr
_errno
sprintf
isdigit
fputs
qsort
fgets
_strtoi64
strrchr
strncpy
isxdigit
strtol
memmove
strstr
strtoul
__iob_func
fwrite
realloc
_stricmp
_controlfp_s
_invoke_watson
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
?terminate@@YAXXZ
rand
srand
wcscspn
_time64
_mbschr
floor
ceil
_localtime64_s
wcscat_s
wcscat
__RTDynamicCast
abs
wcsspn
_wtoi
_wcsupr_s
_wcsnicmp
wcschr
_wcslwr_s
wcsrchr
isspace
tolower
strchr
strncmp
isalnum
isalpha
fclose
_vsnprintf_s
fprintf
fseek
fputc
fread
atoi
sscanf
fopen
wcsncat
wcsstr
_wcsicmp
calloc
wcscpy_s
??0exception@std@@QAE@XZ
vsprintf_s
memcpy
?what@exception@std@@UBEPBDXZ
_vscprintf
??1exception@std@@UAE@XZ
_mbsicmp
malloc
setlocale
??0exception@std@@QAE@ABV01@@Z
_purecall
_beginthreadex
??0exception@std@@QAE@ABQBD@Z
strlen
wcscmp
vswprintf_s
free
_CxxThrowException
_recalloc
swprintf_s
_vscwprintf
??2@YAPAXI@Z
_waccess
strcmp
_invalid_parameter_noinfo
_mbscmp
??_V@YAXPAX@Z
wcsncpy_s
memset
memmove_s
memcpy_s
wcslen
??3@YAXPAX@Z

psapi

GetModuleFileNameExW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

ws2_32

htons
bind
ntohs
getsockname
send
recv
WSAGetLastError
closesocket
getsockopt
WSASetLastError
freeaddrinfo
getaddrinfo
__WSAFDIsSet
select
ioctlsocket
connect
WSACleanup
getpeername
setsockopt
WSAStartup
socket

Sections

.text
Size: 280KB - Virtual size: 276KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

26fbce67dc1717a1e76265ac78aa5506

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

7a:1f:e7:67:6a:48:49:da:ee:2b:ff:c4:a4:ff:4b:d3Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

b1:e4:f7:ff:17:3c:2d:fd:1b:a9:88:37:cf:8b:cf:ff:0d:2a:bf:c8Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

msvcp80

gdiplus

msvcr80

psapi

version

ws2_32

Sections

.text Size: 280KB - Virtual size: 276KB

.rdata Size: 76KB - Virtual size: 73KB

.data Size: 8KB - Virtual size: 9KB

.rsrc Size: 92KB - Virtual size: 88KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

7a:1f:e7:67:6a:48:49:da:ee:2b:ff:c4:a4:ff:4b:d3
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

b1:e4:f7:ff:17:3c:2d:fd:1b:a9:88:37:cf:8b:cf:ff:0d:2a:bf:c8
Signer

.text
Size: 280KB - Virtual size: 276KB

.rdata
Size: 76KB - Virtual size: 73KB

.data
Size: 8KB - Virtual size: 9KB

.rsrc
Size: 92KB - Virtual size: 88KB