969f6d06e73458dea344c473fc9c284ea41d1cf80e2ff5c406886f8368661f5f

Sharing

Copy URL

Twitter E-mail

General

Target

969f6d06e73458dea344c473fc9c284ea41d1cf80e2ff5c406886f8368661f5f
Size

2.4MB
MD5

bf33c716ef17fa968052298d1f32f494
SHA1

18549454f58e75565995c556b465adaa4512faef
SHA256

969f6d06e73458dea344c473fc9c284ea41d1cf80e2ff5c406886f8368661f5f
SHA512

f6d171e1cf98e80a82192a2fdf31fb8bc43bffd7dca2cfbe2c775a9ec4ae3e031d4c97dfeda2a459fb81d37a8205476c49c4a19b9bf63e6e796a8465a0f69457
SSDEEP

49152:a9VmdUFpFECbA6qvTNTOBTDxsgbn4Ej5BHYDXTYPQnRxlP2RvTA7V0RZOT:IBFEMnFr4UHYDjYkh0vTA5EZO

Score

1^/10

Malware Config

Signatures

Files

969f6d06e73458dea344c473fc9c284ea41d1cf80e2ff5c406886f8368661f5f
.exe windows x86

2568575e3d06733a75110675395ccd47

Code Sign

44:e8:2b:cb:f8:a6:64:3f:27:cd:66:29:3f:74:aa:bf
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Not Before

19/04/2017, 05:25

Not After

19/05/2018, 05:25

Subject

CN=北京丰余科技有限公司,O=北京丰余科技有限公司,L=北京市,ST=北京市,C=CN,1.2.840.113549.1.9.1=#0c15796977616e7a687573686f754073696e612e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/11/2014, 00:58

Not After

08/11/2029, 00:58

Subject

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5f:40:14:ed:c3:39:ce:be:6e:71:41:6d:31:10:00:4c:2f:05:ce:45
Signer

Actual PE Digest

5f:40:14:ed:c3:39:ce:be:6e:71:41:6d:31:10:00:4c:2f:05:ce:45

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

QueryPerformanceFrequency
GetModuleHandleW
GetModuleFileNameW
LoadLibraryExW
CreateMutexA
lstrcmpiW
GetCurrentProcessId
GetProcAddress
InterlockedDecrement
InterlockedIncrement
DecodePointer
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
WideCharToMultiByte
MultiByteToWideChar
GetVersionExW
CreateFileW
QueryDosDeviceW
GetTempFileNameW
GetTempPathW
FindResourceA
GetStartupInfoW
CreateProcessW
GetLogicalDriveStringsW
CloseHandle
ReadFile
lstrlenA
lstrcmpiA
lstrcmpA
GetFileSize
Sleep
WaitForSingleObject
ResumeThread
SetThreadPriority
TerminateProcess
OpenProcess
VirtualFree
VirtualAlloc
FreeLibrary
FreeResource
WritePrivateProfileStringW
GetPrivateProfileStringW
FindResourceExW
FindResourceW
GetCommandLineW
SizeofResource
LoadResource
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
SetLastError
GetLastError
GetCurrentThreadId
RaiseException
GetCurrentProcess
UnmapViewOfFile
GetDiskFreeSpaceExW
MoveFileW
SetEndOfFile
GetCurrentDirectoryW
WriteConsoleW
SetFileAttributesW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTimeZoneInformation
MoveFileExW
ReadConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetOEMCP
GetACP
IsValidCodePage
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
FlushInstructionCache
GetModuleHandleExW
ExitProcess
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
SetEnvironmentVariableA
SystemTimeToFileTime
LocalFileTimeToFileTime
GetFileType
GetSystemTimeAsFileTime
AreFileApisANSI
ExitThread
VirtualQuery
VirtualProtect
RtlUnwind
EncodePointer
GetStringTypeW
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
IsDebuggerPresent
CreateFileA
GetModuleFileNameA
GetStdHandle
lstrcpyW
GetSystemInfo
CreateThread
GetVolumeInformationW
GetDriveTypeW
DeviceIoControl
GetFileAttributesW
RemoveDirectoryW
FindClose
FindNextFileW
DeleteFileW
FindFirstFileW
GlobalFree
LockResource
SetFilePointer
GetFileSizeEx
GetFileTime
SetFileTime
CreateDirectoryW
GetVersion
CreateEventW
ResetEvent
SetEvent
GlobalAlloc
LocalFree
OutputDebugStringW
GlobalLock
GlobalUnlock
WriteFile
lstrlenW
LocalAlloc
LoadLibraryW
lstrcatW
GetWindowsDirectoryW

user32

EnableWindow
GetDlgItem
IsWindowVisible
SetWindowPos
MoveWindow
GetSystemMetrics
MessageBoxW
AdjustWindowRectEx
GetWindowRect
GetClientRect
SetWindowTextW
GetMenu
GetDC
ReleaseDC
BeginPaint
EndPaint
InvalidateRect
SendMessageW
PostMessageW
DefWindowProcW
PostQuitMessage
RedrawWindow
ShowWindow
DestroyWindow
CreateWindowExW
ClientToScreen
MapWindowPoints
CopyRect
GetWindowLongW
SetWindowLongW
GetParent
GetWindow
GetClassInfoExW
RegisterClassExW
UnregisterClassW
CallWindowProcW
RemovePropA
CharNextW
wsprintfW
MsgWaitForMultipleObjects
RegisterWindowMessageW
CreateDialogParamW
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
WindowFromPoint
ScreenToClient
GetCursorPos
DrawTextW
IsWindowEnabled
ReleaseCapture
SetCapture
IsWindow
GetMonitorInfoW
MonitorFromWindow
SystemParametersInfoW
IsDialogMessageW
LoadImageW
LoadCursorW

gdi32

ExtTextOutW
PatBlt
BitBlt
SetStretchBltMode
StretchBlt
EnumFontFamiliesW
CreateFontW
DeleteDC
CreateCompatibleDC
GetStockObject
GetObjectW
DeleteObject
SetBkMode
SetTextColor
GetTextMetricsW
SelectObject
SetBkColor
CreateDCW
CreateFontIndirectW

advapi32

RegEnumKeyExA
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegSetValueExW
RegOpenKeyExW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
RegQueryValueExA
RegQueryValueExW
RegOpenKeyExA

shell32

CommandLineToArgvW
SHGetSpecialFolderLocation
SHGetSpecialFolderPathW
SHGetFolderPathW
SHGetPathFromIDListW
SHCreateDirectoryExW
SHFileOperationW

ole32

CoUninitialize
CoCreateInstance
CreateStreamOnHGlobal
CreateBindCtx
CoInitialize
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree

oleaut32

VarUI4FromStr
SysFreeString
SysAllocString
SysAllocStringLen
SysStringLen
VarBstrCmp
SysAllocStringByteLen
SysStringByteLen

shlwapi

PathIsRelativeW
PathIsNetworkPathA
PathIsNetworkPathW
PathIsUNCW
SHSetValueA
PathIsRootW
PathCombineW
PathRemoveFileSpecW
PathAppendW
SHGetValueA
PathFileExistsW
PathAddBackslashW
PathFindFileNameW
PathIsDirectoryW
StrCpyW

comctl32

InitCommonControlsEx
_TrackMouseEvent

msimg32

AlphaBlend

gdiplus

GdipLoadImageFromStream
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipCreateHBITMAPFromBitmap
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipCreateFromHDC
GdipDeleteGraphics
GdipDrawRectangleI
GdipFillRectangleI
GdipCreateBitmapFromScan0
GdiplusStartup
GdipAlloc
GdipFree
GdipCloneImage

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

ws2_32

freeaddrinfo
getaddrinfo
WSASocketW
WSASend
WSAResetEvent
WSARecv
WSAGetOverlappedResult
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSASetEvent
WSAStartup
WSACleanup
closesocket
WSASetLastError
WSAGetLastError
WSACloseEvent
WSAConnect

winmm

timeEndPeriod
timeBeginPeriod

psapi

GetProcessImageFileNameW

urlmon

RegisterBindStatusCallback
CreateURLMoniker

iphlpapi

GetAdaptersInfo

netapi32

Netbios

Sections

.text
Size: 664KB - Virtual size: 663KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 227KB - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 5B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2568575e3d06733a75110675395ccd47

Code Sign

44:e8:2b:cb:f8:a6:64:3f:27:cd:66:29:3f:74:aa:bfCertificate

Extended Key Usages

Key Usages

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91Certificate

Key Usages

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54Certificate

Extended Key Usages

Key Usages

5f:40:14:ed:c3:39:ce:be:6e:71:41:6d:31:10:00:4c:2f:05:ce:45Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

gdiplus

version

ws2_32

winmm

psapi

urlmon

iphlpapi

netapi32

Sections

.text Size: 664KB - Virtual size: 663KB

.rdata Size: 227KB - Virtual size: 226KB

.data Size: 20KB - Virtual size: 228KB

.tls Size: 512B - Virtual size: 5B

.rsrc Size: 1.5MB - Virtual size: 1.5MB

.reloc Size: 29KB - Virtual size: 28KB

44:e8:2b:cb:f8:a6:64:3f:27:cd:66:29:3f:74:aa:bf
Certificate

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54
Certificate

5f:40:14:ed:c3:39:ce:be:6e:71:41:6d:31:10:00:4c:2f:05:ce:45
Signer

.text
Size: 664KB - Virtual size: 663KB

.rdata
Size: 227KB - Virtual size: 226KB

.data
Size: 20KB - Virtual size: 228KB

.tls
Size: 512B - Virtual size: 5B

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

.reloc
Size: 29KB - Virtual size: 28KB