6958827bbc1d3fb04d5d5a9f5131cb2f87e3c5fa42381cfd559c1fa07f2ed789

Sharing

Copy URL Twitter E-mail

General

Target

6958827bbc1d3fb04d5d5a9f5131cb2f87e3c5fa42381cfd559c1fa07f2ed789
Size

1.5MB
MD5

69de7a581b2ba55603f21d7143c180bd
SHA1

5aaf42b5b108dc2c6d382c94e8f4022eca7c2710
SHA256

6958827bbc1d3fb04d5d5a9f5131cb2f87e3c5fa42381cfd559c1fa07f2ed789
SHA512

a9bbc30c291cf042243a7f9134ae6c3215e03b3315c7a42b941f15c787bdc003e0514398f7a08894df8459ef0a8403f9d0ac17622e0174e126ee16110461ddaf
SSDEEP

24576:+VnvNUwIsKgI69w/2Z5oYoaCa8t5hKzgU/9WK7HuOCkIPxf:+wcwY65hK0U1WK7HuOCzPxf

Score

1^/10

Malware Config

Signatures

Files

6958827bbc1d3fb04d5d5a9f5131cb2f87e3c5fa42381cfd559c1fa07f2ed789
.exe windows x86

ec55c0b17b185bb429942d6dcab7bf96

Code Sign

3d:7c:77:7e:f5:8c:fa:82:c4:e9:10:62:e6:f9:f1:7e
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Not Before

23/06/2015, 08:16

Not After

23/06/2016, 08:16

Subject

CN=Maanshan Zhiye Software Technology Co.\,Ltd.,O=Maanshan Zhiye Software Technology Co.\,Ltd.,L=Maanshan,ST=Anhui,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

19:c2:85:30:e9:3b:36
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 22:46

Not After

31/12/2019, 23:59

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c5:a1:c9:93:52:6a:a8:ad:9d:6d:ae:2e:39:5e:0f:d7:8b:ca:8f:05
Signer

Actual PE Digest

c5:a1:c9:93:52:6a:a8:ad:9d:6d:ae:2e:39:5e:0f:d7:8b:ca:8f:05

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemDirectoryA
GetVolumeInformationA
GetComputerNameW
ReadFile
IsBadReadPtr
GetEnvironmentVariableW
OutputDebugStringW
lstrcmpA
SetFilePointer
SystemTimeToFileTime
FindResourceA
SizeofResource
LoadResource
FreeResource
RemoveDirectoryW
DeleteFileW
DeviceIoControl
CreateFileA
lstrlenW
TerminateProcess
SetLastError
OpenProcess
lstrcmpiW
GetCurrentProcess
GetLastError
CreateMutexW
WriteFile
SetEndOfFile
HeapFree
GetProcessHeap
HeapAlloc
SetFileAttributesW
GetFileAttributesW
DeleteFileA
GetSystemTime
GetTempPathA
GetVersionExA
OutputDebugStringA
WritePrivateProfileStringW
GetDiskFreeSpaceA
CreateFileMappingW
CreateFileMappingA
LoadLibraryA
GetDiskFreeSpaceW
LockFileEx
HeapValidate
HeapCreate
GetFileSize
HeapDestroy
FormatMessageW
FormatMessageA
UnlockFileEx
WaitForSingleObjectEx
LocalFree
GetVersionExW
CreateFileW
GetTempFileNameW
CreateDirectoryW
GetTempPathW
FindFirstFileW
Sleep
FindClose
FindNextFileW
FindFirstFileExW
lstrcatW
lstrcpyW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
LockFile
FlushViewOfFile
UnlockFile
InterlockedCompareExchange
UnmapViewOfFile
MapViewOfFile
TryEnterCriticalSection
HeapCompact
GetFullPathNameA
GetFullPathNameW
GetModuleHandleA
SetEnvironmentVariableA
SetStdHandle
GetTimeZoneInformation
HeapReAlloc
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
FlushFileBuffers
GetConsoleCP
ReadConsoleW
GetFileAttributesExW
InterlockedDecrement
GetConsoleMode
SetFilePointerEx
HeapSize
GetOEMCP
GetACP
IsValidCodePage
AreFileApisANSI
WriteConsoleW
GetModuleHandleExW
GetFileType
GetStdHandle
LoadLibraryExW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
RaiseException
RtlUnwind
GetCommandLineW
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
IsDebuggerPresent
ExitThread
CreateThread
ResumeThread
SuspendThread
VirtualProtect
GetThreadPriority
GetTickCount
ExitProcess
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
CloseHandle
WaitForSingleObject
GetFileAttributesA
CreateProcessW
GetSystemInfo
OpenThread
VirtualAlloc
FlushInstructionCache
SetThreadPriority
InitializeCriticalSection
GetCurrentThread
VirtualQuery
GetThreadContext
GetExitCodeThread
GetLocalTime
GlobalFree
GetPrivateProfileIntW
GlobalUnlock
GlobalAlloc
GetPrivateProfileStringW
GlobalLock
GlobalSize
GetModuleHandleW
InterlockedIncrement
LocalAlloc
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
GetStringTypeW
GetCurrentThreadId
GetCurrentProcessId
FreeLibrary
GetSystemDirectoryW
LoadLibraryW
GetProcAddress

user32

GetClassNameW
GetWindowThreadProcessId
IsWindow
PostQuitMessage
KillTimer
DefWindowProcW
LoadCursorW
RegisterClassExW
CreateWindowExW
SetTimer
SendMessageW
SetFocus
SetCursor
GetSystemMetrics
MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
CopyRect
CallWindowProcW
CloseClipboard
ScreenToClient
FindWindowW
PtInRect
GetClipboardData
EmptyClipboard
OpenClipboard
SetClipboardData
PostMessageW
DestroyWindow
SetWindowPos
BeginPaint
TranslateMessage
SetWindowLongW
GetKeyState
GetParent
GetDC
GetWindowLongW
ReleaseDC
PrintWindow
GetWindow
EndPaint
IsIconic
LoadIconW
SetWindowTextW
ShowWindow
GetClientRect
MoveWindow
InvalidateRect
SetRect
GetMessageW
GetWindowPlacement
UpdateWindow
GetWindowRect
wsprintfW
DispatchMessageW

gdi32

CreateCompatibleBitmap
CreateSolidBrush
DeleteObject
DeleteDC
CreateCompatibleDC
SelectObject

comdlg32

GetOpenFileNameW

advapi32

AdjustTokenPrivileges
RegisterEventSourceA
DeregisterEventSource
CheckTokenMembership
FreeSid
RegEnumValueW
SetEntriesInAclW
AllocateAndInitializeSid
RegEnumKeyExW
RegSetValueExW
RegQueryValueExA
ConvertSidToStringSidW
LookupAccountNameW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
ReportEventA
LookupPrivilegeValueW
OpenProcessToken
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryInfoKeyW
RegCreateKeyExW

shell32

SHGetMalloc
SHGetFileInfoW
SHGetSpecialFolderPathW
CommandLineToArgvW
SHGetSpecialFolderLocation
SHGetPathFromIDListW

ole32

OleSetContainedObject
CoGetClassObject
CoInitialize
OleUninitialize
OleInitialize
CoCreateInstance
CoUninitialize
CLSIDFromString

oleaut32

SafeArrayDestroy
SafeArrayAccessData
SafeArrayCreateVector
SafeArrayUnaccessData
VariantClear
VariantInit
SysStringLen
SysAllocString
SysFreeString

shlwapi

StrStrIW
PathFindFileNameW
PathFileExistsW

iphlpapi

GetAdaptersInfo

wininet

InternetOpenW
DeleteUrlCacheEntryW
FindFirstUrlCacheEntryW
InternetCloseHandle
InternetReadFile
HttpQueryInfoW
InternetOpenUrlW
InternetSetOptionW
FindNextUrlCacheEntryW

d3d9

Direct3DCreate9

ws2_32

gethostbyname
select
setsockopt
ioctlsocket
WSAStartup
__WSAFDIsSet
connect
htons
socket
recv
WSAGetLastError
getpeername
inet_addr
send
closesocket
shutdown

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

gdui

Plugin_Redraw
DUI_UnLoad
MatchString
LoadStyleZipMemoryEx
WindowManager_Attach
GetPluginByName
DUI_Init

freeimage

?RotateRight@CxImage@@QAE_NPAV1@@Z
?Draw@CxImage@@QAEHPAUHDC__@@HHHHPAUtagRECT@@_N2@Z
?GetTypeIdFromName@CxImage@@SAIPB_W@Z
??0CxImage@@QAE@PB_WI@Z
?IsValid@CxImage@@QBE_NXZ
?GetWidth@CxImage@@QBEIXZ
?GetHeight@CxImage@@QBEIXZ
?RotateLeft@CxImage@@QAE_NPAV1@@Z

rpcrt4

UuidFromStringW
UuidCompare

oleacc

LresultFromObject

gdiplus

GdipFree
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdipSaveImageToFile
GdiplusShutdown
GdiplusStartup
GdipCloneImage
GdipAlloc

Sections

.text
Size: 950KB - Virtual size: 950KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 191KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 159KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 138KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ec55c0b17b185bb429942d6dcab7bf96

Code Sign

3d:7c:77:7e:f5:8c:fa:82:c4:e9:10:62:e6:f9:f1:7eCertificate

Extended Key Usages

Key Usages

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79Certificate

Extended Key Usages

Key Usages

19:c2:85:30:e9:3b:36Certificate

Key Usages

c5:a1:c9:93:52:6a:a8:ad:9d:6d:ae:2e:39:5e:0f:d7:8b:ca:8f:05Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

iphlpapi

wininet

d3d9

ws2_32

version

gdui

freeimage

rpcrt4

oleacc

gdiplus

Sections

.text Size: 950KB - Virtual size: 950KB

.rdata Size: 191KB - Virtual size: 191KB

.data Size: 159KB - Virtual size: 176KB

.rsrc Size: 138KB - Virtual size: 138KB

.reloc Size: 41KB - Virtual size: 40KB

3d:7c:77:7e:f5:8c:fa:82:c4:e9:10:62:e6:f9:f1:7e
Certificate

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79
Certificate

19:c2:85:30:e9:3b:36
Certificate

c5:a1:c9:93:52:6a:a8:ad:9d:6d:ae:2e:39:5e:0f:d7:8b:ca:8f:05
Signer

.text
Size: 950KB - Virtual size: 950KB

.rdata
Size: 191KB - Virtual size: 191KB

.data
Size: 159KB - Virtual size: 176KB

.rsrc
Size: 138KB - Virtual size: 138KB

.reloc
Size: 41KB - Virtual size: 40KB