e17636a10d99a466b497941f239e78f2c2801e15795048ff1a3fafab0035938c

Sharing

Copy URL Twitter E-mail

General

Target

e17636a10d99a466b497941f239e78f2c2801e15795048ff1a3fafab0035938c
Size

1.4MB
MD5

4858424d5250a51b4542b7ada0873d40
SHA1

7777cea8ff0a8f9b99e0da932b2e98f54ac27861
SHA256

e17636a10d99a466b497941f239e78f2c2801e15795048ff1a3fafab0035938c
SHA512

368897d380b37ef2650152db25fe7899fe228ff113e8a454a11230b99919bbee51eddc15cec1d924c3d58ee04514934f1983e8bcfcad905b901ce6a783e6d75d
SSDEEP

24576:DDaG0Vb5EVLtNpnfALufRVs/gf6wOH+T6Ts9Q3NHFQ:9O5EV7hAcG0KTs63NHFQ

Score

1^/10

Malware Config

Signatures

Files

e17636a10d99a466b497941f239e78f2c2801e15795048ff1a3fafab0035938c
.exe windows x86

8e6819bd510234cfacab0a110a5e49be

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

19:9d:f8:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

17:49:ab:5a:7d:e5:9c
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

18/10/2011, 07:16

Not After

20/10/2014, 12:58

Subject

CN=Youku.com Inc.,O=Youku.com Inc.,L=George Town,ST=George Town,C=KY,1.2.840.113549.1.9.1=#0c136c69756a696e67756f40796f756b752e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

39
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

f6:1f:7d:2f:58:aa:c3:3c:96:0a:38:94:b6:70:7c:d0:24:8c:bb:c8
Signer

Actual PE Digest

f6:1f:7d:2f:58:aa:c3:3c:96:0a:38:94:b6:70:7c:d0:24:8c:bb:c8

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

FindWindowW
PostMessageW
GetSystemMetrics
SendMessageW
SendMessageTimeoutW

version

GetFileVersionInfoA
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW

advapi32

GetUserNameA
InitializeSecurityDescriptor
SetNamedSecurityInfoA
SetSecurityDescriptorDacl
RegQueryValueExA
CryptGetHashParam
CryptDestroyHash
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegOpenKeyExW
RegEnumKeyExW
RegQueryValueExW
RegQueryInfoKeyW
RegCloseKey
CryptReleaseContext
CryptHashData
CryptAcquireContextA
CryptCreateHash
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorA

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW

ws2_32

send
getsockname
socket
WSASocketW
recvfrom
gethostname
getsockopt
shutdown
recv
bind
listen
WSCEnumProtocols
WSAGetLastError
ioctlsocket
WSASend
WSASetLastError
setsockopt
closesocket
WSACleanup
WSAStartup
__WSAFDIsSet
htons
ntohs
select
getpeername
connect
freeaddrinfo
ntohl
WSAStringToAddressA
getaddrinfo
accept
htonl
WSARecv
WSAIoctl
sendto

kernel32

PeekNamedPipe
VerifyVersionInfoA
VerSetConditionMask
GetFileSize
GetDriveTypeA
GetFullPathNameA
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
GetUserDefaultLCID
GetTimeZoneInformation
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetStdHandle
ReadFile
SetFilePointer
FlushFileBuffers
GetSystemDefaultLCID
FreeLibrary
GetCurrentProcess
GetCurrentThreadId
OpenProcess
SetWaitableTimer
WaitForSingleObject
SetEvent
LeaveCriticalSection
GetProcAddress
InterlockedExchange
CloseHandle
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetLastError
Process32NextW
CreateToolhelp32Snapshot
Module32FirstW
InterlockedIncrement
EnterCriticalSection
PostQueuedCompletionStatus
CreateEventW
SleepEx
TlsFree
TerminateProcess
InterlockedDecrement
CreateWaitableTimerW
LoadLibraryW
Process32FirstW
TlsAlloc
InterlockedExchangeAdd
CreateEventA
WideCharToMultiByte
MultiByteToWideChar
Sleep
GetDriveTypeW
GetDiskFreeSpaceExW
CreateProcessW
FindFirstFileA
AllocConsole
FindClose
SetConsoleOutputCP
FileTimeToLocalFileTime
GetModuleFileNameW
GetACP
FileTimeToSystemTime
FreeConsole
CopyFileW
GetTickCount
GetModuleHandleW
WaitForMultipleObjects
InitializeCriticalSectionAndSpinCount
InterlockedCompareExchange
GetQueuedCompletionStatus
SetLastError
HeapAlloc
GetProcessHeap
HeapFree
TlsSetValue
CreateIoCompletionPort
TlsGetValue
DeleteCriticalSection
QueueUserAPC
TerminateThread
CreateMutexW
OpenMutexW
GlobalFree
GlobalAlloc
WriteProcessMemory
CreateFileA
GetCurrentProcessId
GetLocalTime
SetUnhandledExceptionFilter
GetCurrentThread
VirtualQuery
GlobalMemoryStatus
GetVersionExA
VirtualProtect
InitializeCriticalSection
ReleaseMutex
QueryPerformanceFrequency
GetFileAttributesW
SuspendThread
ResumeThread
GetModuleFileNameA
GetCurrentDirectoryA
ReadProcessMemory
GetEnvironmentVariableW
GetEnvironmentVariableA
GetThreadContext
GetLogicalDriveStringsW
GetWindowsDirectoryW
GetConsoleMode
GlobalMemoryStatusEx
MapViewOfFile
OutputDebugStringA
CreateFileMappingA
OpenFileMappingA
LocalFree
ResetEvent
OpenEventA
SystemTimeToFileTime
FormatMessageA
ReleaseSemaphore
CreateWaitableTimerA
SetEndOfFile
CreateFileW
RemoveDirectoryW
DeleteFileW
DeviceIoControl
FindFirstFileW
FindNextFileW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetFileInformationByHandle
CreateDirectoryW
GetModuleHandleA
AreFileApisANSI
ExitThread
CreateThread
ExitProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
SetEnvironmentVariableW
MoveFileW
HeapReAlloc
GetTimeFormatA
GetDateFormatA
RaiseException
RtlUnwind
GetCPInfo
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
WriteFile
GetStdHandle
LoadLibraryA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapSize
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
GetOEMCP
IsValidCodePage
GetConsoleCP
WriteConsoleW

oleaut32

SysFreeString
SysAllocString
VariantClear

wininet

InternetCloseHandle
InternetSetFilePointer
HttpQueryInfoW
HttpSendRequestW
HttpOpenRequestW
InternetConnectW
InternetSetOptionW
InternetOpenW
HttpQueryInfoA
InternetTimeToSystemTimeA
InternetReadFile

ole32

CoSetProxyBlanket
CoCreateInstance
CoInitializeEx
CoUninitialize

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 212KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 195KB - Virtual size: 234KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8e6819bd510234cfacab0a110a5e49be

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

19:9d:f8:79Certificate

Key Usages

17:49:ab:5a:7d:e5:9cCertificate

Extended Key Usages

Key Usages

39Certificate

Key Usages

01Certificate

Key Usages

f6:1f:7d:2f:58:aa:c3:3c:96:0a:38:94:b6:70:7c:d0:24:8c:bb:c8Signer

Headers

File Characteristics

Imports

user32

version

advapi32

shell32

ws2_32

kernel32

oleaut32

wininet

ole32

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 212KB - Virtual size: 212KB

.data Size: 31KB - Virtual size: 46KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 195KB - Virtual size: 234KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

19:9d:f8:79
Certificate

17:49:ab:5a:7d:e5:9c
Certificate

39
Certificate

01
Certificate

f6:1f:7d:2f:58:aa:c3:3c:96:0a:38:94:b6:70:7c:d0:24:8c:bb:c8
Signer

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 212KB - Virtual size: 212KB

.data
Size: 31KB - Virtual size: 46KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 195KB - Virtual size: 234KB