3e0788d403518eb973dffbd827058cf98d354d1e7da38fede5e993fde48e07e0

Sharing

Copy URL Twitter E-mail

General

Target

3e0788d403518eb973dffbd827058cf98d354d1e7da38fede5e993fde48e07e0
Size

1021KB
MD5

a159da3cf14f4f85a6a6c78b414f42c9
SHA1

dbd16fe4718b8245f17e461da0e6e7e672f3835d
SHA256

3e0788d403518eb973dffbd827058cf98d354d1e7da38fede5e993fde48e07e0
SHA512

297621ae998ec98f627f1a45bc817019a008334c84568259a6a4b7990166387636a7d1a53ea2231a8aa927c9620ca43f36067cd082181b0ecbe02df1e2599b0d
SSDEEP

12288:FtQA4/lC61bZEqGVrrm0a0fk2K3eXRM9T3QD4Bi1p6lHP6H30mtWWLKNErE4ZuGC:Q0qG59a0QuXRM9z6DgM9Aq0KMLZb

Score

1^/10

Malware Config

Signatures

Files

3e0788d403518eb973dffbd827058cf98d354d1e7da38fede5e993fde48e07e0
.exe windows:5 windows x86

54ad31767fa50ace103ba7c4faada248

Code Sign

06:cd:53:28:49:6e:09:da:53:27:ba:46:57:d0:9f:15
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/07/2013, 00:00

Not After

17/09/2016, 23:59

Subject

CN=量产部落��,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=量产部落��,L=Mongkok,ST=Kowloon,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e2:e6:a0:f1:5d:e6:98:7f:b1:91:49:50:99:bc:41:69:2e:91:25:cb
Signer

Actual PE Digest

e2:e6:a0:f1:5d:e6:98:7f:b1:91:49:50:99:bc:41:69:2e:91:25:cb

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

inpout32

ord2
ord1

setupapi

CM_Get_DevNode_Registry_PropertyW
CM_Get_Device_IDA
CM_Query_And_Remove_SubTreeA
CM_Setup_DevNode
CM_Connect_MachineA
CM_Get_DevNode_Registry_Property_ExA
CM_Get_Sibling_Ex
CM_Get_Child_Ex
SetupDiGetClassDevsA
SetupDiEnumDeviceInterfaces
CM_Get_Sibling
CM_Get_Child
CM_Get_DevNode_Registry_PropertyA
CM_Locate_DevNodeA
CM_Disconnect_Machine
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailA
CM_Get_Parent

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

kernel32

DeviceIoControl
OpenProcess
TerminateProcess
Process32Next
SetEnvironmentVariableA
CompareStringW
GetExitCodeProcess
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetTimeZoneInformation
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetProcessHeap
LCMapStringW
LCMapStringA
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetStdHandle
VirtualFree
HeapCreate
GetStringTypeW
GetStringTypeA
IsValidCodePage
GetACP
HeapSize
SetStdHandle
HeapReAlloc
VirtualAlloc
RtlUnwind
RaiseException
GetStartupInfoA
GetCommandLineA
GetFileType
ExitThread
GetSystemTimeAsFileTime
ExitProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapAlloc
HeapFree
GetFileSizeEx
SetErrorMode
GetModuleHandleW
GetOEMCP
GetCPInfo
InterlockedIncrement
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
SuspendThread
SetThreadPriority
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
InterlockedExchange
FileTimeToLocalFileTime
GetFullPathNameA
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
GetModuleFileNameW
FormatMessageA
LocalFree
GetCurrentProcessId
GlobalLock
GlobalUnlock
MulDiv
lstrlenA
FreeResource
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
lstrcmpW
GetTickCount
GetFileSize
lstrcmpA
SetFilePointer
ReadFile
GetCommMask
WaitCommEvent
SignalObjectAndWait
SetCommTimeouts
SetCommState
GetCommState
SetCommMask
GetLocalTime
GetCurrentThreadId
FileTimeToSystemTime
GetFileTime
CreateFileW
CreateThread
GetVersion
GetCurrentDirectoryA
CreateSemaphoreA
InterlockedDecrement
GetVersionExA
FlushFileBuffers
lstrcatA
GetVolumeInformationA
WritePrivateProfileStringA
GetModuleFileNameA
WinExec
GetWindowsDirectoryA
GetLogicalDrives
FindFirstFileA
FindNextFileA
FindClose
CopyFileA
GetModuleHandleA
GetCurrentProcess
GetLastError
QueryDosDeviceA
ReleaseMutex
SetLastError
CreateMutexA
ResumeThread
TerminateThread
CreateToolhelp32Snapshot
MultiByteToWideChar
GetSystemDefaultLangID
CreateEventA
WaitForMultipleObjects
FreeLibrary
GetPrivateProfileStringA
Sleep
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetThreadLocale
GetProcAddress
LoadLibraryA
DeleteFileA
CreateDirectoryA
GetPrivateProfileIntA
SetFileAttributesA
GetFileAttributesA
WideCharToMultiByte
SizeofResource
LockResource
LoadResource
FindResourceA
CreateFileA
WriteFile
CloseHandle
GlobalAlloc
GlobalFree
OutputDebugStringA
WaitForSingleObject
GetComputerNameA
GetDriveTypeA
CreateProcessA
Process32First

winscard

SCardEstablishContext
SCardEndTransaction
SCardTransmit
SCardBeginTransaction
SCardDisconnect
SCardConnectA
SCardListReadersA
SCardStatusA

ws2_32

select
__WSAFDIsSet
connect
WSAGetLastError
listen
bind
setsockopt
socket
getpeername
getsockname
closesocket
shutdown
accept
gethostname
ntohl
gethostbyname
inet_addr
getservbyname
htons
htonl
ntohs
WSACleanup
WSAStartup
send
sendto
recv
recvfrom

user32

GetClassLongA
WindowFromDC
SendMessageTimeoutA
GetKeyState
GetDlgItem
FindWindowExA
FindWindowA
MsgWaitForMultipleObjects
DrawIcon
GetSystemMetrics
IsIconic
RegisterDeviceNotificationA
LoadIconA
GetWindowTextA
GetClassNameA
DispatchMessageA
TranslateMessage
PeekMessageA
IsWindow
UpdateWindow
RedrawWindow
DestroyIcon
GetWindowLongA
MessageBoxA
GetNextDlgTabItem
GetParent
SetCursor
InvalidateRect
ClientToScreen
WindowFromPoint
GetActiveWindow
GetWindowRect
GetSubMenu
TrackPopupMenuEx
PostMessageA
CopyRect
InflateRect
DrawFocusRect
GetClientRect
OffsetRect
DrawStateA
FillRect
GetSysColor
UnregisterClassA
LoadCursorA
GetSysColorBrush
GetMessageA
ValidateRect
PostQuitMessage
CharUpperA
GetDesktopWindow
CreateDialogIndirectParamA
EndDialog
GetWindowThreadProcessId
EndPaint
BeginPaint
GetCursorPos
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
wsprintfA
KillTimer
PtInRect
ScreenToClient
GetMessagePos
SetTimer
FrameRect
DestroyMenu
DestroyCursor
EnableWindow
DrawEdge
ReleaseDC
SendMessageA
LoadBitmapA
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
GetCapture
SetWindowsHookExA
CallNextHookEx
SetPropA
GetPropA
RemovePropA
GetFocus
SetFocus
GetWindowTextLengthA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
MapWindowPoints
SetMenu
SetForegroundWindow
IsWindowVisible
GetMenuItemID
GetMenuItemCount
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
SetWindowPos
SystemParametersInfoA
GetWindowPlacement
GetWindow
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetDC

gdi32

GetStockObject
CreateFontIndirectA
CreateCompatibleDC
CreatePen
GetDeviceCaps
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SelectClipRgn
SetTextAlign
MoveToEx
LineTo
SetMapMode
SetBkMode
RestoreDC
SaveDC
GetClipBox
Escape
TextOutA
RectVisible
PtVisible
ExtTextOutA
CreateRectRgn
GetBkColor
DPtoLP
GetViewportExtEx
GetWindowExtEx
GetMapMode
LPtoDP
SetViewportOrgEx
GetViewportOrgEx
CreateCompatibleBitmap
GetTextColor
GetTextExtentPoint32A
CreateFontA
FillRgn
CreatePolygonRgn
Polygon
Rectangle
CreateSolidBrush
CreateDIBSection
GetObjectA
DeleteDC
SetTextColor
SetBkColor
SelectObject
CreateBitmap
BitBlt
DeleteObject

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

advapi32

RegCloseKey
RegOpenKeyA
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueA
RegEnumKeyA
RegSetValueExA
RegDeleteKeyA
RegFlushKey
RegDeleteValueA
RegQueryValueExA

shell32

ShellExecuteExA
SHGetSpecialFolderPathA
SHCreateDirectoryExA
ShellExecuteA

comctl32

_TrackMouseEvent

oleaut32

VariantClear
VariantChangeType
VariantInit

shlwapi

StrToIntExA
StrToInt64ExA
PathStripToRootA
PathIsUNCA
PathFindFileNameA
PathFindExtensionA

rpcrt4

UuidCreateSequential

Sections

.text
Size: 716KB - Virtual size: 716KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 295KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

54ad31767fa50ace103ba7c4faada248

Code Sign

06:cd:53:28:49:6e:09:da:53:27:ba:46:57:d0:9f:15Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

e2:e6:a0:f1:5d:e6:98:7f:b1:91:49:50:99:bc:41:69:2e:91:25:cbSigner

Headers

DLL Characteristics

File Characteristics

Imports

inpout32

setupapi

version

kernel32

winscard

ws2_32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oleaut32

shlwapi

rpcrt4

Sections

.text Size: 716KB - Virtual size: 716KB

.rdata Size: 120KB - Virtual size: 120KB

.data Size: 13KB - Virtual size: 295KB

.rsrc Size: 167KB - Virtual size: 166KB

06:cd:53:28:49:6e:09:da:53:27:ba:46:57:d0:9f:15
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

e2:e6:a0:f1:5d:e6:98:7f:b1:91:49:50:99:bc:41:69:2e:91:25:cb
Signer

.text
Size: 716KB - Virtual size: 716KB

.rdata
Size: 120KB - Virtual size: 120KB

.data
Size: 13KB - Virtual size: 295KB

.rsrc
Size: 167KB - Virtual size: 166KB