65f8c5d4c7011955065a7da38a947cc09d66245b8c8359bb3804ae93f04ce9c1

Sharing

Copy URL

Twitter E-mail

General

Target

65f8c5d4c7011955065a7da38a947cc09d66245b8c8359bb3804ae93f04ce9c1
Size

2.1MB
MD5

0c3c8ebc20b6412c38e7bf808d873568
SHA1

ebbbb2f345a26e984c3ed6fc6d86cf35246c7db2
SHA256

65f8c5d4c7011955065a7da38a947cc09d66245b8c8359bb3804ae93f04ce9c1
SHA512

a4025cb26a2a1d723b092074a2f8ddcc3c59ed1ecae9f95da5baa590f6f39d4ffecb58b5604980b07c8ee899fdb9465b698db768f3b4a26f9a1d9aaf426782ba
SSDEEP

49152:1aMujt3diVPRmRXXZLIfPWZIfql/XsjTRaBV5rIcMi/VJRLjnQT7PN+Fk:sMujt3AVPR4pLIfPstXfvrIi/HRLjn6V

Score

1^/10

Malware Config

Signatures

Files

65f8c5d4c7011955065a7da38a947cc09d66245b8c8359bb3804ae93f04ce9c1
.exe windows:4 windows x86

5794e74712225baf292af05354aa1472

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3d:85:10:b4:c5:bc:9c:49:89:23:8c:1c:05:59:f1:d9
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

25-06-2010 00:00

Not After

24-06-2013 23:59

Subject

CN=Netease(Hangzhou) Network Co.Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Netease(Hangzhou),O=Netease(Hangzhou) Network Co.Ltd.,L=Hangzhou,ST=Zhejiang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7c:e2:12:cb:23:bc:99:02:98:16:4f:f5:c3:8b:76:04:be:1c:08:89
Signer

Actual PE Digest

7c:e2:12:cb:23:bc:99:02:98:16:4f:f5:c3:8b:76:04:be:1c:08:89

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
FindClose
FindFirstFileA
GetVolumeInformationA
GetFullPathNameA
SetErrorMode
FileTimeToLocalFileTime
GetFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
RtlUnwind
RaiseException
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
GetSystemTimeAsFileTime
GetCommandLineA
GetProcessHeap
GetStartupInfoA
HeapSize
DuplicateHandle
HeapCreate
VirtualFree
GetStdHandle
GetACP
IsValidCodePage
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
GetLocaleInfoW
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
GetOEMCP
GetCPInfo
FileTimeToSystemTime
GetThreadLocale
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GlobalFlags
WritePrivateProfileStringA
GetCurrentProcessId
InterlockedDecrement
GetModuleFileNameW
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
lstrcmpW
GetVersionExA
FreeResource
GlobalFree
GlobalUnlock
FormatMessageA
LocalFree
MulDiv
SetLastError
LoadLibraryA
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
GetModuleFileNameA
EnumResourceLanguagesA
GetLocaleInfoA
LoadLibraryExA
GlobalLock
lstrcmpA
GlobalAlloc
FreeLibrary
GetProcAddress
Process32Next
Process32First
CreateToolhelp32Snapshot
InitializeCriticalSection
DeleteCriticalSection
GetFileAttributesA
ReadFile
EnterCriticalSection
LeaveCriticalSection
GetDiskFreeSpaceExA
FindResourceA
LoadResource
LockResource
SizeofResource
GetTempPathA
CreateFileA
WriteFile
CloseHandle
GetModuleHandleA
CreateProcessA
GetTickCount
Sleep
ExitProcess
GetLastError
CompareStringA
CompareStringW
WideCharToMultiByte
lstrlenA
MultiByteToWideChar
GetVersion
HeapDestroy
InterlockedExchange

user32

GetNextDlgGroupItem
MessageBeep
RegisterClipboardFormatA
PostThreadMessageA
DispatchMessageA
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
GetKeyState
SetForegroundWindow
IsWindowVisible
UpdateWindow
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
EqualRect
PtInRect
DefWindowProcA
CallWindowProcA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
SetCapture
GetWindowTextA
GetFocus
InvalidateRgn
SetFocus
ShowWindow
MoveWindow
SetWindowLongA
GetDlgCtrlID
SetWindowTextA
IsDialogMessageA
SendDlgItemMessageA
GetWindow
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetWindowLongA
GetDlgItem
IsWindowEnabled
GetParent
GetNextDlgTabItem
EndDialog
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
ReleaseDC
GetDC
CopyRect
IsWindow
PostMessageA
PostQuitMessage
GetSystemMenu
AppendMenuA
GetWindowThreadProcessId
SetCursor
GetMessageA
TranslateMessage
KillTimer
LoadIconA
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
LoadStringA
SetTimer
SendMessageA
MessageBoxA
CharUpperA
InvalidateRect
SetRect
IsRectEmpty
CopyAcceleratorTableA
CharNextA
UnregisterClassA
EnableWindow
GetSysColorBrush
ReleaseCapture
LoadCursorA
SetWindowPos
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
SetWindowContextHelpId
MapDialogRect
DestroyMenu
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
RegisterWindowMessageA
WinHelpA
IsChild
GetLastActivePopup
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetCapture

gdi32

SetMapMode
DeleteObject
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreateBitmap
GetStockObject
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
RestoreDC
SaveDC
GetObjectA
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
SetWindowExtEx
CreateRectRgnIndirect

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegEnumKeyA
RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegCloseKey
RegDeleteKeyA
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comctl32

InitCommonControlsEx

shlwapi

PathFindExtensionA
PathStripToRootA
PathFindFileNameA
PathIsUNCA

oledlg

ord8

ole32

CoTaskMemFree
CoInitialize
CoUninitialize
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
CoTaskMemAlloc
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

SysStringLen
SysAllocStringByteLen
VariantClear
VariantChangeType
VariantInit
SysAllocStringLen
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
SysAllocString
SysFreeString

ws2_32

WSAGetLastError
htonl
bind
listen
connect
closesocket
recv
select
accept
send
htons
inet_addr
socket
shutdown
WSAStartup
WSACleanup

Sections

.text
Size: 400KB - Virtual size: 400KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text1
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5794e74712225baf292af05354aa1472

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

3d:85:10:b4:c5:bc:9c:49:89:23:8c:1c:05:59:f1:d9Certificate

Extended Key Usages

Key Usages

7c:e2:12:cb:23:bc:99:02:98:16:4f:f5:c3:8b:76:04:be:1c:08:89Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

ws2_32

Sections

.text Size: 400KB - Virtual size: 400KB

.text1 Size: 8KB - Virtual size: 8KB

.rdata Size: 56KB - Virtual size: 56KB

.data Size: 20KB - Virtual size: 35KB

.data1 Size: 92KB - Virtual size: 92KB

.rsrc Size: 1.6MB - Virtual size: 1.6MB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

3d:85:10:b4:c5:bc:9c:49:89:23:8c:1c:05:59:f1:d9
Certificate

7c:e2:12:cb:23:bc:99:02:98:16:4f:f5:c3:8b:76:04:be:1c:08:89
Signer

.text
Size: 400KB - Virtual size: 400KB

.text1
Size: 8KB - Virtual size: 8KB

.rdata
Size: 56KB - Virtual size: 56KB

.data
Size: 20KB - Virtual size: 35KB

.data1
Size: 92KB - Virtual size: 92KB

.rsrc
Size: 1.6MB - Virtual size: 1.6MB