6433eba37353e369eed7e91afc36085ab33a988d7342f8795c720ece1ae86cf8

Sharing

Copy URL Twitter E-mail

General

Target

6433eba37353e369eed7e91afc36085ab33a988d7342f8795c720ece1ae86cf8
Size

3.7MB
MD5

ea0972d580108b09c24409ef7f76ba3b
SHA1

3a1a5151288d45f4ca6233c55e2d4a4743112ea6
SHA256

6433eba37353e369eed7e91afc36085ab33a988d7342f8795c720ece1ae86cf8
SHA512

10a83d04a5788912ed64c321770d717414c3a07d33e3d1d5c88714d9b4c27ed156f0a7e1a884be2e2c60158d51e8a3a39ef2a6bf34c667236695d985029c648a
SSDEEP

98304:bStjUvs30YmCcpjE8xfa8giC+madUDViyAz9EjDWWyxsB41O/WQXLAj:bStQEkQsjtmiC+/uVirEjDHAj

Score

1^/10

Malware Config

Signatures

Files

6433eba37353e369eed7e91afc36085ab33a988d7342f8795c720ece1ae86cf8
.exe windows:4 windows x86

93bccad87cb88ab1815028975356bc00

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/01/2010, 00:00

Not After

25/01/2013, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

31:34:c3:88:77:8d:a0:72:3e:10:63:15:7e:f7:b3:cb:36:6a:71:0f
Signer

Actual PE Digest

31:34:c3:88:77:8d:a0:72:3e:10:63:15:7e:f7:b3:cb:36:6a:71:0f

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

ntohs
htonl
bind
ioctlsocket
WSAResetEvent
recvfrom
gethostname
select
htons
inet_addr
closesocket
WSACloseEvent
__WSAFDIsSet
WSACleanup
sendto
WSAStartup
WSAGetLastError
send
recv
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
socket
setsockopt
connect
WSAEventSelect
inet_ntoa
gethostbyname
WSACreateEvent

wininet

InternetCloseHandle
InternetOpenA
InternetReadFile
InternetOpenUrlA
HttpQueryInfoA
InternetQueryDataAvailable

winmm

timeGetTime
timeBeginPeriod
timeEndPeriod

kernel32

CreateSemaphoreA
InterlockedExchange
CompareStringA
CompareStringW
lstrlenA
lstrcpynA
ResetEvent
IsBadReadPtr
CreateEventA
SetEvent
OutputDebugStringA
GetCurrentThreadId
GetProcAddress
GetFileAttributesA
InterlockedIncrement
InterlockedDecrement
GetLocaleInfoW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetTimeZoneInformation
LoadLibraryA
FreeLibrary
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetStdHandle
HeapSize
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetDiskFreeSpaceExA
GetStdHandle
SetHandleCount
VirtualFree
HeapCreate
SleepEx
IsValidCodePage
GetOEMCP
GetACP
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStringTypeW
GetStringTypeA
SetEndOfFile
GetTimeFormatA
ExitProcess
GetCPInfo
LCMapStringW
LCMapStringA
MoveFileA
SetEnvironmentVariableA
GetCurrentProcessId
GetStartupInfoA
GetProcessHeap
GetCommandLineA
VirtualAlloc
HeapReAlloc
HeapAlloc
ExitThread
RemoveDirectoryA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
HeapFree
IsDebuggerPresent
ReleaseSemaphore
WideCharToMultiByte
MultiByteToWideChar
GlobalAlloc
GlobalFree
SetCurrentDirectoryA
CreateFileA
WriteFile
GetTickCount
GetModuleFileNameA
IsDBCSLeadByte
WaitForSingleObject
DeleteFileA
LeaveCriticalSection
EnterCriticalSection
RaiseException
CreateMutexA
GetLastError
CloseHandle
DeleteCriticalSection
InitializeCriticalSection
LoadResource
LockResource
SizeofResource
CreateThread
TerminateThread
WritePrivateProfileStringA
GetPrivateProfileStringA
GetVersionExA
CreateDirectoryA
Sleep
FindResourceA
FreeResource
GetFileType
GetModuleHandleA
LocalAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
RtlUnwind
GetLocaleInfoA
InterlockedCompareExchange
SetFilePointer
SetLastError
GlobalMemoryStatus
GetFullPathNameA
CreateProcessA
GetFileSize
ReadFile
FindFirstFileA
FindNextFileA
FindClose
GetWindowsDirectoryA
SetFileAttributesA
CopyFileA
GetCurrentDirectoryA
SetThreadPriority
ResumeThread
WaitForMultipleObjects
GetDateFormatA
GetThreadLocale
HeapDestroy

user32

SystemParametersInfoA
EndDialog
MessageBoxA
GetDlgItemTextA
SetDlgItemTextA
DialogBoxParamA
TranslateMessage
SetCapture
PeekMessageA
PostQuitMessage
SetWindowLongA
GetWindowLongA
GetMessageA
DestroyWindow
EndPaint
BeginPaint
ReleaseCapture
DispatchMessageA
SetTimer
UpdateWindow
ShowWindow
SetWindowTextA
CreateDialogParamA
GetDC
ReleaseDC
GetClientRect
DrawTextA
InvalidateRect
PostMessageA
SendMessageA
CheckRadioButton
SetRect
DefWindowProcA
CreateWindowExA
RegisterClassA
GetClassInfoA
LoadCursorA
MoveWindow
GetDlgItem
SetCursor
RegisterClassExA
LoadIconA
TranslateAcceleratorA
SetPropA
RemovePropA
FillRect
TrackMouseEvent
GetPropA
LoadBitmapA
GetDesktopWindow
ClientToScreen
GetWindowRect
GetWindowTextA
CallWindowProcA
GetParent
SetWindowPos
GetClassInfoExA
SetWindowRgn
IsWindow
GetSystemMetrics
EnumDisplayDevicesA

gdi32

CreateICA
GetDIBits
CreateDIBSection
CreateCompatibleBitmap
CreateSolidBrush
CreateRectRgn
GetStockObject
SetDIBitsToDevice
CreateFontA
SetBkMode
SetTextColor
DeleteObject
CreateCompatibleDC
SelectObject
GetObjectA
BitBlt
DeleteDC
ExtCreateRegion

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyA
RegOpenKeyA
RegDeleteKeyA

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation
ShellExecuteA
SHGetSpecialFolderPathA

ole32

OleSetContainedObject
OleCreate
CLSIDFromProgID
CoGetInterfaceAndReleaseStream
CoInitializeEx
CoInitialize
CoUninitialize
CoMarshalInterThreadInterfaceInStream
CoFreeLibrary
CoLoadLibrary
CoCreateInstance
CoTaskMemFree

oleaut32

SysAllocStringByteLen
SysAllocString
SysFreeString
VariantClear
VariantInit

shlwapi

PathIsDirectoryA
wnsprintfA

iphlpapi

GetAdaptersInfo

msimg32

TransparentBlt

bugtrap

BT_OpenLogFile
BT_InstallSehFilter
BT_ClearLog
BT_SetAppName
BT_SetFlags
BT_SetActivityType
BT_CallCppFilter
BT_AddLogFile
BT_GetLogFileName
BT_SetLogFlags
BT_SetLogSizeInBytes
BT_SetLogSizeInEntries
BT_AppLogEntry
BT_CloseLogFile
BT_SetSupportServer

ddraw

DirectDrawCreate

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

Sections

.text
Size: 762KB - Virtual size: 762KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 61KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

93bccad87cb88ab1815028975356bc00

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0Certificate

Extended Key Usages

Key Usages

31:34:c3:88:77:8d:a0:72:3e:10:63:15:7e:f7:b3:cb:36:6a:71:0fSigner

Headers

File Characteristics

Imports

ws2_32

wininet

winmm

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

iphlpapi

msimg32

bugtrap

ddraw

version

Sections

.text Size: 762KB - Virtual size: 762KB

.rdata Size: 160KB - Virtual size: 160KB

.data Size: 61KB - Virtual size: 78KB

.rsrc Size: 2.8MB - Virtual size: 2.8MB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

31:34:c3:88:77:8d:a0:72:3e:10:63:15:7e:f7:b3:cb:36:6a:71:0f
Signer

.text
Size: 762KB - Virtual size: 762KB

.rdata
Size: 160KB - Virtual size: 160KB

.data
Size: 61KB - Virtual size: 78KB

.rsrc
Size: 2.8MB - Virtual size: 2.8MB