0ed37ed4f2ec95e2e57293e3e98f889d13939f643f07d8f15b08019c1aadd0b4

Sharing

Copy URL Twitter E-mail

General

Target

0ed37ed4f2ec95e2e57293e3e98f889d13939f643f07d8f15b08019c1aadd0b4
Size

323KB
MD5

fb8f34822ce699278fa417c2c2db9f93
SHA1

723bba95eb6ac7869d8f1e8f7a6877b65326646e
SHA256

0ed37ed4f2ec95e2e57293e3e98f889d13939f643f07d8f15b08019c1aadd0b4
SHA512

f18a0f9ca062c1e38a847f9b2a69414df32170b7b38dc6e4fcaf117909af598747ecf8fa45ce19d2c7489da6a23dbd56ba6e2dbf5bfa88ab33056d587030df93
SSDEEP

3072:VP41RnugiLZpX7CxVHrtwhHUpK7TIOXPmvgVxJLoywksaQPjAM+y3/FHtPH0jtNd:wujZV7CxVLeHUU7HP/JEywkmPmaFZU+E

Score

1^/10

Malware Config

Signatures

Files

0ed37ed4f2ec95e2e57293e3e98f889d13939f643f07d8f15b08019c1aadd0b4
.exe windows:4 windows x86

2149c7f2f5f880827bf7fa95be9215f5

Code Sign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

66:38:13:71:08:6f:a9:e4:4f:ce:46:bc:75:80:57:fb
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

12/01/2010, 00:00

Not After

11/01/2013, 23:59

Subject

CN=Shanghai Giant Network Technology Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shanghai Giant Network Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetCloseHandle
InternetOpenUrlA
InternetReadFile
InternetOpenA

kernel32

GlobalLock
GlobalAlloc
IsDBCSLeadByte
SetLastError
lstrcmpA
MulDiv
GetModuleFileNameA
FreeLibrary
LoadLibraryExA
GetModuleHandleA
WaitForSingleObject
CreateThread
Sleep
TerminateProcess
OpenProcess
GetCurrentProcessId
SetCurrentDirectoryA
GetShortPathNameA
InterlockedExchange
FindNextFileA
FindClose
GetFullPathNameA
FindFirstFileA
DeleteFileA
SetFileAttributesA
RemoveDirectoryA
MoveFileExA
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetFilePointer
ReadFile
FlushFileBuffers
GetFileType
SetHandleCount
IsValidCodePage
GlobalUnlock
GetConsoleMode
GetConsoleCP
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStdHandle
WriteFile
ExitProcess
GetCPInfo
LCMapStringW
LCMapStringA
GetStartupInfoA
GetCommandLineA
RtlUnwind
VirtualQuery
GetSystemInfo
VirtualProtect
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
GetProcAddress
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
QueryPerformanceCounter
GetTickCount
lstrcmpiA
GetEnvironmentStringsW
lstrlenA
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement
GetLastError
lstrlenW
GetCurrentThreadId
WideCharToMultiByte
GetCurrentProcess
FlushInstructionCache
CreateMutexA
CloseHandle
FindResourceExA
FindResourceA
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
MultiByteToWideChar
SetEndOfFile
GetOEMCP
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle

user32

GetSystemMetrics
UnregisterClassA
PostQuitMessage
LoadImageA
MapWindowPoints
SetWindowRgn
IsDialogMessageA
GetWindowRect
OffsetRect
CreateAcceleratorTableA
CreateWindowExA
IsWindow
GetDesktopWindow
GetFocus
GetWindow
SetFocus
DestroyAcceleratorTable
BeginPaint
EndPaint
CallWindowProcA
FillRect
ReleaseCapture
GetClassNameA
GetDlgItem
GetParent
IsChild
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
ScreenToClient
ClientToScreen
GetClientRect
SetWindowPos
MoveWindow
GetSysColor
CreateDialogParamA
RegisterWindowMessageA
GetClassInfoExA
LoadCursorA
RegisterClassExA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
DefWindowProcA
CharNextA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
ShowWindow
GetWindowLongA
SetWindowLongA
DestroyWindow
SendMessageA
SystemParametersInfoA

gdi32

SetTextColor
CreateRoundRectRgn
CreatePatternBrush
GetStockObject
GetObjectA
CreateSolidBrush
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
DeleteObject
SetBkMode
SelectObject

advapi32

RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA

shell32

ShellExecuteExA
SHCreateDirectoryExA

ole32

CoGetClassObject
OleLockRunning
StringFromGUID2
OleUninitialize
CLSIDFromProgID
CreateStreamOnHGlobal
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CLSIDFromString
CoUninitialize
CoInitialize
OleInitialize

oleaut32

SysFreeString
SysAllocStringLen
SysStringLen
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
VariantClear
VariantInit
SysStringByteLen
VarUI4FromStr
SysAllocString

shlwapi

PathFileExistsA

comctl32

InitCommonControlsEx

gdiplus

GdiplusShutdown

Sections

.text
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2149c7f2f5f880827bf7fa95be9215f5

Code Sign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

66:38:13:71:08:6f:a9:e4:4f:ce:46:bc:75:80:57:fbCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

wininet

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

Sections

.text Size: 172KB - Virtual size: 172KB

.rdata Size: 44KB - Virtual size: 44KB

.data Size: 12KB - Virtual size: 18KB

.rsrc Size: 88KB - Virtual size: 88KB

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

66:38:13:71:08:6f:a9:e4:4f:ce:46:bc:75:80:57:fb
Certificate

.text
Size: 172KB - Virtual size: 172KB

.rdata
Size: 44KB - Virtual size: 44KB

.data
Size: 12KB - Virtual size: 18KB

.rsrc
Size: 88KB - Virtual size: 88KB