6ae01aa9b8149f408d24c2873d677814f8d6dbf0fea4ee10c6e2880108518a18

Sharing

Copy URL Twitter E-mail

General

Target

6ae01aa9b8149f408d24c2873d677814f8d6dbf0fea4ee10c6e2880108518a18
Size

854KB
MD5

ae168e5fe4943e151af53e7bed56239d
SHA1

ca829aeac530c93563ddb5dc511f83c31643c04c
SHA256

6ae01aa9b8149f408d24c2873d677814f8d6dbf0fea4ee10c6e2880108518a18
SHA512

ef4c08c51263b1d253898e4f6083ae0acf579489cb8ebec8488cd0f178a9333738f13b4f416dc311e198991fa7d72833c7388b6f8cfb3a263913c3d61e23423e
SSDEEP

12288:7UQkLvHfb7wc1U+2GRtTGf7FdtStM5SBYZMl03l2gVaLx5PNe4pH+MT6V:wQkLv/b7wc1UjGRtoMt8SBYzVa9NNsV

Score

1^/10

Malware Config

Signatures

Files

6ae01aa9b8149f408d24c2873d677814f8d6dbf0fea4ee10c6e2880108518a18
.exe windows:4 windows x86

6fb8b7dfe809f2567419bdfab5e4352b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

60:c2:ea:28:1f:f9:03:49:af:6e:01:af:de:86:94:bc
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

04/01/2010, 00:00

Not After

04/01/2011, 23:59

Subject

CN=ShenZhen Dothinkey Technology Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ShenZhen Dothinkey Technology Co.\, Ltd.,L=ShenZhen,ST=GuangDong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3c:7d:03:d5:46:2e:b8:11:19:1c:91:cb:c6:ca:7c:49:23:7d:96:51
Signer

Actual PE Digest

3c:7d:03:d5:46:2e:b8:11:19:1c:91:cb:c6:ca:7c:49:23:7d:96:51

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
HeapReAlloc
GetTimeZoneInformation
GetSystemTime
GetLocalTime
TerminateProcess
RaiseException
GetACP
SetStdHandle
GetFileType
HeapSize
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
HeapFree
GetCommandLineA
GetStdHandle
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
GetDriveTypeA
IsBadReadPtr
IsBadCodePtr
CompareStringA
CompareStringW
SetEnvironmentVariableA
ExitThread
CreateThread
HeapAlloc
GetProfileStringA
SetHandleCount
GetStartupInfoA
RtlUnwind
SetErrorMode
GetFileTime
GetFileSize
GetFullPathNameA
GetVolumeInformationA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
GetCurrentProcess
DuplicateHandle
GetOEMCP
GetCPInfo
GetThreadLocale
SizeofResource
GetProcessVersion
GetCurrentDirectoryA
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
FindNextFileA
FindFirstFileA
GetLastError
FindClose
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrcpynA
FormatMessageA
LocalFree
MulDiv
SetLastError
GetVersion
lstrcatA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
lstrcpyA
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
InterlockedDecrement
InterlockedIncrement
LoadLibraryA
FreeLibrary
GlobalUnlock
GlobalFree
LockResource
FindResourceA
LoadResource
ResumeThread
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
ReadFile
GetOverlappedResult
CreateFileA
DeviceIoControl
SetEvent
GetPrivateProfileStringA
GetPrivateProfileIntA
WritePrivateProfileStringA
Beep
GetFileAttributesA
SetFileAttributesA
DeleteFileA
GetVersionExA
CreateEventA
_lcreat
_lwrite
_lclose
WaitForSingleObject
CloseHandle
GetTickCount
Sleep
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
ReleaseMutex
CreateMutexA
GetModuleHandleA
GetModuleFileNameA
OpenMutexA
GetEnvironmentStringsW

user32

IsDialogMessageA
SetDlgItemTextA
SendDlgItemMessageA
MapWindowPoints
GetSysColor
SetFocus
AdjustWindowRectEx
ScreenToClient
CopyRect
GetTopWindow
IsChild
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
DefWindowProcA
CreateWindowExA
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
SetWindowLongA
RegisterWindowMessageA
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
SetWindowPos
GetWindow
SetWindowContextHelpId
EndDialog
SetActiveWindow
IsWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetKeyState
CallNextHookEx
GetSystemMetrics
DrawIcon
AppendMenuA
UnregisterClassA
HideCaret
ShowCaret
ExcludeUpdateRgn
DrawFocusRect
DefDlgProcA
IsWindowUnicode
SendMessageA
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
SetCursor
PostQuitMessage
GetDC
ReleaseDC
wsprintfA
PostThreadMessageA
RegisterClipboardFormatA
OffsetRect
GetActiveWindow
MessageBoxA
LoadIconA
EnableWindow
KillTimer
SetTimer
InvalidateRect
UpdateWindow
GetClientRect
IsIconic
InflateRect
PostMessageA
GetSystemMenu
CharUpperA
GetNextDlgGroupItem
CopyAcceleratorTableA
CharNextA
MessageBeep
SetRect
GetSysColorBrush
PtInRect
GetClassNameA
GetDesktopWindow
LoadCursorA
DestroyMenu
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
LoadStringA
EnableMenuItem
ShowWindow
MoveWindow
MapDialogRect
SetWindowTextA

gdi32

ScaleWindowExtEx
IntersectClipRect
DeleteObject
GetDeviceCaps
GetViewportExtEx
GetWindowExtEx
SetWindowExtEx
CreateSolidBrush
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
PatBlt
DPtoLP
GetTextColor
GetBkColor
LPtoDP
GetMapMode
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetBkMode
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateDIBitmap
GetTextExtentPointA
BitBlt
CreateCompatibleDC
CreateBitmap

comdlg32

GetOpenFileNameA
GetSaveFileNameA
GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

comctl32

ord17

oledlg

ord8

ole32

CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CoTaskMemAlloc
CoTaskMemFree
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard

olepro32

ord253

oleaut32

VariantChangeType
SysAllocString
SysAllocStringByteLen
SysFreeString
SysStringLen
SysAllocStringLen
VariantClear
VariantCopy
VariantTimeToSystemTime

imagehlp

MapFileAndCheckSumA

msvfw32

DrawDibDraw
DrawDibClose
DrawDibOpen

Sections

.text
Size: 352KB - Virtual size: 352KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 412KB - Virtual size: 428KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6fb8b7dfe809f2567419bdfab5e4352b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

60:c2:ea:28:1f:f9:03:49:af:6e:01:af:de:86:94:bcCertificate

Extended Key Usages

Key Usages

3c:7d:03:d5:46:2e:b8:11:19:1c:91:cb:c6:ca:7c:49:23:7d:96:51Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

comctl32

oledlg

ole32

olepro32

oleaut32

imagehlp

msvfw32

Sections

.text Size: 352KB - Virtual size: 352KB

.rdata Size: 48KB - Virtual size: 48KB

.data Size: 412KB - Virtual size: 428KB

.rsrc Size: 32KB - Virtual size: 32KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

60:c2:ea:28:1f:f9:03:49:af:6e:01:af:de:86:94:bc
Certificate

3c:7d:03:d5:46:2e:b8:11:19:1c:91:cb:c6:ca:7c:49:23:7d:96:51
Signer

.text
Size: 352KB - Virtual size: 352KB

.rdata
Size: 48KB - Virtual size: 48KB

.data
Size: 412KB - Virtual size: 428KB

.rsrc
Size: 32KB - Virtual size: 32KB