59555a0dab00e71c979b450477035cd3b0a50f8c6e948563318b8110a1a8c17a

Sharing

Copy URL Twitter E-mail

General

Target

59555a0dab00e71c979b450477035cd3b0a50f8c6e948563318b8110a1a8c17a
Size

1.2MB
MD5

880df6268169972cac959cfd943ea889
SHA1

e37a8f7784ad40e5ce83dfbaebcfe79c160b8cea
SHA256

59555a0dab00e71c979b450477035cd3b0a50f8c6e948563318b8110a1a8c17a
SHA512

04ce75d122c3b89203e2a1d0f9abcc3f92ff435aba23fd5769b683678d89ce1570d0bb1b074d0f4a7e676df422139e1b7d7b7703f6ae78433935761330714b06
SSDEEP

12288:P7QVSK5TxnLRZpZgy/zZqIlWfaDtAbam39p3FuGvCtXQBtjTjT0NxXK:P7QBZuSDtGNjufeTv0NxXK

Score

1^/10

Malware Config

Signatures

Files

59555a0dab00e71c979b450477035cd3b0a50f8c6e948563318b8110a1a8c17a
.exe windows:4 windows x86

ac8329f5c9176a02a4a90a3f0918e03c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmGetContext
ImmSetConversionStatus
ImmDisableIME

kernel32

CloseHandle
CreateEventW
TlsAlloc
CreateThread
TlsGetValue
TlsSetValue
MultiByteToWideChar
GetModuleFileNameW
GetCurrentThreadId
GetModuleHandleW
SetEnvironmentVariableA
GetLastError
CompareStringA
CreateFileA
GetDriveTypeA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
LoadLibraryA
IsValidLocale
EnumSystemLocalesA
CompareStringW
GetUserDefaultLCID
GetLocaleInfoA
QueryPerformanceCounter
QueryPerformanceFrequency
FreeLibrary
GetProcAddress
LoadLibraryW
DeleteFileW
CreateDirectoryW
WideCharToMultiByte
GlobalFree
CreateProcessW
WaitForMultipleObjects
LocalFree
GlobalAlloc
FormatMessageW
GetCommandLineW
SetLastError
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
WaitForSingleObject
ReleaseMutex
CreateMutexW
OpenMutexW
CopyFileW
MoveFileExW
SetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
InterlockedIncrement
InterlockedCompareExchange
GetVersionExW
GetCurrentProcessId
Process32FirstW
GetSystemInfo
Process32NextW
CreateToolhelp32Snapshot
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
CreateFileW
Sleep
OpenEventW
RemoveDirectoryW
WriteFile
ReadFile
FlushFileBuffers
GetFileSize
SetFilePointer
LCMapStringW
GetTickCount
InterlockedExchange
InterlockedDecrement
InitializeCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
HeapAlloc
ExitThread
ResumeThread
GetSystemTimeAsFileTime
GetVersionExA
GetProcessHeap
GetStartupInfoW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
RtlUnwind
HeapReAlloc
GetTimeZoneInformation
RaiseException
GetStringTypeA
GetStringTypeW
GetCPInfo
LCMapStringA
GetStdHandle
GetModuleFileNameA
GetModuleHandleA
TlsFree
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
ExitProcess
HeapSize
GetACP
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
GetFullPathNameW
GetCurrentDirectoryA
GetConsoleCP
GetConsoleMode

user32

GetDlgCtrlID
GetClassNameW
SetCapture
GetCursorPos
MoveWindow
ReleaseCapture
OffsetRect
GetWindowLongW
SendMessageW
GetWindowRect
CreateDialogParamW
CheckDlgButton
DialogBoxParamW
DestroyWindow
GetParent
DefWindowProcW
SetClassLongW
GetCursor
InvalidateRect
CreateWindowExW
SetWindowRgn
SetRect
UpdateLayeredWindow
KillTimer
SubtractRect
RegisterClassExW
GetMonitorInfoW
EndPaint
FillRect
PtInRect
MonitorFromPoint
BeginPaint
GetSystemMetrics
InflateRect
CallWindowProcW
TrackMouseEvent
SetWindowLongW
SetCursorPos
RedrawWindow
ShowWindow
ActivateKeyboardLayout
LoadBitmapW
GetKeyboardLayoutList
GetDlgItemTextW
IsIconic
SetForegroundWindow
SetCursor
LoadCursorW
IsWindowEnabled
EnableWindow
SetTimer
DrawTextW
EndDialog
IntersectRect
IsDlgButtonChecked
SetWindowPos
MessageBoxW
ReleaseDC
FindWindowW
SetFocus
GetDC
PostMessageW
SetDlgItemTextW
GetWindowTextW
GetDlgItem
SetWindowTextW

gdi32

CreateSolidBrush
SetBkMode
GetStockObject
CreateCompatibleDC
DeleteDC
SetTextColor
GetDeviceCaps
GetTextExtentPoint32W
GetObjectW
DeleteObject
CreateFontIndirectW
SelectObject
CombineRgn
OffsetRgn
TextOutW
CreateDIBSection
SetBkColor
SelectClipRgn
StretchBlt
Rectangle
GetTextExtentPointW
CreatePen
CreateCompatibleBitmap
GetPixel
MoveToEx
LineTo
BitBlt

wininet

InternetCloseHandle
HttpSendRequestW
InternetSetOptionW
InternetOpenW
HttpQueryInfoW
HttpOpenRequestW
InternetQueryOptionW
InternetCanonicalizeUrlW
InternetReadFile
InternetConnectW
HttpEndRequestW

comctl32

InitCommonControlsEx

msimg32

TransparentBlt
AlphaBlend
GradientFill

advapi32

BuildExplicitAccessWithNameW
SetNamedSecurityInfoW
GetSecurityInfo
GetNamedSecurityInfoW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
SetEntriesInAclW
RegCreateKeyExW
RegQueryValueExW
RegCloseKey
RegQueryValueW
RegOpenKeyExW
GetSecurityDescriptorSacl

shell32

SHGetSpecialFolderPathW
ShellExecuteW
SHFileOperationW

Sections

.text
Size: 400KB - Virtual size: 398KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 673KB - Virtual size: 711KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ac8329f5c9176a02a4a90a3f0918e03c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

imm32

kernel32

user32

gdi32

wininet

comctl32

msimg32

advapi32

shell32

Sections

.text Size: 400KB - Virtual size: 398KB

.rdata Size: 116KB - Virtual size: 113KB

.data Size: 16KB - Virtual size: 33KB

.rsrc Size: 673KB - Virtual size: 711KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

.text
Size: 400KB - Virtual size: 398KB

.rdata
Size: 116KB - Virtual size: 113KB

.data
Size: 16KB - Virtual size: 33KB

.rsrc
Size: 673KB - Virtual size: 711KB