db865dd2a45db7586841a7dd39678cbff4761f819fc5a8f195f039f7fd531ffd

Sharing

Copy URL Twitter E-mail

General

Target

db865dd2a45db7586841a7dd39678cbff4761f819fc5a8f195f039f7fd531ffd
Size

471KB
MD5

a7169e15df4a4053ddcec389e4006a95
SHA1

0030433b3ced696a0e658079de425e9e27d88290
SHA256

db865dd2a45db7586841a7dd39678cbff4761f819fc5a8f195f039f7fd531ffd
SHA512

f2e516cfdefe54d7f33dc8fb6fa3c8a2afb8340fd69bbb99cefea48d2f4aeeccc77e99b70ae55a5628fe0a1907d68c7226250250749f2b6a6118665d44db8642
SSDEEP

6144:VmjqEk6/Dc436xHbYJ6WvA/8PJ6WsfsO3nBUzdIJKAnV/YaeqkTfkp4E0xM4miHB:Vmjq6aV9MtfO3BEIoAnVgokPEwPTl

Score

1^/10

Malware Config

Signatures

Files

db865dd2a45db7586841a7dd39678cbff4761f819fc5a8f195f039f7fd531ffd
.exe windows:4 windows x86

e35ecca3039fcce41475ccbd76295d1c

Code Sign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:a4:bc:43:99:30:34:6b:95:69:4b:4c:7f:2b:98:1b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

22/06/2009, 00:00

Not After

21/06/2012, 23:59

Subject

CN=Zhuhai Kingsoft Software Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Zhuhai Kingsoft Software Co.\,Ltd,L=Zhuhai,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

9b:c7:5d:4b:53:e3:28:43:88:1b:06:d3:76:f4:ee:13:a3:47:5e:f5
Signer

Actual PE Digest

9b:c7:5d:4b:53:e3:28:43:88:1b:06:d3:76:f4:ee:13:a3:47:5e:f5

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

cabinet

ord21
ord22
ord20
ord23

kernel32

FlushFileBuffers
GetLocaleInfoA
GetLocaleInfoW
GetTimeZoneInformation
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
CompareStringA
CompareStringW
SetEnvironmentVariableA
FreeResource
LockResource
LoadResource
FindResourceW
GlobalFree
GlobalUnlock
GlobalLock
SizeofResource
GetModuleHandleW
lstrcmpW
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
GetThreadLocale
MulDiv
LocalFree
FormatMessageW
GlobalAlloc
lstrcmpA
EnumResourceLanguagesW
GetVersion
ConvertDefaultLocale
WritePrivateProfileStringW
GlobalFlags
LocalAlloc
GlobalReAlloc
GlobalHandle
LocalReAlloc
lstrlenA
RtlUnwind
LockFile
UnlockFile
GetFileSize
DuplicateHandle
FindFirstFileW
GetVolumeInformationW
GetFullPathNameW
SetErrorMode
GetFileAttributesW
GetFileTime
GetFileAttributesA
FindNextFileA
VirtualQuery
GetSystemInfo
VirtualProtect
DosDateTimeToFileTime
CreateFileA
CloseHandle
FileTimeToLocalFileTime
CreateDirectoryA
SetFileTime
FindFirstFileA
LocalFileTimeToFileTime
SetFileAttributesA
FindClose
MultiByteToWideChar
lstrlenW
GetModuleFileNameW
GetPrivateProfileIntW
LoadLibraryW
OpenProcess
GetCurrentProcess
GetCurrentProcessId
InterlockedDecrement
DeleteFileA
Sleep
InterlockedIncrement
MoveFileExA
CopyFileA
CreateProcessA
DeleteFileW
CreateEventW
GetLastError
TerminateThread
SetEvent
WaitForSingleObject
SetThreadPriority
WideCharToMultiByte
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
SetFilePointer
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapSize
GetCurrentDirectoryA
GetFullPathNameA
InitializeCriticalSection
LoadLibraryA
InterlockedExchange
FreeLibrary
RaiseException
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
CreateFileW
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
GetTickCount
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
GetCurrentThread
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
DeleteCriticalSection
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStdHandle
SetEndOfFile
CreateThread
GetCurrentThreadId
ExitThread
MoveFileA
HeapReAlloc
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
CreateDirectoryW
ReadFile
GetDriveTypeA
FileTimeToSystemTime
ExitProcess
GetModuleHandleA
GetProcAddress
GetConsoleMode
GetConsoleCP
WriteFile

user32

RegisterClipboardFormatW
CharUpperW
UnregisterClassW
MessageBeep
GetNextDlgGroupItem
ReleaseCapture
SetCapture
InvalidateRgn
InvalidateRect
SetRect
IsRectEmpty
CopyAcceleratorTableW
DestroyMenu
LoadCursorW
GetSysColorBrush
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetWindowThreadProcessId
SetCursor
GetCursorPos
ValidateRect
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
CharNextW
RegisterWindowMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
RemovePropW
GetForegroundWindow
GetLastActivePopup
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
GetKeyState
SetForegroundWindow
IsWindowVisible
UpdateWindow
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
MessageBoxW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
PostMessageW
EnableWindow
UnregisterClassA
IsIconic
GetSystemMetrics
GetClientRect
AdjustWindowRectEx
EqualRect
CopyRect
PtInRect
DefWindowProcW
CallWindowProcW
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
PostThreadMessageW
GetPropW
DrawIcon
IsWindow
SendMessageW
GetMessageW
TranslateMessage
DispatchMessageW
LoadIconW
CheckMenuItem
EnableMenuItem
GetMenuState
ModifyMenuW
GetParent
GetFocus
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
GetWindow
GetDlgItem
SendDlgItemMessageW
IsDialogMessageW
GetWindowLongW
SetWindowTextW
GetDlgCtrlID
SetWindowLongW
MoveWindow
ShowWindow
IsWindowEnabled
DestroyWindow
GetNextDlgTabItem
EndDialog
GetWindowTextW
SetWindowPos
SetFocus
SetWindowsHookExW

gdi32

SetMapMode
DeleteObject
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreateRectRgnIndirect
GetRgnBox
GetMapMode
RestoreDC
SaveDC
GetTextColor
GetBkColor
GetDeviceCaps
GetStockObject
GetObjectW
SetBkColor
SetTextColor
GetClipBox
SetViewportExtEx
CreateBitmap

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegDeleteKeyW
RegQueryValueExW
OpenProcessToken
GetTokenInformation
RegCloseKey
AllocateAndInitializeSid
EqualSid
FreeSid
RegOpenKeyW
RegQueryValueW
RegEnumKeyW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW

shell32

SHGetFolderPathW
ShellExecuteW

comctl32

InitCommonControlsEx

shlwapi

PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathFileExistsW
PathIsUNCW

oledlg

OleUIBusyW

ole32

OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoRevokeClassObject
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CoInitialize
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

SysFreeString
SysStringLen
SysAllocString
VarBstrCat
SysAllocStringByteLen
VariantClear
VariantChangeType
VariantInit
OleCreateFontIndirect
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayDestroy
VariantCopy
SysAllocStringLen

psapi

EnumProcesses
GetModuleBaseNameA
EnumProcessModules

Sections

.text
Size: 320KB - Virtual size: 320KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e35ecca3039fcce41475ccbd76295d1c

Code Sign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

0b:a4:bc:43:99:30:34:6b:95:69:4b:4c:7f:2b:98:1bCertificate

Extended Key Usages

Key Usages

9b:c7:5d:4b:53:e3:28:43:88:1b:06:d3:76:f4:ee:13:a3:47:5e:f5Signer

Headers

File Characteristics

Imports

cabinet

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

psapi

Sections

.text Size: 320KB - Virtual size: 320KB

.rdata Size: 72KB - Virtual size: 72KB

.data Size: 24KB - Virtual size: 38KB

.rsrc Size: 48KB - Virtual size: 48KB

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

0b:a4:bc:43:99:30:34:6b:95:69:4b:4c:7f:2b:98:1b
Certificate

9b:c7:5d:4b:53:e3:28:43:88:1b:06:d3:76:f4:ee:13:a3:47:5e:f5
Signer

.text
Size: 320KB - Virtual size: 320KB

.rdata
Size: 72KB - Virtual size: 72KB

.data
Size: 24KB - Virtual size: 38KB

.rsrc
Size: 48KB - Virtual size: 48KB