28165d7526bdfb61d2b9d6481512385076f48fc72ed28aa70b59d7b31f7d8c78

Sharing

Copy URL Twitter E-mail

General

Target

28165d7526bdfb61d2b9d6481512385076f48fc72ed28aa70b59d7b31f7d8c78
Size

779KB
MD5

982544bb06e1ab904dac6706f8769345
SHA1

08c1f55d2376b1a553e249d2032519d937448f44
SHA256

28165d7526bdfb61d2b9d6481512385076f48fc72ed28aa70b59d7b31f7d8c78
SHA512

806d202b29429cc86b3c2081762b2607e7ad3f92147fd81749ff8a5ecf2e164d0c08cd6b3e83fcf4ac6fc341ce631b6ac7a8fbd10c3cc4757c6d88f467178283
SSDEEP

24576:QkfVc15iaKcGgQqnLu/aKaoXzPL3ybbq01:Pc19Kc5QgLu/Pa8PLqm01

Score

1^/10

Malware Config

Signatures

Files

28165d7526bdfb61d2b9d6481512385076f48fc72ed28aa70b59d7b31f7d8c78
.exe windows:5 windows x86

6eb63c039ea1418b2e7c763508c7a4f8

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0a:6f:5d:c1:5e:d9:a3:68:cb:51:66:17:72:8a:be:29:f8:f0:c8:99
Signer

Actual PE Digest

0a:6f:5d:c1:5e:d9:a3:68:cb:51:66:17:72:8a:be:29:f8:f0:c8:99

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileAttributesW
WriteFile
WaitForMultipleObjects
GetFileTime
LoadLibraryA
GetLongPathNameW
GetCurrentThread
InterlockedCompareExchange
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetDriveTypeA
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CreateFileA
GetStringTypeW
GetStringTypeA
FlushFileBuffers
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
QueryPerformanceCounter
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetConsoleMode
GetConsoleCP
SetStdHandle
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetCurrentDirectoryA
GetFullPathNameW
GetStartupInfoA
GetFileType
SetHandleCount
GetModuleFileNameA
GetStdHandle
HeapCreate
GetTimeZoneInformation
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
RtlUnwind
GetStartupInfoW
VirtualQuery
GetSystemInfo
CreateDirectoryW
FindFirstFileW
GetDriveTypeW
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
ExitThread
GetSystemTimeAsFileTime
IsDebuggerPresent
UnhandledExceptionFilter
lstrlenA
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
CreateThread
SuspendThread
SetConsoleCtrlHandler
CreateMutexW
SetProcessAffinityMask
SetErrorMode
Process32NextW
OpenProcess
Process32FirstW
CreateToolhelp32Snapshot
ExpandEnvironmentStringsW
LoadLibraryExW
GetWindowsDirectoryW
lstrcmpiW
GetFileSize
GetFileAttributesExW
SetFilePointer
ReadFile
DeleteFileW
GlobalAlloc
GlobalReAlloc
SetLastError
FlushInstructionCache
InterlockedIncrement
GetLastError
InterlockedDecrement
GetTickCount
GetVersionExW
CreateEventW
TerminateProcess
SetEvent
Sleep
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
TerminateThread
GlobalMemoryStatus
GetVersion
SetThreadLocale
GetThreadLocale
WaitForSingleObject
lstrlenW
GlobalFree
RaiseException
CloseHandle
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
CreateFileW
VirtualProtect
IsBadReadPtr
ExitProcess
SetUnhandledExceptionFilter
FreeLibrary
GetProcAddress
LoadLibraryW
GetLocalTime
FreeResource
WideCharToMultiByte
WritePrivateProfileStringW
GetPrivateProfileStringW
GetModuleHandleW
GetModuleFileNameW
GetPrivateProfileIntW
FindResourceExW
LoadResource
LockResource
SizeofResource
MultiByteToWideChar
FindResourceW
LocalFree
LocalAlloc
LCMapStringA

user32

KillTimer
WindowFromPoint
wsprintfW
DispatchMessageW
PtInRect
MapWindowPoints
UnregisterClassA
GetClientRect
GetCursorPos
FillRect
GetClassLongW
ReleaseDC
GetDC
IntersectRect
EndPaint
BeginPaint
ScreenToClient
SetTimer
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjects
DestroyWindow
RegisterClassW
GetClassInfoW
CharNextW
GetClassInfoExW
RegisterClassExW
DialogBoxIndirectParamW
GetActiveWindow
TrackMouseEvent
RedrawWindow
AdjustWindowRectEx
MonitorFromWindow
GetMonitorInfoW
DrawTextW
SetCursor
LoadCursorW
MessageBoxW
IsZoomed
GetWindowDC
IsWindowVisible
GetWindowThreadProcessId
GetTopWindow
GetWindow
GetDesktopWindow
SetRectEmpty
IsWindow
RegisterWindowMessageW
CallWindowProcW
DefWindowProcW
ShowWindow
SystemParametersInfoW
SetLayeredWindowAttributes
LockSetForegroundWindow
GetWindowLongW
GetWindowRect
SetWindowPos
DrawIconEx
GetSystemMetrics
LoadImageW
EndDialog
CreateWindowExW
MoveWindow
SetWindowLongW
GetCapture
SetCapture
ReleaseCapture
PostMessageW
InvalidateRect
OffsetRect
GetParent
SendMessageW
UpdateWindow
SetWindowRgn

gdi32

EqualRgn
CombineRgn
CreateRectRgnIndirect
RectVisible
CreateRectRgn
CreateSolidBrush
SetBkMode
GetTextColor
TextOutW
SetTextColor
GetTextExtentPoint32W
SetStretchBltMode
GetObjectW
GetStockObject
CreateFontIndirectW
IntersectClipRect
CreateRoundRectRgn
DeleteDC
DeleteObject
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
OffsetViewportOrgEx
SetViewportOrgEx
BitBlt
ExcludeClipRect
GetClipBox
StretchBlt
CreatePen

advapi32

GetUserNameW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
OpenThreadToken
GetAce
GetAclInformation
AddAce
InitializeAcl
EqualSid
IsValidSid
GetLengthSid
CopySid
DuplicateTokenEx
StartServiceW
RevertToSelf
ImpersonateLoggedOnUser
GetTokenInformation
OpenProcessToken
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
QueryServiceStatus
DeleteService
OpenServiceW
CloseServiceHandle
CreateServiceW
OpenSCManagerW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
ChangeServiceConfigW
QueryServiceConfigW

shell32

ShellExecuteW
SHGetFolderPathW
SHCreateDirectoryExW
ord680

ole32

CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoInitialize
CoUninitialize

oleaut32

VariantClear
VarBstrCmp
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
SysAllocString
VariantTimeToSystemTime
SystemTimeToVariantTime
SysFreeString
SysStringLen
VarUI4FromStr

shlwapi

PathRemoveFileSpecW
PathAddBackslashW
PathFindFileNameW
PathAppendW
PathFileExistsW
SHGetValueW
SHSetValueA
PathQuoteSpacesA
SHDeleteValueW
SHSetValueW
SHDeleteKeyW
PathStripToRootW
PathUnquoteSpacesW

comctl32

InitCommonControlsEx

msimg32

AlphaBlend

wininet

DeleteUrlCacheEntryW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

userenv

UnloadUserProfile
DestroyEnvironmentBlock
CreateEnvironmentBlock

Sections

.text
Size: 445KB - Virtual size: 445KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 189KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6eb63c039ea1418b2e7c763508c7a4f8

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

0a:6f:5d:c1:5e:d9:a3:68:cb:51:66:17:72:8a:be:29:f8:f0:c8:99Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

wininet

version

userenv

Sections

.text Size: 445KB - Virtual size: 445KB

.rdata Size: 88KB - Virtual size: 88KB

.data Size: 13KB - Virtual size: 25KB

.rsrc Size: 189KB - Virtual size: 189KB

.reloc Size: 37KB - Virtual size: 37KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

0a:6f:5d:c1:5e:d9:a3:68:cb:51:66:17:72:8a:be:29:f8:f0:c8:99
Signer

.text
Size: 445KB - Virtual size: 445KB

.rdata
Size: 88KB - Virtual size: 88KB

.data
Size: 13KB - Virtual size: 25KB

.rsrc
Size: 189KB - Virtual size: 189KB

.reloc
Size: 37KB - Virtual size: 37KB