e502592851996bdb0334d92604afafdc071c216e2af9268e0d7d534b0dc602a9

Sharing

Copy URL

Twitter E-mail

General

Target

e502592851996bdb0334d92604afafdc071c216e2af9268e0d7d534b0dc602a9
Size

920KB
MD5

0cdd45106071bdf64bcdf8d7dc08a0a8
SHA1

4cd73eccc3138d745573837d6a63ed1f0f4719ff
SHA256

e502592851996bdb0334d92604afafdc071c216e2af9268e0d7d534b0dc602a9
SHA512

6121f5026417a8d6933c20e2ac18cd83f8a33bad8887f6d3e8abbb2f1620fd3f9bd03ccdd101ad0d5d16ea1055e25802b1f1ae104c974536d6835c0be2502b2a
SSDEEP

12288:C/ZSR6ToHfvVh6EqabxEwzps6JlZu93NEq7MMPYkAnd6fLj4iQGTeYg:+Z3URd1ps6JlZuZbPPend6XzTa

Score

1^/10

Malware Config

Signatures

Files

e502592851996bdb0334d92604afafdc071c216e2af9268e0d7d534b0dc602a9
.exe windows:5 windows x86

ec4b0420c304b2ea95bf7828285727f9

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

13:1e:7e:b3:4a:7d:b6:3e:08:a2:35:71:8e:ef:68:49
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

28/04/2009, 00:00

Not After

27/04/2012, 23:59

Subject

CN=Beijing AmazGame Age Internet Technology Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing AmazGame Age Internet Technology Co.\, Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4e:58:58:15:fd:56:a8:7b:f7:ed:65:c7:f1:f6:c5:6a:1f:d5:9f:f2
Signer

Actual PE Digest

4e:58:58:15:fd:56:a8:7b:f7:ed:65:c7:f1:f6:c5:6a:1f:d5:9f:f2

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFindExtensionW
PathAppendW
PathStripToRootW
PathIsUNCW
PathFindFileNameW
PathFileExistsW
PathAddBackslashW
PathRemoveBackslashW
PathRemoveFileSpecW
UrlUnescapeW

wininet

InternetCloseHandle
InternetCrackUrlW
InternetOpenUrlW
InternetWriteFile
InternetSetFilePointer
InternetGetLastResponseInfoW
InternetQueryDataAvailable
InternetQueryOptionW
InternetCanonicalizeUrlW
InternetReadFile
HttpQueryInfoW
HttpSendRequestW
HttpOpenRequestW
InternetConnectW
InternetOpenW
InternetSetStatusCallbackW

kernel32

TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
InterlockedIncrement
GetFileAttributesW
GetFileSizeEx
ReadFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetVolumeInformationW
GetFullPathNameW
SetErrorMode
GetStartupInfoW
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
CreateThread
GlobalFlags
FindFirstFileA
FindNextFileA
GetConsoleCP
GetConsoleMode
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
ExitProcess
HeapSize
SetStdHandle
GetFileType
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
LCMapStringA
GetTimeFormatA
GetDateFormatA
GetTimeZoneInformation
GetDriveTypeA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
CreateFileA
GetFullPathNameA
GetCurrentDirectoryA
SetEnvironmentVariableA
GetThreadLocale
LocalAlloc
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
RaiseException
InterlockedDecrement
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
lstrcmpW
GetVersionExA
GetModuleHandleA
GlobalAlloc
FormatMessageW
SetLastError
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
MulDiv
ResumeThread
GetTickCount
WaitForSingleObject
WriteFile
LoadLibraryA
GetProcessHeap
HeapAlloc
HeapFree
OpenProcess
lstrlenA
lstrcatA
lstrcpynA
LocalFree
GetPrivateProfileSectionNamesW
GetFileSize
Sleep
SetFileAttributesW
TerminateProcess
SetEnvironmentVariableW
GetFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetCommandLineW
WideCharToMultiByte
GetVersionExW
GetModuleHandleW
GetModuleFileNameW
CreateMutexW
GetLastError
ReleaseMutex
GetTempPathW
GetTempFileNameW
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetShortPathNameW
IsBadReadPtr
IsBadCodePtr
CreateToolhelp32Snapshot
Module32FirstW
Module32NextW
lstrcpynW
LoadLibraryW
GetProcAddress
FreeLibrary
lstrlenW
lstrcatW
CreateProcessW
lstrcpyW
CreateDirectoryW
GetPrivateProfileIntW
SetCurrentDirectoryW
CreateFileW
CloseHandle
WritePrivateProfileStringW
DeleteFileW
CopyFileW
FindFirstFileW
FindNextFileW
FindClose
GetPrivateProfileSectionW
GetPrivateProfileStringW
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
SizeofResource
GetFileInformationByHandle
PeekNamedPipe
GetSystemTimeAsFileTime

user32

RegisterClipboardFormatW
PostThreadMessageW
MessageBeep
GetNextDlgGroupItem
CharUpperW
CharNextW
InvalidateRgn
CopyAcceleratorTableW
UnregisterClassW
LoadCursorW
GetSysColorBrush
WindowFromPoint
SetCursor
GetMessageW
TranslateMessage
ValidateRect
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
DestroyMenu
GetWindowThreadProcessId
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
EnableMenuItem
CheckMenuItem
RegisterWindowMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
GetLastActivePopup
DispatchMessageW
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
TrackPopupMenu
GetKeyState
SetMenu
IsWindowVisible
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
SetScrollInfo
DefWindowProcW
GetMenu
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowTextLengthW
GetWindowTextW
SetWindowPos
SetFocus
ShowWindow
MoveWindow
GetDlgCtrlID
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
SendDlgItemMessageW
EndPaint
ClientToScreen
GetMenuState
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
GetWindowDC
FrameRect
CallWindowProcW
GetScrollInfo
SetWindowLongW
SetParent
GetWindow
SystemParametersInfoW
GetSubMenu
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
DrawEdge
GetWindowLongW
GetFocus
LoadBitmapW
GetSysColor
SetCapture
OffsetRect
SetScrollPos
KillTimer
SetTimer
RedrawWindow
ScreenToClient
SetForegroundWindow
GetDesktopWindow
InvalidateRect
IsIconic
GetSystemMenu
PostMessageW
AppendMenuW
DrawIcon
FindWindowW
MessageBoxW
GetCursorPos
PtInRect
ReleaseCapture
GetParent
UpdateWindow
GetWindowRect
InflateRect
IsRectEmpty
GetSystemMetrics
LoadImageW
GetActiveWindow
SetRect
DestroyIcon
CreatePopupMenu
DrawIconEx
LoadIconW
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
EnableWindow
ReleaseDC
GetDC
GetClientRect
SetWindowRgn
SendMessageW
CopyRect
BeginPaint
MessageBoxA

gdi32

CreatePen
CreateRectRgnIndirect
GetRgnBox
GetMapMode
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
ExtSelectClipRgn
CreateDIBSection
DeleteObject
StretchBlt
SelectObject
DeleteDC
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
BitBlt
CreateCompatibleDC
CreateRectRgn
CreateCompatibleBitmap
GetWindowExtEx
GetViewportExtEx
SelectClipRgn
GetObjectW
SetWindowExtEx
CreateFontIndirectW
MoveToEx
LineTo
GetClipBox
SetMapMode
SetTextColor
SetBkMode
SetBkColor
RestoreDC
SaveDC
GetDeviceCaps
CreateSolidBrush
PatBlt
Rectangle
CreateBitmap
CreateFontW
CreateDIBitmap
GetTextColor
GetBkColor
GetPixel
CombineRgn
GetStockObject
ScaleWindowExtEx

msimg32

GradientFill

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

advapi32

GetLengthSid
RegSetValueExW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
DuplicateTokenEx
ConvertStringSidToSidW
RegCloseKey
SetTokenInformation
CreateProcessAsUserW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegQueryValueW
RegDeleteValueW
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW

shell32

SHFileOperationW
ShellExecuteW
SHGetSpecialFolderPathW

comctl32

ord17
_TrackMouseEvent

oledlg

OleUIBusyW

ole32

CoUninitialize
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoInitializeEx
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

OleCreateFontIndirect
SysFreeString
SysAllocStringLen
VariantChangeType
VariantInit
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
SafeArrayCreate
SafeArrayGetElemsize
SafeArrayAccessData
SafeArrayUnaccessData
LoadRegTypeLi
DispCallFunc
SysAllocString
VariantCopy
VariantClear

Exports

Exports

?TDU_MD5String@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PB_W@Z
?tProcessException@@YAXPAU_EXCEPTION_POINTERS@@_NPB_W2@Z
?tSetCPPException@@YAXPB_W@Z

Sections

.text
Size: 603KB - Virtual size: 603KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 167KB - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ec4b0420c304b2ea95bf7828285727f9

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

13:1e:7e:b3:4a:7d:b6:3e:08:a2:35:71:8e:ef:68:49Certificate

Extended Key Usages

Key Usages

4e:58:58:15:fd:56:a8:7b:f7:ed:65:c7:f1:f6:c5:6a:1f:d5:9f:f2Signer

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

wininet

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

oleaut32

Exports

Exports

Sections

.text Size: 603KB - Virtual size: 603KB

.rdata Size: 128KB - Virtual size: 128KB

.data Size: 18KB - Virtual size: 36KB

.rsrc Size: 167KB - Virtual size: 167KB

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

13:1e:7e:b3:4a:7d:b6:3e:08:a2:35:71:8e:ef:68:49
Certificate

4e:58:58:15:fd:56:a8:7b:f7:ed:65:c7:f1:f6:c5:6a:1f:d5:9f:f2
Signer

.text
Size: 603KB - Virtual size: 603KB

.rdata
Size: 128KB - Virtual size: 128KB

.data
Size: 18KB - Virtual size: 36KB

.rsrc
Size: 167KB - Virtual size: 167KB