0ee9bdf54de10a846b4b333cce11cfe744997bdee0bcd6a9a0ce0313b455891d

Sharing

Copy URL Twitter E-mail

General

Target

0ee9bdf54de10a846b4b333cce11cfe744997bdee0bcd6a9a0ce0313b455891d
Size

1.1MB
MD5

c78cf55d36a8858d42369650b45d061b
SHA1

cf720287c1e36a14d7fe061c55bd2056a43661c1
SHA256

0ee9bdf54de10a846b4b333cce11cfe744997bdee0bcd6a9a0ce0313b455891d
SHA512

439fad23e93e52ad467b75c9be86d2df1fb9c0daf090747f1730f3bbb9454b3df4bd206deea06e85014d809a5de831e740623bfc025b51d8144c8222f3f4d715
SSDEEP

12288:5JLZacNamRvg4r8rDXCKa07QWvudqYNNTYxG2bSafxQGZv+1a/hkY/xmWvUmzsF1:TZzrvgdDa072AYnYxG4XfZO/BN

Score

1^/10

Malware Config

Signatures

Files

0ee9bdf54de10a846b4b333cce11cfe744997bdee0bcd6a9a0ce0313b455891d
.exe windows:5 windows x86

11d07dfba918b4ad781de1f274eaffcd

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:37:03:9f:10:6b:96:7c:f7:43:4d:b9:2b:f6:91:6d
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

01/04/2012, 00:00

Not After

01/04/2013, 23:59

Subject

CN=Beijing Huafeng Technology Co.\,Ltd.,OU=ITE,O=Beijing Huafeng Technology Co.\,Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

cb:be:9b:5f:8d:bd:50:43:eb:a2:e8:d0:90:57:1f:f0:18:1c:6a:0c
Signer

Actual PE Digest

cb:be:9b:5f:8d:bd:50:43:eb:a2:e8:d0:90:57:1f:f0:18:1c:6a:0c

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
ExitThread
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
RaiseException
HeapReAlloc
Sleep
ExitProcess
HeapSize
SetStdHandle
GetFileType
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
GetStartupInfoW
GetTickCount
WritePrivateProfileStringW
GlobalFlags
GetFileTime
GetFileSizeEx
GetFileAttributesW
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FileTimeToLocalFileTime
FileTimeToSystemTime
GetModuleHandleA
InterlockedDecrement
GetCurrentProcessId
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetVersionExW
FreeLibrary
CompareStringW
LoadLibraryA
lstrcmpW
GetModuleHandleW
GetVersionExA
InterlockedIncrement
GetProcAddress
CreateFileW
GetModuleFileNameW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
LoadLibraryW
GetThreadLocale
SetLastError
FormatMessageW
LocalFree
ResetEvent
SetEvent
FreeResource
GlobalAlloc
ResumeThread
GlobalFree
MulDiv
GlobalUnlock
GlobalLock
CreateEventW
GetCurrentDirectoryW
CloseHandle
WaitForSingleObject
CreateProcessW
CreateThread
FindResourceW
LoadResource
LockResource
SizeofResource
MultiByteToWideChar
lstrlenA
GetLastError
WideCharToMultiByte
GetSystemTimeAsFileTime
lstrlenW

user32

PostThreadMessageW
DestroyMenu
ReleaseCapture
SetCapture
InvalidateRgn
IsRectEmpty
CopyAcceleratorTableW
GetSysColorBrush
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetMessageW
TranslateMessage
ValidateRect
WindowFromPoint
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
GetWindowThreadProcessId
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
IsWindowEnabled
MoveWindow
SetWindowTextW
IsDialogMessageW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
EnableMenuItem
CheckMenuItem
RegisterWindowMessageW
SendDlgItemMessageW
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
GetFocus
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageW
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
GetKeyState
SetMenu
SetForegroundWindow
MessageBoxW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
DefWindowProcW
CallWindowProcW
GetMenu
SetWindowLongW
SetWindowPos
IntersectRect
SystemParametersInfoA
GetWindowPlacement
IsWindow
GetDlgItem
GetWindowLongW
RegisterClipboardFormatW
GetParent
OffsetRect
UnregisterClassW
MessageBeep
GetNextDlgGroupItem
SendDlgItemMessageA
GetDlgCtrlID
GetWindow
CharNextW
CharUpperW
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
CopyRect
GetSysColor
FillRect
ReleaseDC
GetDC
SetRect
UpdateWindow
InvalidateRect
LoadCursorW
SetCursor
ScreenToClient
GetCursorPos
GetWindowRect
KillTimer
IsWindowVisible
ShowWindow
SetTimer
PtInRect
PostMessageW
LoadBitmapW
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
SendMessageW
LoadIconW
EnableWindow
RemovePropW

gdi32

SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreateRectRgnIndirect
GetRgnBox
GetMapMode
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
CreateFontW
SetMapMode
SetStretchBltMode
SetBkMode
RestoreDC
SaveDC
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
GetTextColor
GetBkColor
CreateCompatibleBitmap
BitBlt
CreateSolidBrush
DeleteObject
DeleteDC
SelectObject
GetDeviceCaps
StretchBlt
CreateCompatibleDC
GetObjectW
GetStockObject

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegDeleteKeyW
RegCreateKeyExW
RegQueryValueW
RegEnumKeyW
RegOpenKeyExW
RegOpenKeyW
RegSetValueExW
RegCloseKey
RegQueryValueExW

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListW
ShellExecuteW

comctl32

InitCommonControlsEx

shlwapi

PathStripToRootW
PathIsUNCW
PathFindExtensionW
PathFindFileNameW
UrlUnescapeW
PathFileExistsW

oledlg

OleUIBusyW

ole32

CoRegisterMessageFilter
OleFlushClipboard
CoInitialize
CoUninitialize
CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard

oleaut32

SysAllocString
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
VariantInit
VariantChangeType
VariantClear
OleCreateFontIndirect
SysAllocStringLen
SysFreeString
SysStringLen
OleLoadPicture

wininet

InternetCheckConnectionW
InternetOpenUrlW
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetOpenW
InternetGetLastResponseInfoW
InternetCloseHandle
HttpQueryInfoW
InternetQueryDataAvailable
InternetQueryOptionW
InternetCanonicalizeUrlW
InternetCrackUrlW
DeleteUrlCacheEntryW

Sections

.text
Size: 259KB - Virtual size: 259KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 750KB - Virtual size: 750KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

11d07dfba918b4ad781de1f274eaffcd

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:37:03:9f:10:6b:96:7c:f7:43:4d:b9:2b:f6:91:6dCertificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

cb:be:9b:5f:8d:bd:50:43:eb:a2:e8:d0:90:57:1f:f0:18:1c:6a:0cSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

wininet

Sections

.text Size: 259KB - Virtual size: 259KB

.rdata Size: 67KB - Virtual size: 67KB

.data Size: 12KB - Virtual size: 27KB

.rsrc Size: 750KB - Virtual size: 750KB

.reloc Size: 40KB - Virtual size: 40KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:37:03:9f:10:6b:96:7c:f7:43:4d:b9:2b:f6:91:6d
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

cb:be:9b:5f:8d:bd:50:43:eb:a2:e8:d0:90:57:1f:f0:18:1c:6a:0c
Signer

.text
Size: 259KB - Virtual size: 259KB

.rdata
Size: 67KB - Virtual size: 67KB

.data
Size: 12KB - Virtual size: 27KB

.rsrc
Size: 750KB - Virtual size: 750KB

.reloc
Size: 40KB - Virtual size: 40KB