ed114ad5b983dbe5c958ac4356d8e422aedbbdefc2c40c632ea4e9b0e283c18c

Sharing

Copy URL Twitter E-mail

General

Target

ed114ad5b983dbe5c958ac4356d8e422aedbbdefc2c40c632ea4e9b0e283c18c
Size

132KB
MD5

65da040861dde1c1b0526d3ee2e83623
SHA1

300220c0925a184bf26b8d3f1c98e7333ef4c684
SHA256

ed114ad5b983dbe5c958ac4356d8e422aedbbdefc2c40c632ea4e9b0e283c18c
SHA512

8b9ec790b7b698e8d1bf31861a4dc037f5f9e06a1ff3042c41bc20146b0f372c9d551ac22a3450a5fd0453190f25b67e13975491bc134a620559902ca96ebefc
SSDEEP

3072:2fLUjdYXuzRDHtSLwHOg7c1ewqMfNda/:2oDh3OgqqMfO

Score

1^/10

Malware Config

Signatures

Files

ed114ad5b983dbe5c958ac4356d8e422aedbbdefc2c40c632ea4e9b0e283c18c
.exe windows:4 windows x86

8b3adb042e2f5b1d67dd0b7d827f7349

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/01/2010, 00:00

Not After

25/01/2013, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b5:65:06:6c:55:29:64:18:8b:a1:2e:1c:2a:42:42:d0:ae:40:57:1e
Signer

Actual PE Digest

b5:65:06:6c:55:29:64:18:8b:a1:2e:1c:2a:42:42:d0:ae:40:57:1e

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

dbghelp

SymGetModuleInfo
SymCleanup
SymInitialize
SymSetOptions
SymLoadModule

wininet

InternetCloseHandle
InternetOpenA
InternetReadFile
HttpSendRequestA
HttpOpenRequestA
InternetConnectA

psapi

GetModuleFileNameExA

comctl32

ImageList_Create
InitCommonControlsEx
ImageList_ReplaceIcon

kernel32

GetCurrentProcess
TerminateProcess
GetStartupInfoW
InterlockedCompareExchange
InterlockedExchange
GetTickCount
DeleteFileW
CreateFileW
ReadFile
UnhandledExceptionFilter
CloseHandle
GetTempPathW
CreateDirectoryW
VirtualQueryEx
CreateFileA
ReadProcessMemory
WriteProcessMemory
OpenThread
GetProcAddress
GetModuleHandleW
SetUnhandledExceptionFilter
IsDebuggerPresent
SetFilePointer
GetVersionExW
CreateProcessW
HeapAlloc
GetProcessHeap
VirtualProtect
OpenProcess
HeapFree
QueryPerformanceCounter
GetModuleFileNameW
GetCurrentThreadId
SetCurrentDirectoryW
WriteFile
GetCurrentProcessId
SetEvent
GlobalLock
GlobalUnlock
GetPrivateProfileSectionW
InterlockedIncrement
InterlockedDecrement
GlobalAlloc
GlobalFree
GetFileSize
Sleep
FreeLibrary
GetThreadSelectorEntry
GetFileAttributesW
GetSystemTimeAsFileTime

user32

IsWindow
DestroyMenu
TrackPopupMenu
GetWindowThreadProcessId
GetMenuItemCount
CreatePopupMenu
CloseClipboard
SetClipboardData
SetDlgItemTextW
EmptyClipboard
SetWindowPos
OpenClipboard
LoadImageW
RegisterClipboardFormatW
SendMessageW
LoadIconW
GetKeyState
InvalidateRect
GetClientRect
ShowWindow
MapDialogRect
GetWindowRect
MapWindowPoints
SendDlgItemMessageW
SetWindowLongW
GetWindowTextW
CallWindowProcW
GetWindowTextLengthW
GetDlgItem
ClientToScreen
DrawIconEx
EnableWindow
SetWindowTextW
GetWindow
EndDialog
MessageBoxW
DialogBoxParamW

gdi32

DeleteObject
GetStockObject
SetTextColor

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

shell32

SHGetFileInfoW
SHGetDesktopFolder
ord155
SHBindToParent
ShellExecuteW

ole32

DoDragDrop
OleUninitialize
OleInitialize

atl80

ord10

msvcp80

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

common

??0CZipBuffers@@QAE@XZ
??1CZipBuffers@@QAE@XZ
?Left@CTXStringA@@QBE?AV1@H@Z
?MatchWildcard@FS@Util@@YAHPBD0@Z
??YCTXStringA@@QAEAAV0@D@Z
?SetAt@CTXStringW@@QAEXH_W@Z
??4CTXStringA@@QAEAAV0@PBD@Z
??0CTXStringW@@QAE@UtagEN@@PBDH@Z
??0CTXStringA@@QAE@ABV0@@Z
?GetBuffer@CTXStringA@@QAEPADXZ
?FormatV@CTXStringA@@QAEXPBDPAD@Z
?Utf8FromWSLimit@Convert@Util@@YA?AVCTXStringA@@HPB_WH@Z
?GetLogByFilter@TXLog@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABVCTXStringW@@K0K@Z
?Utf8ToWS@Convert@Util@@YA?AVCTXStringW@@PBDH@Z
??0CTXStringA@@QAE@PBD@Z
??0CTXStringA@@QAE@UtagEN@@PB_WH@Z
??0CTXStringA@@QAE@PBDH@Z
??M@YA_NABVCTXStringA@@0@Z
??0CTXStringW@@QAE@UtagUTF8@@PBDH@Z
?PropertyStr@CFmtString@@QAEHPB_W0@Z
??1CFmtString@@QAE@XZ
?Length@CTXBSTR@@QBEIXZ
??0CFmtString@@QAE@XZ
??1CTXBSTR@@QAE@XZ
??0CTXBSTR@@QAE@ABVCTXStringW@@@Z
?LoadStringW@TXStringBundle@@YAPB_WPB_W@Z
?SetConfigFile@TXI18N@@YAHPB_W0@Z
?Right@CTXStringW@@QBE?AV1@H@Z
?Find@CTXStringW@@QBEHPB_WH@Z
?Trim@CTXStringW@@QAEAAV1@XZ
??4CTXBSTR@@QAEAAV0@ABV0@@Z
??0CTXBSTR@@QAE@ABV0@@Z
?LoadStringW@CTXStringW@@QAEHPAUHINSTANCE__@@I@Z
?DoFormat@CFmtString@@QAEPB_WPB_W@Z
?AddBuffer@CZipBuffers@@QAE_NPBXIPBD@Z
??0CTXStringA@@QAE@UtagUTF8@@PB_WH@Z
?Utf8FromWS@Convert@Util@@YA?AVCTXStringA@@PB_WH@Z
??1CTXStringA@@QAE@XZ
??0CTXStringA@@QAE@XZ
?TXLog_DoTXLogVW@@YAXPAUtagLogObj@@PB_W1PAD@Z
??8@YA_NABVCTXStringW@@0@Z
??4CTXStringW@@QAEAAV0@PA_W@Z
?CreateTXBuffer@Data@Util@@YAHPAPAUITXBuffer@@@Z
?Encode16@Encode@Util@@YA?AVCTXStringW@@ABVCTXBuffer@@@Z
?GetBuffer@CTXStringA@@QAEPADH@Z
?MakeLower@CTXStringA@@QAEAAV1@XZ
??YCTXStringA@@QAEAAV0@ABV0@@Z
?Format@CTXStringA@@QAAXPBDZZ
??H@YA?AVCTXStringW@@ABV0@PB_W@Z
?GetBuffer@CTXStringW@@QAEPA_WH@Z
??YCTXStringW@@QAEAAV0@PB_W@Z
??0CTXStringW@@QAE@PA_W@Z
??0CTXStringW@@QAE@PB_W@Z
?IsEmpty@CTXStringW@@QBE_NXZ
??BCTXStringA@@QBEPBDXZ
?AnsiToUnicode@Convert@Util@@YA_NAAVCTXStringW@@PBDH@Z
??YCTXStringA@@QAEAAV0@PBD@Z
?Format@CTXStringW@@QAAXPB_WZZ
??BCTXStringW@@QBEPB_WXZ
wcslcat
wcslcpy
?Left@CTXStringW@@QBE?AV1@H@Z
?ReverseFind@CTXStringW@@QBEH_W@Z
?Mid@CTXStringW@@QBE?AV1@H@Z
??4CTXStringW@@QAEAAV0@ABV0@@Z
??4CTXStringW@@QAEAAV0@PB_W@Z
??0CTXStringW@@QAE@ABV0@@Z
??M@YA_NABVCTXStringW@@0@Z
??1CTXStringW@@QAE@XZ
??0CTXStringW@@QAE@XZ
??YCTXStringW@@QAEAAV0@_W@Z
?Empty@CTXStringW@@QAEXXZ
??YCTXStringW@@QAEAAV0@ABV0@@Z
?ReleaseBuffer@CTXStringW@@QAEXH@Z
?Preallocate@CTXStringW@@QAEXH@Z
??BCTXBSTR@@QBEPA_WXZ
?Replace@CTXStringW@@QAEH_W0@Z
?GetZip@CZipBuffers@@QAE_NAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_N@Z
?SafeLoadLibrary@Sys@Util@@YAPAUHINSTANCE__@@PB_W@Z
?GetLength@CTXStringA@@QBEHXZ
?GetLength@CTXStringW@@QBEHXZ
??4CTXStringA@@QAEAAV0@ABV0@@Z

msvcr80

__setusermatherr
_configthreadlocale
_initterm
_wcmdln
exit
_XcptFilter
_exit
_CxxThrowException
_cexit
__wgetmainargs
_adjust_fdiv
_amsg_exit
?terminate@@YAXXZ
_decode_pointer
_onexit
??3@YAXPAX@Z
_invalid_parameter_noinfo
_snwprintf
??_V@YAXPAX@Z
_gmtime32
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
_lock
_encode_pointer
__dllonexit
_unlock
strrchr
_snprintf
_wfopen
??0exception@std@@QAE@ABQBD@Z
fread
??2@YAPAXI@Z
fclose
??0exception@std@@QAE@ABV01@@Z
__argc
__wargv
wcsncmp
swscanf
malloc
free
srand
_time64
__p__commode
__p__fmode
__set_app_type
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_invoke_watson
_controlfp_s
wcsrchr
_purecall
_wcsicmp
memmove_s
strchr
_time32
strncmp
atoi
_initterm_e
memset
__CxxFrameHandler3
memcpy

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8b3adb042e2f5b1d67dd0b7d827f7349

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0Certificate

Extended Key Usages

Key Usages

b5:65:06:6c:55:29:64:18:8b:a1:2e:1c:2a:42:42:d0:ae:40:57:1eSigner

Headers

File Characteristics

Imports

version

dbghelp

wininet

psapi

comctl32

kernel32

user32

gdi32

advapi32

shell32

ole32

atl80

msvcp80

common

msvcr80

Sections

.text Size: 56KB - Virtual size: 56KB

.rdata Size: 24KB - Virtual size: 24KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 36KB - Virtual size: 36KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

b5:65:06:6c:55:29:64:18:8b:a1:2e:1c:2a:42:42:d0:ae:40:57:1e
Signer

.text
Size: 56KB - Virtual size: 56KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 36KB - Virtual size: 36KB