dd2add40f11ae75ef62dac52e1ff6086ddbcdcfd88401ea644c4b66376386b1a

Sharing

Copy URL

Twitter E-mail

General

Target

dd2add40f11ae75ef62dac52e1ff6086ddbcdcfd88401ea644c4b66376386b1a
Size

12.3MB
MD5

1794799a408d4f117ca19604a4b5484a
SHA1

521cf6dea4e77a8220527ced464f8df07ede3d35
SHA256

dd2add40f11ae75ef62dac52e1ff6086ddbcdcfd88401ea644c4b66376386b1a
SHA512

b4409f91ad70eb7a46ca992c55dc31977e066de739b35ed9d4227c1f597b02743e24a06a283416c5d92e8cf3b251a0e018867bf5662f82f8c37833ea7cce0b61
SSDEEP

393216:+KM9V6ZI4xHvu99dwbx2vMzhSUgcMpqms:+KM+ZC99amY1uqms

Score

1^/10

Malware Config

Signatures

Files

dd2add40f11ae75ef62dac52e1ff6086ddbcdcfd88401ea644c4b66376386b1a
.exe windows:5 windows x86

ab4e474d89670963f1c975f1f7fa79a7

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:b6:17:b2:3d:52:29:10:7b:7f:97:c4:a7:cc:25:6c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

05-04-2012 00:00

Not After

05-04-2013 23:59

Subject

CN=深圳市窝窝游科技有限公司,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Provided by TrustAsia,O=深圳市窝窝游科技有限公司,L=深圳,ST=广东,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c2:65:d9:57:da:08:e4:52:51:00:dd:31:f9:90:84:2e:ab:a1:a9:c7
Signer

Actual PE Digest

c2:65:d9:57:da:08:e4:52:51:00:dd:31:f9:90:84:2e:ab:a1:a9:c7

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleMode
GetConsoleCP
LCMapStringW
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
IsProcessorFeaturePresent
GetStringTypeW
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
HeapCreate
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
SetUnhandledExceptionFilter
GetFileType
LoadLibraryW
SetStdHandle
VirtualQuery
GetSystemInfo
VirtualAlloc
GetSystemTimeAsFileTime
HeapSize
HeapReAlloc
HeapQueryInformation
RaiseException
SetEnvironmentVariableA
HeapFree
HeapAlloc
CreateThread
ExitThread
DecodePointer
EncodePointer
GetStartupInfoW
HeapSetInformation
GetCommandLineW
FindResourceExW
VirtualProtect
SearchPathW
GetProfileIntW
GetTickCount
InitializeCriticalSectionAndSpinCount
GetNumberFormatW
GetWindowsDirectoryW
GetTempFileNameW
GetFileTime
GetFileSizeEx
FileTimeToLocalFileTime
GetFileAttributesExW
FileTimeToSystemTime
lstrlenA
SetErrorMode
GlobalGetAtomNameW
WriteConsoleW
RtlUnwind
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
ReadFile
lstrcmpiW
lstrcpyW
InterlockedIncrement
CopyFileW
GlobalSize
FormatMessageW
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalFree
LocalAlloc
GlobalFlags
GetCurrentDirectoryW
MulDiv
InterlockedDecrement
ReleaseActCtx
CreateActCtxW
GlobalFindAtomW
GetVersionExW
CompareStringW
GetCurrentProcessId
GlobalAddAtomW
GetPrivateProfileStringW
lstrlenW
WritePrivateProfileStringW
GetPrivateProfileIntW
ResumeThread
SetThreadPriority
GlobalUnlock
GlobalFree
FreeResource
lstrcmpA
GlobalDeleteAtom
GetCurrentThread
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoW
ActivateActCtx
GetLastError
DeactivateActCtx
SetLastError
MultiByteToWideChar
WideCharToMultiByte
GlobalLock
lstrcmpW
GlobalAlloc
GetModuleHandleW
InterlockedExchange
CreateDirectoryW
GetCurrentThreadId
GetTempPathW
GetFileAttributesW
Sleep
DeleteFileW
ExitProcess
WaitForSingleObject
CreateProcessW
GetModuleFileNameW
CloseHandle
WriteFile
CreateFileW
SizeofResource
LockResource
LoadResource
FindResourceW
FreeLibrary
GetProcAddress

user32

IsClipboardFormatAvailable
SetMenuDefaultItem
PostThreadMessageW
CreateMenu
IsMenu
UpdateLayeredWindow
MonitorFromPoint
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcW
DefFrameProcW
UnionRect
GetKeyNameTextW
GetNextDlgGroupItem
CopyImage
GetIconInfo
EnableScrollBar
HideCaret
InvertRect
GetMenuDefaultItem
LockWindowUpdate
SetCursorPos
SetRect
CreateAcceleratorTableW
GetKeyboardState
GetKeyboardLayout
MapVirtualKeyW
ToUnicodeEx
CopyAcceleratorTableW
DrawFocusRect
DrawFrameControl
DrawEdge
DrawIconEx
DrawStateW
MessageBeep
GetSystemMenu
SetClassLongW
GetAsyncKeyState
NotifyWinEvent
DestroyAcceleratorTable
SetParent
RedrawWindow
SetWindowRgn
IsZoomed
IsRectEmpty
UnpackDDElParam
ReuseDDElParam
LoadAcceleratorsW
InsertMenuItemW
CreatePopupMenu
OffsetRect
BringWindowToTop
TranslateAcceleratorW
IntersectRect
UnregisterClassW
CharUpperW
DestroyIcon
DestroyMenu
InflateRect
GetSysColorBrush
SetLayeredWindowAttributes
EnumDisplayMonitors
SystemParametersInfoW
SetRectEmpty
KillTimer
SetTimer
InvalidateRect
GetMenuStringW
AppendMenuW
RemoveMenu
RealChildWindowFromPoint
InsertMenuW
DeleteMenu
WaitMessage
ReleaseCapture
LoadCursorW
WindowFromPoint
SetCapture
EndPaint
BeginPaint
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
CheckDlgButton
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
UpdateWindow
GetMenuItemID
GetMenuItemCount
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
CopyRect
PtInRect
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
DefWindowProcW
FrameRect
GetUpdateRect
OpenClipboard
SetClipboardData
CloseClipboard
EmptyClipboard
RegisterClipboardFormatW
CopyIcon
GetWindowRgn
DestroyCursor
MapDialogRect
CallWindowProcW
GetMenu
SetWindowLongW
SetWindowPos
GetWindow
GetWindowThreadProcessId
GetLastActivePopup
MessageBoxW
ShowOwnedPopups
SetCursor
SetWindowsHookExW
SubtractRect
MapVirtualKeyExW
IsCharLowerW
GetDoubleClickTime
GetWindowDC
CharUpperBuffW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
IsWindowVisible
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
LoadMenuW
GetSubMenu
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
GetWindowLongW
GetDlgItem
IsWindowEnabled
GetParent
GetNextDlgTabItem
EndDialog
PostQuitMessage
PostMessageW
wsprintfW
DrawIcon
GetSystemMetrics
IsIconic
LoadImageW
GetClientRect
ScreenToClient
GetWindowRect
IsWindow
SendMessageW
LoadIconW
EnableWindow
GetMenuItemInfoW

gdi32

CreateFontIndirectW
CreateCompatibleBitmap
CreateRectRgnIndirect
GetTextMetricsW
EnumFontFamiliesW
GetTextCharsetInfo
GetTextExtentPoint32W
SetRectRgn
CombineRgn
PatBlt
DPtoLP
CreateDIBSection
CreateRoundRectRgn
CreatePolygonRgn
GetBkColor
GetTextColor
CreateEllipticRgn
Polyline
Ellipse
Polygon
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
OffsetRgn
GetRgnBox
SetDIBColorTable
CreateDIBitmap
CopyMetaFileW
SetPixel
Rectangle
EnumFontFamiliesExW
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
GetTextFaceW
SetPixelV
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
CreateDCW
SetViewportOrgEx
CreateHatchBrush
CreateSolidBrush
CreatePen
SetWindowOrgEx
GetDeviceCaps
GetObjectType
SelectPalette
GetStockObject
CreateCompatibleDC
CreatePatternBrush
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
StretchBlt
CreateBitmap
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
SelectClipRgn
DeleteObject
SetLayout
GetLayout
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
GetObjectW
SetBkColor
SetTextColor
OffsetWindowOrgEx

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyW
RegQueryValueW
RegCloseKey
RegEnumKeyExW
RegEnumValueW

shell32

SHAppBarMessage
SHGetFileInfoW
DragFinish
DragQueryFileW
SHBrowseForFolderW
SHGetFolderPathW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetDesktopFolder
ShellExecuteW

comctl32

InitCommonControlsEx
ImageList_GetIconSize

shlwapi

PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathFindExtensionW
PathRemoveFileSpecW

ole32

DoDragDrop
CreateStreamOnHGlobal
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoInitializeEx
CoInitialize
CoCreateInstance
CoUninitialize
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree
CoCreateGuid
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleGetClipboard

oleaut32

SysFreeString
VarBstrFromDate
SystemTimeToVariantTime
VariantTimeToSystemTime
SysStringLen
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SysAllocString

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

gdiplus

GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipDrawImageI

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

PlaySoundW

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 262KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10.8MB - Virtual size: 10.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 187KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ab4e474d89670963f1c975f1f7fa79a7

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78Certificate

Key Usages

20:b6:17:b2:3d:52:29:10:7b:7f:97:c4:a7:cc:25:6cCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

c2:65:d9:57:da:08:e4:52:51:00:dd:31:f9:90:84:2e:ab:a1:a9:c7Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oleacc

gdiplus

imm32

winmm

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 262KB - Virtual size: 262KB

.data Size: 23KB - Virtual size: 52KB

.rsrc Size: 10.8MB - Virtual size: 10.8MB

.reloc Size: 187KB - Virtual size: 187KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

20:b6:17:b2:3d:52:29:10:7b:7f:97:c4:a7:cc:25:6c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

c2:65:d9:57:da:08:e4:52:51:00:dd:31:f9:90:84:2e:ab:a1:a9:c7
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 262KB - Virtual size: 262KB

.data
Size: 23KB - Virtual size: 52KB

.rsrc
Size: 10.8MB - Virtual size: 10.8MB

.reloc
Size: 187KB - Virtual size: 187KB