43faf29342482dc87cb028099d1195ab7fe8ee06c3dcba6407bc54b195935fe9

Sharing

Copy URL Twitter E-mail

General

Target

43faf29342482dc87cb028099d1195ab7fe8ee06c3dcba6407bc54b195935fe9
Size

1.4MB
MD5

710876941d6d80e0cf5dea84cc3865d8
SHA1

11737366de07d36ab06eadf2f3bb5012868ecb09
SHA256

43faf29342482dc87cb028099d1195ab7fe8ee06c3dcba6407bc54b195935fe9
SHA512

9b3f5b04ab86214bc68d0e00cb55e07570eb212723c9ba1c9a4378fdb4d597a6fbe385ea14f8161d5ae2f728c254122734e87f23b865754b8dd37572a509605c
SSDEEP

24576:rUbsnPUpy/oiPxApjlDTKIT7ZuQnPWDD1tT2ck4tDSmPJjvXTmlQ:DUpyBJo9TKITFuQPWf1tT2ck4tS+zTmW

Score

1^/10

Malware Config

Signatures

Files

43faf29342482dc87cb028099d1195ab7fe8ee06c3dcba6407bc54b195935fe9
.exe windows:4 windows x86

922ab6201f8aa20a3d71f141dda2a76b

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

7f:43:34:d8:ea:88:95:32:91:21:c9:7d:8f:df:3a:d3
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

06/07/2009, 00:00

Not After

06/07/2011, 23:59

Subject

CN=Beijing ShengjingWanwei Technology Co.\,Ltd.,OU=Class 3 - for Microsoft Authenticode Signing,O=Beijing ShengjingWanwei Technology Co.\,Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

urlmon

CoInternetGetSession
CoGetClassObjectFromURL
CoInternetCombineUrl
RevokeBindStatusCallback
ObtainUserAgentString
RegisterBindStatusCallback

psapi

GetModuleInformation
GetProcessMemoryInfo

kernel32

FindFirstFileW
GetShortPathNameW
GetFileSize
CreateDirectoryW
MoveFileW
GetLocalTime
FileTimeToSystemTime
SetLastError
FileTimeToLocalFileTime
GetFileTime
lstrcmpA
CreateThread
SizeofResource
LoadResource
FindResourceW
FindResourceA
GetSystemTime
TlsGetValue
GetCurrentThread
HeapFree
HeapAlloc
HeapCreate
HeapDestroy
VirtualProtect
DeviceIoControl
GlobalUnlock
GlobalSize
GlobalLock
GlobalFree
GlobalAlloc
EnumResourceLanguagesW
GetVersion
FreeResource
LockResource
LocalAlloc
GetSystemInfo
SetProcessWorkingSetSize
ExitProcess
GetWindowsDirectoryW
GetProcessHeap
GetProcessTimes
GetSystemTimeAsFileTime
FindNextFileW
GlobalAddAtomW
CompareFileTime
FlushInstructionCache
LocalFileTimeToFileTime
DosDateTimeToFileTime
CreateFileA
SetThreadPriority
PostQueuedCompletionStatus
CreateIoCompletionPort
GetExitCodeThread
SwitchToThread
lstrcmpiA
ExitThread
lstrcmpiW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetStartupInfoA
GetModuleHandleA
SuspendThread
SetThreadContext
GetThreadContext
ResumeThread
InterlockedCompareExchange
GetLocaleInfoW
GetPrivateProfileStringW
DeleteFileW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetTempPathW
Sleep
RemoveDirectoryW
GetCurrentThreadId
WaitForSingleObject
OpenThread
InitializeCriticalSection
ExpandEnvironmentStringsW
GetFileAttributesW
GetTempFileNameW
SetFileAttributesW
GetCurrentProcessId
OpenProcess
FindClose
CopyFileW
FreeLibrary
VirtualAlloc
SetErrorMode
VirtualQuery
GetVersionExW
WriteFile
SetFileTime
GetDiskFreeSpaceExW
GetTickCount
SetFilePointer
SetEndOfFile
SystemTimeToFileTime
CreateWaitableTimerW
SetWaitableTimer
WaitForMultipleObjects
CancelWaitableTimer
IsBadReadPtr
IsBadWritePtr
GetSystemDirectoryW
CreateFileW
ReadFile
VirtualFreeEx
LocalFree
CreateProcessW
WideCharToMultiByte
TerminateThread
SetEvent
lstrlenA
MultiByteToWideChar
ReadProcessMemory
GetExitCodeProcess
VirtualAllocEx
WriteProcessMemory
DuplicateHandle
TlsSetValue
ResetEvent
CreateEventW
GetQueuedCompletionStatus
ReadDirectoryChangesW
GetThreadPriority
InterlockedDecrement
LoadLibraryW
InterlockedIncrement
lstrlenW
GetProcAddress
GetModuleHandleW
GetLongPathNameW
GetModuleFileNameW
TerminateProcess
GetCurrentProcess
TlsFree
GetCommandLineW
CloseHandle
GetLastError
CreateMutexW
MoveFileExW
TlsAlloc
GlobalDeleteAtom

user32

GetPropW
EndDialog
SetDlgItemTextW
SetWindowTextW
GetWindowTextW
SetFocus
EndPaint
FillRect
GetClientRect
GetSystemMenu
RegisterClassExW
DestroyMenu
GetKeyState
RemovePropW
DialogBoxParamW
RedrawWindow
ShowCursor
RegisterClassW
MessageBeep
GetDoubleClickTime
LoadBitmapW
CheckMenuRadioItem
MenuItemFromPoint
GetMenuInfo
SetMenuInfo
TrackPopupMenuEx
TrackPopupMenu
SetActiveWindow
MoveWindow
RegisterClipboardFormatW
SetWindowPlacement
MonitorFromPoint
GetGUIThreadInfo
GetWindow
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetSysColor
InsertMenuItemW
SetPropW
SetRectEmpty
RegisterHotKey
ScreenToClient
GetCursorPos
PtInRect
GetDC
ReleaseDC
DefWindowProcW
PostMessageW
CallWindowProcW
SendMessageW
IsWindow
CreateWindowExW
GetWindowLongW
SetWindowLongW
SetWindowPos
CopyRect
DestroyIcon
BeginPaint
GetDlgItem
GetWindowRect
GetDesktopWindow
MapWindowPoints
IsClipboardFormatAvailable
EnableMenuItem
GetSubMenu
LoadMenuW
KillTimer
GetMenu
GetFocus
InvalidateRect
SetTimer
LoadStringW
RegisterWindowMessageW
AllowSetForegroundWindow
GetWindowThreadProcessId
EnumWindows
GetClassNameW
IsWindowVisible
IsDlgButtonChecked
DrawIcon
LoadIconW
ClientToScreen
DrawTextW
CheckDlgButton
ShowWindow
DestroyWindow
EnableWindow
GetAncestor
SetLayeredWindowAttributes
GetWindowDC
SetForegroundWindow
GetForegroundWindow
SetParent
PostQuitMessage
AttachThreadInput
EndMenu
DeleteMenu
GetMenuState
AdjustWindowRectEx
EnumThreadWindows
IntersectRect
GetWindowRgn
SetWindowRgn
GetActiveWindow
GetWindowModuleFileNameW
LoadImageW
IsHungAppWindow
UnregisterHotKey
WaitForInputIdle
SubtractRect
FindWindowW
MonitorFromWindow
GetMonitorInfoW
GetClipboardData
GetKeyNameTextW
GetWindowTextLengthW
GetMenuItemID
CheckMenuItem
EnumChildWindows
SetCursorPos
GetMenuStringW
ReleaseCapture
SetCapture
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
IsIconic
GetDlgItemTextW
MapVirtualKeyW
keybd_event
GetMessagePos
CreatePopupMenu
InsertMenuW
SetMenuItemInfoW
FindWindowExW
LoadCursorW
SetCursor
TrackMouseEvent
UpdateWindow
IsChild
CharNextW
WindowFromPoint
RemoveMenu
GetWindowPlacement
SystemParametersInfoW
GetMessageW
GetParent
GetSystemMetrics
IsZoomed
MessageBoxW
PeekMessageW
TranslateMessage
DispatchMessageW
MsgWaitForMultipleObjects
SendMessageTimeoutW
OffsetRect
InflateRect
DrawIconEx
CopyAcceleratorTableW
IsMenu
GetMenuItemCount
GetMenuItemInfoW
DestroyAcceleratorTable
TranslateAcceleratorW
LoadAcceleratorsW
CreateAcceleratorTableW
InSendMessageEx
ReplyMessage
PostThreadMessageW
EqualRect

gdi32

GetDeviceCaps
CreateRectRgnIndirect
GetStockObject
SetBkMode
DeleteDC
DeleteObject
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
SetTextColor
CreateSolidBrush
CreateFontIndirectW
GetObjectW
CreateDIBSection
LineTo
MoveToEx
CreatePen
TextOutW
GetDIBits
EnumFontsW
GetTextMetricsW
CombineRgn
CreateRectRgn
Rectangle
StretchBlt
SetStretchBltMode
CreateRoundRectRgn
CreatePolygonRgn
SetPixel
RoundRect
SetBkColor
FillRgn

comdlg32

GetSaveFileNameW
ChooseColorW
GetOpenFileNameW

advapi32

RegOpenKeyW
RegQueryValueExW
RegSetValueExW
RegCreateKeyW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetTokenInformation
GetLengthSid
ConvertStringSidToSidW
DuplicateTokenEx
RegOpenKeyExW
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
RegGetKeySecurity
FreeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAce
InitializeAcl
AllocateAndInitializeSid
RegEnumKeyW
RegQueryInfoKeyW
RegSetKeySecurity
CopySid
GetTokenInformation
RegCloseKey

shell32

SHGetFileInfoW
DragQueryFileW
Shell_NotifyIconW
SHBrowseForFolderW
SHGetPathFromIDListW
SHAppBarMessage
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetMalloc
SHGetFolderPathW
ShellExecuteW
ShellExecuteExW
SHChangeNotify
ord680
SHFileOperationW
ExtractIconExW
SHGetSpecialFolderPathW

ole32

RegisterDragDrop
DoDragDrop
OleDuplicateData
CLSIDFromProgID
OleRun
CLSIDFromString
OleDraw
OleSetContainedObject
ReleaseStgMedium
CoMarshalInterface
GetHGlobalFromStream
OleCreate
OleInitialize
OleUninitialize
RevokeDragDrop
CoCreateInstance
CoRevokeClassObject
CoRegisterClassObject
CoGetClassObject
CreateStreamOnHGlobal
CoUnmarshalInterface
CoCreateGuid
CoUninitialize
StringFromCLSID
CoTaskMemFree
CoGetMalloc
CoInitialize

oleaut32

SafeArrayCreateVector
VariantClear
SysStringLen
SysAllocStringLen
SysAllocString
SysFreeString
SystemTimeToVariantTime
SafeArrayDestroy
SafeArrayAccessData

shlwapi

StrRetToBufW
PathRemoveFileSpecW
UrlGetPartW
UrlEscapeW
PathIsRootW
UrlCanonicalizeW
StrStrW
PathMatchSpecW
StrCmpIW
StrCmpW
PathFindExtensionW
PathGetDriveNumberW
SHDeleteValueW
SHSetValueW
SHDeleteKeyW
StrStrIA
SHGetValueW
UrlIsOpaqueW
PathIsDirectoryW
PathCombineW
PathIsURLW
SHEnumKeyExW
PathIsUNCW
PathFileExistsW
StrStrIW
UrlUnescapeW

wininet

InternetCrackUrlW
InternetSetCookieExW
InternetSetOptionW
InternetQueryOptionW
FtpCommandW
InternetGetLastResponseInfoW
InternetWriteFile
FtpOpenFileW
InternetTimeToSystemTimeW
DeleteUrlCacheEntryW
UnlockUrlCacheEntryFileW
FindNextUrlCacheEntryW
FindFirstUrlCacheEntryA
DeleteUrlCacheEntryA
UnlockUrlCacheEntryFileA
FindNextUrlCacheEntryA
FindCloseUrlCache
InternetGetConnectedState
InternetCanonicalizeUrlW
CreateUrlCacheEntryW
CommitUrlCacheEntryW
InternetSetStatusCallbackA
HttpOpenRequestA
InternetOpenA
CommitUrlCacheEntryA
InternetSetCookieW
FindFirstUrlCacheEntryW
InternetGetCookieW
InternetGetCookieExW
HttpAddRequestHeadersA
GetUrlCacheEntryInfoW
HttpQueryInfoW
FtpGetFileSize
HttpOpenRequestW
HttpSendRequestExW
InternetOpenW
InternetConnectW
InternetSetOptionA
InternetSetStatusCallbackW
InternetCloseHandle
InternetReadFileExA
InternetReadFile
HttpEndRequestW

winmm

waveOutWrite
midiStreamClose
midiStreamOut

dsound

ord1

msvcp60

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHABV12@@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIPBDI@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB

msvcrt

_wcsicmp
time
_wtoi
_beginthreadex
wcsrchr
wcsncpy
??2@YAPAXI@Z
wcschr
_itow
_ftol
wcscpy
wcscat
wcsncmp
wcscmp
wcsstr
wcslen
_purecall
_snwprintf
__CxxFrameHandler
_ltow
wcspbrk
iswalpha
sprintf
isalnum
toupper
_snprintf
_ui64tow
_wtol
wcsncat
_wcsnicmp
_wtoi64
_stricmp
fclose
fread
ftell
fseek
fopen
_wfopen
fwrite
_except_handler3
memmove
strstr
mktime
_wmakepath
_wsplitpath
atoi
strtok
free
malloc
localtime
wcstok
vswprintf
swprintf
iswdigit
strncpy
strncmp
wcstod
iswspace
strrchr
fputs
swscanf
fputws
fwprintf
_strlwr
strncat
_CIpow
towlower
_ismbslead
fprintf
_strnicmp
fgets
rewind
_atoi64
realloc
exit
scanf
printf
memset
memcpy
_CxxThrowException
__dllonexit
_onexit
?terminate@@YAXXZ
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
??1type_info@@UAE@XZ
_controlfp
_wcsdup
qsort
_exit

gdiplus

GdipSetImageAttributesGamma
GdipSetImageAttributesColorMatrix
GdipSaveImageToFile
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipCloneImage
GdipDisposeImage
GdipCreateFromHDC
GdipDeleteGraphics
GdipDrawImageRectRectI
GdipSetInterpolationMode
GdipLoadImageFromStream
GdipGetImageWidth
GdipGetImageHeight
GdipAlloc
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipFree
GdiplusStartup
GdiplusShutdown

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

netapi32

Netbios

comctl32

ImageList_Remove
ImageList_DragMove
ImageList_Create
ImageList_Destroy
ImageList_ReplaceIcon
ImageList_Draw
ImageList_GetIcon
ImageList_GetImageCount
ImageList_AddMasked
InitCommonControlsEx
ImageList_Duplicate
ImageList_SetBkColor
ImageList_DrawEx
ImageList_GetIconSize
ImageList_DragShowNolock
ImageList_DragEnter
ImageList_BeginDrag
ImageList_EndDrag

Sections

.text
Size: 820KB - Virtual size: 820KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taihang
Size: 208KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 280KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

922ab6201f8aa20a3d71f141dda2a76b

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04Certificate

Extended Key Usages

Key Usages

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0dCertificate

Extended Key Usages

Key Usages

7f:43:34:d8:ea:88:95:32:91:21:c9:7d:8f:df:3a:d3Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

urlmon

psapi

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

wininet

winmm

dsound

msvcp60

msvcrt

gdiplus

version

netapi32

comctl32

Sections

.text Size: 820KB - Virtual size: 820KB

.rdata Size: 64KB - Virtual size: 64KB

.data Size: 76KB - Virtual size: 1.7MB

.taihang Size: 208KB - Virtual size: 208KB

.rsrc Size: 280KB - Virtual size: 280KB

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

7f:43:34:d8:ea:88:95:32:91:21:c9:7d:8f:df:3a:d3
Certificate

.text
Size: 820KB - Virtual size: 820KB

.rdata
Size: 64KB - Virtual size: 64KB

.data
Size: 76KB - Virtual size: 1.7MB

.taihang
Size: 208KB - Virtual size: 208KB

.rsrc
Size: 280KB - Virtual size: 280KB