d543595d1a06a5838ea36a50c8dcad21fd73dd4e0469759ef16ba677774394a8

Sharing

Copy URL Twitter E-mail

General

Target

d543595d1a06a5838ea36a50c8dcad21fd73dd4e0469759ef16ba677774394a8
Size

1.6MB
MD5

b7a5c245f4a3c450966dc2b5cf93c1bd
SHA1

fb61f452530dad70b6d85b79a7b6cd283dac8e08
SHA256

d543595d1a06a5838ea36a50c8dcad21fd73dd4e0469759ef16ba677774394a8
SHA512

a80252725e1a92f76e00dc2e1119010fe95466b6455830b683f5ba79da1118423ff74d79d02904502cd5bf510f361451d14276622ec26b0728c8c95021b1ff39
SSDEEP

24576:aZHpelmy0REDq/TiITPOvTWoKkEF4XTkRA4o1zMgrmFpxTml:mHs0z/TiITPmKbF4XTkq4YzhExTml

Score

1^/10

Malware Config

Signatures

Files

d543595d1a06a5838ea36a50c8dcad21fd73dd4e0469759ef16ba677774394a8
.exe windows:4 windows x86

c301cf409e95d47244d32b2cd649e359

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

7f:43:34:d8:ea:88:95:32:91:21:c9:7d:8f:df:3a:d3
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

06/07/2009, 00:00

Not After

06/07/2011, 23:59

Subject

CN=Beijing ShengjingWanwei Technology Co.\,Ltd.,OU=Class 3 - for Microsoft Authenticode Signing,O=Beijing ShengjingWanwei Technology Co.\,Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

urlmon

CoInternetGetSession
CoGetClassObjectFromURL
CoInternetCombineUrl
RegisterBindStatusCallback
RevokeBindStatusCallback
ObtainUserAgentString

psapi

GetProcessMemoryInfo
GetModuleInformation

kernel32

FindNextFileW
FindFirstFileW
OpenEventW
GetShortPathNameW
GetFileSize
CreateDirectoryW
FreeResource
LockResource
GlobalLock
GlobalAlloc
SizeofResource
LoadResource
FindResourceW
MoveFileW
GetLocalTime
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileTime
lstrcmpA
DebugBreak
OutputDebugStringW
CreateThread
GetSystemTime
TlsGetValue
GetCurrentThread
HeapFree
HeapAlloc
HeapCreate
VirtualProtect
DeviceIoControl
GlobalUnlock
GlobalSize
LocalFree
GlobalFree
EnumResourceLanguagesW
GetVersion
LocalAlloc
CreateProcessW
GetSystemInfo
SetProcessWorkingSetSize
ExitProcess
GetWindowsDirectoryW
GetProcessHeap
GetProcessTimes
GetSystemTimeAsFileTime
GlobalDeleteAtom
GlobalAddAtomW
CompareFileTime
FlushInstructionCache
LocalFileTimeToFileTime
DosDateTimeToFileTime
VirtualFree
GetExitCodeThread
SwitchToThread
lstrcmpiA
ExitThread
lstrcmpiW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetStartupInfoA
FindClose
SuspendThread
SetThreadContext
GetThreadContext
ResumeThread
InterlockedCompareExchange
RemoveDirectoryW
GetCurrentThreadId
OpenThread
WaitForSingleObject
InitializeCriticalSection
Sleep
ExpandEnvironmentStringsW
GetFileAttributesW
SetFileAttributesW
GetCurrentProcessId
OpenProcess
CreateEventW
TlsAlloc
GetTickCount
GetTempFileNameW
MoveFileExW
CreateMutexW
GetLastError
GetCommandLineW
SetErrorMode
SetUnhandledExceptionFilter
VirtualQuery
GetVersionExW
WriteFile
SetFileTime
GetDiskFreeSpaceExW
SetFilePointer
SetEndOfFile
SystemTimeToFileTime
CreateWaitableTimerW
SetWaitableTimer
WaitForMultipleObjects
CancelWaitableTimer
IsBadReadPtr
IsBadWritePtr
GetSystemDirectoryW
CreateFileW
ReadFile
MultiByteToWideChar
WideCharToMultiByte
TerminateThread
GetTempPathW
SetLastError
lstrlenA
VirtualFreeEx
ReadProcessMemory
GetExitCodeProcess
VirtualAllocEx
WriteProcessMemory
DuplicateHandle
TlsSetValue
ResetEvent
GetLocaleInfoW
GetPrivateProfileStringW
DeleteFileW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetQueuedCompletionStatus
CopyFileW
FreeLibrary
GetModuleHandleA
VirtualAlloc
ReadDirectoryChangesW
GetThreadPriority
SetThreadPriority
PostQueuedCompletionStatus
CreateIoCompletionPort
InterlockedDecrement
InterlockedIncrement
lstrlenW
LoadLibraryW
GetProcAddress
GetModuleHandleW
GetLongPathNameW
GetModuleFileNameW
TerminateProcess
GetCurrentProcess
CloseHandle
TlsFree
SetEvent
CreateFileA

user32

SetDlgItemTextW
SetFocus
EndPaint
FillRect
GetClientRect
MapWindowPoints
GetDesktopWindow
GetWindowRect
GetDlgItem
BeginPaint
CopyRect
DestroyIcon
EndDialog
SetPropW
RemovePropW
DialogBoxParamW
RedrawWindow
ShowCursor
RegisterClassW
MessageBeep
MoveWindow
GetWindowModuleFileNameW
GetActiveWindow
SetWindowRgn
GetWindowRgn
IntersectRect
EnumThreadWindows
GetMenuItemID
GetMenuState
LoadStringA
SetLayeredWindowAttributes
SetActiveWindow
SetWindowPlacement
GetGUIThreadInfo
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetSysColor
InsertMenuItemW
SetRectEmpty
TrackPopupMenu
TrackPopupMenuEx
SetMenuInfo
GetMenuInfo
MenuItemFromPoint
CheckMenuRadioItem
LoadBitmapW
GetDoubleClickTime
GetSystemMenu
InflateRect
SetWindowPos
SetWindowLongW
GetWindowLongW
CreateWindowExW
IsWindow
SendMessageW
SetWindowTextW
GetWindowTextW
CallWindowProcW
PostMessageW
DefWindowProcW
DrawIconEx
ReleaseDC
GetDC
PtInRect
GetPropW
GetCursorPos
ScreenToClient
ClientToScreen
GetKeyState
DestroyMenu
IsClipboardFormatAvailable
EnableMenuItem
GetSubMenu
LoadMenuW
KillTimer
GetMenu
GetFocus
InvalidateRect
SetTimer
RegisterWindowMessageW
LoadStringW
AllowSetForegroundWindow
GetWindowThreadProcessId
GetKeyboardLayout
EnumWindows
GetClassNameW
IsWindowVisible
IsDlgButtonChecked
DrawIcon
LoadIconW
DrawTextW
CheckDlgButton
ShowWindow
DestroyWindow
MessageBoxW
GetForegroundWindow
EnableWindow
GetAncestor
SetForegroundWindow
TranslateMessage
DispatchMessageW
PeekMessageW
SetParent
LoadImageW
IsHungAppWindow
PostQuitMessage
GetWindow
AttachThreadInput
EndMenu
SendMessageTimeoutW
WaitForInputIdle
EqualRect
AdjustWindowRectEx
MonitorFromRect
RegisterClassExW
UnregisterHotKey
RegisterHotKey
SubtractRect
FindWindowW
MonitorFromPoint
MonitorFromWindow
GetMonitorInfoW
GetClipboardData
GetKeyNameTextW
GetWindowTextLengthW
EnumChildWindows
SetCursorPos
GetMenuStringW
ReleaseCapture
SetCapture
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
IsIconic
GetDlgItemTextW
MapVirtualKeyW
keybd_event
GetMessagePos
RegisterClipboardFormatW
CreatePopupMenu
InsertMenuW
SetMenuItemInfoW
FindWindowExW
LoadCursorW
SetCursor
TrackMouseEvent
UpdateWindow
IsChild
CharNextW
wvsprintfW
GetWindowDC
WindowFromPoint
GetWindowPlacement
SystemParametersInfoW
GetMessageW
ActivateKeyboardLayout
SetClassLongW
GetParent
GetSystemMetrics
DeleteMenu
RemoveMenu
CheckMenuItem
IsZoomed
MsgWaitForMultipleObjects
OffsetRect
CharNextA
CopyAcceleratorTableW
IsMenu
GetMenuItemCount
GetMenuItemInfoW
DestroyAcceleratorTable
TranslateAcceleratorW
LoadAcceleratorsW
CreateAcceleratorTableW
InSendMessageEx
ReplyMessage
PostThreadMessageW

gdi32

TextOutW
CreateRectRgnIndirect
FillRgn
SetBkColor
GetStockObject
SetBkMode
DeleteDC
DeleteObject
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
SetBitmapBits
CreateDIBSection
SetTextColor
CreateSolidBrush
StretchBlt
SetStretchBltMode
Rectangle
CreatePen
CreateFontIndirectW
GetObjectW
GetBitmapBits
LineTo
MoveToEx
GetDeviceCaps
GetDIBits
EnumFontsW
GetTextMetricsW
GetTextExtentPoint32W
CombineRgn
CreateRectRgn
CreateRoundRectRgn
CreatePolygonRgn
SetPixel
RoundRect

comdlg32

ChooseColorW
GetSaveFileNameW
GetOpenFileNameW

advapi32

RegOpenKeyW
RegCloseKey
RegQueryValueExW
RegSetValueExW
RegCreateKeyW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegOpenKeyExW
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
RegGetKeySecurity
FreeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
RegEnumKeyW
RegQueryInfoKeyW
RegSetKeySecurity
CopySid
GetTokenInformation

shell32

SHGetSpecialFolderLocation
DragQueryFileW
Shell_NotifyIconW
SHBrowseForFolderW
SHGetPathFromIDListW
SHAppBarMessage
SHGetFileInfoW
SHGetFolderPathW
SHGetDesktopFolder
SHGetMalloc
SHGetSpecialFolderPathW
ExtractIconExW
SHFileOperationW
ShellExecuteW
ShellExecuteExW
SHChangeNotify
ord680

ole32

PropVariantClear
CLSIDFromProgID
OleRun
CLSIDFromString
OleSetContainedObject
ReleaseStgMedium
CoMarshalInterface
GetHGlobalFromStream
OleDraw
OleCreate
OleInitialize
OleUninitialize
CoGetClassObject
CreateStreamOnHGlobal
CoUnmarshalInterface
CoCreateGuid
StringFromCLSID
CoTaskMemFree
RegisterDragDrop
DoDragDrop
OleDuplicateData
RevokeDragDrop
CoCreateInstance
CoGetMalloc
CoInitialize
CoUninitialize
CoRegisterClassObject
CoRevokeClassObject

oleaut32

SysFreeString
SysAllocString
SysAllocStringLen
SafeArrayDestroy
SystemTimeToVariantTime
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreateVector
SysStringLen
VariantClear

shlwapi

PathFindExtensionW
PathGetDriveNumberW
SHDeleteValueW
StrStrIW
PathFileExistsW
PathIsURLW
PathCombineW
PathIsDirectoryW
UrlIsOpaqueW
SHGetValueW
UrlGetPartW
StrStrIA
SHDeleteKeyW
PathFindFileNameW
PathFindFileNameA
StrCmpIW
PathRemoveFileSpecW
UrlEscapeW
PathIsRootW
UrlCanonicalizeW
StrStrW
PathMatchSpecW
PathIsUNCW
StrRetToBufW
SHEnumKeyExW
StrCmpW
UrlUnescapeW
SHStrDupW
SHSetValueW

wininet

CreateUrlCacheEntryA
HttpOpenRequestW
HttpSendRequestExW
InternetOpenW
InternetConnectW
InternetSetOptionA
InternetSetStatusCallbackW
InternetTimeToSystemTimeA
InternetQueryOptionA
HttpQueryInfoA
FindFirstUrlCacheEntryW
DeleteUrlCacheEntryW
UnlockUrlCacheEntryFileW
FindNextUrlCacheEntryW
FindFirstUrlCacheEntryA
DeleteUrlCacheEntryA
UnlockUrlCacheEntryFileA
FindNextUrlCacheEntryA
FindCloseUrlCache
InternetGetCookieA
InternetGetConnectedState
InternetCanonicalizeUrlW
InternetSetCookieA
CreateUrlCacheEntryW
CommitUrlCacheEntryW
InternetGetCookieExA
InternetSetCookieExA
InternetSetStatusCallbackA
HttpOpenRequestA
InternetOpenA
CommitUrlCacheEntryA
FtpGetFileSize
RetrieveUrlCacheEntryStreamA
UnlockUrlCacheEntryStream
InternetSetCookieW
InternetSetCookieExW
InternetGetCookieW
InternetGetCookieExW
HttpAddRequestHeadersA
GetUrlCacheEntryInfoW
HttpQueryInfoW
InternetCloseHandle
InternetReadFileExA
InternetReadFile
HttpEndRequestW
InternetCrackUrlW
InternetSetOptionW
InternetQueryOptionW
FtpCommandW
InternetGetLastResponseInfoW
InternetWriteFile
FtpOpenFileW

winmm

midiStreamClose
waveOutWrite
midiStreamOut

dsound

ord1

wintrust

CryptCATAdminEnumCatalogFromHash
CryptCATAdminAcquireContext
WinVerifyTrust
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminReleaseContext
CryptCATAdminReleaseCatalogContext

msvcp60

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHABV12@@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIPBDI@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB

msvcrt

_ltow
_ftol
_wcsicmp
_wtoi
_beginthreadex
time
wcsrchr
wcsncpy
??2@YAPAXI@Z
wcschr
wcspbrk
isalpha
_wcsnicmp
wcscpy
wcscat
wcsncmp
wcscmp
wcsstr
wcslen
_purecall
_snwprintf
__CxxFrameHandler
iswalpha
sprintf
isalnum
toupper
_snprintf
_wtol
_ui64tow
wcsncat
_wtoi64
_stricmp
_itow
fclose
fread
ftell
fseek
fopen
_wfopen
fwrite
memmove
free
malloc
strstr
strchr
_except_handler3
mktime
_wmakepath
_wsplitpath
atoi
strtok
localtime
fflush
wcstok
qsort
iswdigit
strncpy
strncmp
wcstod
iswspace
strrchr
_wcsdup
fputs
swscanf
swprintf
fputws
fwprintf
_strlwr
strncat
_CIpow
towlower
_ismbslead
fprintf
_strnicmp
fgets
rewind
_atoi64
isspace
exit
scanf
printf
memset
memcpy
_CxxThrowException
__dllonexit
_onexit
?terminate@@YAXXZ
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
??1type_info@@UAE@XZ
_controlfp
realloc

gdiplus

GdipSetImageAttributesGamma
GdipSetImageAttributesColorMatrix
GdipSaveImageToFile
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipCloneImage
GdipDisposeImage
GdipCreateFromHDC
GdipDeleteGraphics
GdipDrawImageRectRectI
GdipSetInterpolationMode
GdipLoadImageFromStream
GdipGetImageWidth
GdipGetImageHeight
GdipAlloc
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipFree
GdiplusStartup
GdiplusShutdown

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

netapi32

Netbios

comctl32

ImageList_Create
ImageList_Destroy
ImageList_ReplaceIcon
ImageList_Remove
ImageList_Draw
ImageList_GetIcon
ImageList_GetImageCount
ImageList_AddMasked
InitCommonControlsEx
ImageList_Duplicate
ImageList_SetBkColor
ImageList_DrawEx
ImageList_GetIconSize
ImageList_DragShowNolock
ImageList_DragEnter
ImageList_BeginDrag
ImageList_EndDrag
ImageList_DragMove

Sections

.text
Size: 912KB - Virtual size: 912KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 104KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taihang
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 356KB - Virtual size: 356KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c301cf409e95d47244d32b2cd649e359

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04Certificate

Extended Key Usages

Key Usages

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0dCertificate

Extended Key Usages

Key Usages

7f:43:34:d8:ea:88:95:32:91:21:c9:7d:8f:df:3a:d3Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

urlmon

psapi

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

wininet

winmm

dsound

wintrust

msvcp60

msvcrt

gdiplus

version

netapi32

comctl32

Sections

.text Size: 912KB - Virtual size: 912KB

.rdata Size: 68KB - Virtual size: 68KB

.data Size: 104KB - Virtual size: 1.7MB

.taihang Size: 184KB - Virtual size: 184KB

.rsrc Size: 356KB - Virtual size: 356KB

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

7f:43:34:d8:ea:88:95:32:91:21:c9:7d:8f:df:3a:d3
Certificate

.text
Size: 912KB - Virtual size: 912KB

.rdata
Size: 68KB - Virtual size: 68KB

.data
Size: 104KB - Virtual size: 1.7MB

.taihang
Size: 184KB - Virtual size: 184KB

.rsrc
Size: 356KB - Virtual size: 356KB