e[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

e.exe
Size

3.7MB
MD5

569aaee0d37aaf2cc146f8365fbfee0f
SHA1

abd07815d8c40c711a0a2dba8ed07b8f7c4d6ca7
SHA256

d3d68d7b09e5f02219129c961513b2ce084d13f0a3bdb9d1c7898fab18426df6
SHA512

1e59961fe4f89e014ad740a8df52925d63277be30874b7a46225b533028447dc0168ef3c83861b1174de5a72db9d3b135732860e26dfcd43cc74aef1c1884ea7
SSDEEP

98304:AI8xdgcmkuT93Cvmtud9LS51a+FsffmzSvV5/JbPPMYZAvl:AI8/gcYEVdFfmzSvV5/xUY2N

Score

1^/10

Malware Config

Signatures

Files

e.exe
.exe windows:6 windows x86

6223e2a34cf62e4f400f86a27bd26e68

Code Sign

06:cd:53:28:49:6e:09:da:53:27:ba:46:57:d0:9f:15
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20-07-2013 00:00

Not After

17-09-2016 23:59

Subject

CN=sdcsd-dmc��,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=sdcsd-dmc��,L=Mongkok,ST=Kowloon,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a0:aa:8d:45:ea:e1:e4:de:d5:5d:c1:9e:77:4c:84:d5:13:67:2c:c1
Signer

Actual PE Digest

a0:aa:8d:45:ea:e1:e4:de:d5:5d:c1:9e:77:4c:84:d5:13:67:2c:c1

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetUserDefaultLCID
FileTimeToLocalFileTime
FindNextFileA
SystemTimeToTzSpecificLocalTime
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalAlloc
LocalReAlloc
GetCurrentProcessId
GetThreadLocale
GlobalFlags
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
VirtualProtect
GetOEMCP
GetCPInfo
GetACP
FlushFileBuffers
LockFile
SetEndOfFile
UnlockFile
GetVolumeInformationA
DuplicateHandle
GetCurrentProcess
LoadLibraryExA
GetShortPathNameA
lstrcmpiA
MoveFileA
GetStringTypeExA
GetFileAttributesExA
GetFileSizeEx
SetFileAttributesA
lstrcpyA
FindResourceExW
GetWindowsDirectoryA
SetErrorMode
VerSetConditionMask
VerifyVersionInfoA
GetTickCount64
GetProfileIntA
GetTempPathA
SearchPathA
LocalLock
LocalUnlock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
RaiseException
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
GetSystemInfo
VirtualQuery
GetTempFileNameA
FreeLibraryAndExitThread
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
GetFullPathNameW
HeapQueryInformation
QueryPerformanceFrequency
SetStdHandle
GetFileType
GetStdHandle
GetTempPathW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
IsValidLocale
EnumSystemLocalesW
GetStringTypeW
GetDriveTypeW
GetTimeZoneInformation
GetConsoleOutputCP
GetConsoleMode
ReadConsoleW
SetFilePointerEx
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetConsoleCtrlHandler
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateFileW
WriteConsoleW
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
lstrcmpA
GetModuleFileNameA
GetVersionExA
GetCurrentThread
ResumeThread
SuspendThread
SetThreadPriority
CreateEventA
WaitForSingleObject
SetEvent
CompareStringA
GlobalGetAtomNameA
GlobalFindAtomA
GlobalAddAtomA
lstrcmpW
GlobalDeleteAtom
LoadLibraryW
LoadLibraryExW
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
GetSystemDirectoryW
GetCurrentThreadId
EncodePointer
OutputDebugStringA
CopyFileA
FormatMessageA
MulDiv
LocalFree
GlobalFree
GlobalLock
GlobalUnlock
GlobalSize
GlobalAlloc
SetLastError
ReplaceFileA
GetFullPathNameA
GetFileTime
ExitThread
GetDiskFreeSpaceA
MultiByteToWideChar
FindFirstFileA
FindClose
FileTimeToSystemTime
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
GetTickCount
GetLocalTime
GetFileInformationByHandle
SystemTimeToFileTime
SetFileTime
SetFilePointer
LocalFileTimeToFileTime
GetFileAttributesA
CreateDirectoryA
GetCurrentDirectoryA
Sleep
WideCharToMultiByte
FindResourceA
LoadLibraryA
FindResourceW
SizeofResource
LockResource
LoadResource
GetProcAddress
GetModuleHandleA
VirtualAlloc
CreateThread
ExitProcess
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
CloseHandle
DecodePointer
WriteFile
ReadFile
GetFileSize
DeleteFileA
GetAtomNameA
CreateFileA

user32

MapDialogRect
GetDialogBaseUnits
SetTimer
KillTimer
CharUpperA
LoadAcceleratorsW
LoadMenuW
SetCapture
DrawIcon
SetWindowRgn
WindowFromPoint
GetTabbedTextExtentW
InSendMessage
WindowFromDC
PostThreadMessageA
CopyAcceleratorTableA
CreateMenu
GetKeyNameTextA
MapVirtualKeyA
UnionRect
GetDCEx
LockWindowUpdate
TrackMouseEvent
LoadImageW
GetMenuDefaultItem
WaitMessage
IsClipboardFormatAvailable
GetNextDlgGroupItem
DrawFocusRect
DrawIconEx
GetIconInfo
MessageBeep
EnableScrollBar
HideCaret
InvertRect
NotifyWinEvent
SetLayeredWindowAttributes
EnumDisplayMonitors
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DrawStateA
SetClassLongA
DrawEdge
DrawFrameControl
SetCursorPos
CopyIcon
FrameRect
SendNotifyMessageA
RegisterClipboardFormatA
UpdateLayeredWindow
MonitorFromPoint
GetComboBoxInfo
GetKeyboardLayout
IsCharLowerA
MapVirtualKeyExA
GetKeyboardState
ToAsciiEx
CreateAcceleratorTableA
DestroyAcceleratorTable
SetMenuDefaultItem
GetDoubleClickTime
ModifyMenuA
CharUpperBuffA
GetUpdateRect
EnumChildWindows
DrawMenuBar
DefFrameProcA
DefMDIChildProcA
TranslateMDISysAccel
SubtractRect
MonitorFromRect
GetWindowRgn
GetTabbedTextExtentA
LoadMenuA
TranslateAcceleratorA
LoadAcceleratorsA
ReleaseCapture
BringWindowToTop
DestroyCursor
LoadCursorW
LoadCursorA
OffsetRect
SetRect
ClientToScreen
GetWindowDC
TabbedTextOutA
GrayStringA
DrawTextExA
DrawTextA
SetRectEmpty
ReleaseDC
GetDC
GetWindowThreadProcessId
SetCursor
ShowOwnedPopups
PostQuitMessage
GetCursorPos
TranslateMessage
GetMessageA
GetActiveWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamA
IsDialogMessageA
SetWindowTextA
ScrollWindowEx
IsWindowEnabled
GetAsyncKeyState
IsDlgButtonChecked
CheckRadioButton
CheckDlgButton
GetDlgItemTextA
SetDlgItemTextA
GetDlgItemInt
SetDlgItemInt
MoveWindow
ShowWindow
GetMonitorInfoA
MonitorFromWindow
WinHelpA
GetScrollInfo
SetScrollInfo
LoadIconW
LoadIconA
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
GetWindow
GetLastActivePopup
GetTopWindow
GetClassNameA
GetClassLongA
SetWindowLongA
GetWindowLongA
PtInRect
EqualRect
CopyRect
GetSysColor
MapWindowPoints
ScreenToClient
MessageBoxA
AdjustWindowRectEx
GetWindowRect
GetClientRect
GetWindowTextLengthA
GetWindowTextA
RemovePropA
GetPropA
SetPropA
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
ValidateRect
EndPaint
BeginPaint
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
TrackPopupMenuEx
TrackPopupMenu
SetMenu
GetMenu
GetCapture
GetKeyState
SetFocus
GetDlgCtrlID
GetDlgItem
IsIconic
IsWindowVisible
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
SetWindowPos
DestroyWindow
IsChild
IsMenu
IsWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
CallWindowProcA
DefWindowProcA
PostMessageA
GetMessageTime
GetMessagePos
PeekMessageA
DispatchMessageA
RegisterWindowMessageA
LoadBitmapW
GetParent
SetMenuItemInfoA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetFocus
SendMessageA
RemoveMenu
AppendMenuA
InsertMenuA
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringA
UnregisterClassA
EnableWindow
UpdateWindow
FillRect
wsprintfA
GetDesktopWindow
CopyImage
InflateRect
GetMenuItemInfoA
RealChildWindowFromPoint
GetSysColorBrush
GetSystemMetrics
IsZoomed
SetParent
SystemParametersInfoA
IsRectEmpty
DeleteMenu
GetSystemMenu
ReuseDDElParam
UnpackDDElParam
GetMenuBarInfo
LoadImageA
DestroyIcon
IntersectRect
InsertMenuItemA
DestroyMenu
SendDlgItemMessageA
CreatePopupMenu
InvalidateRect

gdi32

SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
EndDoc
StartPage
EndPage
AbortDoc
SetAbortProc
DPtoLP
GetViewportOrgEx
PatBlt
Rectangle
GetTextExtentPoint32A
GetTextMetricsA
CreateFontA
GetCharWidthA
StretchDIBits
CombineRgn
CreateRectRgnIndirect
GetMapMode
SetRectRgn
CreateEllipticRgn
Ellipse
CreateDCA
GetDeviceCaps
CreateBitmap
SetBkColor
PolylineTo
GetObjectA
CreateCompatibleBitmap
CreateCompatibleDC
CreatePen
TextOutA
CreateDIBSection
CreateFontIndirectA
BitBlt
CreateDIBPatternBrushPt
CreateHatchBrush
CreatePatternBrush
CreateRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
Escape
ExcludeClipRect
GetClipBox
GetClipRgn
GetCurrentPositionEx
GetObjectType
GetPixel
GetStockObject
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
OffsetClipRgn
PlayMetaFile
PtVisible
RectVisible
RestoreDC
PolyBezierTo
SetTextColor
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkMode
SetMapperFlags
SetGraphicsMode
SetMapMode
SetLayout
GetLayout
ExtTextOutA
MoveToEx
ExtCreatePen
SetArcDirection
SelectClipPath
PolyDraw
ArcTo
StartDocA
SetColorAdjustment
ModifyWorldTransform
SetWorldTransform
EnumMetaFile
PlayMetaFileRecord
SetTextJustification
RoundRect
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextCharacterExtra
LPtoDP
GetBkColor
GetROP2
GetBkMode
CopyMetaFileA
SetPixelV
GetNearestColor
GetPolyFillMode
GetStretchBltMode
GetTextAlign
GetTextColor
GetTextExtentPointA
GetTextExtentPoint32W
GetWindowOrgEx
GetTextFaceA
EnumFontFamiliesExA
CloseMetaFile
CreateMetaFileA
DeleteMetaFile
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
CreateDIBitmap
EnumFontFamiliesA
GetTextCharsetInfo
GetDIBits
SetPixel
StretchBlt
SetDIBColorTable
CreatePolygonRgn
Polygon
Polyline
CreateRoundRectRgn
GetRgnBox
OffsetRgn
GetCurrentObject
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
ExtFloodFill
SetPaletteEntries
SetTextAlign

msimg32

AlphaBlend
TransparentBlt

shlwapi

PathRemoveFileSpecW
PathStripToRootA
PathIsUNCA
PathRemoveExtensionA
PathFindFileNameA
PathFindExtensionA
StrFormatKBSizeA

uxtheme

GetWindowTheme
GetCurrentThemeName
GetThemeColor
IsAppThemed
GetThemePartSize
GetThemeSysColor
OpenThemeData
DrawThemeText
DrawThemeParentBackground
IsThemeBackgroundPartiallyTransparent
DrawThemeBackground
CloseThemeData

oledlg

ord8

crypt32

CryptEnumOIDInfo

gdiplus

GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipDrawImageI
GdipDeleteGraphics
GdipDrawImageRectI
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipSetInterpolationMode
GdiplusShutdown
GdipAlloc
GdipFree
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter
GetJobA

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA
RegEnumKeyA
RegQueryValueA
SetFileSecurityA
GetFileSecurityA
RegEnumValueA
RegOpenKeyExW
RegEnumKeyExA
RegSetValueA

shell32

SHGetPathFromIDListA
ExtractIconA
SHAddToRecentDocs
DragFinish
DragQueryFileA
SHGetSpecialFolderLocation
SHGetDesktopFolder
ShellExecuteA
SHGetMalloc
SHBrowseForFolderA
SHAppBarMessage
ShellExecuteExA
SHGetFileInfoA

ole32

CreateItemMoniker
OleSaveToStream
CreateOleAdviseHolder
CoLockObjectExternal
GetRunningObjectTable
OleRun
OleIsRunning
CoGetMalloc
GetHGlobalFromILockBytes
OleCreate
OleCreateFromData
OleCreateLinkFromData
OleCreateStaticFromData
OleCreateLinkToFile
OleCreateFromFile
OleLoad
CreateDataAdviseHolder
OleSetContainedObject
OleLockRunning
OleGetIconOfClass
OleSetMenuDescriptor
OleSetClipboard
OleFlushClipboard
OleIsCurrentClipboard
DoDragDrop
CoFreeUnusedLibraries
OleInitialize
OleUninitialize
OleQueryLinkFromData
OleQueryCreateFromData
RegisterDragDrop
RevokeDragDrop
CoGetClassObject
CoRegisterClassObject
CoRevokeClassObject
CoRegisterMessageFilter
CLSIDFromProgID
StringFromCLSID
WriteClassStm
StgCreateDocfileOnILockBytes
CreateFileMoniker
CreateILockBytesOnHGlobal
StgIsStorageFile
StgOpenStorageOnILockBytes
StgOpenStorage
StgCreateDocfile
OleGetClipboard
IsAccelerator
OleTranslateAccelerator
CoTaskMemAlloc
CoTaskMemFree
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleRegEnumVerbs
OleRegGetMiscStatus
CoInitializeEx
CreateStreamOnHGlobal
CLSIDFromString
CoDisconnectObject
StringFromGUID2
PropVariantCopy
CoInitialize
CoCreateInstance
CoCreateGuid
CoUninitialize
SetConvertStg
OleRegGetUserType
ReleaseStgMedium
OleDuplicateData
ReadFmtUserTypeStg
CreateGenericComposite
WriteFmtUserTypeStg
CreateBindCtx
CoTreatAsClass
WriteClassStg
ReadClassStg
OleSave

oleaut32

VariantClear
VariantChangeType
LoadTypeLi
LoadRegTypeLi
RegisterTypeLi
SysStringLen
SysReAllocStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayCreate
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayRedim
VariantInit
SafeArrayGetElemsize
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayLock
SafeArrayUnlock
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayPutElement
SafeArrayCopy
SafeArrayPtrOfIndex
VariantCopy
SysAllocStringLen
SysAllocStringByteLen
SysFreeString
SysStringByteLen
VarDateFromStr
VarCyFromStr
VarBstrFromCy
VarBstrFromDate
VarBstrFromDec
VarDecFromStr
SysAllocString
SafeArrayGetDim

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 531KB - Virtual size: 531KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 563KB - Virtual size: 562KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 199KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6223e2a34cf62e4f400f86a27bd26e68

Code Sign

06:cd:53:28:49:6e:09:da:53:27:ba:46:57:d0:9f:15Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

a0:aa:8d:45:ea:e1:e4:de:d5:5d:c1:9e:77:4c:84:d5:13:67:2c:c1Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

shlwapi

uxtheme

oledlg

crypt32

gdiplus

oleacc

imm32

winmm

winspool.drv

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 531KB - Virtual size: 531KB

.data Size: 31KB - Virtual size: 50KB

.rsrc Size: 563KB - Virtual size: 562KB

.reloc Size: 199KB - Virtual size: 199KB

06:cd:53:28:49:6e:09:da:53:27:ba:46:57:d0:9f:15
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

a0:aa:8d:45:ea:e1:e4:de:d5:5d:c1:9e:77:4c:84:d5:13:67:2c:c1
Signer

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 531KB - Virtual size: 531KB

.data
Size: 31KB - Virtual size: 50KB

.rsrc
Size: 563KB - Virtual size: 562KB

.reloc
Size: 199KB - Virtual size: 199KB