906193a1f72c69e28870db49ce6759f902e29305769d6f69079c0d72301bfef5

Sharing

Copy URL Twitter E-mail

General

Target

906193a1f72c69e28870db49ce6759f902e29305769d6f69079c0d72301bfef5
Size

2.3MB
MD5

532dfe2f9ac31fdf64939584238643b9
SHA1

501f786c32bd2f473b1df149917a9d12113286d5
SHA256

906193a1f72c69e28870db49ce6759f902e29305769d6f69079c0d72301bfef5
SHA512

567e26700e370a7fbe04de046b220102ad360dde6f8ea19354effd61cb29b4f1def754c1d24cec75eb7d4fbaad50c7ade3a9071c6b41203211db1a58937ab138
SSDEEP

49152:WBIoJyjxboeFME8/ciXbiqRgYTjjJcPGsZw:XjtFebnRg

Score

1^/10

Malware Config

Signatures

Files

906193a1f72c69e28870db49ce6759f902e29305769d6f69079c0d72301bfef5
.exe windows:5 windows x86 arch:x86

9942e5458112607a86977e53d4d13147

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

72:d3:ce:02:eb:71:f7:99:ec:b5:f8:bb:79:66:28:a6
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

10/07/2009, 00:00

Not After

14/07/2012, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmNotifyIME
ImmAssociateContext
ImmSetHotKey
ImmGetHotKey
ImmGetContext
ImmReleaseContext

msimg32

GradientFill
TransparentBlt
AlphaBlend

comctl32

ImageList_Create
_TrackMouseEvent
InitCommonControlsEx
ImageList_LoadImageW
ImageList_ReplaceIcon

kernel32

GetCurrentDirectoryA
GetFullPathNameW
GetStartupInfoA
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
LoadLibraryA
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringA
SetEnvironmentVariableA
GetModuleFileNameW
CompareStringW
OpenEventW
GetExitCodeProcess
GetTickCount
CloseHandle
OpenFileMappingW
GetLocalTime
GetLastError
CreateFileW
Sleep
WriteFile
WaitForSingleObject
GetCurrentProcess
UnmapViewOfFile
MapViewOfFile
FindFirstFileW
GetSystemDefaultLangID
GetModuleHandleA
GetDateFormatA
GetConsoleCP
GetConsoleMode
GetFullPathNameA
GetTimeFormatA
HeapSize
GetModuleFileNameA
GetStdHandle
SetStdHandle
VirtualAlloc
VirtualFree
HeapCreate
SetEndOfFile
GetProcessHeap
GetStringTypeA
CreateFileMappingW
GetUserDefaultLCID
QueryPerformanceCounter
QueryPerformanceFrequency
LCMapStringW
InterlockedCompareExchange
SetEvent
InterlockedExchange
CreateEventW
WaitNamedPipeW
CreateDirectoryW
CreateMutexW
OpenMutexW
ReleaseMutex
InterlockedIncrement
GetTempFileNameW
CreateProcessW
MoveFileExW
GlobalAlloc
CopyFileW
FileTimeToSystemTime
GlobalFree
GetFileTime
GetCurrentThreadId
DeleteFileW
SetFileAttributesW
SetFilePointer
FormatMessageW
ExitThread
SetLastError
WaitForMultipleObjects
DuplicateHandle
LocalFree
CreateThread
WideCharToMultiByte
MultiByteToWideChar
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetSystemDirectoryW
FindClose
RemoveDirectoryW
FindNextFileW
GetCommandLineW
GetModuleHandleW
LoadLibraryW
GetTempPathW
GetProcAddress
GetCurrentProcessId
InterlockedDecrement
LocalAlloc
GetFileSize
ReadFile
FlushFileBuffers
FreeLibrary
DeleteFileA
VirtualQuery
SetUnhandledExceptionFilter
lstrcatW
IsDebuggerPresent
lstrcpyW
InitializeCriticalSection
FindResourceW
LoadResource
SizeofResource
LockResource
GlobalLock
GlobalUnlock
GlobalReAlloc
CreateFileA
CreateFileMappingA
OpenFileMappingA
GetWindowsDirectoryA
GlobalHandle
LoadLibraryExW
ExpandEnvironmentStringsW
GetLocaleInfoW
EnumSystemLocalesW
GetEnvironmentVariableW
HeapFree
HeapAlloc
GetTimeZoneInformation
HeapReAlloc
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
ExitProcess
GetStartupInfoW
ResumeThread
FileTimeToLocalFileTime
GetDriveTypeW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
RtlUnwind
GetDriveTypeA
FindFirstFileA
GetFileType
RaiseException
GetCPInfo
LCMapStringA
GetStringTypeW
GetACP
GetOEMCP
IsValidCodePage

user32

GetDlgCtrlID
CopyRect
CheckRadioButton
CheckDlgButton
IsDlgButtonChecked
CreateWindowExW
GetAsyncKeyState
SetTimer
KillTimer
GetWindowDC
GetClassNameW
SetForegroundWindow
DialogBoxParamW
EndPaint
DestroyWindow
SystemParametersInfoW
EnumWindows
wvsprintfW
GetWindowThreadProcessId
GetPropW
RegisterClassExW
SetPropW
GetClassInfoExW
PostQuitMessage
RemovePropW
GetTopWindow
GetDCEx
DialogBoxIndirectParamW
InflateRect
LoadImageW
LoadBitmapW
GetDesktopWindow
SetRect
DispatchMessageW
TranslateMessage
UpdateLayeredWindow
GetMonitorInfoW
GetCursor
RedrawWindow
IntersectRect
SubtractRect
MonitorFromPoint
SetWindowRgn
SetCursorPos
MsgWaitForMultipleObjectsEx
PeekMessageW
IsIconic
VkKeyScanW
GetKeyboardLayoutList
LoadStringW
LoadKeyboardLayoutW
UnloadKeyboardLayout
SetCursor
ScreenToClient
GetWindowRect
FillRect
SetCapture
PostMessageW
DrawTextW
GetFocus
GetParent
TrackMouseEvent
LoadCursorW
IsWindowEnabled
FindWindowW
GetClientRect
SetFocus
SetRectEmpty
BeginPaint
PtInRect
GetDC
GetCapture
DrawFocusRect
LoadIconW
OffsetRect
InvalidateRect
GetWindowLongW
GetWindowTextW
ReleaseDC
GetDlgItem
ScrollWindow
SetWindowLongW
EndDialog
GetSysColor
SetWindowPos
GetCursorPos
ShowWindow
CreateDialogParamW
IsWindow
MessageBoxW
ReleaseCapture
GetSystemMetrics
IsWindowVisible
SendMessageW
EnableWindow
SetWindowTextW
CallWindowProcW
DefWindowProcW
GetWindow
MoveWindow
ClientToScreen
GetWindowTextLengthW
SetDlgItemTextW
GetDlgItemTextW
SetScrollInfo
SetScrollRange
GetScrollInfo

gdi32

StretchBlt
DeleteDC
LineTo
TextOutW
GetDeviceCaps
CreateFontW
CreateCompatibleDC
GetTextExtentPoint32W
SetBkColor
RoundRect
EnumFontFamiliesExW
SetTextColor
MoveToEx
CreateFontIndirectW
OffsetRgn
StretchDIBits
GetCharABCWidthsFloatW
CombineRgn
ExtCreateRegion
GetClipRgn
CreateDIBSection
CreateRectRgn
GetFontData
GetPixel
CreateCompatibleBitmap
SelectClipRgn
CreateRectRgnIndirect
ExtSelectClipRgn
GetTextMetricsW
GetTextExtentExPointW
BitBlt
SetBkMode
DeleteObject
SelectObject
Rectangle
GetObjectW
CreatePen
GetStockObject
CreateSolidBrush

comdlg32

GetSaveFileNameW
GetOpenFileNameW
ChooseColorW

shell32

SHGetFolderPathW
ShellExecuteW
SHFileOperationW
ExtractIconW
SHGetSpecialFolderPathW
ShellExecuteExW

hwsignature

GenHWID

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

shlwapi

StrStrIW
SHDeleteKeyW

advapi32

RegQueryValueW
RegOpenKeyExW
RegCloseKey
OpenProcessToken
GetTokenInformation
LookupAccountSidW
RegEnumKeyW
RegCreateKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW
RegEnumValueW
RegFlushKey
RegSetValueExW
AddAccessAllowedAceEx
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetNamedSecurityInfoW
GetNamedSecurityInfoW
InitializeAcl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
SetEntriesInAclW
GetSidLengthRequired
GetSecurityDescriptorSacl
BuildExplicitAccessWithNameW
SetSecurityDescriptorSacl
RegOpenKeyW
RegQueryValueExW

ole32

CreateStreamOnHGlobal

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 409KB - Virtual size: 409KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 204KB - Virtual size: 238KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 165KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9942e5458112607a86977e53d4d13147

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

72:d3:ce:02:eb:71:f7:99:ec:b5:f8:bb:79:66:28:a6Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

imm32

msimg32

comctl32

kernel32

user32

gdi32

comdlg32

shell32

hwsignature

version

shlwapi

advapi32

ole32

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 409KB - Virtual size: 409KB

.data Size: 204KB - Virtual size: 238KB

.rsrc Size: 51KB - Virtual size: 51KB

.reloc Size: 165KB - Virtual size: 180KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

72:d3:ce:02:eb:71:f7:99:ec:b5:f8:bb:79:66:28:a6
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 409KB - Virtual size: 409KB

.data
Size: 204KB - Virtual size: 238KB

.rsrc
Size: 51KB - Virtual size: 51KB

.reloc
Size: 165KB - Virtual size: 180KB