823b98dbad3ba9bfcd84a15a573528d3b828868f886352af526748e8d3f20b33

Sharing

Copy URL Twitter E-mail

General

Target

823b98dbad3ba9bfcd84a15a573528d3b828868f886352af526748e8d3f20b33
Size

3.8MB
MD5

fe5f9b708491078cb1813a6d019d2836
SHA1

4596f3b0ce86b14d82c5dc3cf9fa8deafa2a0c2d
SHA256

823b98dbad3ba9bfcd84a15a573528d3b828868f886352af526748e8d3f20b33
SHA512

7bbe4af36498a495ff8e35c11bd20bba5f3a9bec976045120e16a8c67dc4e9bb3ac25612a358dacdbc3a96bc4cefd29eea90ef20d07abb0cab7c3fef9dae7b90
SSDEEP

98304:1+H8DZ9QM3u7gDdP4MBFy52fNGXUIPJaa19GB4pkk:1+H8DQgusDdP4MBFyUfNGXDPJaa19B

Score

1^/10

Malware Config

Signatures

Files

823b98dbad3ba9bfcd84a15a573528d3b828868f886352af526748e8d3f20b33
.exe windows:4 windows x86 arch:x86

03e2b274d3d935ffa358e5db10885912

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:d2:08:d5:87:8e:4d:25:73:4d:33:5f:71:c6:4a:5d
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

06/05/2012, 00:00

Not After

05/06/2013, 23:59

Subject

CN=上海瑞创网络科技股份有限公司,OU=Provided by TrustAsia,O=上海瑞创网络科技股份有限公司,L=上海,ST=上海,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

cc:84:5a:5a:12:07:0d:92:bc:b8:0c:c4:ae:63:d2:89:99:d4:a6:d0
Signer

Actual PE Digest

cc:84:5a:5a:12:07:0d:92:bc:b8:0c:c4:ae:63:d2:89:99:d4:a6:d0

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetReadFile
InternetConnectW
InternetOpenUrlW
HttpSendRequestW
InternetSetOptionW
InternetOpenW
InternetWriteFile
InternetCrackUrlW
HttpOpenRequestW
HttpEndRequestW
HttpSendRequestExW
HttpQueryInfoW
InternetCloseHandle

kernel32

GetTempFileNameW
GetExitCodeProcess
WriteFile
GetFileAttributesW
WaitForSingleObject
GetLongPathNameW
GetModuleFileNameW
CreateFileW
MultiByteToWideChar
GetUserDefaultLangID
LocalFree
LocalAlloc
lstrlenW
HeapFree
GetProcessHeap
HeapAlloc
FreeLibrary
LoadLibraryW
ExpandEnvironmentStringsW
CopyFileW
LockResource
InterlockedDecrement
LoadLibraryExW
GetCurrentProcessId
FindResourceW
lstrcmpiW
InterlockedIncrement
GetComputerNameW
LoadLibraryA
LoadResource
DeleteCriticalSection
SizeofResource
Process32FirstW
InitializeCriticalSection
CreateToolhelp32Snapshot
Process32NextW
FreeResource
WideCharToMultiByte
GetACP
CreateDirectoryW
FindClose
FindFirstFileW
FindNextFileW
SetFilePointer
SetEndOfFile
ReadFile
GetFileSize
ReleaseMutex
CreateMutexW
GetTempPathW
WritePrivateProfileStringW
GetWindowsDirectoryW
SetFileAttributesW
GetFullPathNameW
MoveFileExW
MoveFileW
GetModuleFileNameA
GetStdHandle
ExitProcess
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
HeapSize
HeapCreate
HeapDestroy
RtlUnwind
GetStartupInfoA
GetCommandLineA
CreateThread
ExitThread
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapReAlloc
GetThreadLocale
GetLocaleInfoA
InterlockedExchange
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedCompareExchange
GetVersionExA
ReadProcessMemory
WriteProcessMemory
VirtualFreeEx
CloseHandle
GetCPInfo
OpenProcess
GetTickCount
Sleep
EnterCriticalSection
IsValidCodePage
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
VirtualAllocEx
DeleteFileW
RemoveDirectoryW
GetLastError
GetPrivateProfileStringW
LeaveCriticalSection
GetCurrentThreadId
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
LCMapStringA
LCMapStringW
GetConsoleCP
RaiseException
SetLastError
GetCurrentProcess
FlushInstructionCache
GetVersionExW
GetModuleHandleW
GetProcAddress
GetConsoleMode
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetOEMCP

user32

MonitorFromWindow
GetActiveWindow
GetParent
SetDlgItemTextW
GetTopWindow
GetMonitorInfoW
GetDlgItem
GetWindowRect
MapWindowPoints
PostQuitMessage
BringWindowToTop
ShowWindow
EnableWindow
GetWindow
PeekMessageW
CharNextW
SetCursor
CreateDialogParamW
SetWindowTextW
UnregisterClassA
MessageBoxW
SetPropW
ScreenToClient
RegisterClassW
IsWindowVisible
EndPaint
TranslateMessage
DestroyWindow
GetWindowThreadProcessId
SystemParametersInfoW
DispatchMessageW
GetMessageW
BeginPaint
GetClassNameW
FindWindowExW
UnregisterClassW
SetWindowRgn
InvalidateRect
GetPropW
SetWindowPos
CallWindowProcW
GetClassInfoExW
GetDC
DefWindowProcW
SetMenuDefaultItem
TrackPopupMenu
LoadMenuW
SetWindowLongW
RegisterClassExW
SetForegroundWindow
LoadImageW
GetCursorPos
PostMessageW
GetSubMenu
RegisterWindowMessageW
LoadCursorW
CreateWindowExW
LoadIconW
GetDesktopWindow
KillTimer
SendMessageW
IsMenu
DestroyMenu
IsWindow
DestroyIcon
GetSystemMetrics
GetMenuDefaultItem
SetTimer
GetWindowLongW
EnumWindows
GetClientRect

gdi32

CreateFontIndirectW
GetObjectW
BitBlt
GetPixel
CreateRectRgn
CombineRgn
CreateCompatibleDC
DeleteObject
SelectObject
DeleteDC

advapi32

RegQueryValueExW
RegOpenKeyExW
RegDeleteKeyW
RegSetValueExW
RegEnumKeyW
GetUserNameW
RegDeleteValueW
RegCreateKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey

shell32

SHGetPathFromIDListW
Shell_NotifyIconW
SHGetSpecialFolderLocation
SHFileOperationW
ShellExecuteW
ShellExecuteExW

ole32

CoInitialize
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoUninitialize

oleaut32

VarUI4FromStr

shlwapi

SHDeleteKeyW

comctl32

InitCommonControlsEx

iphlpapi

GetAdaptersInfo
GetPerAdapterInfo

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

dnsapi

DnsRecordListFree
DnsQuery_W

Sections

.text
Size: 287KB - Virtual size: 287KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

03e2b274d3d935ffa358e5db10885912

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91Certificate

Key Usages

11:d2:08:d5:87:8e:4d:25:73:4d:33:5f:71:c6:4a:5dCertificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

cc:84:5a:5a:12:07:0d:92:bc:b8:0c:c4:ae:63:d2:89:99:d4:a6:d0Signer

Headers

File Characteristics

Imports

wininet

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

iphlpapi

version

dnsapi

Sections

.text Size: 287KB - Virtual size: 287KB

.rdata Size: 48KB - Virtual size: 48KB

.data Size: 8KB - Virtual size: 16KB

.rsrc Size: 3.5MB - Virtual size: 3.5MB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

11:d2:08:d5:87:8e:4d:25:73:4d:33:5f:71:c6:4a:5d
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

cc:84:5a:5a:12:07:0d:92:bc:b8:0c:c4:ae:63:d2:89:99:d4:a6:d0
Signer

.text
Size: 287KB - Virtual size: 287KB

.rdata
Size: 48KB - Virtual size: 48KB

.data
Size: 8KB - Virtual size: 16KB

.rsrc
Size: 3.5MB - Virtual size: 3.5MB