Order_Summary[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Order_Summary.exe
Size

485KB
MD5

6bf3b86782b7911b76029737162ae206
SHA1

1b8009865c79b5674734ba4ce9a6905bed78182e
SHA256

535f67c47f811aa5b421904959dd6931396a52cdbb9ddb69bface741356dbbef
SHA512

385291ef2ba36b39fd6c7c5af08ad9127d60685e28d69e55152341f522b79f2f4ca3c1aa9e13575dbce0699d976b34dbb5985d08495ca22dc20ed323b7d80ba1
SSDEEP

6144:+d9GVCixOlHU+A/d6tUHOApJBIojiXEL6NSzpYJ8cLmBTXR/TXRqY+xBBYZK:+rFlGIUdbBWEL6GpYJpqy3p

Score

1^/10

Malware Config

Signatures

Files

Order_Summary.exe
.exe windows:5 windows x86 arch:x86

862b480b8a3ed3404be46e3739bd8bd3

Code Sign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5f:ae:e9:e8:3f:32:94:8f:3b:20:40:ac:6d:f0:14:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/03/2015, 00:00

Not After

25/03/2016, 23:59

Subject

CN=Baidu Online Network Technology (Beijing) Co.\,Ltd.,OU=Baidu security,O=Baidu Online Network Technology (Beijing) Co.\,Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f6:06:2f:29:bd:e8:df:d0:f4:72:55:3a:8a:8c:17:a0:db:22:f4:3a
Signer

Actual PE Digest

f6:06:2f:29:bd:e8:df:d0:f4:72:55:3a:8a:8c:17:a0:db:22:f4:3a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetPrivateProfileStringW
GetTimeZoneInformation
GetPrivateProfileSectionW
GetPrivateProfileIntW
GetTempPathW
GetTempFileNameW
CopyFileW
DeleteFileW
WriteFile
InterlockedIncrement
GetModuleHandleW
GetProcAddress
SetLastError
GetVersionExW
GetSystemDirectoryW
GetVersion
ProcessIdToSessionId
DebugBreak
VirtualProtect
IsBadCodePtr
IsBadReadPtr
GetModuleHandleExW
ExitThread
CreateDirectoryW
GetCommandLineW
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleA
LeaveCriticalSection
EnterCriticalSection
UnmapViewOfFile
MapViewOfFile
FlushInstructionCache
VirtualFree
Sleep
CreateFileMappingA
lstrlenW
GetWindowsDirectoryW
LocalFree
LocalAlloc
InterlockedExchange
InterlockedCompareExchange
WritePrivateProfileStringW
SystemTimeToFileTime
GetFileSizeEx
CreateProcessW
WTSGetActiveConsoleSessionId
WaitForSingleObject
ReadProcessMemory
VirtualQueryEx
InitializeCriticalSectionAndSpinCount
lstrlenA
CreateFileMappingW
HeapCreate
CreateEventW
AddVectoredExceptionHandler
SetUnhandledExceptionFilter
RemoveVectoredExceptionHandler
GetCurrentThreadId
TerminateProcess
VirtualQuery
GetModuleFileNameA
ReleaseMutex
LoadLibraryW
lstrcatA
GetThreadContext
Process32NextW
DuplicateHandle
VirtualAlloc
OpenFileMappingW
OpenEventW
lstrcpyA
VirtualAllocEx
VirtualFreeEx
GetCurrentThread
VirtualProtectEx
WriteProcessMemory
CreateRemoteThread
IsBadWritePtr
GetExitCodeThread
lstrcpyW
SetEndOfFile
SetFilePointer
GetPrivateProfileSectionNamesW
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LoadLibraryA
GetLocaleInfoA
GetStringTypeW
LoadResource
GetStringTypeA
GetConsoleMode
Process32FirstW
CreateToolhelp32Snapshot
FindNextFileW
FindFirstFileW
GetCurrentProcess
GetTickCount
OpenProcess
FindClose
VerifyVersionInfoW
VerSetConditionMask
ReadFile
DeviceIoControl
CreateFileA
WideCharToMultiByte
MultiByteToWideChar
GlobalFree
GlobalAlloc
GetLocalTime
GetCurrentProcessId
GetModuleFileNameW
CreateMutexW
GetLastError
GetProcessHeap
HeapFree
HeapAlloc
GetFileSize
CreateFileW
CloseHandle
FindResourceExW
FindResourceW
SizeofResource
GetConsoleCP
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
ExitProcess
LCMapStringW
LCMapStringA
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
GetCPInfo
RtlUnwind
GetStartupInfoW
GetSystemTimeAsFileTime
IsDebuggerPresent
UnhandledExceptionFilter
HeapSize
HeapReAlloc
HeapDestroy
RaiseException
LockResource
OpenMutexW

user32

GetLastInputInfo
PostQuitMessage
SetTimer
EndPaint
BeginPaint
DefWindowProcW
DestroyWindow
UpdateWindow
CreateWindowExW
RegisterClassExW
LoadCursorW
LoadIconW
ShowWindow
TranslateMessage
GetUserObjectInformationA
DispatchMessageW
GetMessageW
KillTimer
OpenInputDesktop
CloseDesktop
GetThreadDesktop

advapi32

RegOpenCurrentUser
SetSecurityDescriptorDacl
GetLengthSid
GetKernelObjectSecurity
AllocateAndInitializeSid
FreeSid
RegEnumKeyExW
CreateProcessAsUserW
DuplicateTokenEx
SetTokenInformation
GetTokenInformation
GetUserNameW
RegQueryValueExA
ConvertStringSecurityDescriptorToSecurityDescriptorW
RevertToSelf
ImpersonateLoggedOnUser
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegEnumValueW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
InitializeSecurityDescriptor

shell32

SHFileOperationW
SHGetSpecialFolderPathW
SHGetFolderPathW
ord165

ole32

CoCreateGuid

log

CloseLog
CreateLog
WriteLog

shlwapi

PathAppendW
PathRemoveFileSpecW
StrCpyW
PathFileExistsW
PathIsDirectoryW
PathAddBackslashW
SHGetValueW
SHSetValueW
SHDeleteValueW
PathIsDirectoryEmptyW
PathFindExtensionW
PathFindFileNameW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW
WTSQueryUserToken

iphlpapi

GetAdaptersAddresses

rpcrt4

RpcStringFreeW
UuidToStringW
UuidCreate

winhttp

WinHttpOpenRequest
WinHttpConnect
WinHttpSendRequest
WinHttpWriteData
WinHttpAddRequestHeaders
WinHttpOpen
WinHttpCloseHandle
WinHttpSetOption
WinHttpReceiveResponse
WinHttpSetCredentials
WinHttpReadData
WinHttpQueryHeaders

psapi

GetModuleInformation
GetModuleFileNameExW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

Sections

.text
Size: 363KB - Virtual size: 362KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

862b480b8a3ed3404be46e3739bd8bd3

Code Sign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

5f:ae:e9:e8:3f:32:94:8f:3b:20:40:ac:6d:f0:14:5cCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

f6:06:2f:29:bd:e8:df:d0:f4:72:55:3a:8a:8c:17:a0:db:22:f4:3aSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

log

shlwapi

version

wtsapi32

iphlpapi

rpcrt4

winhttp

psapi

userenv

Sections

.text Size: 363KB - Virtual size: 362KB

.rdata Size: 88KB - Virtual size: 88KB

.data Size: 6KB - Virtual size: 20KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 20KB - Virtual size: 20KB

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

5f:ae:e9:e8:3f:32:94:8f:3b:20:40:ac:6d:f0:14:5c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

f6:06:2f:29:bd:e8:df:d0:f4:72:55:3a:8a:8c:17:a0:db:22:f4:3a
Signer

.text
Size: 363KB - Virtual size: 362KB

.rdata
Size: 88KB - Virtual size: 88KB

.data
Size: 6KB - Virtual size: 20KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 20KB - Virtual size: 20KB