e3c64b32ae50e5caec1001685c6ad8c0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

e3c64b32ae50e5caec1001685c6ad8c0.exe
Size

150KB
MD5

e3c64b32ae50e5caec1001685c6ad8c0
SHA1

77650fe04442c1fd49d1d171c2cdc2bfa5e3ccb8
SHA256

9da9684a7846dd5fcd7711e1259181bc57a83b7b0fbffa91540fcfecb46c9eb4
SHA512

f29350383016c10cb53538ea0432f2b88be2b48fbaf41009b31c4350e69532a94d979282521f87df531b563f5f29db884819a11afd7bc88918659178e2f1a8b6
SSDEEP

3072:RNHONcNn1X2qJkUKxJK3vEpD5BRO5D5/JfSOgO0gh69XTZrIArjB:RFt72qYq4DrRO5DDSOgCh6lZ3t

Score

1^/10

Malware Config

Signatures

Files

e3c64b32ae50e5caec1001685c6ad8c0.exe
.dll regsvr32 windows:4 windows x86 arch:x86

071d32da4362f06cfca4f85d2a32e65a

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

4d:55:fb:82:70:86:b2:18:6b:4e:19:ce:d8:b8:e8:c2
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

25/02/2011, 00:00

Not After

24/02/2014, 23:59

Subject

CN=深圳市电子商务安全证书管理有限公司,OU=WoSign Class 3 Code Signing,O=深圳市电子商务安全证书管理有限公司,L=深圳市,ST=广东省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

f2:ed:b5:35:ce:36:5c:70:a9:31:a0:14:98:1e:ef:d7:68:8c:04:a7
Signer

Actual PE Digest

f2:ed:b5:35:ce:36:5c:70:a9:31:a0:14:98:1e:ef:d7:68:8c:04:a7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

szcapki0

CA_GetUpdateCertReq
CA_DownLoadUpdateCerts
CA_LoginKey
CA_LogoutKey
CA_FormatKey
CA_ChangeUserPin
CA_WriteDataToKey
CA_DeleteDataFromKey
CA_DownLoadCerts
CA_GetCertReq
CA_DeleteIECert
CA_DeleteCert
CA_GetContName
CA_SCcertNum
CA_ECcertNum
CA_EnumCertInfo
CA_ClearTempFile
CA_FilePem2Der
CA_FileDer2Pem
CA_Verify
CA_GetTimeTagFile
CA_GetTimeTag
CA_AttachTimeTag
CA_GetCrlCreatDate
CA_CheckCrlWithRoot
CA_SetSameSign
CA_GetCertExtBySn
CA_GetCertExt
CA_SetCipher
CA_SetPin
CA_SetCSP
CA_Decode
CA_SetCertFilterStr
CA_GenkeyTwo
CA_DecryptSymm
CA_EncryptSymm
CA_GetDataType
CA_DecodeSymm
CA_EnvelopSymm
CA_Final
CA_Envelop2Init
CA_VerifyDetach
CA_SetDetach
CA_GetCertInfoBySn
CA_Init
CA_SetKey
CA_Base64Decode
CA_SetKeyType
CA_SetCert
CA_Base64Encode
CA_Action
CA_GetActionType
CA_GetCertInfo
CA_CheckCertWithRoot
CA_CheckCertWithCrlBySn
CA_SetActionType
CA_GetErrorCode
CA_ReadDataFromKey
CA_IfKeyExist
CA_UnlockPin
CA_EncryptSymmPw
CA_DecryptSymmPw
CA_SetOldorNew
CA_GetStrSNList
CA_GetStrDNList
CA_SaveCerts
CA_LocateCert
CA_GetCertData
CA_GetHash
CA_GetErrorMsg
CA_Sign2Final
CA_Sign2Init

szcapkcs1

CA_InitP1
CA_Base64EncodeP1
CA_EnvelopP1
CA_DecodeP1
CA_Base64DecodeP1
CA_AttachSignP1
CA_AttachVerifyP1
CA_SignP1
CA_VerifyP1
CA_FinalP1
CA_SetKeyP1
CA_GetCertInfoP1
CA_SetCertP1
CA_SetCertFilterStrP1
CA_GetCertDataP1
CA_SetKeyTypeP1
CA_GetCertExtP1

mfc80

ord581
ord1209
ord1177
ord1175
ord1201
ord1120
ord1167
ord1917
ord371
ord1098
ord1208
ord1206
ord1092
ord1037
ord315
ord765
ord372
ord1050
ord4521
ord1903
ord3641
ord605
ord4580
ord6275
ord5203
ord2862
ord4486
ord354
ord3441
ord1763
ord703
ord4426
ord4540
ord4726
ord4903
ord5182
ord4212
ord4735
ord4890
ord4582
ord2020
ord1671
ord1670
ord1551
ord6724
ord5912
ord1401
ord1908
ord6271
ord5210
ord4279
ord764
ord1191
ord1187
ord1185
ord3829
ord2247
ord6252
ord1138
ord1084
ord314
ord1150
ord6754
ord566
ord3262
ord4261
ord4481
ord3949
ord2644
ord3709
ord3719
ord3718
ord2990
ord2533
ord2646
ord2540
ord2838
ord2714
ord4307
ord2835
ord2731
ord2537
ord5566
ord5213
ord5230
ord4568
ord3948
ord5226
ord5224
ord2931
ord1920
ord3832
ord5382
ord6219
ord5102
ord1010
ord3806
ord5583
ord2018
ord2063
ord4326
ord6276
ord3801
ord6278
ord4014
ord4038
ord757
ord3604
ord3602
ord762
ord3520
ord3657
ord1093
ord1147
ord1132
ord683
ord3825
ord451
ord5679
ord4483
ord3950
ord2645
ord2541
ord2847
ord4308
ord2836
ord2732
ord2538
ord5200
ord1599
ord1655
ord1656
ord1964
ord5175
ord1362
ord4967
ord3345
ord6277
ord3802
ord6279
ord1522
ord2172
ord2178
ord2405
ord2387
ord2385
ord2403
ord2415
ord2392
ord2408
ord2413
ord2396
ord2398
ord2400
ord2394
ord2410
ord2390
ord934
ord930
ord932
ord928
ord923
ord5233
ord5235
ord5960
ord1600
ord4282
ord4722
ord3403
ord5214
ord4185
ord6270
ord5073
ord1906
ord5152
ord4244
ord1402
ord3946
ord1617
ord1620
ord5915
ord6725
ord2510
ord4395
ord2993
ord1997
ord4870
ord4883
ord4252
ord4900
ord4459
ord4245
ord4612
ord4615
ord4613
ord4188
ord4193
ord4205
ord4438
ord4958
ord4495
ord4496
ord4513
ord4656
ord4186
ord4506
ord1049
ord4919
ord4558
ord4512
ord4534
ord4535
ord4536
ord4800
ord4801
ord4527
ord4831
ord4826
ord4821
ord4879
ord4449
ord4374
ord4404
ord4795
ord4514
ord4642
ord4530
ord4531
ord3980
ord5487
ord2556
ord2422
ord4577
ord4575
ord5061
ord3756
ord2509
ord5118
ord1424
ord1621
ord5860
ord4814
ord4737
ord1658
ord5519
ord4498
ord4556
ord4173
ord966
ord5456
ord1329
ord1957
ord2368
ord2050
ord4845
ord4104
ord1230
ord876
ord784
ord781
ord785
ord308
ord578
ord310
ord783
ord6090
ord5807
ord907
ord304
ord4301
ord911
ord265
ord266
ord2469
ord300
ord4109
ord476
ord3275
ord2942
ord2857
ord5380
ord4314
ord6265
ord2911
ord6264
ord701
ord3537
ord3661
ord1134
ord479
ord4262
ord4484
ord2858

msvcr80

_crt_debugger_hook
_initterm
_encoded_null
_malloc_crt
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
_except_handler4_common
vsprintf_s
strcmp
strtok_s
memcpy
strstr
_sopen_s
_read
_write
_close
strncpy_s
strcat_s
fwrite
_access
fopen_s
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
fseek
?terminate@@YAXXZ
__CppXcptFilter
_adjust_fdiv
_amsg_exit
free
__CxxFrameHandler3
_resetstkoflw
wcscpy_s
wcslen
malloc
calloc
_recalloc
wcsncpy_s
memcmp
strlen
_strupr_s
strcpy_s
memset
fclose
fread
ftell
_initterm_e

kernel32

GetThreadLocale
GetLocaleInfoA
GetACP
GetEnvironmentVariableW
MultiByteToWideChar
GetEnvironmentVariableA
CompareStringW
CompareStringA
WideCharToMultiByte
GetVersionExA
GetStringTypeExW
GetStringTypeExA
lstrcmpiW
lstrcmpiA
lstrlenA
GetLastError
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
DeleteFileA
GetVersion
lstrlenW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
InterlockedExchange
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
Sleep
LocalAlloc
LocalFree
FreeLibrary
GetModuleHandleA
GetCurrentProcess

user32

CharUpperW
CharLowerA
EnableWindow
MessageBoxA
FillRect
CharUpperA
CharLowerW

gdi32

Ellipse
GetStockObject

ole32

CoCreateInstance

oleaut32

SysFreeString
LoadRegTypeLi

setupapi

SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiGetDeviceInstanceIdA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

071d32da4362f06cfca4f85d2a32e65a

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04Certificate

Extended Key Usages

Key Usages

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

4d:55:fb:82:70:86:b2:18:6b:4e:19:ce:d8:b8:e8:c2Certificate

Extended Key Usages

Key Usages

f2:ed:b5:35:ce:36:5c:70:a9:31:a0:14:98:1e:ef:d7:68:8c:04:a7Signer

Headers

File Characteristics

Imports

version

szcapki0

szcapkcs1

mfc80

msvcr80

kernel32

user32

gdi32

ole32

oleaut32

setupapi

Exports

Exports

Sections

.text Size: 68KB - Virtual size: 64KB

.rdata Size: 36KB - Virtual size: 34KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 24KB - Virtual size: 20KB

.reloc Size: 8KB - Virtual size: 7KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

4d:55:fb:82:70:86:b2:18:6b:4e:19:ce:d8:b8:e8:c2
Certificate

f2:ed:b5:35:ce:36:5c:70:a9:31:a0:14:98:1e:ef:d7:68:8c:04:a7
Signer

.text
Size: 68KB - Virtual size: 64KB

.rdata
Size: 36KB - Virtual size: 34KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 24KB - Virtual size: 20KB

.reloc
Size: 8KB - Virtual size: 7KB