470b9399a60e9e9f9935b7c778770de1

Sharing

Copy URL Twitter E-mail

General

Target

470b9399a60e9e9f9935b7c778770de1
Size

832KB
MD5

470b9399a60e9e9f9935b7c778770de1
SHA1

0d35e16d49e1e79e288780f021fb24df00e8683d
SHA256

1af5c38765264e8ee24805e718b523e2441d0e8645a7a5a3a872d1312d049e11
SHA512

1499d661dab6bf68c282e5d8b6b108118be119722f316ff7e23774b2aa05b6eb3f9278afc43b24ba7187532ea430fdd8878066a74df30b26b408a18d42b375e4
SSDEEP

24576:AWYJJKNaqTIffTN22+KH1XbRMTBBogftDk34s:AWYJkTcTNJH1dMogftg34s

Score

1^/10

Malware Config

Signatures

Files

470b9399a60e9e9f9935b7c778770de1
.exe windows:5 windows x86 arch:x86

71fbe3c598de29fddab33a914b98b82a

Code Sign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:08:69:73:2d:03:e2:7a:4f:d4:94:dc:51:84:58:87
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

31/12/2013, 00:00

Not After

31/12/2014, 23:59

Subject

CN=YI ZENG,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Individual Developer,O=No Organization Affiliation,L=Pingchang,ST=Sichuan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

93:57:ca:d0:a3:9f:68:57:9e:4e:64:89:ae:71:c9:c1:4a:10:82:3f
Signer

Actual PE Digest

93:57:ca:d0:a3:9f:68:57:9e:4e:64:89:ae:71:c9:c1:4a:10:82:3f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathA
DeleteFileA
ExitProcess
GetEnvironmentVariableW
SetPriorityClass
GetCurrentProcess
GetCurrentThread
WriteFile
GetModuleFileNameW
SetThreadPriority
SetLastError
lstrcatW
GetShortPathNameW
lstrcpyW
InterlockedIncrement
InterlockedDecrement
Sleep
CreateFileA
CloseHandle
LoadLibraryA
GetFileAttributesA
GetCurrentThreadId
GetModuleFileNameA
WideCharToMultiByte
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetVersionExA
GetLastError
MultiByteToWideChar
lstrcatA
CreateFileW
LoadLibraryW
GetWindowsDirectoryA
GetComputerNameA
GetModuleHandleA
GetSystemInfo
ReadFile
GetProcAddress
GetProcessHeap
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
InitializeCriticalSectionAndSpinCount
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
RaiseException
RtlUnwind
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
GetModuleHandleW
GetStdHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
SetHandleCount
GetFileType
SetFilePointer
GetConsoleCP
GetConsoleMode
FlushFileBuffers
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW

user32

wsprintfW

advapi32

RegFlushKey
OpenSCManagerA
StartServiceA
OpenServiceW
CloseServiceHandle
CreateServiceW
RegCloseKey
RegOpenKeyW
RegCreateKeyExW
RegSetValueExA
RegSetValueExW

shell32

ShellExecuteExW
SHGetFolderPathW
SHChangeNotify

wininet

DeleteUrlCacheEntry

urlmon

URLDownloadToFileA

netapi32

Netbios

Sections

.text
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rc1
Size: 649KB - Virtual size: 652KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

71fbe3c598de29fddab33a914b98b82a

Code Sign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78Certificate

Key Usages

65:08:69:73:2d:03:e2:7a:4f:d4:94:dc:51:84:58:87Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

93:57:ca:d0:a3:9f:68:57:9e:4e:64:89:ae:71:c9:c1:4a:10:82:3fSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

wininet

urlmon

netapi32

Sections

.text Size: 83KB - Virtual size: 83KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 5KB - Virtual size: 13KB

.rsrc Size: 48KB - Virtual size: 47KB

.reloc Size: 9KB - Virtual size: 8KB

.rc1 Size: 649KB - Virtual size: 652KB

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

65:08:69:73:2d:03:e2:7a:4f:d4:94:dc:51:84:58:87
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

93:57:ca:d0:a3:9f:68:57:9e:4e:64:89:ae:71:c9:c1:4a:10:82:3f
Signer

.text
Size: 83KB - Virtual size: 83KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 5KB - Virtual size: 13KB

.rsrc
Size: 48KB - Virtual size: 47KB

.reloc
Size: 9KB - Virtual size: 8KB

.rc1
Size: 649KB - Virtual size: 652KB