5ee336d0a39edd100893b9d01436226e

Sharing

Copy URL Twitter E-mail

General

Target

5ee336d0a39edd100893b9d01436226e
Size

1.8MB
MD5

5ee336d0a39edd100893b9d01436226e
SHA1

6b9b4c1c9cdd62b5207fbddb929e3ac5a2f0cd1c
SHA256

48b774e16f1fad43e88aa11af2eb86f97aca30502463ba36bd9683ddb061c018
SHA512

2fc4e2033c96846c69ce900ed9a618267f4666a2b0cf9311ce04bbb72812e4ee24017df0dca868b3dcfccbca8fb87793f9c31a89f0a66b6debecfa368ee2f8ad
SSDEEP

24576:hWcXNLjkHL5o4Kd8lVC97JgLXmPYJ9NZm0xYa/R+6+9cdORjaW+:AMkHL5o4KsUiTmgbNhD+9gORj0

Score

1^/10

Malware Config

Signatures

Files

5ee336d0a39edd100893b9d01436226e
.exe windows:4 windows x86 arch:x86

bd72a9d5b42efaadf50dd24305b769d6

Code Sign

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

15/08/2017, 07:55

Not After

15/08/2028, 07:55

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4c:6d:7b:5e:a2:89:c2:74:42:64:34:e6:5b:41:7a:ba
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/02/2017, 00:00

Not After

19/03/2019, 23:59

Subject

CN=Beijing Kingsoft Security software Co.\,Ltd,OU=IT,O=Beijing Kingsoft Security software Co.\,Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 00:58

Not After

08/04/2025, 00:58

Subject

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:3d:c0:c1:2d:50:e6:bd:31:c1:66:38:47:51:1d:e4
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

13/02/2017, 00:00

Not After

14/03/2020, 23:59

Subject

CN=Beijing Kingsoft Security software Co.\,Ltd,OU=IT,O=Beijing Kingsoft Security software Co.\,Ltd,L=beijing,ST=beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

15/08/2017, 07:55

Not After

15/08/2028, 07:55

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 00:58

Not After

08/04/2025, 00:58

Subject

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:32:87:15:5a:23:ec:9f:d7:9e:31:b6:67:cd:8e:8d:bb:55:e9:64:7b:c6:c0:e9:fc:e5:38:b3:43:25:0a:99
Signer

Actual PE Digest

76:32:87:15:5a:23:ec:9f:d7:9e:31:b6:67:cd:8e:8d:bb:55:e9:64:7b:c6:c0:e9:fc:e5:38:b3:43:25:0a:99

Digest Algorithm

sha256

PE Digest Matches

false

34:e4:d2:db:2c:9e:d3:48:b9:2b:51:f6:30:7b:93:2d:2d:e2:88:93
Signer

Actual PE Digest

34:e4:d2:db:2c:9e:d3:48:b9:2b:51:f6:30:7b:93:2d:2d:e2:88:93

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FileTimeToLocalFileTime
lstrcmpA
InterlockedCompareExchange
FileTimeToSystemTime
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
RemoveDirectoryW
InitializeCriticalSection
DeleteCriticalSection
GetPrivateProfileIntW
EnterCriticalSection
TerminateThread
LeaveCriticalSection
OpenProcess
GetCurrentProcess
LoadLibraryExW
OpenFileMappingW
RaiseException
MapViewOfFile
WaitNamedPipeW
SetEvent
InterlockedIncrement
lstrcmpiW
InterlockedDecrement
CreateEventW
GetCommandLineW
ProcessIdToSessionId
GetSystemDirectoryW
GetModuleFileNameA
LoadLibraryA
SetLastError
GetCurrentDirectoryW
SystemTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
GetCurrentDirectoryA
GetFullPathNameA
FindFirstFileA
GetDriveTypeA
LocalAlloc
FormatMessageA
ExpandEnvironmentStringsA
SleepEx
SetEnvironmentVariableA
CompareStringW
CompareStringA
OpenEventW
GetVersionExW
GetCurrentProcessId
LocalFree
GetTempPathW
SetEndOfFile
GetPrivateProfileStringW
SetFilePointer
GetTickCount
ReleaseMutex
WriteFile
GetModuleHandleW
GetLocalTime
ReadFile
GetCurrentThreadId
CreateThread
MoveFileExW
DeleteFileW
SetCurrentDirectoryW
lstrlenA
MultiByteToWideChar
lstrlenW
WideCharToMultiByte
GlobalDeleteAtom
GlobalGetAtomNameW
UnmapViewOfFile
GlobalAddAtomW
MapViewOfFileEx
CreateFileMappingW
FreeLibrary
GetProcAddress
Sleep
LoadLibraryW
WaitForSingleObject
CreateProcessW
FindResourceW
CreateMutexW
CloseHandle
FindClose
FindNextFileW
FindFirstFileW
GetLastError
CreateDirectoryW
CreateFileA
GetLocaleInfoW
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
QueryPerformanceCounter
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetTimeZoneInformation
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStdHandle
VirtualFree
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
ExitProcess
GetStringTypeW
GetStringTypeA
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
GetStartupInfoW
VirtualQuery
GetSystemInfo
GetModuleHandleA
VirtualAlloc
VirtualProtect
ExitThread
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
GetFileSize
CreateFileW
FindResourceExW
GetModuleFileNameW
LoadResource
LockResource
SizeofResource
GetFileAttributesW

user32

wsprintfW
CharNextW
GetWindowThreadProcessId
GetShellWindow
UnregisterClassA
SendMessageW
PostMessageW
IsWindow
FindWindowW
RegisterWindowMessageW

advapi32

RegSetValueExW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyW
RegEnumKeyExW
RegDeleteKeyW
GetTokenInformation
GetAclInformation
AddAce
InitializeAcl
LookupPrivilegeValueW
IsValidSid
GetLengthSid
SetNamedSecurityInfoW
CopySid
GetNamedSecurityInfoW
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
AdjustTokenPrivileges
GetAce
RegQueryInfoKeyW
OpenProcessToken
CloseServiceHandle
ChangeServiceConfigW
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
DuplicateTokenEx
CreateProcessAsUserW
RegDeleteValueW

shell32

SHFileOperationW
SHCreateDirectoryExW
ShellExecuteExW
SHGetMalloc
ord680
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetSpecialFolderPathW

ole32

CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoUninitialize
CoInitialize
CoTaskMemRealloc

oleaut32

SysFreeString
SysAllocStringLen
VarUI4FromStr

shlwapi

PathFindFileNameW
PathRemoveFileSpecW
PathAddBackslashW
PathAppendW
PathFileExistsW
StrToIntW
AssocCreate
PathRemoveArgsW
PathUnquoteSpacesW
StrToIntA
StrToIntExA
StrToInt64ExW
SHGetValueW
PathRemoveFileSpecA
PathAppendA
SHEnumKeyExW

ws2_32

freeaddrinfo
WSASetLastError
connect
setsockopt
getpeername
getsockopt
getaddrinfo
htons
bind
ntohs
getsockname
send
recv
ioctlsocket
select
WSACleanup
WSAGetLastError
closesocket
socket
gethostbyname
WSAStartup
__WSAFDIsSet

crypt32

CryptQueryObject
CertCloseStore
CryptMsgGetParam
CryptDecodeObject
CertCreateCRLContext
CertOpenStore
CertAddCRLContextToStore

gdiplus

GdiplusShutdown
GdiplusStartup

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 252KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bd72a9d5b42efaadf50dd24305b769d6

Code Sign

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

4c:6d:7b:5e:a2:89:c2:74:42:64:34:e6:5b:41:7a:baCertificate

Extended Key Usages

Key Usages

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91Certificate

Key Usages

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0eCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

07:3d:c0:c1:2d:50:e6:bd:31:c1:66:38:47:51:1d:e4Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47Certificate

Extended Key Usages

Key Usages

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0eCertificate

Extended Key Usages

Key Usages

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91Certificate

Key Usages

76:32:87:15:5a:23:ec:9f:d7:9e:31:b6:67:cd:8e:8d:bb:55:e9:64:7b:c6:c0:e9:fc:e5:38:b3:43:25:0a:99Signer

34:e4:d2:db:2c:9e:d3:48:b9:2b:51:f6:30:7b:93:2d:2d:e2:88:93Signer

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

ws2_32

crypt32

gdiplus

version

wtsapi32

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 252KB - Virtual size: 248KB

.data Size: 52KB - Virtual size: 59KB

.rsrc Size: 4KB - Virtual size: 1KB

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

4c:6d:7b:5e:a2:89:c2:74:42:64:34:e6:5b:41:7a:ba
Certificate

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

07:3d:c0:c1:2d:50:e6:bd:31:c1:66:38:47:51:1d:e4
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47
Certificate

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

76:32:87:15:5a:23:ec:9f:d7:9e:31:b6:67:cd:8e:8d:bb:55:e9:64:7b:c6:c0:e9:fc:e5:38:b3:43:25:0a:99
Signer

34:e4:d2:db:2c:9e:d3:48:b9:2b:51:f6:30:7b:93:2d:2d:e2:88:93
Signer

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 252KB - Virtual size: 248KB

.data
Size: 52KB - Virtual size: 59KB

.rsrc
Size: 4KB - Virtual size: 1KB