f74fcd1612dae29b94c3d758481350a4

Sharing

Copy URL

Twitter E-mail

General

Target

f74fcd1612dae29b94c3d758481350a4
Size

3.1MB
MD5

f74fcd1612dae29b94c3d758481350a4
SHA1

411f380d2237d6cbbb349dcc47cf37b4c07cbe04
SHA256

b923e850467c1507458aebaa8604d8183116b5dca3618901afda4df0f64c0c9f
SHA512

99bcb3f8a9fe5e75f3f6666bdf7133d3e2ffa4ece7aa9ed9cf39f37390205d55af3ab4dece90a06a80faacfa8be99f6b49b887c61393eba0b02fbefa16da7b19
SSDEEP

49152:L39M/oiJsHBq7lJg8z2aCXrZNjSTkvH27sdrZipY8udNSYjCY+Lwihm+v7Hcw1qV:igOmBqH0JXNNjxvHFi7IwUV

Score

1^/10

Malware Config

Signatures

Files

f74fcd1612dae29b94c3d758481350a4
.dll windows:5 windows x86 arch:x86

1c0f58d3d982e3b347bacb88448acd08

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1f:d2:d3:0e:26:0f:c2:89:cf:af:11:51:8f:2c:d3:6f
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

15/12/2015, 00:00

Not After

06/02/2018, 23:59

Subject

CN=BeiJing Baidu Netcom Science Technology Co.\, Ltd,OU=\ Engineering Excellence,O=BeiJing Baidu Netcom Science Technology Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

oleacc

GetStateTextW
AccessibleObjectFromWindow
WindowFromAccessibleObject
GetRoleTextW

winmm

timeGetTime

kernel32

SuspendThread
SetThreadContext
GetThreadContext
ResumeThread
SetEnvironmentVariableA
SetEndOfFile
WriteConsoleW
SetStdHandle
ReadConsoleW
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
GetModuleFileNameA
GetFileType
GetStdHandle
GetTimeZoneInformation
GetOEMCP
GetACP
IsValidCodePage
EnumSystemLocalesW
CreateFileMappingW
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
AreFileApisANSI
ExitProcess
RtlUnwind
VirtualProtect
GetSystemInfo
GetFileAttributesExW
ExitThread
GetCommandLineA
EncodePointer
GetStringTypeW
VirtualFree
VirtualAlloc
InterlockedPushEntrySList
InitializeSListHead
IsDebuggerPresent
ReleaseSemaphore
CreateSemaphoreW
MapViewOfFile
WaitForMultipleObjects
SetFilePointer
LocalFileTimeToFileTime
GetTimeFormatW
GetDateFormatW
CreateMutexW
ReleaseMutex
LocalAlloc
LocalFree
GetTickCount
SetNamedPipeHandleState
ProcessIdToSessionId
GetPrivateProfileIntW
CreateFileW
WriteFile
GetSystemTimeAsFileTime
UnmapViewOfFile
GetCommandLineW
FlushInstructionCache
GetCurrentProcess
lstrlenW
GetTempFileNameA
GetTempPathA
InterlockedCompareExchange
DecodePointer
RaiseException
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
LoadLibraryExW
FreeLibrary
LoadLibraryW
GetCurrentThread
GetModuleHandleW
CloseHandle
WaitForSingleObject
OpenEventW
SetEvent
CreateEventW
GetVersionExW
Sleep
InterlockedDecrement
InterlockedIncrement
InitializeCriticalSectionAndSpinCount
DisableThreadLibraryCalls
GetCurrentProcessId
GetModuleFileNameW
GetModuleHandleExW
GetProcAddress
InterlockedExchange
GetLastError
SetLastError
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetCurrentThreadId
TerminateProcess
CreateProcessW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SystemTimeToFileTime
QueryPerformanceFrequency
GetPrivateProfileSectionW
ExpandEnvironmentStringsW
CreateDirectoryW
GetLocalTime
OutputDebugStringW
SetFileAttributesW
DeleteFileW
GetCurrentDirectoryW
lstrcpynW
OpenMutexW
GetOverlappedResult
CreateNamedPipeW
ConnectNamedPipe
SwitchToThread
TerminateThread
WriteFileEx
CancelIo
ReadFileEx
FreeLibraryAndExitThread
DisconnectNamedPipe
WaitNamedPipeW
OpenThread
IsProcessorFeaturePresent
CreateThread
GlobalReAlloc
LocalLock
LocalUnlock
GlobalSize
VirtualQuery
GetShortPathNameW
GlobalUnlock
GlobalLock
FreeResource
GlobalFree
GlobalAlloc
SetErrorMode
ReadFile
GetFileSize
WritePrivateProfileStringW
GetVersionExA
GetFileAttributesW
MulDiv
GetPrivateProfileStringW
WideCharToMultiByte
GetProcessTimes
QueryPerformanceCounter
IsWow64Process
MultiByteToWideChar
OpenFileMappingW
CopyFileW
SetWaitableTimer
CreateWaitableTimerW
ResetEvent
GetTempFileNameW
GetTempPathW
InterlockedPopEntrySList
GetUserDefaultLCID

user32

CopyRect
GetScrollInfo
SetScrollInfo
InvalidateRect
UnionRect
DrawTextW
EnableMenuItem
GetMenuItemCount
GetMenuItemRect
MenuItemFromPoint
DestroyMenu
UnhookWindowsHookEx
TrackPopupMenuEx
SetWindowsHookExW
AppendMenuW
InsertMenuW
InsertMenuItemW
CreatePopupMenu
CallNextHookEx
DeleteMenu
SetMenuInfo
GetMenuInfo
SetMenuItemInfoW
GetMenuItemInfoW
ScrollWindow
TrackMouseEvent
UpdateLayeredWindow
ClientToScreen
GetCapture
ReleaseCapture
SetCapture
SetRectEmpty
SetRect
FillRect
DrawEdge
DrawFrameControl
IntersectRect
ShowWindow
UpdateWindow
IsWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
DestroyWindow
GetCursorPos
SendInput
SetTimer
GetThreadDesktop
GetUserObjectInformationW
KillTimer
MsgWaitForMultipleObjects
PeekMessageW
TranslateMessage
DispatchMessageW
GetKeyboardLayout
AllowSetForegroundWindow
GetKeyState
OpenClipboard
OpenDesktopW
CloseDesktop
FindWindowA
IsRectEmpty
SubtractRect
SetCursorPos
EqualRect
GetSysColor
WaitForInputIdle
GetFocus
LoadImageW
SetClipboardData
RegisterClipboardFormatW
wsprintfW
SendMessageTimeoutW
RegisterClassW
MsgWaitForMultipleObjectsEx
GetClassInfoW
PostQuitMessage
LoadStringW
IsMenu
IsIconic
FindWindowW
MonitorFromRect
InflateRect
MonitorFromPoint
SystemParametersInfoW
EmptyClipboard
CloseClipboard
GetForegroundWindow
GetDesktopWindow
FindWindowExW
GetClassNameW
GetKeyboardState
UnregisterHotKey
GetWindowThreadProcessId
WindowFromPoint
GetAsyncKeyState
IsWindowVisible
GetSysColorBrush
EndDialog
DialogBoxParamW
DefWindowProcW
GetActiveWindow
ReleaseDC
GetDC
PostMessageW
CallWindowProcW
MessageBoxW
PtInRect
ScreenToClient
GetWindow
MonitorFromWindow
GetMonitorInfoW
GetWindowRect
GetParent
MapWindowPoints
SetWindowPos
LoadBitmapW
MoveWindow
GetClientRect
SetWindowTextW
SendMessageW
LoadIconW
SetDlgItemTextW
GetWindowTextLengthW
GetDlgItem
LoadCursorW
SetFocus
DrawIconEx
GetMenuState
GetSystemMenu
SetWindowPlacement
SetWindowRgn
IsZoomed
CharNextW
SetCursor
GetWindowTextW
EndPaint
BeginPaint
SetWindowLongW
GetWindowLongW
UnregisterClassW
RegisterWindowMessageW
OffsetRect
GetSystemMetrics
PostThreadMessageW

gdi32

RealizePalette
SelectPalette
GetTextExtentExPointW
CreatePenIndirect
SetStretchBltMode
EnumFontFamiliesW
GetFontLanguageInfo
GetOutlineTextMetricsW
GetTextCharacterExtra
GetCharWidth32W
GetKerningPairsW
GetTextExtentPointI
CreateFontW
GetCharABCWidthsW
GetTextFaceW
EnumFontFamiliesExW
GetGlyphOutlineW
GetFontData
GetGlyphIndicesW
GetTextColor
ExtTextOutW
GetClipBox
GetCurrentObject
Rectangle
GetTextMetricsW
RectVisible
OffsetRgn
ExtSelectClipRgn
ExtCreateRegion
LineTo
MoveToEx
CreatePen
GetTextExtentPoint32W
SetBkColor
SetViewportOrgEx
CreateDIBSection
GetDeviceCaps
CreateSolidBrush
ExcludeClipRect
BitBlt
CreateFontIndirectW
TextOutW
SetTextColor
RestoreDC
SaveDC
CreatePatternBrush
OffsetWindowOrgEx
IntersectClipRect
CreateCompatibleBitmap
CreateCompatibleDC
SetBkMode
DeleteObject
SelectObject
GetObjectW
GetStockObject
DeleteDC
CreateRectRgnIndirect
SetRectRgn
SelectClipRgn
CreateDCW
CreateBitmap
GetDIBits
SetDIBColorTable
CreateRectRgn
PatBlt
GetClipRgn
StretchBlt
CombineRgn
GetObjectA

advapi32

OpenProcessToken
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
SetEntriesInAclW
AllocateAndInitializeSid
FreeSid
InitializeSecurityDescriptor
GetUserNameW
GetTokenInformation
ConvertStringSidToSidW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegEnumKeyW
RegEnumValueW
SetFileSecurityW
InitializeAcl
AddAccessAllowedAce
GetLengthSid
RegCreateKeyExW
RegSetValueExW
RegGetKeySecurity
RegSetKeySecurity
GetSecurityDescriptorDacl
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptDecrypt
CryptDestroyHash
CryptDestroyKey
CryptReleaseContext
CryptEncrypt
IsTextUnicode
CryptImportKey
CryptSetKeyParam
SetSecurityDescriptorSacl

shell32

ShellExecuteA
SHGetSpecialFolderPathW
DragQueryFileW
ord165
SHGetFolderPathW
ShellExecuteW

ole32

IIDFromString
StringFromIID
CoTaskMemFree
StgOpenStorageOnILockBytes
RegisterDragDrop
ReleaseStgMedium
CoCreateInstance
RevokeDragDrop
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoUninitialize
CoInitialize

oleaut32

SysFreeString
SysAllocString
VariantClear
VariantInit

shlwapi

PathFindFileNameW
StrStrIW
PathFileExistsW
PathRemoveFileSpecW
PathAppendW
PathQuoteSpacesW
GetMenuPosFromID
PathCombineW
StrCmpIW
PathIsURLW
PathRelativePathToW
PathFindExtensionW
AssocQueryStringW
StrStrW

msimg32

AlphaBlend

configure

GetConfigureInst
ReleaseConfigInst

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

imm32

ImmGetHotKey
ImmDisableIME

gdiplus

GdipAddPathArcI
GdipAddPathLineI
GdipDeletePath
GdipCreatePath
GdipSetStringFormatTrimming
GdipSetStringFormatFlags
GdipDrawPath
GdipBitmapLockBits
GdipImageGetFrameDimensionsCount
GdipGetImagePaletteSize
GdipGetPropertyItemSize
GdipBitmapUnlockBits
GdipGetPropertyItem
GdipImageGetFrameDimensionsList
GdipDrawImageRectI
GdipGetImagePixelFormat
GdipGetImagePalette
GdipCreateBitmapFromStream
GdipSetStringFormatAlign
GdipTranslateWorldTransform
GdipCreateTextureIA
GdipSetSolidFillColor
GdipSetStringFormatLineAlign
GdipMeasureString
GdipCreateBitmapFromFile
GdipImageSelectActiveFrame
GdipSetPenDashArray
GdipDrawString
GdipCreateStringFormat
GdipDeleteFont
GdipCreateFontFamilyFromName
GdipGetGenericFontFamilySansSerif
GdipCreateFont
GdipDrawImagePointRectI
GdipDrawLineI
GdipDrawRectangleI
GdipDeletePen
GdipCreatePen1
GdipFillRectangleI
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipSetSmoothingMode
GdipDrawImageI
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCreateBitmapFromScan0
GdipDrawImageRectRectI
GdipDeleteGraphics
GdipCreateFromHDC
GdipAlloc
GdipFree
GdipGetImageWidth
GdipGetImageHeight
GdiplusStartup
GdiplusShutdown
GdipCreateFontFromDC
GdipImageGetFrameCount
GdipSetInterpolationMode
GdipDeleteStringFormat
GdipCreateFontFromLogfontA
GdipLoadImageFromFile
GdipLoadImageFromStreamICM
GdipGetImageRawFormat
GdipDrawImageRectRect
GdipCreateMatrix
GdipDeleteMatrix
GdipTranslateMatrix
GdipRotateMatrix
GdipSetWorldTransform
GdipGraphicsClear
GdipCreateHBITMAPFromBitmap
GdipCloneBitmapAreaI
GdipSetTextRenderingHint
GdipDeleteFontFamily
GdipCloneImage

crypt32

CertGetNameStringW
CertNameToStrW

imefreetype

FT_Done_Glyph
FT_Done_Face
FT_Load_Char
FTC_Manager_New
FT_Init_FreeType
FT_Select_Charmap
FT_Angle_Diff
FTC_ImageCache_Lookup
FT_Open_Face
FTC_Manager_LookupSize
FT_Get_Glyph
FT_Glyph_To_Bitmap
FT_Atan2
FT_Done_FreeType
FT_MulDiv
FT_Vector_From_Polar
FT_Outline_Embolden
FT_Outline_Get_Orientation
FT_Get_Kerning
FT_Get_Sfnt_Table
FTC_ImageCache_New
FTC_CMapCache_Lookup
FTC_Manager_LookupFace
FT_Outline_Transform
FT_Library_SetLcdFilter
FT_DivFix
FT_Cos
FT_Face_GetVariantSelectors
FT_OpenType_Free
FT_OpenType_Validate
FT_Glyph_Copy
FTC_CMapCache_New
FT_RoundFix
FT_Load_Sfnt_Table
FTC_Manager_Done
FT_Set_Pixel_Sizes
FT_Get_Charmap_Index

imepng

png_get_IHDR
png_read_png
png_read_image
png_read_frame_head
png_malloc
png_read_info
png_sig_cmp
png_create_read_struct
png_create_info_struct
png_set_error_fn
png_get_error_ptr
png_set_read_fn
png_read_end
png_set_longjmp_fn
png_get_valid
png_get_image_width
png_get_num_frames
png_get_next_frame_fcTL
png_get_image_height
png_free
png_destroy_read_struct

imagehlp

ImageGetCertificateHeader

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 543KB - Virtual size: 543KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 139KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1c0f58d3d982e3b347bacb88448acd08

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

1f:d2:d3:0e:26:0f:c2:89:cf:af:11:51:8f:2c:d3:6fCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

oleacc

winmm

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

msimg32

configure

version

imm32

gdiplus

crypt32

imefreetype

imepng

imagehlp

Exports

Exports

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 543KB - Virtual size: 543KB

.data Size: 139KB - Virtual size: 158KB

_RDATA Size: 512B - Virtual size: 32B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 135KB - Virtual size: 135KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

1f:d2:d3:0e:26:0f:c2:89:cf:af:11:51:8f:2c:d3:6f
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 543KB - Virtual size: 543KB

.data
Size: 139KB - Virtual size: 158KB

_RDATA
Size: 512B - Virtual size: 32B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 135KB - Virtual size: 135KB