18328aca17d60089cdef3b18abe4c784

Sharing

Copy URL Twitter E-mail

General

Target

18328aca17d60089cdef3b18abe4c784
Size

5.7MB
MD5

18328aca17d60089cdef3b18abe4c784
SHA1

ef06c342fb61d17ee31fbc8bbb9394b908677a23
SHA256

fc9a101e714c8cbebec22e9de53d9836c9681c60b56ea53dfc031cb0088cbf46
SHA512

1d267ef7582c62723e00b4548b7665ed82d761e2ec1766c3343012f9e29aefc7acd2ad4528048a7c88835344c5ab5beb356e2a61facce3bb3b76c9847a7dc54a
SSDEEP

49152:4LUoR3UwBGX2/IjGQ4NpchZpavnRTavn9m:mUwBRQavn1avn9m

Score

1^/10

Malware Config

Signatures

Files

18328aca17d60089cdef3b18abe4c784
.exe windows:5 windows x86 arch:x86

78e341ecaa3aebf976ada1e48871c735

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0a:17:1f:88:aa:dd:03:30:4d:13:9b:61:83:e4:3d:15
Certificate

Issuer

CN=eBiz Networks Certificate Services,O=eBiz Networks Ltd,C=KR

Not Before

07/03/2011, 00:00

Not After

06/03/2012, 23:59

Subject

CN=ES Vision,OU=web team,O=ES Vision,POSTALCODE=637-942,STREET=1122+STREET=Mureung-ri\, Chilseo-myeon\, Haman-gun\, Gyeongsangnam-do\, Korea,L=Gyeongsangnam-do,ST=Haman-gun,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2b:b1:6f:ab:89:f2:87:16:52:be:dd:50:b4:3f:49:11:2a:1f:72:b7
Signer

Actual PE Digest

2b:b1:6f:ab:89:f2:87:16:52:be:dd:50:b4:3f:49:11:2a:1f:72:b7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualQuery
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
LCMapStringA
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
GetSystemInfo
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
CreateFileA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetCurrentDirectoryA
GetDriveTypeA
GetProcessHeap
SetEnvironmentVariableA
FileTimeToSystemTime
FileTimeToLocalFileTime
VirtualProtect
HeapSize
VirtualAlloc
lstrcmpW
GetLastError
SizeofResource
LockResource
LoadResource
FindResourceW
Sleep
lstrcpyW
MultiByteToWideChar
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ResumeThread
WaitForSingleObject
RemoveDirectoryW
DeleteFileW
ExpandEnvironmentStringsW
GetTempPathW
GetSystemDirectoryW
CreateFileW
GetFileSize
SetFilePointer
WriteFile
CloseHandle
FindFirstFileW
GetFileAttributesW
SetFileAttributesW
FindNextFileW
FindClose
GetModuleFileNameW
CreateMutexW
lstrlenA
FreeResource
GlobalMemoryStatusEx
OpenProcess
GetCurrentProcess
VirtualAllocEx
ReadProcessMemory
VirtualFreeEx
GetVersion
LocalFree
LoadLibraryW
ExitProcess
RaiseException
RtlUnwind
HeapReAlloc
HeapAlloc
HeapFree
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
GetTickCount
SetErrorMode
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GetFileTime
GetFileSizeEx
GetFileAttributesExW
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
GetLocaleInfoW
CompareStringA
InterlockedExchange
GetFullPathNameW
GetVolumeInformationW
GetProcAddress
lstrcpynW
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
ReadFile
MoveFileW
SuspendThread
SetThreadPriority
GetThreadLocale
FormatMessageW
GetCurrentProcessId
GetModuleHandleA
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LoadLibraryA
GetVersionExA
GetNumberFormatW
CreateThread
WideCharToMultiByte
GetModuleHandleW
SetLastError
lstrcatW
GetWindowsDirectoryW
GetVersionExW
ResetEvent
SetEvent
MulDiv
CreateEventW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
WritePrivateProfileStringW
FreeLibrary
lstrcmpA
lstrlenW

user32

DestroyMenu
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
CharUpperW
GetMessageW
TranslateMessage
ValidateRect
GetDesktopWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
CharNextW
EndPaint
BeginPaint
GetWindowDC
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetFocus
SetFocus
GetWindowTextLengthW
GetForegroundWindow
GetLastActivePopup
RegisterClipboardFormatW
DispatchMessageW
GetDlgItem
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
GetKeyState
SetMenu
EnableWindow
GetSysColor
GetMenuItemCount
MessageBoxW
CreateWindowExW
GetClassInfoExW
RegisterClassW
AdjustWindowRectEx
ScreenToClient
EqualRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
SetWindowPos
IntersectRect
SystemParametersInfoA
GetNextDlgGroupItem
ReleaseCapture
ClientToScreen
DrawFocusRect
WindowFromPoint
GetCapture
DestroyIcon
SetWindowLongW
LockWindowUpdate
wsprintfA
IsCharAlphaNumericW
GetMenuItemID
TrackPopupMenu
PostThreadMessageW
GetCursorPos
SetMenuDefaultItem
GetSubMenu
GetSysColorBrush
CopyAcceleratorTableW
InvalidateRgn
SetCapture
UnregisterClassW
MessageBeep
GetTopWindow
SetActiveWindow
KillTimer
InvalidateRect
SetTimer
PostMessageW
GetWindowRect
RedrawWindow
GetParent
UpdateWindow
GetClientRect
FillRect
OffsetRect
SetCursor
SendMessageW
IsWindow
GetDC
FindWindowW
EnumWindows
GetWindowThreadProcessId
IsWindowVisible
GetWindowPlacement
GetWindowTextW
SetParent
wsprintfW
CopyRect
SetForegroundWindow
DefDlgProcW
LoadCursorW
GetClassInfoW
LoadIconW
SetRect
GetSystemMetrics
IsIconic
DrawIcon
GetWindowLongW
GetWindow
PtInRect
GetActiveWindow
LoadMenuW
FindWindowExW
LoadBitmapW
GrayStringW
DrawTextExW
TabbedTextOutW
DrawTextW
DrawEdge
LoadImageW
IsRectEmpty
InflateRect
FrameRect
ReleaseDC

gdi32

SetMapMode
SetTextAlign
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
GetTextColor
CreateRectRgnIndirect
GetRgnBox
RestoreDC
SaveDC
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
StretchBlt
GetDeviceCaps
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
DeleteDC
GetBkColor
DPtoLP
GetViewportExtEx
GetWindowExtEx
GetMapMode
LPtoDP
GetTextExtentPoint32W
SelectObject
SetBkMode
CreatePen
Rectangle
GetStockObject
BitBlt
SetViewportOrgEx
GetViewportOrgEx
GetObjectW
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontIndirectW
DeleteObject
CreateSolidBrush

msimg32

TransparentBlt

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

SetSecurityDescriptorDacl
LookupPrivilegeValueW
AdjustTokenPrivileges
CryptAcquireContextW
RegQueryValueW
RegEnumKeyW
RegOpenKeyW
RegSetValueExW
RegEnumValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegDeleteValueW
RegDeleteKeyW
RegFlushKey
RegCreateKeyExW
FreeSid
RegSetKeySecurity
CryptCreateHash
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
RegOpenKeyExW
RegCloseKey
RegDeleteValueA
RegEnumValueA
RegOpenKeyExA
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptHashData
OpenProcessToken

shell32

SHGetFileInfoW
Shell_NotifyIconW
SHGetSpecialFolderPathW
ShellExecuteW
SHGetDesktopFolder
SHGetMalloc

comctl32

_TrackMouseEvent
InitCommonControlsEx

shlwapi

PathFindFileNameW
PathFindExtensionW
PathIsUNCW
PathStripToRootW
StrCmpW
StrCpyW
StrStrW

oledlg

OleUIBusyW

ole32

CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoInitialize
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CoCreateInstance
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CoFreeUnusedLibraries
CLSIDFromString

oleaut32

SysAllocStringByteLen
SysStringLen
SysFreeString
VarDateFromStr
VariantInit
SysAllocStringLen
VariantClear
VariantChangeType
OleCreateFontIndirect
SysAllocString
VariantTimeToSystemTime
VariantCopy
SafeArrayDestroy
SystemTimeToVariantTime
GetErrorInfo

netapi32

Netbios

iphlpapi

GetAdaptersInfo

crypt32

CryptUnprotectData

wininet

InternetGetConnectedState
FindNextUrlCacheEntryW
FindCloseUrlCache
DeleteUrlCacheEntryW
FindFirstUrlCacheEntryW

psapi

EnumProcesses
EnumProcessModules
EmptyWorkingSet

ws2_32

select
connect
htons
socket
__WSAFDIsSet
gethostbyname
WSAStartup
ioctlsocket
closesocket
send
WSACleanup
recv

Sections

.text
Size: 413KB - Virtual size: 412KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5.1MB - Virtual size: 5.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

78e341ecaa3aebf976ada1e48871c735

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0a:17:1f:88:aa:dd:03:30:4d:13:9b:61:83:e4:3d:15Certificate

Extended Key Usages

Key Usages

2b:b1:6f:ab:89:f2:87:16:52:be:dd:50:b4:3f:49:11:2a:1f:72:b7Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

netapi32

iphlpapi

crypt32

wininet

psapi

ws2_32

Sections

.text Size: 413KB - Virtual size: 412KB

.rdata Size: 99KB - Virtual size: 98KB

.data Size: 13KB - Virtual size: 31KB

.rsrc Size: 5.1MB - Virtual size: 5.1MB

.reloc Size: 63KB - Virtual size: 63KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0a:17:1f:88:aa:dd:03:30:4d:13:9b:61:83:e4:3d:15
Certificate

2b:b1:6f:ab:89:f2:87:16:52:be:dd:50:b4:3f:49:11:2a:1f:72:b7
Signer

.text
Size: 413KB - Virtual size: 412KB

.rdata
Size: 99KB - Virtual size: 98KB

.data
Size: 13KB - Virtual size: 31KB

.rsrc
Size: 5.1MB - Virtual size: 5.1MB

.reloc
Size: 63KB - Virtual size: 63KB