062e97beed67cd9f75dd1d597f0153b1

Sharing

Copy URL

Twitter E-mail

General

Target

062e97beed67cd9f75dd1d597f0153b1
Size

757KB
MD5

062e97beed67cd9f75dd1d597f0153b1
SHA1

e7945a4ffc77d707d1545406659b8870c68dc321
SHA256

127a1af16f59b29f29fcee0ca9b8e561b30cbca7848e6bbcd11bf6993269e6e8
SHA512

02b2ced708011c04970f803631e0b0e0f4b3b036ca5528b4ff54f026d3b9cc01aba8b7b7c261d4b9731749bfaed7224455124cb2d91cc5f0d1a6642c939d18e0
SSDEEP

12288:RtqZzkw6tSWpkbvV6EB0p/skcnze97UPaQOx4mLoKizWjCyvFJEAAVtW7yJ4CTlS:RtE0Sj5LWp/MGUPaH4mLc7MbEAAVtW9

Score

1^/10

Malware Config

Signatures

Files

062e97beed67cd9f75dd1d597f0153b1
.exe windows:5 windows x86 arch:x86

156b62a7fd769045dd29259663bbc0e1

Code Sign

01:1e
Certificate

Issuer

CN=DriverDevelop.com CA,OU=DriverDevelop.com CA,O=DriverDevelop.com,L=BeiJing,ST=BeiJing,C=CN,1.2.840.113549.1.9.1=#0c0c6361407a6e6465762e636f6d

Not Before

15-08-2009 03:02

Not After

13-08-2019 03:02

Subject

CN=DriverDevelop.com Signtools Test cert,OU=Dept. CodeSign CA,O=DriverDevelop.com,ST=BeiJing,C=CN,1.2.840.113549.1.9.1=#0c0c6361407a6e6465762e636f6d

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6e:f4:2d:8b:9c:50:a6:5a:2f:31:71:4b:ec:23:99:da:d6:2a:67:73
Signer

Actual PE Digest

6e:f4:2d:8b:9c:50:a6:5a:2f:31:71:4b:ec:23:99:da:d6:2a:67:73

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedIncrement
InterlockedDecrement
InitializeCriticalSectionAndSpinCount
MulDiv
lstrcmpW
lstrcmpiW
LoadLibraryExW
DeleteFileW
SetEnvironmentVariableA
CompareStringW
SetEndOfFile
CreateFileA
WriteConsoleW
FlushFileBuffers
SetStdHandle
GetStringTypeW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetConsoleMode
GetConsoleCP
IsValidCodePage
GetOEMCP
GetACP
HeapCreate
GetFileType
GetStdHandle
GetTickCount
SetFilePointer
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
LCMapStringW
RtlUnwind
RaiseException
GetCommandLineW
CreateThread
ExitThread
GetSystemTimeAsFileTime
GetTimeZoneInformation
DecodePointer
EncodePointer
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GlobalFree
SetLastError
GetCurrentThreadId
FlushInstructionCache
SystemTimeToFileTime
GlobalUnlock
GlobalLock
GlobalAlloc
GetModuleHandleW
ReadFile
FreeLibrary
GetProcAddress
LoadLibraryW
CreateDirectoryW
LeaveCriticalSection
ReleaseMutex
EnterCriticalSection
WideCharToMultiByte
lstrlenW
DeleteCriticalSection
InitializeCriticalSection
GetLocalTime
FindResourceExW
FindResourceW
LoadResource
CreateFileW
LockResource
GetVersionExW
SetEvent
TerminateThread
WaitForSingleObject
CreateEventW
LoadLibraryA
ProcessIdToSessionId
ExitProcess
CreateProcessW
GetStartupInfoW
CopyFileW
CreateDirectoryA
GetModuleFileNameA
DeleteFileA
TerminateProcess
GetCurrentProcess
CreateFileMappingW
OpenFileMappingW
GetLastError
LocalFree
LocalAlloc
Sleep
GetCurrentProcessId
GetModuleFileNameW
Process32NextW
OpenProcess
Process32FirstW
HeapSetInformation
CreateToolhelp32Snapshot
SizeofResource
MultiByteToWideChar
CloseHandle
WriteFile
SetHandleCount

user32

DrawTextW
GetWindowRect
InvalidateRect
IsRectEmpty
CallWindowProcW
SendMessageW
GetParent
AppendMenuW
TrackPopupMenu
GetMonitorInfoW
MonitorFromPoint
MonitorFromWindow
PostQuitMessage
CreatePopupMenu
AnimateWindow
FillRect
SetParent
EnableWindow
IntersectRect
ReleaseDC
LoadIconW
GetClientRect
GetDC
IsWindow
GetMessageW
GetSystemMetrics
DispatchMessageW
TranslateMessage
PeekMessageW
PostThreadMessageW
OpenClipboard
PostMessageW
DefWindowProcW
SetWindowLongW
GetWindowLongW
RegisterClassExW
GetClassInfoExW
LoadCursorW
CreateWindowExW
SetWindowPos
SetTimer
UpdateLayeredWindow
BeginPaint
EndPaint
KillTimer
ShowWindow
GetWindowDC
UpdateWindow
IsIconic
IsWindowVisible
UnionRect
CopyRect
PtInRect
DestroyAcceleratorTable
GetDesktopWindow
InvalidateRgn
GetClipboardData
CloseClipboard
EmptyClipboard
SetClipboardData
MapWindowPoints
ReleaseCapture
SetCapture
MoveWindow
ScreenToClient
ClientToScreen
CreateAcceleratorTableW
DestroyWindow
RedrawWindow
CharNextW
GetSysColor
GetClassNameW
GetDlgItem
GetWindow
SetFocus
GetFocus
IsChild
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
RegisterWindowMessageW
SystemParametersInfoW
FindWindowExW
GetUpdateRect
GetCursorPos
UnregisterClassA

gdi32

CreatePalette
GetDIBits
GdiFlush
SetDIBitsToDevice
RealizePalette
SelectPalette
GetDeviceCaps
CreateFontW
SetTextColor
SetBkMode
SaveDC
GetStockObject
CreateSolidBrush
GetObjectW
BitBlt
StretchBlt
CreateDIBSection
DeleteDC
SelectObject
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
RestoreDC
SetBkColor

advapi32

OpenProcessToken
RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegCreateKeyW
SetServiceStatus
GetTokenInformation
LookupAccountSidW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceConfigW
CreateServiceW
ControlService
DeleteService
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
QueryServiceStatus
StartServiceW
CreateProcessAsUserW
LookupPrivilegeValueW
DuplicateTokenEx
RegDeleteKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteValueW
RegQueryValueExW

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetSpecialFolderPathA
SHGetSpecialFolderPathW
Shell_NotifyIconW

ole32

CoInitializeEx
CoTaskMemRealloc
OleInitialize
CLSIDFromString
CoGetClassObject
OleLockRunning
StringFromGUID2
CoTaskMemAlloc
OleUninitialize
CoUninitialize
CoCreateInstance
CoInitialize
CLSIDFromProgID
CoTaskMemFree
CreateStreamOnHGlobal

oleaut32

DispCallFunc
VarUI4FromStr
SysStringLen
SysAllocStringLen
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
VariantInit
SysFreeString
VariantClear
SysAllocString

shlwapi

SHDeleteValueW
SHSetValueW
SHGetValueW
PathFileExistsA
PathAppendA
PathFileExistsW

comctl32

_TrackMouseEvent
InitCommonControlsEx

msimg32

TransparentBlt

ws2_32

recv
send
socket
closesocket
connect
setsockopt
htons
WSAStartup
inet_addr
WSACleanup

wininet

InternetOpenW
InternetCloseHandle
InternetReadFile
HttpQueryInfoW
InternetOpenUrlW

iphlpapi

GetAdaptersInfo

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

msvfw32

DrawDibClose
DrawDibSetPalette
DrawDibDraw
DrawDibRealize

gdiplus

GdipDeleteBrush
GdipCreateSolidFill
GdipCreateBitmapFromFile
GdipDrawImageRectI
GdipReleaseDC
GdipDrawImagePointsI
GdipSetSmoothingMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipGetImageWidth
GdipCloneImage
GdipAlloc
GdipFree
GdipLoadImageFromStream
GdipFillRectangle
GdipGetImageHeight
GdipDrawImageRectRect
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipDrawLineI
GdipDeletePen
GdipCreatePen1
GdipMeasureString
GdiplusShutdown
GdiplusStartup
GdipFillRectangleI
GdipDrawString
GdipSetTextRenderingHint
GdipSetStringFormatFlags
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeleteFont
GdipDeleteGraphics
GdipCreateFont

Sections

.text
Size: 309KB - Virtual size: 308KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 13KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 169KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

156b62a7fd769045dd29259663bbc0e1

Code Sign

01:1eCertificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

6e:f4:2d:8b:9c:50:a6:5a:2f:31:71:4b:ec:23:99:da:d6:2a:67:73Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

ws2_32

wininet

iphlpapi

userenv

msvfw32

gdiplus

Sections

.text Size: 309KB - Virtual size: 308KB

.rdata Size: 62KB - Virtual size: 61KB

.data Size: 13KB - Virtual size: 22KB

.rsrc Size: 169KB - Virtual size: 168KB

.reloc Size: 31KB - Virtual size: 26KB

01:1e
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

6e:f4:2d:8b:9c:50:a6:5a:2f:31:71:4b:ec:23:99:da:d6:2a:67:73
Signer

.text
Size: 309KB - Virtual size: 308KB

.rdata
Size: 62KB - Virtual size: 61KB

.data
Size: 13KB - Virtual size: 22KB

.rsrc
Size: 169KB - Virtual size: 168KB

.reloc
Size: 31KB - Virtual size: 26KB