0a86b32f111219f6957a22683f173a6b

Sharing

Copy URL

Twitter E-mail

General

Target

0a86b32f111219f6957a22683f173a6b
Size

836KB
MD5

0a86b32f111219f6957a22683f173a6b
SHA1

ba2cb6bfa3f8427f330162f7186b90a3cf1562d2
SHA256

222ebbd89b8762b6d64dac850e16d47f65dada80209938ed980bc4e94a7da6bd
SHA512

9b0942010e0db76da7088bbf02d6c3a7c43b93df9cdfc52248c84443c8afb6c1853cd1796ca06eb2cc0791a6daa013bb163eed52595d82d04ff54f9d8246693d
SSDEEP

12288:vkHFzcZwvrAxstk6TWGwR6ceHMwzhX2ZMUx/ruEP8m1U8tjpE+ztuV:UzkwvMqtk6TbwQFX2OU1uEP8WtjpE+z

Score

1^/10

Malware Config

Signatures

Files

0a86b32f111219f6957a22683f173a6b
.exe windows:4 windows x86 arch:x86

de7376239eea464278a3a9de7cd0c789

Code Sign

27:37:89:89:dd:16:b0:5a:ee:2c:c4:48:c7:0c:ed:70
Certificate

Issuer

CN=Root SGC Authority

Not Before

16/07/1999, 19:47

Not After

16/07/2004, 19:47

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Extended Key Usages

ExtKeyUsageMicrosoftServerGatedCrypto
ExtKeyUsageNetscapeServerGatedCrypto

56:98:be:ba:6c:12:bc:f2:48:45:43:94:e0:58:d2:b9
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

31/03/2011, 00:00

Not After

30/03/2013, 23:59

Subject

CN=江苏意源科技有限公司,OU=it,O=江苏意源科技有限公司,L=wuxi,ST=jiangSu,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a7:b4:73:48:29:2f:e6:c1:c3:73:6d:31:c2:90:c6:32:7c:a0:cc:a0
Signer

Actual PE Digest

a7:b4:73:48:29:2f:e6:c1:c3:73:6d:31:c2:90:c6:32:7c:a0:cc:a0

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CryptDecodeObjectEx
CertCreateCertificateContext
CertSetCertificateContextProperty
CertFreeCertificateContext
CertAddCertificateContextToStore
CertOpenSystemStoreA
CertEnumCertificatesInStore
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertDeleteCertificateFromStore
CertCloseStore

advapi32

InitializeSecurityDescriptor
RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
SetSecurityDescriptorDacl
RegCloseKey

kernel32

GetCPInfo
GetOEMCP
SetErrorMode
FileTimeToLocalFileTime
GetFileAttributesA
GetFileTime
GetTickCount
InterlockedExchange
MultiByteToWideChar
SetEnvironmentVariableA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
GetStringTypeW
GetStringTypeA
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetFullPathNameA
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
LCMapStringA
SetEndOfFile
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStdHandle
HeapCreate
HeapDestroy
VirtualFree
HeapSize
ExitProcess
GetStartupInfoA
GetProcessHeap
GetCommandLineA
RaiseException
RtlUnwind
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapReAlloc
HeapFree
HeapAlloc
WideCharToMultiByte
GetLastError
GetVersion
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetThreadLocale
GetFileType
GetFileSize
CompareStringA
CompareStringW
lstrlenA
CreateMutexA
OpenMutexA
SizeofResource
LockResource
LoadResource
FindResourceA
LocalFree
LoadLibraryA
GetModuleHandleA
GetProcAddress
SetLastError
InterlockedDecrement
GetACP
GetCurrentDirectoryA
Sleep
CloseHandle
ReleaseMutex
WaitForSingleObject
FileTimeToSystemTime
DeviceIoControl
CreateFileA
MulDiv
FormatMessageA
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalFree
GetModuleFileNameW
FreeLibrary
GlobalDeleteAtom
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GlobalFlags
WritePrivateProfileStringA
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetVersionExA
FreeResource
GetCurrentProcessId
GlobalAddAtomA
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
GetModuleFileNameA
EnumResourceLanguagesA
GetLocaleInfoA
lstrcmpA

user32

GetNextDlgGroupItem
InvalidateRgn
InvalidateRect
SetRect
IsRectEmpty
CopyAcceleratorTableA
CharNextA
ReleaseCapture
UnregisterClassA
LoadCursorA
GetSysColorBrush
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
CharUpperA
LoadIconA
MessageBoxA
MessageBeep
LoadBitmapA
DrawIcon
AppendMenuA
GetSubMenu
SetMenuItemBitmaps
SendMessageA
GetSystemMenu
IsIconic
GetClientRect
SetForegroundWindow
EnableWindow
PostQuitMessage
PeekMessageA
KillTimer
SetTimer
IsWindowEnabled
GetSystemMetrics
LoadImageA
RegisterDeviceNotificationA
GetMenuItemCount
GetMenuItemID
GetMenuState
UnhookWindowsHookEx
PostMessageA
CheckMenuItem
EnableMenuItem
ModifyMenuA
GetParent
GetFocus
GetMenuCheckMarkDimensions
ValidateRect
GetCursorPos
UpdateWindow
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
OffsetRect
IntersectRect
GetWindowPlacement
GetWindowRect
SystemParametersInfoA
DestroyMenu
GetSysColor
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
ReleaseDC
GetDC
CopyRect
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
RegisterClipboardFormatA
PostThreadMessageA
GetKeyState
IsWindowVisible
DestroyWindow
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
GetWindowThreadProcessId
GetWindowLongA
GetLastActivePopup
ShowOwnedPopups
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
SetCapture

gdi32

SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateRectRgnIndirect
CreateBitmap
GetDeviceCaps
DeleteObject
GetObjectA
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
GetStockObject
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
GetClipBox

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

comdlg32

GetFileTitleA

shell32

Shell_NotifyIconA

ole32

CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoRegisterMessageFilter
OleIsCurrentClipboard
CoTaskMemFree
CoInitialize
CoUninitialize
CoCreateInstance
OleRun
CoTaskMemAlloc
OleFlushClipboard

oleaut32

VariantClear
VariantChangeType
VariantInit
SysStringLen
SysAllocStringByteLen
OleCreateFontIndirect
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayDestroy
VariantCopy
SysAllocStringLen
SysFreeString
SysAllocString
GetErrorInfo

hid

HidD_GetHidGuid
HidD_FreePreparsedData
HidP_GetCaps
HidD_GetPreparsedData
HidD_SetFeature
HidD_GetFeature
HidD_GetAttributes

setupapi

SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA

oledlg

ord8

oleacc

CreateStdAccessibleObject
LresultFromObject

Sections

.text
Size: 228KB - Virtual size: 227KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 396KB - Virtual size: 395KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

�V�
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

de7376239eea464278a3a9de7cd0c789

Code Sign

27:37:89:89:dd:16:b0:5a:ee:2c:c4:48:c7:0c:ed:70Certificate

Extended Key Usages

56:98:be:ba:6c:12:bc:f2:48:45:43:94:e0:58:d2:b9Certificate

Extended Key Usages

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91Certificate

Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

a7:b4:73:48:29:2f:e6:c1:c3:73:6d:31:c2:90:c6:32:7c:a0:cc:a0Signer

Headers

File Characteristics

Imports

crypt32

advapi32

kernel32

user32

gdi32

winspool.drv

comdlg32

shell32

ole32

oleaut32

hid

setupapi

shlwapi

oledlg

oleacc

Sections

.text Size: 228KB - Virtual size: 227KB

.rdata Size: 60KB - Virtual size: 57KB

.data Size: 52KB - Virtual size: 63KB

.rsrc Size: 396KB - Virtual size: 395KB

�V� Size: 88KB - Virtual size: 88KB

27:37:89:89:dd:16:b0:5a:ee:2c:c4:48:c7:0c:ed:70
Certificate

56:98:be:ba:6c:12:bc:f2:48:45:43:94:e0:58:d2:b9
Certificate

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

a7:b4:73:48:29:2f:e6:c1:c3:73:6d:31:c2:90:c6:32:7c:a0:cc:a0
Signer

.text
Size: 228KB - Virtual size: 227KB

.rdata
Size: 60KB - Virtual size: 57KB

.data
Size: 52KB - Virtual size: 63KB

.rsrc
Size: 396KB - Virtual size: 395KB

�V�
Size: 88KB - Virtual size: 88KB