0cb2c938d25314bd7f5fb603ecb30271

Sharing

Copy URL Twitter E-mail

General

Target

0cb2c938d25314bd7f5fb603ecb30271
Size

572KB
MD5

0cb2c938d25314bd7f5fb603ecb30271
SHA1

042c59053fb09f54bbb10c9cc265f811d0798c06
SHA256

11827afecf940818b14d81c5ad19025a88c4fa6e39f4f12adb5bddbeb8b11c81
SHA512

6fb8061a93a162e8795fed07a969d86ded0f5f775a6946ff358dc8ac3c4356e8225c4def44a9aa1c14940fc936f773090469ff3525c2ff5c4d9ce8f0da6381e6
SSDEEP

12288:Vkb5ooPPypztSeA4bxDWbdjMNwbn9y6sY:VS5o2iSrExcYw

Score

1^/10

Malware Config

Signatures

Files

0cb2c938d25314bd7f5fb603ecb30271
.exe windows:4 windows x86 arch:x86

b977f20a6251f7e24e5f9f989a59d8e2

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

39:e3:a8:90:91:d7:0e:8c:de:57:b3:13:15:7c:ff:4c:5f:b6:f8:37
Signer

Actual PE Digest

39:e3:a8:90:91:d7:0e:8c:de:57:b3:13:15:7c:ff:4c:5f:b6:f8:37

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

htonl
htons

common

?InitBugReport@TXBugReport@@YAXPB_W000GGKHHKKP6GHPAUtagBugReportInfo@1@PBD200PAPAXPAKPAX@Z@Z
?ValidateBugReport@TXBugReport@@YAXXZ
?SetBugReportUin@TXBugReport@@YAXKPB_W@Z

kernel32

OpenEventW
InterlockedExchange
SetFilePointer
WriteFile
DeleteCriticalSection
SetLastError
InitializeCriticalSection
GetCurrentProcessId
WideCharToMultiByte
GetLocalTime
GetCurrentProcess
SwitchToThread
InterlockedCompareExchange
SetEvent
MultiByteToWideChar
ReadFile
SetEndOfFile
Sleep
GetFileAttributesW
GetTickCount
lstrlenW
GetFileSizeEx
TerminateProcess
OpenProcess
OpenFileMappingW
lstrcmpiW
InterlockedIncrement
GetSystemInfo
GetSystemDefaultLangID
InterlockedDecrement
VirtualQuery
LoadLibraryA
UnmapViewOfFile
MapViewOfFile
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
WaitForSingleObject
CreateProcessW
ExpandEnvironmentStringsW
GetLastError
GetProcAddress
GetCommandLineW
LoadLibraryW
ReleaseMutex
OutputDebugStringW
CreateMutexW
GetModuleFileNameW
CloseHandle
CreateFileMappingW
GetFileSize
CreateFileW
GlobalLock
GlobalAlloc
GlobalReAlloc
SizeofResource
LockResource
FreeResource
LoadResource
FindResourceW
GlobalFree
GlobalUnlock
GetVersionExW
GetCurrentThreadId
FreeLibrary
GetModuleHandleW
lstrcpynW
GetEnvironmentVariableW
GetSystemDirectoryW
GetWindowsDirectoryW
RemoveDirectoryW
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
LeaveCriticalSection
EnterCriticalSection

user32

GetClassInfoW
RegisterClassExW
SetCursor
IsZoomed
SetWindowRgn
EndPaint
GetActiveWindow
FindWindowExW
UpdateLayeredWindow
UnhookWindowsHookEx
BeginPaint
IsRectEmpty
SetWindowsHookExW
GetWindowTextW
InvalidateRect
CallNextHookEx
GetSystemMenu
UnionRect
GetMenuState
GetSystemMetrics
GetClassInfoExW
GetClassNameW
IsWindow
DispatchMessageW
GetCursorPos
TranslateMessage
CallWindowProcW
GetMessageW
RegisterWindowMessageW
GetWindowLongW
EnableWindow
ScreenToClient
GetAncestor
WindowFromPoint
GetDesktopWindow
ClientToScreen
SetFocus
SendMessageTimeoutW
PtInRect
EqualRect
LoadCursorW
CopyRect
GetClientRect
CreateWindowExW
GetKeyState
GetCapture
ReleaseCapture
SetCapture
IntersectRect
ReleaseDC
GetDC
OffsetRect
SetWindowPos
SetTimer
SetWindowLongW
DefWindowProcW
FillRect
DrawTextW
GetWindow
MapWindowPoints
GetParent
FindWindowA
SystemParametersInfoW
ShowWindow
UpdateWindow
SetRect
PostMessageW
DestroyIcon
IsWindowVisible
PrivateExtractIconsW
PostQuitMessage
DrawIconEx
GetWindowRect
SendMessageW
DestroyWindow
KillTimer

gdi32

CreateDIBSection
SelectObject
DeleteDC
GetStockObject
SetBkMode
CreateCompatibleBitmap
BitBlt
ExcludeClipRect
CreateRectRgn
CreateFontIndirectW
GetObjectW
DeleteObject
ExtCreateRegion
CombineRgn
CreateSolidBrush
SetTextColor
GetTextExtentPoint32W
GetObjectA
Rectangle
CreateCompatibleDC
CreatePen

advapi32

RegCreateKeyExW
RegNotifyChangeKeyValue
RegEnumValueW
RegFlushKey
RegQueryInfoKeyW
RegSetKeySecurity
RegGetKeySecurity
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey

shell32

SHGetDesktopFolder
SHGetSpecialFolderPathW
ExtractIconExW

ole32

CoUninitialize
CoTaskMemFree
CoInitialize
StringFromGUID2
CreateStreamOnHGlobal

msvcp80

??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?empty@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE_NXZ
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z
?find_first_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
?rbegin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$reverse_iterator@V?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@XZ
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IIABV12@@Z

msvcr80

_invalid_parameter_noinfo
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
_wtoi64
??_V@YAXPAX@Z
_wtoi
__wargv
__argc
towlower
_itow
_beginthreadex
floor
swprintf_s
wcsncat
wcschr
free
__RTDynamicCast
_wcsdup
wcsrchr
tolower
realloc
malloc
_memicmp
wcsncpy_s
wcsncat_s
_vsnwprintf_s
strchr
fflush
wcscpy_s
strncpy_s
_snprintf_s
_vsnprintf_s
fwrite
strrchr
swscanf_s
_wtol
memcpy_s
_wsplitpath_s
_time32
?terminate@@YAXXZ
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__CxxFrameHandler3
_invoke_watson
_controlfp_s
memset
_except_handler3
_CIsqrt
memcpy
_CxxThrowException
fclose
??3@YAXPAX@Z
??2@YAPAXI@Z
wcsncpy
_snwprintf
_wcsicmp
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
?what@exception@std@@UBEPBDXZ
_wcsnicmp
_purecall

shlwapi

PathAppendW
StrRetToStrW
StrStrIW
PathFileExistsW
PathRemoveFileSpecW
PathAddBackslashW
PathIsUNCW
PathCanonicalizeW

gdiplus

GdipRotateMatrix
GdipCreateHBITMAPFromBitmap
GdipSetWorldTransform
GdipCloneBitmapAreaI
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDrawImageRectI
GdipCreateSolidFill
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetTextRenderingHint
GdipSetStringFormatFlags
GdipCreateFontFromDC
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipCreateFontFromLogfontA
GdipDrawString
GdipMeasureString
GdipDeleteFont
GdipSetStringFormatTrimming
GdipDeleteBrush
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipLoadImageFromFile
GdipCreateBitmapFromScan0
GdipTranslateMatrix
GdipCreateBitmapFromStream
GdipGetImageWidth
GdipGetImageHeight
GdipFree
GdipAlloc
GdiplusStartup
GdiplusShutdown
GdipCreateBitmapFromFile
GdipDeleteMatrix
GdipDrawImageRectRectI
GdipCloneImage
GdipDisposeImage
GdipCreateFromHDC
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipCreateMatrix
GdipGraphicsClear
GdipGetImagePixelFormat

msimg32

AlphaBlend

psapi

GetModuleBaseNameW
EnumProcessModules
EnumProcesses
GetModuleFileNameExW
GetProcessMemoryInfo

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

msi

ord217
ord173

comctl32

InitCommonControlsEx
_TrackMouseEvent

Exports

Exports

??4_Init_locks@std@@QAEAAV01@ABV01@@Z

Sections

.text
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

��
Size: 244KB - Virtual size: 244KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b977f20a6251f7e24e5f9f989a59d8e2

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0eCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

39:e3:a8:90:91:d7:0e:8c:de:57:b3:13:15:7c:ff:4c:5f:b6:f8:37Signer

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

common

kernel32

user32

gdi32

advapi32

shell32

ole32

msvcp80

msvcr80

shlwapi

gdiplus

msimg32

psapi

version

msi

comctl32

Exports

Exports

Sections

.text Size: 168KB - Virtual size: 167KB

.rdata Size: 52KB - Virtual size: 51KB

.data Size: 4KB - Virtual size: 5KB

.tls Size: 4KB - Virtual size: 13B

.rsrc Size: 68KB - Virtual size: 67KB

.reloc Size: 20KB - Virtual size: 16KB

�� Size: 244KB - Virtual size: 244KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

39:e3:a8:90:91:d7:0e:8c:de:57:b3:13:15:7c:ff:4c:5f:b6:f8:37
Signer

.text
Size: 168KB - Virtual size: 167KB

.rdata
Size: 52KB - Virtual size: 51KB

.data
Size: 4KB - Virtual size: 5KB

.tls
Size: 4KB - Virtual size: 13B

.rsrc
Size: 68KB - Virtual size: 67KB

.reloc
Size: 20KB - Virtual size: 16KB

��
Size: 244KB - Virtual size: 244KB