122142f2bec29c647fdb8e7342922f84

Sharing

Copy URL

Twitter E-mail

General

Target

122142f2bec29c647fdb8e7342922f84
Size

256KB
MD5

122142f2bec29c647fdb8e7342922f84
SHA1

86b4725137d94ed8081345497a02c3aa1e9b8102
SHA256

b2cc32f395bda307d761e4f5f7bf515a15218e7252ea025921becd1c5ea4fbd2
SHA512

b5422cd5caf7ab06f3734bbc3c3b4a123eb5b79fb7288fdbfedab51067db9837135f1baf0f5652aefb08008e5d30c95ab97d788c095c99bda052c3acad7f84db
SSDEEP

3072:seAGcNNwmlR2GNUbomMYMLnbtoKOmiNL0SJOUOhopJMDN:OvNNtWuYcqHmiNLQcJ

Score

1^/10

Malware Config

Signatures

Files

122142f2bec29c647fdb8e7342922f84
.exe windows:4 windows x86 arch:x86

8e3435044b7cfc8830f0d8f8b832eb70

Code Sign

6e:78:4d:42:6d:c9:b2:24:b7:66:a9:5d:34:b0:3a:8e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

21-06-2013 00:00

Not After

20-06-2016 23:59

Subject

CN=NetEase(Hangzhou) Network Co. Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=NetEase(Hangzhou),O=NetEase(Hangzhou) Network Co. Ltd.,L=Hangzhou,ST=Zhejiang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

dc:0a:bd:f4:fa:29:1a:98:3b:9a:fb:d5:8d:36:41:09:ad:fc:06:82
Signer

Actual PE Digest

dc:0a:bd:f4:fa:29:1a:98:3b:9a:fb:d5:8d:36:41:09:ad:fc:06:82

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindNextFileA
FindFirstFileA
GetFullPathNameA
FindClose
GetDriveTypeA
GetLocaleInfoA
GetConsoleScreenBufferInfo
SetVolumeLabelA
GetStdHandle
GetFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
ReadFile
SetConsoleMode
GetConsoleMode
lstrcpynA
lstrcmpiA
GetFileAttributesA
LeaveCriticalSection
lstrlenA
InitializeCriticalSection
ReleaseMutex
WaitForSingleObject
InterlockedExchange
CreateMutexA
HeapFree
HeapAlloc
GetProcessHeap
GetCurrentProcess
SetConsoleCtrlHandler
MultiByteToWideChar
ExitProcess
TerminateProcess
GetTimeZoneInformation
GetSystemTime
SetStdHandle
GetFileType
EnterCriticalSection
SystemTimeToFileTime
GetCPInfo
GetACP
GetOEMCP
GetVersion
UnhandledExceptionFilter
IsValidLocale
IsValidCodePage
EnumSystemLocalesA
GetUserDefaultLCID
GetVersionExA
WideCharToMultiByte
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
GetStringTypeA
GetStringTypeW
SetHandleCount
GetStartupInfoA
FlushFileBuffers
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
RtlUnwind
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetProcAddress
LoadLibraryA
GetLocaleInfoW
GetVolumeInformationA
GetLocalTime
CreateFileA
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
GetLastError
SetFileAttributesA
SetEndOfFile
CloseHandle
SetFilePointer
HeapReAlloc
GetCommandLineA
WriteFile
GetCurrentDirectoryA
SetEnvironmentVariableW
DeleteFileA
CreateDirectoryA

advapi32

OpenProcessToken
LookupPrivilegeValueA
GetSecurityDescriptorControl
GetKernelObjectSecurity
AdjustTokenPrivileges
IsValidSecurityDescriptor
GetSecurityDescriptorDacl
SetKernelObjectSecurity
GetSecurityDescriptorSacl
GetSecurityDescriptorOwner
IsValidAcl
GetSecurityDescriptorGroup
IsValidSid

user32

CharToOemA
OemToCharA

Sections

.text
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8e3435044b7cfc8830f0d8f8b832eb70

Code Sign

6e:78:4d:42:6d:c9:b2:24:b7:66:a9:5d:34:b0:3a:8eCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

dc:0a:bd:f4:fa:29:1a:98:3b:9a:fb:d5:8d:36:41:09:ad:fc:06:82Signer

Headers

File Characteristics

Imports

kernel32

advapi32

user32

Sections

.text Size: 116KB - Virtual size: 116KB

.rdata Size: 28KB - Virtual size: 24KB

.data Size: 108KB - Virtual size: 108KB

6e:78:4d:42:6d:c9:b2:24:b7:66:a9:5d:34:b0:3a:8e
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

dc:0a:bd:f4:fa:29:1a:98:3b:9a:fb:d5:8d:36:41:09:ad:fc:06:82
Signer

.text
Size: 116KB - Virtual size: 116KB

.rdata
Size: 28KB - Virtual size: 24KB

.data
Size: 108KB - Virtual size: 108KB