041c9494e62f705a5429c790667db2b5

Sharing

Copy URL

Twitter E-mail

General

Target

041c9494e62f705a5429c790667db2b5
Size

897KB
MD5

041c9494e62f705a5429c790667db2b5
SHA1

78ee5f322ad6638c9bbdcf15d472996a2f13b673
SHA256

234168357d4301ca6d1fa572b8ad0f6282416d24e5ff6d75edbf7b86b6a061ec
SHA512

53cb8c63568007a607c9e40531895bc42c71f39815b87fcfea034241bd07360474d6e1e3b4977ca714bf0cf1da9d4b89122462baa3aeaaefdbbd5e71e903ab2f
SSDEEP

24576:EMkM+RBaIkDiVZkYZMKYqvSOdFs3TbLNHhxc12ImtiZQo:jr+Cf3YZMKzPdC3TbR7VImti

Score

1^/10

Malware Config

Signatures

Files

041c9494e62f705a5429c790667db2b5
.exe windows:5 windows x86 arch:x86

9882c3f23acd4341133aac2fdda7602b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:f5:86:d6:64:d4:ad:1f:05:52:4f:d9:b3:bc:e3:4c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28/05/2012, 00:00

Not After

27/08/2015, 23:59

Subject

CN=JINHUA 9158 NETWORK SCIENCE AND TECHNOLOGY CO.\,LTD.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=JINHUA 9158 NETWORK SCIENCE AND TECHNOLOGY CO.\,LTD.,L=Jinhua,ST=Zhejiang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c8:9f:ec:ae:58:2b:ef:1a:79:49:de:6a:31:de:12:16:7e:80:82:ce
Signer

Actual PE Digest

c8:9f:ec:ae:58:2b:ef:1a:79:49:de:6a:31:de:12:16:7e:80:82:ce

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
UrlUnescapeA
PathIsUNCA
PathFileExistsA
PathIsDirectoryA

wsock32

recv
send
ioctlsocket
inet_addr
WSAGetLastError
socket
closesocket
gethostbyname
setsockopt
connect
htons

kernel32

GetLocaleInfoA
EnumResourceLanguagesA
ConvertDefaultLocale
GetCurrentThread
SetThreadPriority
ResumeThread
SuspendThread
GetPrivateProfileIntA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetModuleFileNameW
GetFileAttributesA
GetFileSizeEx
GetFileTime
GetModuleHandleW
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
GetCPInfo
GetOEMCP
InterlockedExchange
GetCurrentDirectoryA
RtlUnwind
HeapAlloc
GetSystemTimeAsFileTime
ExitProcess
ExitThread
RaiseException
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
VirtualProtect
VirtualAlloc
VirtualQuery
HeapReAlloc
HeapSize
SetStdHandle
GetFileType
GetACP
IsValidCodePage
HeapCreate
VirtualFree
LCMapStringA
LCMapStringW
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
lstrcmpA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
ReadFile
lstrcmpiA
GetThreadLocale
GetStringTypeExA
MoveFileA
LocalAlloc
FileTimeToLocalFileTime
FileTimeToSystemTime
GetCurrentProcessId
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
FreeLibrary
CompareStringA
LoadLibraryA
lstrcmpW
SetLastError
FormatMessageA
LocalFree
MulDiv
OpenProcess
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
VirtualFreeEx
GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalLock
GlobalUnlock
FreeResource
Module32First
GetSystemInfo
lstrlenA
DeleteFileA
CreateThread
CreateEventA
WaitForMultipleObjects
SetFilePointer
WriteFile
FlushFileBuffers
OutputDebugStringA
WaitForSingleObject
SetEvent
GetTickCount
CreateDirectoryA
GlobalFree
GetModuleFileNameA
Sleep
CreateToolhelp32Snapshot
Process32First
Process32Next
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetVersionExA
GetCurrentProcess
SetPriorityClass
DeviceIoControl
CreateFileA
GetLastError
CloseHandle
lstrlenW
InterlockedDecrement
MultiByteToWideChar
GetProcessHeap
HeapFree
InterlockedIncrement
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
SetErrorMode

user32

GetNextDlgTabItem
CreateDialogIndirectParamA
MapDialogRect
SetWindowContextHelpId
WindowFromPoint
IsRectEmpty
DeleteMenu
CharNextA
GetSysColorBrush
LoadCursorA
CopyAcceleratorTableA
SetRect
InvalidateRgn
SetCapture
MessageBeep
UnregisterClassA
RegisterClipboardFormatA
PostThreadMessageA
EndDialog
GetMessageA
TranslateMessage
ValidateRect
PostQuitMessage
CharUpperA
DestroyMenu
SetCursor
ReleaseCapture
GetDesktopWindow
GetActiveWindow
EndPaint
BeginPaint
GetWindowDC
GrayStringA
DrawTextExA
TabbedTextOutA
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
EnableMenuItem
CheckMenuItem
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetFocus
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageA
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
TrackPopupMenu
GetKeyState
SetMenu
IsWindowVisible
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
GetClientRect
EnableWindow
MessageBoxA
LoadBitmapA
ScreenToClient
EqualRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowPos
IntersectRect
IsIconic
GetWindowPlacement
GetMenuState
GetMenuStringA
GetMenuItemID
InsertMenuA
GetMenuItemCount
FindWindowExA
GetWindow
ClientToScreen
OffsetRect
GetWindowThreadProcessId
GetDC
UpdateLayeredWindow
ReleaseDC
PtInRect
DrawTextA
GetSubMenu
LoadMenuA
PostMessageA
SetWindowRgn
GetWindowRect
UpdateWindow
InvalidateRect
SetTimer
KillTimer
FindWindowA
SetParent
SetForegroundWindow
SendMessageA
LoadIconA
GetCursorPos
IsWindow
DrawIconEx
LoadImageA
SystemParametersInfoA
GetSystemMetrics
wsprintfA
CopyRect
FillRect
GetParent
GetWindowLongA
GetNextDlgGroupItem
SetWindowLongA
RedrawWindow

gdi32

CreateBitmap
SaveDC
RestoreDC
SetBkMode
SetBkColor
GetMapMode
GetClipBox
GetBkColor
GetTextColor
GetRgnBox
SetTextColor
CreateRectRgnIndirect
GetDeviceCaps
GetStockObject
CreateDIBSection
DeleteObject
DeleteDC
CreateFontIndirectA
StretchBlt
BitBlt
SelectObject
CreateCompatibleDC
CreateRoundRectRgn
GetObjectA
CreateCompatibleBitmap
CreateFontA
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
CreateSolidBrush
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
SetMapMode
ExtSelectClipRgn

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

LookupPrivilegeValueA
RegDeleteValueA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
OpenProcessToken
RegCloseKey
AdjustTokenPrivileges
RegEnumKeyExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegOpenKeyA
RegSetValueExA

shell32

SHGetPathFromIDListA
ShellExecuteExA
SHBrowseForFolderA
ShellExecuteA
SHGetSpecialFolderLocation
Shell_NotifyIconA

comctl32

_TrackMouseEvent

oledlg

ord8

ole32

OleRun
CoCreateInstance
CoInitialize
CoTaskMemFree
CoUninitialize
CreateStreamOnHGlobal
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries

oleaut32

GetErrorInfo
SysAllocStringByteLen
SysStringByteLen
SysStringLen
SysFreeString
VariantCopy
VariantInit
VariantClear
SysAllocStringLen
SafeArrayUnaccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayDestroy
SysAllocString
VariantChangeType
OleCreateFontIndirect
VariantTimeToSystemTime
SystemTimeToVariantTime

gdiplus

GdipCreateSolidFill
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipDrawImageRectRect
GdipCloneBrush
GdipCreateStringFormat
GdipDeleteBrush
GdipDisposeImage
GdipLoadImageFromStream
GdipAlloc
GdipFree
GdipDrawImageRectRectI
GdipDrawImageRectI
GdipCreateFromHDC
GdipGetImageHeight
GdipGetImageWidth
GdipDeleteGraphics
GdiplusStartup
GdiplusShutdown
GdipDeleteStringFormat
GdipCloneImage

netapi32

Netbios

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

wininet

InternetConnectA
HttpSendRequestA
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
InternetOpenUrlA
InternetCloseHandle
HttpQueryInfoA
InternetQueryDataAvailable
HttpOpenRequestA
InternetQueryOptionA
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetSetOptionExA

Sections

.text
Size: 344KB - Virtual size: 344KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 454KB - Virtual size: 445KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9882c3f23acd4341133aac2fdda7602b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4aCertificate

Key Usages

1a:f5:86:d6:64:d4:ad:1f:05:52:4f:d9:b3:bc:e3:4cCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

c8:9f:ec:ae:58:2b:ef:1a:79:49:de:6a:31:de:12:16:7e:80:82:ceSigner

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

wsock32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

oleaut32

gdiplus

netapi32

version

wininet

Sections

.text Size: 344KB - Virtual size: 344KB

.rdata Size: 85KB - Virtual size: 85KB

.data Size: 12KB - Virtual size: 33KB

.rsrc Size: 454KB - Virtual size: 445KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

1a:f5:86:d6:64:d4:ad:1f:05:52:4f:d9:b3:bc:e3:4c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

c8:9f:ec:ae:58:2b:ef:1a:79:49:de:6a:31:de:12:16:7e:80:82:ce
Signer

.text
Size: 344KB - Virtual size: 344KB

.rdata
Size: 85KB - Virtual size: 85KB

.data
Size: 12KB - Virtual size: 33KB

.rsrc
Size: 454KB - Virtual size: 445KB