046a9e727435cbaebc7131f9aac76969

Sharing

Copy URL

Twitter E-mail

General

Target

046a9e727435cbaebc7131f9aac76969
Size

1.8MB
MD5

046a9e727435cbaebc7131f9aac76969
SHA1

6b3bd7f5d52c1fa0ead9d03de6c1aaf027357604
SHA256

22e2c2e2f7b041eb68aabc2756869752a3a695820b2d0ca1fa0a8d5552820f9f
SHA512

360417dcd03281a33db737d36be9c8dc9f0ee499a5a81ae52b74ff4dd6553b56def5bbafc3749d2a26239706a237c207736375ab9499fb6c3c56acb4b9287466
SSDEEP

49152:R4n5gPu+KtGlmn/mdredPbuml7nqMc2fTcvo8:RtFWGs/ruml7tTcvo8

Score

1^/10

Malware Config

Signatures

Files

046a9e727435cbaebc7131f9aac76969
.exe windows:5 windows x86 arch:x86

01f8924a71766679aae299112539a3af

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

16:6d:96:e5:7f:32:f6:eb:c2:69:5f:a8:77:6d:e4:0b
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Not Before

28/10/2014, 09:15

Not After

28/10/2015, 09:15

Subject

CN=合肥迪迅信息技术有限公司,O=合肥迪迅信息技术有限公司,L=合肥市,ST=安徽省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

6b:da:df:ef:f0:66:1b:d2:64:2a:f4:6e:cb:b2:79:40
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

55:33:97:92:c7:54:53:cc:f6:5b:65:d3:f2:bb:00:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

30:28:93:68:f8:e6:94:45:81:c8:a5:88:53:e3:fe:a4:48:6e:60:8b
Signer

Actual PE Digest

30:28:93:68:f8:e6:94:45:81:c8:a5:88:53:e3:fe:a4:48:6e:60:8b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstFileExW
DeleteFileW
MoveFileExW
FindNextFileW
FindClose
RemoveDirectoryW
lstrcmpiW
CreateToolhelp32Snapshot
Process32FirstW
GetCurrentProcess
OpenProcess
SetLastError
TerminateProcess
Process32NextW
GetLastError
LocalFree
GetSystemDirectoryW
LocalAlloc
WideCharToMultiByte
MultiByteToWideChar
GetFileType
SetFilePointer
ReadFile
SystemTimeToFileTime
GetCurrentDirectoryW
DosDateTimeToFileTime
WriteFile
SetEndOfFile
LCMapStringW
CloseHandle
HeapSize
GetStringTypeW
OutputDebugStringW
HeapReAlloc
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FlushFileBuffers
WriteConsoleW
SetStdHandle
SetFilePointerEx
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
QueryPerformanceCounter
DeleteCriticalSection
GetStdHandle
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
AreFileApisANSI
GetModuleHandleExW
ExitProcess
CreateProcessW
InterlockedDecrement
InterlockedIncrement
lstrcpyW
FreeResource
SizeofResource
LockResource
LoadResource
FindResourceW
GetSystemTime
GetPrivateProfileStringW
lstrlenW
CreateFileW
WritePrivateProfileStringW
GetExitCodeThread
WaitForSingleObject
Sleep
CreateDirectoryW
GetVersionExW
LoadLibraryW
FreeLibrary
lstrcpynW
GetModuleHandleW
GetModuleFileNameW
OpenMutexW
lstrcmpW
GetConsoleMode
GetConsoleCP
RtlUnwind
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
RaiseException
GetCommandLineW
IsProcessorFeaturePresent
IsDebuggerPresent
GetSystemTimeAsFileTime
HeapAlloc
lstrcatW
LoadLibraryExW
GetProcAddress
ExitThread
GetCurrentThreadId
CreateThread
DecodePointer
EncodePointer
HeapFree
ReadConsoleW

user32

PostMessageW
LoadBitmapW
GetClientRect
CreateWindowExW
SendMessageW
SetWindowTextW
FillRect
DrawIcon
GetWindowTextW
GetSysColor
GetWindowRect
GetSystemMetrics
LoadIconW
SetWindowPos
LoadStringW
GetSysColorBrush
wsprintfW
PostQuitMessage
MessageBoxW
SetTimer
KillTimer
GetDesktopWindow
DispatchMessageW
TranslateMessage
SetWindowTextA
GetMessageW
GetFocus
FindWindowExW
GetParent
GetClassNameW
SetFocus
EnableWindow
LoadCursorW
SetWindowLongW
EndPaint
BeginPaint
DefWindowProcW
GetWindowLongW
RegisterClassExW
UpdateWindow
ShowWindow

gdi32

CreateFontIndirectW
GetStockObject
GetObjectW
StretchBlt
SelectObject
CreateCompatibleDC
DeleteDC

advapi32

LookupPrivilegeValueW
RegSetValueExW
GetUserNameW
FreeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclW
AllocateAndInitializeSid
AdjustTokenPrivileges
RegCreateKeyExW
OpenProcessToken
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

SHGetDesktopFolder
ExtractIconW
SHGetMalloc
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteExW
SHGetSpecialFolderPathW
SHGetFileInfoW

ole32

CoUninitialize
CoCreateInstance
CoInitialize

comctl32

InitCommonControlsEx

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

shlwapi

StrRChrIW
StrStrIW
StrStrIA
PathFileExistsW

Sections

.text
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

01f8924a71766679aae299112539a3af

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

16:6d:96:e5:7f:32:f6:eb:c2:69:5f:a8:77:6d:e4:0bCertificate

Extended Key Usages

Key Usages

6b:da:df:ef:f0:66:1b:d2:64:2a:f4:6e:cb:b2:79:40Certificate

Extended Key Usages

Key Usages

55:33:97:92:c7:54:53:cc:f6:5b:65:d3:f2:bb:00:79Certificate

Extended Key Usages

Key Usages

30:28:93:68:f8:e6:94:45:81:c8:a5:88:53:e3:fe:a4:48:6e:60:8bSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

comctl32

version

shlwapi

Sections

.text Size: 117KB - Virtual size: 117KB

.rdata Size: 36KB - Virtual size: 35KB

.data Size: 14KB - Virtual size: 21KB

.rsrc Size: 1.7MB - Virtual size: 1.7MB

.reloc Size: 7KB - Virtual size: 7KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

16:6d:96:e5:7f:32:f6:eb:c2:69:5f:a8:77:6d:e4:0b
Certificate

6b:da:df:ef:f0:66:1b:d2:64:2a:f4:6e:cb:b2:79:40
Certificate

55:33:97:92:c7:54:53:cc:f6:5b:65:d3:f2:bb:00:79
Certificate

30:28:93:68:f8:e6:94:45:81:c8:a5:88:53:e3:fe:a4:48:6e:60:8b
Signer

.text
Size: 117KB - Virtual size: 117KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 14KB - Virtual size: 21KB

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

.reloc
Size: 7KB - Virtual size: 7KB