0b9ccda17244775ebdeb33f01b2e9ba1

Sharing

Copy URL Twitter E-mail

General

Target

0b9ccda17244775ebdeb33f01b2e9ba1
Size

584KB
MD5

0b9ccda17244775ebdeb33f01b2e9ba1
SHA1

585fdd57d654435211eaaaeab38aeaed35d6dacf
SHA256

7dbd9c249b6257e80378410af08ac0635a92cebdb3a5947cc84135e4885d20cc
SHA512

4fa93d4ebd505532aec1489b83f7d5dae93652d7e8b48231c25c5da428d80243780d2a8c85bb7550d4deef943faa56d64604c45697aef3cdf98dd8c36b1fcbf1
SSDEEP

12288:KuVvl+isZVpi9N6maMD3LK2y4GpnqHXJoYuipZn32SGu:nVvl+RZVc3LKPtoOYu8Zn324

Score

1^/10

Malware Config

Signatures

Files

0b9ccda17244775ebdeb33f01b2e9ba1
.exe windows:4 windows x86 arch:x86

8ae115665074b10008ed2779d76fbbaf

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c9:c1:c0:b9:ef:20:1e:20:51:c0:cc:c8:ab:ea:4d:97
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/01/2008, 00:00

Not After

09/01/2009, 23:59

Subject

CN=DoubleD Advertising Limited,O=DoubleD Advertising Limited,POSTALCODE=N/A,STREET=COMMITTEE RD SHATIN NT+STREET=PLAZA 138 SHATIN RURAL+STREET=15/F TOWER 1 GRAND CENTRAL,L=HONG KONG,ST=HONG KONG,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2c:69:60:c5:f7:af:3f:81:60:9d:64:6c:30:bc:64:10:fc:c6:b3:9a
Signer

Actual PE Digest

2c:69:60:c5:f7:af:3f:81:60:9d:64:6c:30:bc:64:10:fc:c6:b3:9a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThreadId
LoadLibraryW
FreeLibrary
FindResourceA
LoadResource
SizeofResource
LockResource
GlobalAlloc
GetLastError
GlobalSize
GlobalLock
GlobalUnlock
FileTimeToSystemTime
ReleaseMutex
CloseHandle
CreateMutexW
WaitForSingleObject
DeleteFileW
CopyFileW
GetModuleFileNameW
SetLastError
InitializeCriticalSection
DeleteCriticalSection
lstrcmpW
MulDiv
WideCharToMultiByte
CreatePipe
CreateProcessA
OutputDebugStringA
CreateFileMappingA
GetEnvironmentVariableA
GetOverlappedResult
GetProcessTimes
GetWindowsDirectoryA
GlobalMemoryStatus
GetThreadTimes
GetSystemTimeAdjustment
SetConsoleMode
FindNextFileA
FindFirstFileA
CreateEventA
UnmapViewOfFile
MapViewOfFile
GetLocalTime
EndUpdateResourceW
UpdateResourceA
ReadFile
GetFileSize
CreateFileW
BeginUpdateResourceW
TerminateProcess
GetTickCount
lstrcmpiW
FindResourceW
LoadLibraryExW
GetExitCodeProcess
GetModuleHandleW
GetModuleHandleA
GetProcAddress
OutputDebugStringW
DebugBreak
lstrlenA
InterlockedIncrement
InterlockedDecrement
lstrlenW
MultiByteToWideChar
GetCurrentProcess
FlushInstructionCache
LeaveCriticalSection
GetVersionExW
GetSystemTime
CreateProcessW
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
CreateFileA
GetTimeZoneInformation
GetLocaleInfoW
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetCurrentProcessId
QueryPerformanceCounter
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetFilePointer
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
SetHandleCount
HeapSize
GetModuleFileNameA
GetStdHandle
WriteFile
GetCurrentThread
EnterCriticalSection
SetHandleInformation
RaiseException
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
HeapCreate
DeleteFileA
HeapDestroy
ExitProcess
GetStringTypeW
GetStringTypeA
GetCPInfo
LCMapStringW
LCMapStringA
GetStartupInfoW
HeapReAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
GetSystemTimeAsFileTime
Sleep
FindClose
FindFirstFileW
GlobalFree
OpenProcess
CreateThread
TerminateThread
SetEvent
CreateEventW
GetFileAttributesW
GetVersion
LoadLibraryA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc

user32

SetClipboardData
CloseClipboard
GetClassNameW
ClientToScreen
EndDialog
DestroyWindow
PostMessageW
CharNextW
wvsprintfW
LoadStringW
PtInRect
LoadCursorW
SetWindowLongW
GetWindowLongW
SendMessageW
SetWindowTextW
MoveWindow
SetWindowPos
GetClientRect
ShowWindow
SetTimer
KillTimer
SetFocus
IsWindow
MapWindowPoints
SystemParametersInfoW
GetWindowRect
GetWindow
GetClassInfoExW
CreateAcceleratorTableW
SetForegroundWindow
GetActiveWindow
DialogBoxParamW
DestroyIcon
SetWinEventHook
FindWindowW
IsWindowVisible
GetWindowThreadProcessId
GetLastActivePopup
GetClipboardFormatNameW
GetClipboardData
EnumClipboardFormats
GetClipboardOwner
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
EmptyClipboard
GetFocus
DestroyAcceleratorTable
GetDesktopWindow
ReleaseCapture
GetDlgItem
IsChild
SetCapture
RedrawWindow
InvalidateRgn
ReleaseDC
GetDC
ScreenToClient
CreateDialogParamW
GetSystemMetrics
CharLowerW
FindWindowExW
UnregisterClassA
GetForegroundWindow
GetCapture
GetQueueStatus
GetCursorPos
SendMessageA
FindWindowA
GetSysColor
CreateWindowExW
SetLayeredWindowAttributes
RegisterClassExW
RegisterClipboardFormatW
CallWindowProcW
FillRect
LoadImageW
SetCursor
InvalidateRect
EndPaint
BeginPaint
DefWindowProcW
UnhookWinEvent
OpenClipboard
GetParent

gdi32

GetMapMode
GetStockObject
GetDeviceCaps
CreateCompatibleBitmap
CreateSolidBrush
CopyEnhMetaFileW
DeleteObject
DeleteEnhMetaFile
CreateCompatibleDC
GetObjectW
SelectObject
CreateBitmap
BitBlt
DeleteDC
StretchBlt
DPtoLP
SetBkColor
SetMapMode

advapi32

RegQueryValueExA
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegSetValueExA
RegEnumValueW
RegCreateKeyW
CryptAcquireContextW
CryptGetHashParam
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptDeriveKey
CryptEncrypt
CryptDecrypt
CryptDestroyKey
CryptReleaseContext
CryptGetKeyParam
RegCreateKeyA
RegOpenKeyA

shell32

ShellExecuteW
SHGetFolderPathW

ole32

StringFromGUID2
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoTaskMemAlloc
CreateStreamOnHGlobal
OleRun
OleUninitialize
CoTaskMemFree
ProgIDFromCLSID
CoTaskMemRealloc
CoUninitialize
CoInitialize
OleInitialize
CoCreateInstance

oleaut32

SysStringLen
SysFreeString
VariantChangeType
VarUI4FromStr
OleCreateFontIndirect
GetErrorInfo
SysAllocString
VariantInit
VariantClear
SysAllocStringLen
SysAllocStringByteLen
SysStringByteLen
DispCallFunc
LoadRegTypeLi
LoadTypeLi
VariantCopy

productinfo

?Get_PRODUCT_NAME@CProductInfo@@SA?AVCString@WTL@@XZ
?Create@CProductInfo@@SA_NHPAH@Z
?Get_PRODUCT_BAND@CProductInfo@@SA?AVCString@WTL@@XZ
?Get_COMPANY_NAME@CProductInfo@@SA?AVCString@WTL@@XZ

shlwapi

PathSearchAndQualifyW

comctl32

_TrackMouseEvent
InitCommonControlsEx

urlmon

URLDownloadToCacheFileW

psapi

EnumProcessModules
EnumProcesses
GetModuleFileNameExW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 420KB - Virtual size: 416KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8ae115665074b10008ed2779d76fbbaf

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

c9:c1:c0:b9:ef:20:1e:20:51:c0:cc:c8:ab:ea:4d:97Certificate

Extended Key Usages

Key Usages

2c:69:60:c5:f7:af:3f:81:60:9d:64:6c:30:bc:64:10:fc:c6:b3:9aSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

productinfo

shlwapi

comctl32

urlmon

psapi

version

iphlpapi

Sections

.text Size: 420KB - Virtual size: 416KB

.rdata Size: 120KB - Virtual size: 118KB

.data Size: 16KB - Virtual size: 45KB

.rsrc Size: 20KB - Virtual size: 19KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

c9:c1:c0:b9:ef:20:1e:20:51:c0:cc:c8:ab:ea:4d:97
Certificate

2c:69:60:c5:f7:af:3f:81:60:9d:64:6c:30:bc:64:10:fc:c6:b3:9a
Signer

.text
Size: 420KB - Virtual size: 416KB

.rdata
Size: 120KB - Virtual size: 118KB

.data
Size: 16KB - Virtual size: 45KB

.rsrc
Size: 20KB - Virtual size: 19KB