1731386285a5ac4ae44e4f01be4c3cde

Sharing

Copy URL

Twitter E-mail

General

Target

1731386285a5ac4ae44e4f01be4c3cde
Size

171KB
MD5

1731386285a5ac4ae44e4f01be4c3cde
SHA1

653605678ded2888251b84741ef867db5c3aad86
SHA256

2ffb449cce1799f24e7a92cecec6ce529a100598ef0ab5cf347221b805ad9c49
SHA512

2c1c8d320a8752858ba0a0ebe171cde6bd11368df032b8b52fca6a9be6840a8e89346c30b54565f338951e58f3a04340d7018b5d25e56f0f0bbf9b458a943347
SSDEEP

3072:9XLn03oBFYyKQjkPX2/5HlIchQKofXKOt9S/UOnxTbHmCuibBSMS0JNc+5xTsn:dLnrXrkelqXgBUOxTbHmMjJNWn

Score

1^/10

Malware Config

Signatures

Files

1731386285a5ac4ae44e4f01be4c3cde
.exe windows:4 windows x86 arch:x86

49110ead021fe3a228685e69019b4308

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01-05-2012 00:00

Not After

31-12-2012 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

75:ce:6e:67:4d:4b:d1:f2:98:b2:00:ba:6a:1d:a0:79
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

16-07-2011 00:00

Not After

13-09-2012 23:59

Subject

CN=Shanda Computer (Shanghai) Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shanda Computer (Shanghai) Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d7:9a:ff:14:a9:a5:e4:70:d6:49:44:39:8f:73:8a:5c:fd:ea:f3:89
Signer

Actual PE Digest

d7:9a:ff:14:a9:a5:e4:70:d6:49:44:39:8f:73:8a:5c:fd:ea:f3:89

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysAllocStringLen

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegFlushKey
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA

user32

GetKeyboardType
DestroyWindow
MessageBoxA
WaitMessage
ValidateRect
TranslateMessage
ShowWindow
SetWindowPos
SetParent
SetForegroundWindow
SetFocus
SetCursor
SendMessageA
ScreenToClient
ReleaseDC
ReleaseCapture
PostQuitMessage
OffsetRect
IsWindowVisible
IsWindowEnabled
IsWindow
InvalidateRect
GetWindowRgn
GetWindowRect
GetUpdateRgn
GetSystemMetrics
GetSystemMenu
GetSysColor
GetWindow
GetKeyState
GetFocus
GetDCEx
GetDC
GetCursorPos
GetClientRect
GetCapture
FillRect
EndPaint
EnableMenuItem
DestroyWindow
DestroyIcon
DeleteMenu
CopyImage
ClientToScreen
BeginPaint
wvsprintfA
SetWindowLongA
SendMessageA
RegisterClassA
PostMessageA
PeekMessageA
MessageBoxA
LoadIconA
LoadCursorA
GetWindowLongA
GetClassInfoA
FindWindowA
DrawTextA
DispatchMessageA
DefWindowProcA
CreateWindowExA
CallWindowProcA

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
GetStartupInfoA
GetCommandLineA
FreeLibrary
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
WriteFile
WaitForSingleObject
VirtualQuery
TerminateThread
TerminateProcess
Sleep
SetPriorityClass
SetFilePointer
SetEndOfFile
ResumeThread
ReadFile
GlobalFree
GlobalAlloc
GetVersion
GetTickCount
GetThreadLocale
GetProcAddress
GetLastError
GetFileSize
GetExitCodeThread
GetExitCodeProcess
GetCurrentProcess
GetCPInfo
GetACP
FreeLibrary
ExitProcess
CreateThread
CloseHandle
WritePrivateProfileStringA
WritePrivateProfileSectionA
LoadLibraryA
GetVersionExA
GetTempPathA
GetTempFileNameA
GetStringTypeExA
GetPrivateProfileStringA
GetPrivateProfileSectionA
GetPrivateProfileIntA
GetModuleFileNameA
GetLocaleInfoA
GetFileAttributesA
GetCommandLineA
DeleteFileA
CreateFileA
CompareStringA

gdi32

StretchDIBits
SetWindowOrgEx
SetTextColor
SetRectRgn
SetROP2
SetDIBits
SetBrushOrgEx
SetBkMode
SetBkColor
SelectObject
SaveDC
RestoreDC
OffsetRgn
MoveToEx
IntersectClipRect
GetTextExtentPoint32A
GetStockObject
GetPaletteEntries
GetDIBits
ExtSelectClipRgn
DeleteObject
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePalette
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CombineRgn
BitBlt
GetObjectA
CreateFontIndirectA

comctl32

InitCommonControls

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

wininet

InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetCloseHandle
HttpQueryInfoA

shell32

ShellExecuteExA
SHGetSpecialFolderPathW

Sections

.text
Size: 142KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 11KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

49110ead021fe3a228685e69019b4308

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

75:ce:6e:67:4d:4b:d1:f2:98:b2:00:ba:6a:1d:a0:79Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

d7:9a:ff:14:a9:a5:e4:70:d6:49:44:39:8f:73:8a:5c:fd:ea:f3:89Signer

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

gdi32

comctl32

version

wininet

shell32

Sections

.text Size: 142KB - Virtual size: 141KB

.itext Size: 512B - Virtual size: 488B

.data Size: 10KB - Virtual size: 9KB

.bss Size: - Virtual size: 11KB

.idata Size: 5KB - Virtual size: 5KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.rsrc Size: 6KB - Virtual size: 6KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

75:ce:6e:67:4d:4b:d1:f2:98:b2:00:ba:6a:1d:a0:79
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

d7:9a:ff:14:a9:a5:e4:70:d6:49:44:39:8f:73:8a:5c:fd:ea:f3:89
Signer

.text
Size: 142KB - Virtual size: 141KB

.itext
Size: 512B - Virtual size: 488B

.data
Size: 10KB - Virtual size: 9KB

.bss
Size: - Virtual size: 11KB

.idata
Size: 5KB - Virtual size: 5KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.rsrc
Size: 6KB - Virtual size: 6KB