1b6a7afe647ad920f48428df3be361e4

Sharing

Copy URL Twitter E-mail

General

Target

1b6a7afe647ad920f48428df3be361e4
Size

2.1MB
MD5

1b6a7afe647ad920f48428df3be361e4
SHA1

f0aac1f5877c10ce50db92207870b71bd68ea8e6
SHA256

4c6594a3b9ece7d3b645bcbbd663093a27edad02c631a5b4ecccdb04361ab0b8
SHA512

db65e59eeb1138a09c02903c77a660df31300924a056fe88e2a5dd2d71ed3ecf0bd70863ff41d0c995736067f1d5ab93f968c305b7e1495af7b3b0e3d0aa18bb
SSDEEP

49152:ty8N6ic//qy6MCaPKKWhQrUFn/TU7KMemB:trE9mvhQ4FnhMeq

Score

1^/10

Malware Config

Signatures

Files

1b6a7afe647ad920f48428df3be361e4
.exe windows:5 windows x86 arch:x86

e7a8762fc1b73f31a8876d60d8a98807

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7d:c7:02:07:5f:cc:db:9e:63:38:5f:f5:13:14:c4:ce
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

30/09/2015, 00:00

Not After

28/09/2018, 23:59

Subject

CN=Sogou.com,OU=Desktop,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d6:f3:88:19:96:bb:1f:0c:bd:14:28:cb:9e:b8:c0:69:a5:07:cd:7d
Signer

Actual PE Digest

d6:f3:88:19:96:bb:1f:0c:bd:14:28:cb:9e:b8:c0:69:a5:07:cd:7d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetCanonicalizeUrlW
InternetGetConnectedState
InternetQueryOptionW
HttpSendRequestExW
HttpAddRequestHeadersW
InternetConnectW
InternetWriteFile
HttpSendRequestW
HttpQueryInfoW
HttpOpenRequestW
HttpEndRequestW
InternetOpenUrlW
InternetSetOptionW
InternetCloseHandle
InternetReadFile
InternetOpenW

kernel32

SleepEx
GetSystemDirectoryA
FindNextFileW
FindClose
FindFirstFileW
LoadLibraryW
GetLastError
GetFileSize
SetFilePointer
WriteFile
ReadFile
CreateFileW
FlushFileBuffers
SetLastError
CloseHandle
SetFileAttributesW
GetTempFileNameW
CreateProcessW
MoveFileExW
CreateDirectoryW
WaitForSingleObject
CopyFileW
GetExitCodeProcess
GetFileAttributesW
FileTimeToSystemTime
GetProcessId
GetCurrentThreadId
GetCurrentProcess
FormatMessageW
GetModuleFileNameW
ExitThread
CreateEventW
DuplicateHandle
LocalFree
CreateThread
CreateMutexW
OpenMutexW
ReleaseMutex
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
FreeLibrary
GetLogicalDriveStringsW
OpenProcess
GetSystemDirectoryW
GetTempPathW
RemoveDirectoryW
QueryDosDeviceW
DeleteFileW
InterlockedCompareExchange
InterlockedExchange
SetPriorityClass
GetCommandLineW
TlsGetValue
TlsSetValue
InterlockedIncrement
OpenEventW
InterlockedExchangeAdd
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
LocalAlloc
GetVersionExW
SetEvent
QueryPerformanceCounter
TlsAlloc
TlsFree
InterlockedDecrement
VirtualQuery
SetUnhandledExceptionFilter
TerminateProcess
lstrlenW
GetLocalTime
lstrcatW
IsDebuggerPresent
lstrcpyW
LCMapStringW
GetTickCount
InitializeCriticalSection
WaitForSingleObjectEx
GetQueuedCompletionStatus
TransactNamedPipe
CreateIoCompletionPort
WaitNamedPipeW
SetNamedPipeHandleState
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
GetProcessHeap
GetACP
CreateFileA
GetModuleHandleA
SwitchToThread
HeapReAlloc
UnhandledExceptionFilter
GetTimeFormatA
GetDateFormatA
GetStartupInfoW
RtlUnwind
FileTimeToLocalFileTime
ResumeThread
GetTimeZoneInformation
RaiseException
GetDriveTypeA
FindFirstFileA
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
ExitProcess
GetStdHandle
GetModuleFileNameA
HeapSize
GetCPInfo
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
GetFileInformationByHandle
GetCurrentDirectoryA
LCMapStringA
GetConsoleCP
GetConsoleMode
GetFullPathNameA
LoadLibraryA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetCurrentProcessId
MultiByteToWideChar
WideCharToMultiByte
GetProcAddress
Sleep
GetModuleHandleW
PeekNamedPipe
WaitForMultipleObjects
FormatMessageA

user32

DestroyWindow
CreateWindowExW
wvsprintfW
FindWindowW
PostMessageW
GetSystemMetrics
LoadIconW
SetRectEmpty

gdi32

DeleteObject
GetObjectW
CreateCompatibleDC
SelectObject
CreateDIBSection
DeleteDC
CreateFontIndirectW
GetFontData

advapi32

SetNamedSecurityInfoW
OpenProcessToken
GetTokenInformation
LookupAccountSidW
RegCreateKeyExW
RegSetValueExW
AddAccessAllowedAceEx
InitializeSecurityDescriptor
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
SetSecurityDescriptorDacl
SetSecurityDescriptorSacl
GetLengthSid
BuildExplicitAccessWithNameW
GetSecurityDescriptorSacl
SetEntriesInAclW
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
InitializeAcl
GetNamedSecurityInfoW
RegOpenKeyW

shell32

ShellExecuteExW
SHFileOperationW
SHGetFolderPathW
ShellExecuteW
Shell_NotifyIconW

imm32

ImmDisableIME

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

psapi

GetProcessMemoryInfo

ws2_32

inet_ntoa
htonl
getservbyname
gethostbyaddr
getservbyport
WSASetLastError
gethostname
sendto
recvfrom
gethostbyname
inet_addr
socket
connect
setsockopt
getpeername
getsockopt
htons
bind
ntohs
getsockname
send
recv
WSAGetLastError
closesocket
accept
listen
__WSAFDIsSet
select
ioctlsocket
WSAStartup
WSACleanup

wldap32

ord22
ord211
ord143
ord60
ord50
ord26
ord30
ord32
ord35
ord79
ord200
ord33
ord301
ord27
ord41
ord46

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 546KB - Virtual size: 546KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 62KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e7a8762fc1b73f31a8876d60d8a98807

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

7d:c7:02:07:5f:cc:db:9e:63:38:5f:f5:13:14:c4:ceCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

d6:f3:88:19:96:bb:1f:0c:bd:14:28:cb:9e:b8:c0:69:a5:07:cd:7dSigner

Headers

DLL Characteristics

File Characteristics

Imports

wininet

kernel32

user32

gdi32

advapi32

shell32

imm32

version

psapi

ws2_32

wldap32

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 546KB - Virtual size: 546KB

.data Size: 62KB - Virtual size: 137KB

.rsrc Size: 32KB - Virtual size: 32KB

.reloc Size: 96KB - Virtual size: 96KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

7d:c7:02:07:5f:cc:db:9e:63:38:5f:f5:13:14:c4:ce
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

d6:f3:88:19:96:bb:1f:0c:bd:14:28:cb:9e:b8:c0:69:a5:07:cd:7d
Signer

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 546KB - Virtual size: 546KB

.data
Size: 62KB - Virtual size: 137KB

.rsrc
Size: 32KB - Virtual size: 32KB

.reloc
Size: 96KB - Virtual size: 96KB