20dd3276aabc7f005178e4d271ed5bac

Sharing

Copy URL

Twitter E-mail

General

Target

20dd3276aabc7f005178e4d271ed5bac
Size

810KB
MD5

20dd3276aabc7f005178e4d271ed5bac
SHA1

76e981a2c43b89a9d53e03c7b81c89f317f579a7
SHA256

a3aaadf3a4a9171f79cb7ce135c8c65b99f1f03010f04f73b9c92b9670633e66
SHA512

718e8c692a73ab979d830ebae5bf48280be5a6b2565b827f217584ea61f9249f7c3e0f376dd88b488711d3d74ee21673c28d3f7fd6ea806403ffb7b74a3cbebf
SSDEEP

12288:TvwH/z0jO3DU3ocd8o9f0kcP7GCq+hLcYB6L0Uhh8UA:LwrWOsoy8oR0kczVhLcuV

Score

1^/10

Malware Config

Signatures

Files

20dd3276aabc7f005178e4d271ed5bac
.exe windows:4 windows x86 arch:x86

f3b0be0586f4e460adb5aa2b3c76d9fc

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10-05-2010 00:00

Not After

10-05-2015 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:bc:3a:51:b5:89:e5:af:43:29:1d:f8:4e:a4:c5:71
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

26-12-2011 00:00

Not After

25-12-2014 23:59

Subject

CN=Beijing Kingsoft Security software Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing Kingsoft Security software Co.\,Ltd,L=beijing,ST=beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:ae:a7:ff:f1:2b:ac:d3:93:cf:e9:3f:3d:d3:2f:00:e0:64:81:83
Signer

Actual PE Digest

48:ae:a7:ff:f1:2b:ac:d3:93:cf:e9:3f:3d:d3:2f:00:e0:64:81:83

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessW
WaitForSingleObject
GetWindowsDirectoryW
GetTickCount
LoadLibraryA
MoveFileW
GetCurrentThreadId
GetDriveTypeW
GetDiskFreeSpaceExW
SetLastError
RaiseException
GetCurrentProcess
FlushInstructionCache
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
GetCurrentDirectoryA
GetFullPathNameA
FindFirstFileA
GetDriveTypeA
GetFileInformationByHandle
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateThread
ExitThread
ExpandEnvironmentStringsW
PeekNamedPipe
GetExitCodeThread
TerminateThread
SetEvent
CreateMutexW
ReleaseMutex
DuplicateHandle
WaitForMultipleObjects
CreateEventW
FormatMessageW
SleepEx
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
WriteConsoleW
WriteConsoleA
GetTimeZoneInformation
CreateFileA
FlushFileBuffers
SetStdHandle
GetLocaleInfoW
GetConsoleMode
GetCommandLineW
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetCurrentProcessId
QueryPerformanceCounter
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetModuleFileNameA
GetStdHandle
HeapCreate
ExitProcess
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
LCMapStringW
LCMapStringA
RtlUnwind
GetCPInfo
GetStartupInfoW
VirtualQuery
GetSystemInfo
GetModuleHandleA
VirtualProtect
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
FindClose
CreateDirectoryW
SetFilePointer
GlobalAlloc
GlobalLock
GetPrivateProfileIntW
lstrlenA
FreeResource
GlobalUnlock
GlobalFree
LoadLibraryW
GetFileSize
FreeLibrary
CreateFileW
WaitNamedPipeW
GetModuleFileNameW
MapViewOfFile
OpenFileMappingW
GetFileAttributesW
CloseHandle
LeaveCriticalSection
WideCharToMultiByte
UnmapViewOfFile
EnterCriticalSection
DeleteCriticalSection
lstrlenW
InitializeCriticalSection
GetProcAddress
GetModuleHandleW
ReadFile
MultiByteToWideChar
WriteFile
GetConsoleOutputCP
Sleep
FindResourceExW
LoadResource
LockResource
SizeofResource
WritePrivateProfileStringW
CopyFileW
FindResourceW
GetSystemTime
GetPrivateProfileStringW
GetLastError
UnhandledExceptionFilter
TerminateProcess
InterlockedDecrement
InterlockedIncrement
VirtualAlloc
VirtualFree
SetEnvironmentVariableW
IsProcessorFeaturePresent
InterlockedCompareExchange
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
HeapSize
HeapDestroy
GetConsoleCP
DeleteFileW

user32

BeginPaint
GetWindowLongW
MapWindowPoints
GetClientRect
GetParent
SetWindowPos
InvalidateRect
GetWindow
SetCapture
GetNextDlgTabItem
ShowWindow
DrawTextW
PostThreadMessageW
GetDlgCtrlID
SystemParametersInfoW
SetWindowLongW
ReleaseCapture
CopyRect
ClientToScreen
DefWindowProcW
IsWindowVisible
GetDesktopWindow
MonitorFromWindow
SetRect
CallWindowProcW
GetMonitorInfoW
PtInRect
OffsetRect
EqualRect
GetKeyState
UnregisterClassA
LoadBitmapW
LoadCursorW
GetSystemMetrics
SetRectEmpty
GetScrollPos
FindWindowW
SetFocus
GetWindowRect
SetWindowRgn
DestroyWindow
LoadIconW
MoveWindow
PostMessageW
DestroyIcon
GetDlgItem
DrawIconEx
IsWindow
UpdateLayeredWindow
IsWindowEnabled
GetClassInfoExW
GetActiveWindow
GetFocus
EnableWindow
IsChild
IsDialogMessageW
GetWindowThreadProcessId
GetForegroundWindow
RegisterClassExW
AttachThreadInput
CreateWindowExW
SendMessageW
EndPaint
CharNextW
SetCursor
CharLowerW
LoadImageW
GetDC
SetForegroundWindow
PeekMessageW
GetMessageW
SetActiveWindow
ReleaseDC
InflateRect
WindowFromPoint
DispatchMessageW
TranslateMessage

gdi32

OffsetRgn
GetTextColor
CombineRgn
RoundRect
GetClipRgn
TextOutW
GetCurrentObject
CreateRectRgnIndirect
SetBkMode
LineTo
GetTextExtentPoint32W
MoveToEx
CreateFontIndirectW
CreatePen
RestoreDC
SetStretchBltMode
Rectangle
GetObjectW
GetStockObject
CreateCompatibleDC
StretchBlt
CreateCompatibleBitmap
CreateBitmap
SetBkColor
DeleteObject
BitBlt
SetTextColor
SelectObject
CreateDIBSection
DeleteDC
ExtTextOutW
CreateRectRgn
SaveDC
SelectClipRgn
RectInRegion

advapi32

RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegOpenKeyW
RegCloseKey
RegQueryValueExW

shell32

SHGetSpecialFolderPathW
ShellExecuteW

ole32

CoUninitialize
CoCreateInstance
CreateStreamOnHGlobal
CoInitialize

shlwapi

PathRemoveFileSpecW
PathAddBackslashW
StrToIntW
StrToIntA

comctl32

_TrackMouseEvent

msimg32

AlphaBlend

gdiplus

GdipCreateFontFromDC
GdipDeleteStringFormat
GdipImageRotateFlip
GdipDeleteFont
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipDeleteGraphics
GdipCreateHBITMAPFromBitmap
GdipGetImageHeight
GdipDrawImageRectI
GdiplusShutdown
GdipDrawImageRectRectI
GdipGetImageWidth
GdiplusStartup
GdipFree
GdipCloneImage
GdipAlloc
GdipCreateImageAttributes
GdipDisposeImage
GdipDisposeImageAttributes
GdipDeletePen
GdipCreateFontFromLogfontW
GdipCreateStringFormat
GdipCreateSolidFill
GdipDeleteBrush
GdipResetWorldTransform
GdipCloneBrush
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipDrawString
GdipSetStringFormatTrimming
GdipLoadImageFromFile
GdipCreateBitmapFromStream
GdipCreateFromHDC
GdipCreatePen1
GdipDrawLinesI
GdipLoadImageFromStream
GdipSetImageAttributesColorMatrix
GdipDrawImagePointsRectI

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

ws2_32

recvfrom
sendto
gethostbyname
WSAEventSelect
WSAConnect
WSAEnumNetworkEvents
WSASend
WSAResetEvent
freeaddrinfo
accept
WSAGetLastError
WSASetLastError
WSAGetOverlappedResult
closesocket
WSACloseEvent
WSAStartup
getaddrinfo
WSASocketW
WSACreateEvent
gethostname
WSASetEvent
WSACleanup
listen
__WSAFDIsSet
WSARecv
inet_ntoa
bind
socket
getsockopt
ioctlsocket
connect
inet_addr
getsockname
setsockopt
htons
select
ntohs
recv
send

iphlpapi

GetAdaptersInfo

winmm

timeGetTime

Sections

.text
Size: 480KB - Virtual size: 476KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 218KB - Virtual size: 218KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f3b0be0586f4e460adb5aa2b3c76d9fc

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

07:bc:3a:51:b5:89:e5:af:43:29:1d:f8:4e:a4:c5:71Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

48:ae:a7:ff:f1:2b:ac:d3:93:cf:e9:3f:3d:d3:2f:00:e0:64:81:83Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

comctl32

msimg32

gdiplus

version

ws2_32

iphlpapi

winmm

Sections

.text Size: 480KB - Virtual size: 476KB

.rdata Size: 92KB - Virtual size: 91KB

.data Size: 16KB - Virtual size: 20KB

.rsrc Size: 218KB - Virtual size: 218KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

07:bc:3a:51:b5:89:e5:af:43:29:1d:f8:4e:a4:c5:71
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

48:ae:a7:ff:f1:2b:ac:d3:93:cf:e9:3f:3d:d3:2f:00:e0:64:81:83
Signer

.text
Size: 480KB - Virtual size: 476KB

.rdata
Size: 92KB - Virtual size: 91KB

.data
Size: 16KB - Virtual size: 20KB

.rsrc
Size: 218KB - Virtual size: 218KB