22a1842bdfe575d383a6cb5d920416a0

Sharing

Copy URL Twitter E-mail

General

Target

22a1842bdfe575d383a6cb5d920416a0
Size

228KB
MD5

22a1842bdfe575d383a6cb5d920416a0
SHA1

8c32551019444fbcde9047f6f59b06ff9a00d512
SHA256

0b999ca70f9b7a844e3e551337aebaa66f2304a2221d5421a61cffd78a5041ff
SHA512

7f9f37bf9237442b96dc73ecde2673ed065cc4627602c2451d5a79c4864bc90bb7999c85c259a020640ef2bc36abfaef693cd36b9787b183a502a0f1c421c1b2
SSDEEP

3072:QkI6wU4Bq1hTkVD+ji2AnDmcKBUoej8IWU+b0d9s6sgCP:QkI63401hQVD+O2ADQaoej8TX0dfsJ

Score

1^/10

Malware Config

Signatures

Files

22a1842bdfe575d383a6cb5d920416a0
.exe windows:5 windows x86 arch:x86

ee789d18fcfb4968361959cfb6cde50e

Code Sign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

26:5e:69:14:04:0f:4a:74:0b:16:b1:e0:d9:e6:7c:fe
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

21/10/2013, 00:00

Not After

21/10/2014, 23:59

Subject

CN=Beijing Wenyue Technology Co.\,Ltd.,OU=IThelp,O=Beijing Wenyue Technology Co.\,Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:81:5b:40:c6:eb:05:42:a1:4b:2e:17:40:ff:60:ae:d6:7d:76:f0
Signer

Actual PE Digest

74:81:5b:40:c6:eb:05:42:a1:4b:2e:17:40:ff:60:ae:d6:7d:76:f0

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
GetLastError
FindResourceExW
FindResourceW
LoadResource
SizeofResource
LockResource
CreateMutexW
GetModuleFileNameW
WritePrivateProfileStringW
CloseHandle
FindFirstFileW
CreateProcessW
WaitForSingleObject
Sleep
GetExitCodeProcess
CreateFileW
FindClose
FindNextFileW
SetFileAttributesW
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
SetEndOfFile
GetStringTypeW
LCMapStringW
WriteConsoleW
SetStdHandle
SetFilePointer
IsValidCodePage
GetOEMCP
GetACP
GetCommandLineW
HeapSetInformation
GetStartupInfoW
EncodePointer
DecodePointer
SetUnhandledExceptionFilter
GetProcAddress
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
ReadFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
IsProcessorFeaturePresent
LoadLibraryW
GetCPInfo

user32

MessageBoxW

shell32

ord165
SHFileOperationW

shlwapi

PathFileExistsW

wininet

InternetCloseHandle
InternetReadFile
InternetOpenUrlW
InternetOpenW

Sections

.text
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ee789d18fcfb4968361959cfb6cde50e

Code Sign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91Certificate

Key Usages

26:5e:69:14:04:0f:4a:74:0b:16:b1:e0:d9:e6:7c:feCertificate

Extended Key Usages

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

74:81:5b:40:c6:eb:05:42:a1:4b:2e:17:40:ff:60:ae:d6:7d:76:f0Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

shlwapi

wininet

Sections

.text Size: 66KB - Virtual size: 65KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 4KB - Virtual size: 12KB

.rsrc Size: 103KB - Virtual size: 102KB

.reloc Size: 38KB - Virtual size: 40KB

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

26:5e:69:14:04:0f:4a:74:0b:16:b1:e0:d9:e6:7c:fe
Certificate

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

74:81:5b:40:c6:eb:05:42:a1:4b:2e:17:40:ff:60:ae:d6:7d:76:f0
Signer

.text
Size: 66KB - Virtual size: 65KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 4KB - Virtual size: 12KB

.rsrc
Size: 103KB - Virtual size: 102KB

.reloc
Size: 38KB - Virtual size: 40KB