2a1b499bc492a9bdb06f7cdc18191d95

Sharing

Copy URL

Twitter E-mail

General

Target

2a1b499bc492a9bdb06f7cdc18191d95
Size

1.1MB
MD5

2a1b499bc492a9bdb06f7cdc18191d95
SHA1

5cf47725392619b774fc5a66c6ee1b46fa701d04
SHA256

059b534c8d732444bb4aca314812795206490ac11e41e6be996a9921a38c76a0
SHA512

56b2ec8ffa9110d4967b2474e418537223427551699ef7495c39883e88b6af15a439be880010e841753b0727570914d57264fd9bbac11f5790dde68a88be784b
SSDEEP

24576:85jMmlYfnNLh8ZDibQCI6Vd2Qy68pCx2U5aaU3:8RDlanNLh8Abl8Qy1W22ad

Score

1^/10

Malware Config

Signatures

Files

2a1b499bc492a9bdb06f7cdc18191d95
.exe windows:4 windows x86 arch:x86

bc6ff1b976e4bc8e4f3172f3b7a0d420

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26-01-2010 00:00

Not After

25-01-2013 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

27:d2:3f:2a:af:47:72:e1:8d:39:ce:45:b5:7c:65:c0:2a:e0:b1:65
Signer

Actual PE Digest

27:d2:3f:2a:af:47:72:e1:8d:39:ce:45:b5:7c:65:c0:2a:e0:b1:65

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAStartup
htonl
ntohl
closesocket
socket
WSACleanup
sendto
htons
gethostbyname

kernel32

lstrlenA
LockResource
LoadResource
FindResourceExW
FindResourceW
GetModuleFileNameW
LoadLibraryW
GetProcAddress
GetLastError
SizeofResource
GetModuleFileNameA
GetCurrentThreadId
GetCurrentProcess
ReadProcessMemory
WriteFile
VirtualQuery
GetCurrentThread
FreeLibrary
CloseHandle
CreateFileA
MultiByteToWideChar
GetVersionExW
SetFilePointer
SetUnhandledExceptionFilter
GetThreadSelectorEntry
ReadFile
DeleteFileW
GetCurrentProcessId
CreateFileW
VirtualQueryEx
WritePrivateProfileStringW
CopyFileW
GetLogicalDrives
GetFileSize
GetDriveTypeW
DeviceIoControl
FindFirstFileW
FindClose
LocalFree
lstrlenW
ProcessIdToSessionId
WideCharToMultiByte
GetCPInfo
GetVersion
lstrcmpiW
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
FlushInstructionCache
SetLastError
CreateProcessW
OpenProcess
RaiseException
Sleep
InitializeCriticalSection
DeleteCriticalSection
LoadLibraryA
TlsFree
TlsSetValue
InterlockedIncrement
TlsAlloc
TlsGetValue
GetModuleHandleA
GetStartupInfoW
GetFileAttributesW
CreateDirectoryW
FileTimeToLocalFileTime
FileTimeToSystemTime
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedCompareExchange
GetThreadLocale
GetLocaleInfoA
GetFileType
GetStartupInfoA
GetConsoleCP
GetConsoleMode
GetACP
FlushFileBuffers
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
QueryPerformanceCounter
GetTickCount
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetStdHandle
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetDriveTypeA
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetFullPathNameW
InterlockedExchange
GetProcessHeap
HeapSize
HeapReAlloc
SetHandleCount
RtlUnwind
GetStdHandle
GetCurrentDirectoryA
HeapCreate
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
InterlockedDecrement
ExitProcess
LCMapStringW
LCMapStringA
GetDateFormatA
GetTimeFormatA
IsValidCodePage
GetOEMCP
GetTimeZoneInformation

user32

UnregisterClassA
CharUpperW
PostMessageW
SetPropW
DispatchMessageW
GetPropW
TranslateMessage
GetWindow
GetMessageW
GetDesktopWindow
CreateDialogParamW
PostQuitMessage
RemovePropW
ShowWindow
DestroyWindow
SetWindowLongW
LoadImageW
LoadIconW
SendMessageW
IsWindow
DestroyIcon

advapi32

RegCloseKey
QueryServiceConfigW
CloseServiceHandle
QueryServiceStatusEx
OpenServiceW
OpenSCManagerW
LookupAccountNameW
RegCreateKeyExW
RegDeleteValueW
ConvertSidToStringSidW
RegDeleteKeyW
RegSetValueExW
RegQueryValueExA
RegOpenKeyExW
RegQueryValueExW
RegOpenKeyExA

shell32

SHCreateDirectoryExW
SHGetSpecialFolderPathW
SHGetFolderPathW

ole32

CoFreeLibrary
CoUninitialize
CoCreateGuid
CoCreateInstance
CoLoadLibrary
CoInitialize

oleaut32

SysAllocString
SysFreeString
SysStringLen

shlwapi

PathFileExistsW

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

wininet

InternetQueryOptionW

netapi32

Netbios
NetWkstaTransportEnum
NetApiBufferFree

psapi

EnumProcesses
GetModuleBaseNameW
EnumProcessModules

Sections

.text
Size: 368KB - Virtual size: 365KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 739KB - Virtual size: 739KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bc6ff1b976e4bc8e4f3172f3b7a0d420

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0Certificate

Extended Key Usages

Key Usages

27:d2:3f:2a:af:47:72:e1:8d:39:ce:45:b5:7c:65:c0:2a:e0:b1:65Signer

Headers

File Characteristics

Imports

ws2_32

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

wtsapi32

version

wininet

netapi32

psapi

Sections

.text Size: 368KB - Virtual size: 365KB

.rdata Size: 52KB - Virtual size: 51KB

.data Size: 12KB - Virtual size: 17KB

.rsrc Size: 739KB - Virtual size: 739KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

27:d2:3f:2a:af:47:72:e1:8d:39:ce:45:b5:7c:65:c0:2a:e0:b1:65
Signer

.text
Size: 368KB - Virtual size: 365KB

.rdata
Size: 52KB - Virtual size: 51KB

.data
Size: 12KB - Virtual size: 17KB

.rsrc
Size: 739KB - Virtual size: 739KB