2a251ec4dd07c0f4fcf4662e51348f71

Sharing

Copy URL

Twitter E-mail

General

Target

2a251ec4dd07c0f4fcf4662e51348f71
Size

560KB
MD5

2a251ec4dd07c0f4fcf4662e51348f71
SHA1

6b0ffdb7774c6c4ccc0b803e5d783ef560f862c0
SHA256

15261e0cd7fbecb70f12b8e5791c5e99555e3287ee7369f72a4880d364bf6d49
SHA512

eaaed28c23a47815b91df1a241b43aacdbd7f2520c03a7a1e9992a5e7691812e2360f1cbf3ed06f2b0cb69804c1ebbe43e9bd8a703e17488ccd0b5b6cdb0ac62
SSDEEP

12288:iXhKmrtWV2pP3rlPdqoCx4dc3+p+LGAfpNnj3UgTsxtUceqM:iQ3kkxF3+dABNnjkgTMtUc

Score

1^/10

Malware Config

Signatures

Files

2a251ec4dd07c0f4fcf4662e51348f71
.exe windows:5 windows x86 arch:x86

4853b7ecef5d920bf1743c4eda96822b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:01

Not After

23-05-2016 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:bb:7e:65:86:c7:d0:0d:36:17:00:e4:13:9f:e7:72
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

05-02-2015 00:00

Not After

06-02-2016 23:59

Subject

CN=BeiJing Baidu Netcom Science Technology Co.\, Ltd,OU=Engineering Excellence,O=BeiJing Baidu Netcom Science Technology Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a2:5e:3c:fc:87:e6:01:2f:63:1f:9b:d8:bb:81:b5:28:78:88:77:04
Signer

Actual PE Digest

a2:5e:3c:fc:87:e6:01:2f:63:1f:9b:d8:bb:81:b5:28:78:88:77:04

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

ws2_32

freeaddrinfo
getnameinfo
WSACleanup
getaddrinfo
gethostname
WSAStartup

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

wintrust

WTHelperGetProvSignerFromChain
WinVerifyTrust
WTHelperProvDataFromStateData
WTHelperGetProvCertFromChain

crypt32

CertGetNameStringW

imm32

ImmDisableIME

psapi

EnumProcesses

kernel32

EnterCriticalSection
LeaveCriticalSection
RaiseException
FlushInstructionCache
GetCurrentProcess
SetLastError
GetVersionExW
HeapAlloc
GetProcessHeap
HeapFree
SetUnhandledExceptionFilter
Thread32Next
ResumeThread
SuspendThread
OpenThread
GetCurrentProcessId
Thread32First
CreateToolhelp32Snapshot
VirtualQuery
IsBadWritePtr
lstrlenW
UnmapViewOfFile
lstrcpyW
FindNextFileW
FindClose
MapViewOfFile
CreateFileMappingW
GetFullPathNameW
FindFirstFileW
CreateProcessW
InterlockedIncrement
InterlockedDecrement
GetModuleHandleW
lstrcmpiW
GetCommandLineW
GetModuleFileNameW
LoadLibraryExW
SetEnvironmentVariableW
OutputDebugStringW
GetSystemTime
GetTempPathW
FreeConsole
GetConsoleScreenBufferInfo
GetStdHandle
DeleteCriticalSection
WriteConsoleW
SetConsoleTextAttribute
CreateDirectoryW
GetPrivateProfileStringW
GetPrivateProfileIntW
CreateMutexW
OpenFileMappingW
ExitProcess
Sleep
GetFileSize
OpenEventW
ReadFile
CopyFileW
MulDiv
CompareStringW
RemoveDirectoryW
HeapSize
MoveFileExW
HeapDestroy
TerminateProcess
CreateEventW
IsDebuggerPresent
RtlUnwind
GetConsoleCP
GetConsoleMode
SetFilePointer
ExitThread
CreateThread
SetEndOfFile
GetSystemTimeAsFileTime
GetCommandLineA
GetStartupInfoA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetModuleFileNameA
LCMapStringW
GetModuleHandleA
SetHandleCount
GetFileType
SetStdHandle
AllocConsole
InitializeCriticalSection
WaitForMultipleObjects
SetThreadPriority
WriteConsoleA
GetConsoleOutputCP
CreateFileA
HeapCreate
VirtualFree
GetTimeZoneInformation
GetTimeFormatA
GetDateFormatA
GetLastError
TlsFree
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
SetFileAttributesW
GetTickCount
TlsSetValue
TlsGetValue
GetCurrentThreadId
GetFileAttributesW
CreateFileW
CloseHandle
MultiByteToWideChar
DeviceIoControl
GlobalAlloc
GlobalFree
GetVolumeInformationA
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
TlsAlloc
InterlockedCompareExchange
IsProcessorFeaturePresent
HeapReAlloc
lstrlenA
SetEvent
ResetEvent
FlushFileBuffers
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
FreeEnvironmentStringsA
WaitForSingleObject
TerminateThread
OpenProcess
LoadLibraryA
WriteFile
LocalFree
FormatMessageW
LoadLibraryW
GetProcAddress
DeleteFileW
UnhandledExceptionFilter
FreeLibrary
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
LCMapStringA
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
CompareStringA
SetEnvironmentVariableA
WritePrivateProfileStringW
VirtualAlloc

user32

SetFocus
SetCapture
IsWindowEnabled
UpdateWindow
SetRectEmpty
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
GetDlgCtrlID
GetParent
GetWindow
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
SetDlgItemTextW
EnableWindow
RedrawWindow
IsWindowVisible
PtInRect
FillRect
UnregisterClassA
SetCursor
GetCursorPos
SetForegroundWindow
GetDC
ShowWindow
ScreenToClient
GetWindowRect
ReleaseDC
MoveWindow
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
PeekMessageW
ReleaseCapture
GetCapture
OffsetRect
GetFocus
GetSysColor
GetClassNameW
CreateDialogParamW
LoadIconW
GetSystemMetrics
PostQuitMessage
LoadStringW
GetDlgItem
MessageBoxW
WindowFromPoint
SendMessageW
AllowSetForegroundWindow
RegisterWindowMessageW
EndPaint
BeginPaint
LoadImageW
InvalidateRect
GetClientRect
DrawTextW
CharNextW
DestroyIcon
SetTimer
CallWindowProcW
GetWindowLongW
KillTimer
CreateWindowExW
RegisterClassExW
DefWindowProcW
DestroyWindow
LoadCursorW
GetClassInfoExW
IsWindow
SetWindowLongW
PostMessageW
PostThreadMessageW
GetMessageW
TranslateMessage
DispatchMessageW
BringWindowToTop
SetWindowPos
DrawFocusRect

gdi32

SetBkMode
SelectObject
DeleteDC
DeleteObject
StretchBlt
GetObjectW
GetStockObject
SetTextColor
CreateFontW
CreateCompatibleDC
CreateFontIndirectW

advapi32

CryptDestroyHash
CryptReleaseContext
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegEnumKeyExA
CryptDecrypt
CryptDeriveKey
CryptHashData
CryptCreateHash
CryptAcquireContextW
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
GetTokenInformation
OpenProcessToken
CloseServiceHandle
QueryServiceStatusEx
StartServiceW
OpenServiceW
OpenSCManagerW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
RegQueryValueExW
SetServiceStatus
SetServiceObjectSecurity
SetEntriesInAclW
BuildExplicitAccessWithNameW
GetSecurityDescriptorDacl
QueryServiceObjectSecurity
CreateProcessAsUserW
RegOpenKeyW
DeleteService
ControlService
ChangeServiceConfig2W
CreateServiceW
RegCreateKeyW
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
CryptDestroyKey

shell32

ShellExecuteExW
CommandLineToArgvW
SHGetFolderPathW
ord165
ShellExecuteW
Shell_NotifyIconW

ole32

CoTaskMemFree
CoTaskMemRealloc
CoUninitialize
CoCreateInstance
CoTaskMemAlloc
CoInitializeEx
CoInitialize
CLSIDFromProgID

oleaut32

VariantClear
VariantInit
SysAllocStringLen
SysFreeString
VarBstrCmp
SysAllocString
VarUI4FromStr
SysStringByteLen
SysAllocStringByteLen

comctl32

_TrackMouseEvent

msimg32

GradientFill

iphlpapi

GetAdaptersInfo

wininet

InternetConnectW
HttpAddRequestHeadersW
InternetReadFileExA
InternetQueryOptionW
HttpEndRequestW
InternetSetStatusCallbackW
HttpQueryInfoA
HttpQueryInfoW
HttpSendRequestExW
InternetSetOptionA
InternetConnectA
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestExA
InternetWriteFile
HttpEndRequestA
InternetCloseHandle
InternetSetOptionW
HttpSendRequestW
HttpOpenRequestW
InternetSetCookieW
InternetOpenW
InternetOpenA

Sections

.text
Size: 378KB - Virtual size: 377KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4853b7ecef5d920bf1743c4eda96822b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

07:bb:7e:65:86:c7:d0:0d:36:17:00:e4:13:9f:e7:72Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

a2:5e:3c:fc:87:e6:01:2f:63:1f:9b:d8:bb:81:b5:28:78:88:77:04Signer

Headers

DLL Characteristics

File Characteristics

Imports

version

ws2_32

userenv

wintrust

crypt32

imm32

psapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

msimg32

iphlpapi

wininet

Sections

.text Size: 378KB - Virtual size: 377KB

.rdata Size: 87KB - Virtual size: 87KB

.data Size: 12KB - Virtual size: 42KB

.rsrc Size: 42KB - Virtual size: 41KB

.reloc Size: 39KB - Virtual size: 67KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

07:bb:7e:65:86:c7:d0:0d:36:17:00:e4:13:9f:e7:72
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

a2:5e:3c:fc:87:e6:01:2f:63:1f:9b:d8:bb:81:b5:28:78:88:77:04
Signer

.text
Size: 378KB - Virtual size: 377KB

.rdata
Size: 87KB - Virtual size: 87KB

.data
Size: 12KB - Virtual size: 42KB

.rsrc
Size: 42KB - Virtual size: 41KB

.reloc
Size: 39KB - Virtual size: 67KB