2a8f2859f6da5eac2bac4a52003439a6

Sharing

Copy URL

Twitter E-mail

General

Target

2a8f2859f6da5eac2bac4a52003439a6
Size

616KB
MD5

2a8f2859f6da5eac2bac4a52003439a6
SHA1

1425f7a02c25ce19554f612dbde0f5e0d90837e4
SHA256

22ba644883b423e5bc4ea73e4afa9063e154835598f5c967fd598dc50ae56aa8
SHA512

ac41ac639efc5ea7a1f042855e91e66e7a28c4296f9c7c64466053b446dcddb8786c08a8ed03648af46793c48107c3f75edbca5a6ffae99737ba00f89e18d44a
SSDEEP

12288:oBfOD6fW8C9YoaU+/s/vFy/vXoIqy08YfRJaWq:SnC9Yo2Yvc4Iv0BfRJT

Score

1^/10

Malware Config

Signatures

Files

2a8f2859f6da5eac2bac4a52003439a6
.exe windows:4 windows x86 arch:x86

18a8aa5f7bb6ded8113fabad1d20f8a7

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10-05-2010 00:00

Not After

10-05-2015 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:01

Not After

23-05-2016 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:bc:3a:51:b5:89:e5:af:43:29:1d:f8:4e:a4:c5:71
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

26-12-2011 00:00

Not After

25-12-2014 23:59

Subject

CN=Beijing Kingsoft Security software Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing Kingsoft Security software Co.\,Ltd,L=beijing,ST=beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:ff:28:d2:83:0f:9b:17:28:2c:f1:e8:be:c5:11:b0:dd:db:39:20
Signer

Actual PE Digest

0e:ff:28:d2:83:0f:9b:17:28:2c:f1:e8:be:c5:11:b0:dd:db:39:20

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

ioctlsocket
select
__WSAFDIsSet
getaddrinfo
freeaddrinfo
WSASetLastError
socket
connect
setsockopt
getpeername
getsockopt
htons
bind
ntohs
getsockname
send
recv
WSAGetLastError
closesocket
WSAStartup
WSACleanup

kernel32

GetDiskFreeSpaceExW
GetDriveTypeW
LoadLibraryW
lstrlenW
GetModuleFileNameW
WaitForSingleObject
TerminateThread
GetPrivateProfileIntW
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalFree
RaiseException
WriteFile
LoadLibraryA
CreateProcessW
GetExitCodeProcess
SleepEx
Sleep
GetTickCount
ExpandEnvironmentStringsA
FormatMessageA
HeapDestroy
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
LeaveCriticalSection
EnterCriticalSection
lstrlenA
CopyFileW
DeleteCriticalSection
GetLastError
InitializeCriticalSection
GetProcAddress
MultiByteToWideChar
SetLastError
FlushInstructionCache
GetCurrentProcess
FindResourceExW
LoadResource
LockResource
SizeofResource
FreeResource
DeleteFileW
FindResourceW
CreateFileW
WideCharToMultiByte
GetFileSize
FreeLibrary
ReadFile
CloseHandle
GetCurrentThreadId
GetModuleHandleW
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedCompareExchange
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime

user32

GetDlgCtrlID
LoadIconW
DestroyIcon
KillTimer
CallWindowProcW
EndPaint
PostMessageW
BeginPaint
ClientToScreen
IsWindowVisible
SetRectEmpty
GetClientRect
SetRect
GetWindowThreadProcessId
GetForegroundWindow
CreateWindowExW
RegisterClassExW
SystemParametersInfoW
SetWindowPos
AttachThreadInput
SetForegroundWindow
PeekMessageW
MoveWindow
SetWindowRgn
DestroyWindow
GetMessageW
SetActiveWindow
TranslateMessage
GetDlgItem
DispatchMessageW
GetWindowLongW
GetWindow
IsWindow
IsWindowEnabled
SendMessageW
InvalidateRect
ShowWindow
DefWindowProcW
GetWindowRect
GetFocus
CopyRect
IsChild
GetActiveWindow
GetDesktopWindow
UpdateLayeredWindow
LoadImageW
SetTimer
SetCursor
FindWindowW
GetSystemMetrics
GetParent
EnableWindow
UnregisterClassA
ExitWindowsEx
SetWindowLongW
MapWindowPoints
LoadCursorW
GetClassInfoExW
CharNextW
CharLowerW
LoadBitmapW
PostQuitMessage
TrackMouseEvent
ReleaseDC
GetNextDlgTabItem
PtInRect
SetFocus
GetScrollPos
GetDC
OffsetRect
ReleaseCapture
WindowFromPoint
GetKeyState
InflateRect
DrawIconEx
SetCapture
GetMonitorInfoW
DrawTextW
MonitorFromWindow
PostThreadMessageW
EqualRect
IsDialogMessageW

gdi32

CreateRectRgnIndirect
SaveDC
SetBkMode
RestoreDC
CreateRectRgn
CreateFontIndirectW
SetRectRgn
SetViewportOrgEx
GetObjectA
SetStretchBltMode
Rectangle
BitBlt
GetTextColor
LineTo
MoveToEx
CreateDIBSection
TextOutW
GetStockObject
GetObjectW
CombineRgn
GetTextExtentPoint32W
DeleteObject
SelectObject
RectInRegion
CreateCompatibleDC
CreatePen
CreateCompatibleBitmap
GetCurrentObject
GetClipRgn
SelectClipRgn
ExtTextOutW
SetBkColor
SetTextColor
CreateBitmap
StretchBlt
DeleteDC
OffsetRgn
RoundRect

advapi32

RegCloseKey
RegOpenKeyW
RegQueryValueExW
OpenProcessToken
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
Shell_NotifyIconW
SHGetSpecialFolderPathW
ShellExecuteW

ole32

CreateStreamOnHGlobal

shlwapi

StrToIntA
StrToIntW

comctl32

_TrackMouseEvent

msimg32

AlphaBlend

gdiplus

GdipDeletePath
GdipSetImageAttributesColorMatrix
GdipSetStringFormatFlags
GdipFillRectangleI
GdipSetClipPath
GdipDeleteStringFormat
GdipSetSmoothingMode
GdipCreateStringFormat
GdipLoadImageFromFile
GdipDisposeImageAttributes
GdipDeleteFont
GdipCreateImageAttributes
GdipDeleteGraphics
GdipCloneImage
GdipMeasureString
GdipAddPathRectangleI
GdipCreateSolidFill
GdipCreateFontFromDC
GdipDisposeImage
GdipCreateFontFromLogfontW
GdipCreateFromHDC
GdipGetImageWidth
GdipGetImageHeight
GdipClosePathFigure
GdipAddPathPieI
GdipDrawImageRectRectI
GdipResetWorldTransform
GdipCreateBitmapFromStream
GdipDeleteBrush
GdipRotateWorldTransform
GdipCreatePath
GdipAlloc
GdipTranslateWorldTransform
GdipCloneBrush
GdipFree
GdipDrawLinesI
GdipDrawString
GdipSetTextRenderingHint
GdipDeletePen
GdipSetStringFormatTrimming
GdipCreatePen1
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipCreateFontFromLogfontA
GdipFillRectangle
GdiplusStartup
GdiplusShutdown
GdipDrawImageRectI
GdipDrawImagePointsRectI
GdipCreateHBITMAPFromBitmap
GdipDrawImageRectRect
GdipLoadImageFromStream
GdipImageRotateFlip

msvcp80

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

msvcr80

_vsnprintf_s
memmove
_mbsrchr
_mbsstr
_mbsinc
fclose
fwrite
_waccess
fseek
fread
fprintf
fputc
isalpha
strncmp
isspace
strchr
isalnum
realloc
_time64
__iob_func
strtoul
strstr
sscanf
strtol
isxdigit
strncpy
strrchr
_strtoi64
fgets
fopen
qsort
fputs
isdigit
sprintf
_errno
memchr
fflush
getenv
strerror
__sys_nerr
_gmtime64
_stat64
?terminate@@YAXXZ
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_amsg_exit
__wgetmainargs
_cexit
_exit
ceil
_purecall
strcmp
wcsspn
wcscspn
atoi
abs
_wtoi
_wcsupr_s
labs
wcschr
_beginthreadex
wcsrchr
wcscat_s
_XcptFilter
exit
_CxxThrowException
_wcmdln
wcscat
_mbschr
wcscmp
_invalid_parameter_noinfo
wcscpy_s
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
malloc
wcslen
_wcsicmp
_recalloc
wcsstr
free
_mbscmp
memcpy
calloc
strlen
vswprintf_s
swprintf_s
memmove_s
_vscwprintf
vsprintf_s
_vscprintf
??2@YAPAXI@Z
memcpy_s
memset
_wcslwr_s
??_V@YAXPAX@Z
??3@YAXPAX@Z
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_invoke_watson
_controlfp_s
_stricmp
_strdup
__CxxFrameHandler3
tolower

Sections

.text
Size: 236KB - Virtual size: 232KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 196KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

lm
Size: 104KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

18a8aa5f7bb6ded8113fabad1d20f8a7

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

07:bc:3a:51:b5:89:e5:af:43:29:1d:f8:4e:a4:c5:71Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

0e:ff:28:d2:83:0f:9b:17:28:2c:f1:e8:be:c5:11:b0:dd:db:39:20Signer

Headers

File Characteristics

Imports

ws2_32

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

comctl32

msimg32

gdiplus

msvcp80

msvcr80

Sections

.text Size: 236KB - Virtual size: 232KB

.rdata Size: 60KB - Virtual size: 58KB

.data Size: 8KB - Virtual size: 6KB

.rsrc Size: 196KB - Virtual size: 193KB

lm Size: 104KB - Virtual size: 124KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

07:bc:3a:51:b5:89:e5:af:43:29:1d:f8:4e:a4:c5:71
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

0e:ff:28:d2:83:0f:9b:17:28:2c:f1:e8:be:c5:11:b0:dd:db:39:20
Signer

.text
Size: 236KB - Virtual size: 232KB

.rdata
Size: 60KB - Virtual size: 58KB

.data
Size: 8KB - Virtual size: 6KB

.rsrc
Size: 196KB - Virtual size: 193KB

lm
Size: 104KB - Virtual size: 124KB