3cd8f51454e5ee4f5f92b22adf5a679b

Sharing

Copy URL Twitter E-mail

General

Target

3cd8f51454e5ee4f5f92b22adf5a679b
Size

287KB
MD5

3cd8f51454e5ee4f5f92b22adf5a679b
SHA1

9750cbc9acdb9196f688e2eb431f0f243309084e
SHA256

76124653b4d8330ce73f4678a6ea7afb017ac4a3a4816c138f8e1de54add8717
SHA512

64f04283a638ea45994c5923f5de946d03532f4626a675eef97c3e11f4009baf7411e7868067afa8db51d7804934ecbaf85d66edc51ac32ddefd34706a5a7770
SSDEEP

6144:c0hTJdCmY/NBJfi6wIrIe+vdPnQdOSjDR8RZCwQ:55YFnqBI8e+vdPnQESG1Q

Score

1^/10

Malware Config

Signatures

Files

3cd8f51454e5ee4f5f92b22adf5a679b
.exe windows:4 windows x86 arch:x86

ae32f6ff6e47231e6e6c8c00f3dd8c84

Code Sign

04:00:00:00:00:01:15:4b:5a:c3:94
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

01/09/1998, 12:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:23:9e:0f:ac:b3
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:2a:60:4f:b6:b4
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

11/08/2010, 08:15

Not After

11/08/2011, 08:15

Subject

CN=Tsingsoft Imagination Information Technology Co.\, Ltd.,O=Tsingsoft Imagination Information Technology Co.\, Ltd.,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5c:d6:f5:f0:c9:8c:be:62:9b:ed:f0:98:5f:5d:ff:99:08:cb:a2:7b
Signer

Actual PE Digest

5c:d6:f5:f0:c9:8c:be:62:9b:ed:f0:98:5f:5d:ff:99:08:cb:a2:7b

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenFile
CreateMailslotW
CreateDirectoryA
GetProcAddress
GetSystemTime
SetErrorMode
GetExitCodeProcess
lstrcmpA
FileTimeToSystemTime
ConnectNamedPipe
SetCalendarInfoA
GetLocalTime
CreateDirectoryW
SleepEx
CreateNamedPipeW
lstrcatA
GetSystemDefaultLangID
DuplicateHandle
FatalAppExitW
GetTempFileNameA
GetThreadLocale
lstrcmpi
GetLocaleInfoW
GetCurrentDirectoryW
GetDateFormatW
OpenWaitableTimerA
GetThreadPriority
GetAtomNameW
LoadLibraryW
LoadResource
ReplaceFileA
FileTimeToLocalFileTime
CreateMutexA
GetDateFormatA
FindAtomA
GlobalAlloc
GetNumberFormatW
GetTempPathW
RemoveDirectoryW
GetLastError
GetProcessHeap
lstrcat
LocalFree
GetLongPathNameW
OpenEventA
GetDiskFreeSpaceW
RemoveDirectoryA
CreateSemaphoreW
OpenSemaphoreW
GetShortPathNameA
GetVolumeInformationA
GetModuleHandleW
SearchPathW
GetCalendarInfoW
lstrcpy
GetExpandedNameW
GetEnvironmentVariableW
CopyFileExA
GetACP
GetMailslotInfo
HeapCreate
LoadLibraryA
GetTickCount
GetLogicalDriveStringsA
SearchPathA
CreateEventA
ReplaceFileW
GetCPInfo
InitializeCriticalSection
GetAtomNameA
MultiByteToWideChar
GetSystemDirectoryA
GetCurrentProcess
EnumCalendarInfoA
GetStringTypeA
GetNumberFormatA
QueryPerformanceFrequency
AddAtomW
lstrcpynW
IsValidLocale
lstrcatW
GetCurrentProcessId

user32

FindWindowW
SetWindowLongW
GetDesktopWindow
GetFocus
MessageBoxW
GetKeyboardType
GetDlgItemInt
OpenClipboard
ShowCaret
CopyRect
IsDlgButtonChecked
CharPrevW
DialogBoxParamW
SendDlgItemMessageA
SetWindowPos
SetDlgItemInt
SetTimer
AdjustWindowRect
GetSystemMetrics
CreateDialogParamA
SetCursorPos
GetMenuStringA
keybd_event
GetDCEx
GetCapture
AppendMenuW
LoadBitmapA
IsIconic
CreateDialogIndirectParamA
WaitMessage
CopyIcon
LoadCursorW
MoveWindow
GetCaretPos
GetClassInfoW
GetClassInfoA
MonitorFromRect
CreateMenu
SendMessageW
WinHelpW
PeekMessageA
GetSubMenu
LoadMenuW
GetMenuItemCount
DefWindowProcW
GetClassInfoExW
GetMenu
CreateWindowExW
DestroyMenu
DialogBoxIndirectParamA
CharUpperW
GetClassInfoExA
InvalidateRect
CharPrevA
WaitForInputIdle
GetTopWindow
MonitorFromPoint
wsprintfA
InvalidateRgn
SendDlgItemMessageW
CreateDesktopA
GetAsyncKeyState
GetKeyboardLayout
GetScrollPos
TrackPopupMenu
RegisterWindowMessageW
SetWindowTextW
CreateDialogParamW
LoadMenuIndirectA
RemoveMenu
CreateWindowExA
GetMenuItemRect
SetFocus
DialogBoxIndirectParamW
PostQuitMessage
wsprintfW
CreatePopupMenu
CharLowerW
WinHelpA
GetMessageW
EnableMenuItem
DialogBoxParamA
GetActiveWindow
LoadMenuA

comctl32

CreatePropertySheetPageA
DllGetVersion
CreateToolbarEx
DrawStatusTextW
ImageList_Duplicate
ImageList_AddIcon

winmm

mmioSetInfo
sndPlaySoundW
mmioFlush
mmsystemGetVersion
timeGetTime
waveOutSetPlaybackRate
waveOutGetPlaybackRate
mciSetYieldProc
waveInGetErrorTextA
PlaySoundW
DefDriverProc
midiStreamStop
mid32Message
mciGetDriverData
mmDrvInstall

olecli32

ErrExecute
ErrClose

sqlunirl

_CreateColorSpace_@4
_SetClassLong_@12
_RegQueryValue_@16
_GetEnvironmentStrings_@4
_GetUnicodeRedirectionLayer@0
_GetPrivateProfileInt_@16
_CharUpperBuff_@8
_RegDeleteValue_@8
_MAKEINTRESOURCE@4
_GetMenuString_@20
_NDdeIsValidShareName_@4
_GetMetaFile_@4
_CreateMailslot_@16
_LoadString@16
_SearchPath_@24
_TabbedTextOut_@32
_GetKerningPairs_@12

wsock32

rexec
ntohl
WSASetBlockingHook
htons
GetServiceA
getnetbyname
GetTypeByNameA
WSApSetPostRoutine
WSAAsyncGetHostByName
dn_expand
sendto
select
getpeername
WSAAsyncSelect
gethostbyaddr
gethostname
WSAAsyncGetHostByAddr
MigrateWinsockConfiguration

Sections

.cDDXu
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mF
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.RkuLR
Size: 1024B - Virtual size: 351KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.KtDnQs
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gFnWaQ
Size: 4KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Szqq
Size: 14KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SDf
Size: 2KB - Virtual size: 311KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.kGG
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.cgL
Size: 3KB - Virtual size: 307KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.J
Size: 6KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.yWLvNc
Size: 4KB - Virtual size: 311KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ae32f6ff6e47231e6e6c8c00f3dd8c84

Code Sign

04:00:00:00:00:01:15:4b:5a:c3:94Certificate

Key Usages

04:00:00:00:00:01:23:9e:0f:ac:b3Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:20:19:c1:90:66Certificate

Key Usages

01:00:00:00:00:01:25:b0:b4:cc:01Certificate

Extended Key Usages

Key Usages

01:00:00:00:00:01:2a:60:4f:b6:b4Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:1e:44:a5:ec:beCertificate

Key Usages

5c:d6:f5:f0:c9:8c:be:62:9b:ed:f0:98:5f:5d:ff:99:08:cb:a2:7bSigner

Headers

File Characteristics

Imports

kernel32

user32

comctl32

winmm

olecli32

sqlunirl

wsock32

Sections

.cDDXu Size: 6KB - Virtual size: 6KB

.mF Size: 12KB - Virtual size: 12KB

.RkuLR Size: 1024B - Virtual size: 351KB

.KtDnQs Size: 109KB - Virtual size: 108KB

.gFnWaQ Size: 4KB - Virtual size: 44KB

.Szqq Size: 14KB - Virtual size: 56KB

.SDf Size: 2KB - Virtual size: 311KB

.kGG Size: 108KB - Virtual size: 107KB

.cgL Size: 3KB - Virtual size: 307KB

.J Size: 6KB - Virtual size: 22KB

.yWLvNc Size: 4KB - Virtual size: 311KB

.rsrc Size: 8KB - Virtual size: 7KB

04:00:00:00:00:01:15:4b:5a:c3:94
Certificate

04:00:00:00:00:01:23:9e:0f:ac:b3
Certificate

04:00:00:00:00:01:20:19:c1:90:66
Certificate

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

01:00:00:00:00:01:2a:60:4f:b6:b4
Certificate

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

5c:d6:f5:f0:c9:8c:be:62:9b:ed:f0:98:5f:5d:ff:99:08:cb:a2:7b
Signer

.cDDXu
Size: 6KB - Virtual size: 6KB

.mF
Size: 12KB - Virtual size: 12KB

.RkuLR
Size: 1024B - Virtual size: 351KB

.KtDnQs
Size: 109KB - Virtual size: 108KB

.gFnWaQ
Size: 4KB - Virtual size: 44KB

.Szqq
Size: 14KB - Virtual size: 56KB

.SDf
Size: 2KB - Virtual size: 311KB

.kGG
Size: 108KB - Virtual size: 107KB

.cgL
Size: 3KB - Virtual size: 307KB

.J
Size: 6KB - Virtual size: 22KB

.yWLvNc
Size: 4KB - Virtual size: 311KB

.rsrc
Size: 8KB - Virtual size: 7KB