46e77d8f3ad24924197248ec0c71ec4d

Sharing

Copy URL Twitter E-mail

General

Target

46e77d8f3ad24924197248ec0c71ec4d
Size

525KB
MD5

46e77d8f3ad24924197248ec0c71ec4d
SHA1

d8b2579cd5a03cdcbf6c87d226511247b079013f
SHA256

230b78af18b9d38c4068482cc7325d11ae58a0a0515a752d477564d3d6ccde07
SHA512

7dab5ea51416355bd65842b28ff100668e5bb5fe29ed5c118c317551af5da44cc2966bf5d851f08a498ae591e179953d3792cf05df551fafa6b4f5701b68e5ea
SSDEEP

6144:+59gOGxV52z5Pq4Cy+9e49dasgQI8RYc9QzeAwaDOIgN+zUlVkwKL3f1n5Yws0gY:VOjPqRy+d9AdBBcCz1p4lVmL3tKwaY

Score

1^/10

Malware Config

Signatures

Files

46e77d8f3ad24924197248ec0c71ec4d
.exe windows:4 windows x86 arch:x86

a7396d80c7825b3ff6f7d8e223a52ac9

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

19:9d:f8:9e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:c6:ef:de:8b:8a:c1
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

01/09/2013, 17:20

Not After

05/10/2014, 06:45

Subject

CN=Beijing Doyo Networking Technologies Ltd.,O=Beijing Doyo Networking Technologies Ltd.,L=Beijing,ST=Beijing,C=CN,1.2.840.113549.1.9.1=#0c15646f796f7365727669636540676d61696c2e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

3d
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c4:bf:9f:fb:06:ee:b5:af:7a:ee:45:50:d0:7b:06:95:f2:a0:4f:71
Signer

Actual PE Digest

c4:bf:9f:fb:06:ee:b5:af:7a:ee:45:50:d0:7b:06:95:f2:a0:4f:71

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesA
GetFileTime
GetSystemTimeAsFileTime
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapFree
HeapReAlloc
GetProcessHeap
GetStartupInfoA
RtlUnwind
ExitProcess
RaiseException
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
VirtualFree
HeapDestroy
HeapCreate
GetStdHandle
IsValidCodePage
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
FileTimeToLocalFileTime
SetErrorMode
GetOEMCP
GetCPInfo
CreateFileA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
FileTimeToSystemTime
GlobalFlags
InterlockedDecrement
GetModuleFileNameW
FormatMessageA
GetThreadLocale
MulDiv
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetVersionExA
WritePrivateProfileStringA
GetCurrentProcessId
GlobalAddAtomA
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalFree
LocalAlloc
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
GetModuleFileNameA
EnumResourceLanguagesA
GetLocaleInfoA
lstrcmpA
InterlockedIncrement
MultiByteToWideChar
GetVersion
lstrlenA
CompareStringW
CompareStringA
Sleep
GetTickCount
GetProcAddress
GetModuleHandleA
GetLastError
SetLastError
FreeLibrary
LoadLibraryA
LockResource
WideCharToMultiByte
SizeofResource
LoadResource
FindResourceA
InterlockedExchange
GetCommandLineA
GetCurrentThreadId
FreeResource
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
EnterCriticalSection
CreateMutexA
CloseHandle
OpenMutexA
GetACP
LeaveCriticalSection

user32

SetWindowTextA
CharNextA
DestroyMenu
GetSysColorBrush
RegisterClipboardFormatA
UnregisterClassA
PostThreadMessageA
DrawTextExA
DrawTextA
TabbedTextOutA
IsDialogMessageA
MessageBeep
GetNextDlgGroupItem
SendDlgItemMessageA
WinHelpA
IsChild
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetWindowTextLengthA
GetWindowTextA
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
UpdateWindow
GetMenu
GetMenuItemID
GetMenuItemCount
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
GetDlgCtrlID
DefWindowProcA
GetWindowPlacement
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
GetWindow
SetWindowContextHelpId
MapDialogRect
GetLastActivePopup
MessageBoxA
SetWindowsHookExA
CallNextHookEx
TranslateMessage
GetActiveWindow
GetKeyState
PeekMessageA
ValidateRect
PostQuitMessage
SetFocus
GetDesktopWindow
InvalidateRgn
ReleaseDC
GetDC
EqualRect
IntersectRect
SetRect
IsRectEmpty
CopyRect
IsWindowEnabled
GetWindowLongA
CopyAcceleratorTableA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
CharUpperA
LoadImageA
CallWindowProcA
DispatchMessageA
GetMessageA
SetWindowLongA
RegisterWindowMessageA
CreateWindowExA
GetClassNameA
InvalidateRect
GetFocus
LoadCursorA
SetCursor
ScreenToClient
GetCursorPos
GetParent
ReleaseCapture
WindowFromPoint
ClientToScreen
KillTimer
SetCapture
GetCapture
IsWindowVisible
DrawIconEx
DestroyIcon
EndPaint
BeginPaint
GetWindowDC
GrayStringA
RedrawWindow
InflateRect
OffsetRect
TrackPopupMenu
DeleteMenu
SetMenuItemInfoA
GetSubMenu
LoadMenuA
SendMessageA
SystemParametersInfoA
FindWindowA
SetParent
GetWindowRect
MoveWindow
EnableWindow
ShowWindow
GetSystemMenu
SetWindowPos
GetSystemMetrics
FindWindowExA
GetClientRect
SetTimer
PostMessageA
PtInRect
SetWindowRgn
SetForegroundWindow
AttachThreadInput
LoadIconA
GetWindowThreadProcessId
GetForegroundWindow
IsIconic
AppendMenuA
IsWindow
DrawIcon

gdi32

SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
GetDeviceCaps
CreatePen
ScaleViewportExtEx
GetBkColor
GetTextColor
GetMapMode
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
DeleteObject
MoveToEx
LineTo
SetMapMode
SetBkMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
GetRgnBox
CreateRectRgnIndirect
CreateBitmap
CreateFontIndirectA
CreateCompatibleDC
SelectObject
GetStockObject
DeleteDC
BitBlt
GetObjectA
CreateRoundRectRgn
CreateCompatibleBitmap

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegQueryValueA
RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

oledlg

ord8

ole32

CoTaskMemFree
CoTaskMemAlloc
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CLSIDFromProgID
CLSIDFromString
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CreateStreamOnHGlobal

oleaut32

VariantCopy
SysAllocStringByteLen
OleCreateFontIndirect
VariantInit
VariantChangeType
SysAllocStringLen
SafeArrayDestroy
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SysFreeString
SysAllocString
VariantClear

gdiplus

GdipDrawImageRectRectI
GdipFree
GdipDeleteGraphics
GdipCreateBitmapFromStream
GdipCloneImage
GdipCreateFromHDC
GdipAlloc
GdipDisposeImage
GdiplusStartup
GdiplusShutdown
GdipCreateImageAttributes
GdipSetSmoothingMode
GdipDisposeImageAttributes
GdipSetImageAttributesColorKeys
GdipLoadImageFromStream

Exports

Exports

??0CPngImageList@@QAE@ABV0@@Z
??0CPngImageList@@QAE@XZ
??1CPngImageList@@UAE@XZ
??4CPngImageList@@QAEAAV0@ABV0@@Z
??_7CPngImageList@@6B@
?AttachImageList@CPngImageList@@QAEXIPBD@Z
?Clear@CPngImageList@@QAEXXZ
?Create@CPngImageList@@QAEXHH@Z
?Draw@CPngImageList@@QAEXPAVCDC@@HVCPoint@@@Z
?Draw@CPngImageList@@QAEXPAVCDC@@VCPoint@@VCRect@@@Z
?DrawHorizonRect@CPngImageList@@QAEXPAVCDC@@HVCRect@@@Z
?DrawProgressBar@CPngImageList@@QAEXPAVCDC@@VCRect@@HH@Z
?DrawShadow@CPngImageList@@QAEXPAVCDC@@VCRect@@HHHH@Z
?GetItemHeight@CPngImageList@@QAEHXZ
?GetItemWidth@CPngImageList@@QAEHXZ
?IsNull@CPngImageList@@QAEHXZ
?LoadPngImage@CPngImageList@@QAEHAAVCImage@ATL@@IPBD@Z
?SetCutWidth@CPngImageList@@QAEXHH@Z
?StretchDraw@CPngImageList@@QAEXPAVCDC@@HVCRect@@@Z

Sections

.text
Size: 228KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a7396d80c7825b3ff6f7d8e223a52ac9

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

19:9d:f8:9eCertificate

Key Usages

10:c6:ef:de:8b:8a:c1Certificate

Extended Key Usages

Key Usages

3dCertificate

Key Usages

c4:bf:9f:fb:06:ee:b5:af:7a:ee:45:50:d0:7b:06:95:f2:a0:4f:71Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

comctl32

shlwapi

oledlg

ole32

oleaut32

gdiplus

Exports

Exports

Sections

.text Size: 228KB - Virtual size: 224KB

.rdata Size: 64KB - Virtual size: 60KB

.data Size: 12KB - Virtual size: 26KB

.rsrc Size: 56KB - Virtual size: 54KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

19:9d:f8:9e
Certificate

10:c6:ef:de:8b:8a:c1
Certificate

3d
Certificate

c4:bf:9f:fb:06:ee:b5:af:7a:ee:45:50:d0:7b:06:95:f2:a0:4f:71
Signer

.text
Size: 228KB - Virtual size: 224KB

.rdata
Size: 64KB - Virtual size: 60KB

.data
Size: 12KB - Virtual size: 26KB

.rsrc
Size: 56KB - Virtual size: 54KB