4bc8f417b143cf50a46cd32f5a8a4b69

Sharing

Copy URL Twitter E-mail

General

Target

4bc8f417b143cf50a46cd32f5a8a4b69
Size

196KB
MD5

4bc8f417b143cf50a46cd32f5a8a4b69
SHA1

da889bdb5e8d5af44d4b2c71b00eb3e51f96ef7a
SHA256

050492ea9e4860db6e2100ac82e4c33ebc8cfa0d879b32c22fd6f40ea34c506c
SHA512

416329ddd635f9ed9a1df5db7f4fa4f4e3bd62fec745616ff927b6dc4895efdabb9979a0f282efb91ffa12df6d8e02eb5a785cd4834560c7d3fbab44c0a0bdc2
SSDEEP

3072:U/eGvXw+BDtb6mfBtDEzdgEWmYmGCA1dlDpu64eEhojbQuCcvpGZYiDwakrqTyF5:U/pDO51DjIKk011PMd9PMWLatTB0O5s

Score

1^/10

Malware Config

Signatures

Files

4bc8f417b143cf50a46cd32f5a8a4b69
.exe windows:4 windows x86 arch:x86

6460f2ae8f690f2b5763fb27af39b202

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:bb:7e:65:86:c7:d0:0d:36:17:00:e4:13:9f:e7:72
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

05/02/2015, 00:00

Not After

06/02/2016, 23:59

Subject

CN=BeiJing Baidu Netcom Science Technology Co.\, Ltd,OU=Engineering Excellence,O=BeiJing Baidu Netcom Science Technology Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

59:78:4f:80:af:9a:94:a2:e6:50:e7:c4:35:b7:fc:62:a4:54:08:cf
Signer

Actual PE Digest

59:78:4f:80:af:9a:94:a2:e6:50:e7:c4:35:b7:fc:62:a4:54:08:cf

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcr80

_decode_pointer
_invoke_watson
_controlfp_s
_strnicmp
_strupr
_onexit
_lock
__dllonexit
_unlock
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
_stricmp
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_except_handler4_common
_snprintf
_beginthreadex
atol
mbstowcs
wcstombs
_errno
_mbscmp
_mbsstr
sprintf
strncmp
atoi
realloc
strncat
srand
rand
_time64
strncpy
??0exception@std@@QAE@ABV01@@Z
_invalid_parameter_noinfo
strrchr
??_U@YAPAXI@Z
free
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
malloc
strchr
memmove
ceil
strstr
_CxxThrowException
__CxxFrameHandler3
memcpy
memset
??3@YAXPAX@Z
??2@YAPAXI@Z

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
Sleep
CreateEventA
CloseHandle
GetProcAddress
LoadLibraryA
WaitForSingleObject
SetEvent
CreateThread
InitializeCriticalSection
DeleteCriticalSection
VirtualFree
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
lstrcpyA
InterlockedExchange
CancelIo
lstrlenA
GetPrivateProfileSectionNamesA
lstrcatA
FreeLibrary
lstrcmpA
GetVersionExA
GetLogicalDriveStringsA
LocalFree
LocalReAlloc
LocalAlloc
DeleteFileA
CreateFileA
SetFilePointer
MoveFileA
ReadFile
GetLastError
OpenProcess
ExitThread
GetTickCount
ExitProcess
SetFileAttributesA
MoveFileExA
GetFileSize
GetSystemDirectoryA
GetLocalTime
GlobalFree
GlobalLock
GlobalAlloc
GlobalSize
DisconnectNamedPipe
TerminateProcess
PeekNamedPipe
WaitForMultipleObjects
GetStartupInfoA
CreatePipe
GlobalMemoryStatus
GetSystemInfo
OpenEventA
GetModuleFileNameA
lstrcpyW
LocalSize
GetModuleHandleA
GetCurrentThreadId
InterlockedCompareExchange
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter

user32

OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
SetCursorPos
WindowFromPoint
SetCapture
GetSystemMetrics
LoadCursorA
GetKeyState
GetAsyncKeyState
GetForegroundWindow
EnumWindows
GetWindowTextA
MessageBoxA
GetCursorInfo
ReleaseDC
GetDesktopWindow
GetCursorPos
SetRect
SetProcessWindowStation
GetProcessWindowStation
OpenWindowStationA
GetWindowThreadProcessId
IsWindowVisible
ExitWindowsEx
CloseDesktop
SetThreadDesktop
GetUserObjectInformationA
OpenInputDesktop
GetThreadDesktop
OpenDesktopA
CloseWindow
SendMessageA
IsWindow
CreateWindowExA
GetDC
DestroyCursor
DispatchMessageA
TranslateMessage
GetMessageA
wsprintfA

gdi32

DeleteDC
GetDIBits
CreateCompatibleBitmap
BitBlt
SelectObject
CreateDIBSection
CreateCompatibleDC
DeleteObject

advapi32

RegSetValueExA
OpenSCManagerA
OpenServiceA
QueryServiceStatus
ControlService
DeleteService
CloseServiceHandle
RegOpenKeyExA
RegQueryValueA
RegCloseKey
LsaFreeMemory
LsaOpenPolicy
LsaRetrievePrivateData
LsaClose
LookupAccountNameA
IsValidSid
GetTokenInformation
LookupAccountSidA
GetUserNameA
AbortSystemShutdownA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
CreateServiceA
LockServiceDatabase
RegQueryValueExA
RegOpenKeyA
CloseEventLog
ClearEventLogA
OpenEventLogA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegDeleteValueA
RegEnumValueA
RegEnumKeyExA
RegDeleteKeyA
RegCreateKeyExA
StartServiceA
UnlockServiceDatabase
ChangeServiceConfig2A

shell32

SHGetFileInfoA
SHGetSpecialFolderPathA

winmm

waveOutReset
waveInUnprepareHeader
waveInReset
waveInStop
waveOutPrepareHeader
waveOutOpen
waveOutGetNumDevs
waveInAddBuffer
waveOutWrite
waveInStart
waveInPrepareHeader
waveInOpen
waveInGetNumDevs
waveOutUnprepareHeader
waveOutClose
waveInClose

ws2_32

ioctlsocket
setsockopt
send
listen
recv
accept
getpeername
closesocket
gethostbyname
WSAStartup
__WSAFDIsSet
recvfrom
bind
getsockname
WSAGetLastError
htonl
gethostname
inet_ntoa
inet_addr
sendto
socket
htons
connect
select
WSACleanup
ntohs

msvcp80

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

iphlpapi

GetIfTable

msvfw32

ICSeqCompressFrameStart
ICOpen
ICSeqCompressFrame
ICClose
ICCompressorFree
ICSeqCompressFrameEnd
ICSendMessage

netapi32

NetApiBufferFree
NetUserGetLocalGroups
NetUserGetInfo
NetUserSetInfo
NetUserDel
NetUserEnum

psapi

GetModuleFileNameExA
EnumProcessModules

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW
WTSEnumerateSessionsA
WTSLogoffSession
WTSDisconnectSession
WTSQuerySessionInformationA

Sections

.text
Size: 136KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.55632
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.99863
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6460f2ae8f690f2b5763fb27af39b202

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

07:bb:7e:65:86:c7:d0:0d:36:17:00:e4:13:9f:e7:72Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

59:78:4f:80:af:9a:94:a2:e6:50:e7:c4:35:b7:fc:62:a4:54:08:cfSigner

Headers

File Characteristics

Imports

msvcr80

kernel32

user32

gdi32

advapi32

shell32

winmm

ws2_32

msvcp80

iphlpapi

msvfw32

netapi32

psapi

wtsapi32

Sections

.text Size: 136KB - Virtual size: 134KB

.rdata Size: 32KB - Virtual size: 29KB

.data Size: 4KB - Virtual size: 24KB

.rsrc Size: 4KB - Virtual size: 4KB

.55632 Size: 4KB - Virtual size: 4KB

.99863 Size: 4KB - Virtual size: 4KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

07:bb:7e:65:86:c7:d0:0d:36:17:00:e4:13:9f:e7:72
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

59:78:4f:80:af:9a:94:a2:e6:50:e7:c4:35:b7:fc:62:a4:54:08:cf
Signer

.text
Size: 136KB - Virtual size: 134KB

.rdata
Size: 32KB - Virtual size: 29KB

.data
Size: 4KB - Virtual size: 24KB

.rsrc
Size: 4KB - Virtual size: 4KB

.55632
Size: 4KB - Virtual size: 4KB

.99863
Size: 4KB - Virtual size: 4KB