4ddecb8f5436b1676f857115a70dee3b

Sharing

Copy URL Twitter E-mail

General

Target

4ddecb8f5436b1676f857115a70dee3b
Size

298KB
MD5

4ddecb8f5436b1676f857115a70dee3b
SHA1

7bb3ecfd35f70c56fe08fb626724fd9a02a4191a
SHA256

16fb569cef266c97621a63919db1235d1d247d10fbae5704c4af2f279aae5a57
SHA512

5574063904f9c4ed5d49f30c7fba2fa8f374e213c24d3dd3de242b46154ed886db8cec6fb7ee61746efdf3f516d0fef02db457d17be7155aa9235c2d086078cd
SSDEEP

6144:3UltX8Weim86UpA4p/AtTmBLIyKdEhO9:+OWeim8FRphBLQd5

Score

1^/10

Malware Config

Signatures

Files

4ddecb8f5436b1676f857115a70dee3b
.exe windows:5 windows x86 arch:x86

ce36197ade185f373296537b0207156d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:0c:fb:2a:27:02:26:51:c1:14:64:27:7f:19:40:f4:49
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

12/02/2015, 00:59

Not After

12/02/2017, 00:59

Subject

CN=Baidu (China) Co.\, Ltd.,O=Baidu (China) Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

SendMessageTimeoutW
FindWindowA
IsWindow
SendMessageW
PostMessageW
DispatchMessageW
RegisterClassW
GetMessageW
DefWindowProcW
PostQuitMessage
KillTimer
GetWindowLongW
SetWindowLongW
ShowWindow
TranslateMessage
SetTimer
CreateWindowExW

ole32

CLSIDFromString

advapi32

FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegCloseKey
RegOpenKeyExW
RegQueryValueExW

kernel32

SetFilePointerEx
HeapReAlloc
FlushFileBuffers
SetStdHandle
GetConsoleCP
FreeEnvironmentStringsW
GetEnvironmentStringsW
CreateFileW
ReadFile
ReadConsoleW
SetEndOfFile
LoadLibraryExW
WriteFile
QueryPerformanceCounter
GetCurrentProcessId
GetConsoleMode
IsDebuggerPresent
FreeLibrary
GetTickCount
LoadLibraryW
Sleep
GetLastError
GetProcAddress
CreateMutexW
ReleaseMutex
CloseHandle
GetModuleHandleW
WideCharToMultiByte
MultiByteToWideChar
GetModuleFileNameW
GetCurrentProcess
InterlockedExchange
OutputDebugStringW
GetSystemInfo
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
InitializeCriticalSection
DeleteCriticalSection
GetLocalTime
GetCurrentThreadId
GetModuleFileNameA
EnterCriticalSection
LeaveCriticalSection
SetLastError
EncodePointer
DecodePointer
GetStringTypeW
IsProcessorFeaturePresent
HeapFree
GetStdHandle
GetFileType
GetModuleHandleExW
WriteConsoleW
GetCommandLineW
RaiseException
RtlUnwind
HeapAlloc
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ExitProcess
AreFileApisANSI
HeapSize
IsValidCodePage
GetACP
GetOEMCP
GetProcessHeap
GetSystemTimeAsFileTime

shlwapi

PathRemoveFileSpecW

Sections

.text
Size: 193KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ce36197ade185f373296537b0207156d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:2f:4e:e1:35:5cCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

11:21:0c:fb:2a:27:02:26:51:c1:14:64:27:7f:19:40:f4:49Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

user32

ole32

advapi32

kernel32

shlwapi

Sections

.text Size: 193KB - Virtual size: 192KB

.rdata Size: 51KB - Virtual size: 51KB

.data Size: 11KB - Virtual size: 19KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 39KB - Virtual size: 42KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

11:21:0c:fb:2a:27:02:26:51:c1:14:64:27:7f:19:40:f4:49
Certificate

.text
Size: 193KB - Virtual size: 192KB

.rdata
Size: 51KB - Virtual size: 51KB

.data
Size: 11KB - Virtual size: 19KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 39KB - Virtual size: 42KB