579b76f744222cdeee57685c4a157d5f

Sharing

Copy URL

Twitter E-mail

General

Target

579b76f744222cdeee57685c4a157d5f
Size

1.7MB
MD5

579b76f744222cdeee57685c4a157d5f
SHA1

4bc0f8def6dbce9f798ce7365d40950d250d27f0
SHA256

4a26774c124b661a78f0ce7abb483ff2dc5f2d43f55062dc7e03e09a3769b56b
SHA512

3bba47f0d850e04534f1835bccbe9cfa0d89438498cd9e790d3bfde798803588e7e8fe94033bf9628a4e777148ebae8afad7b93e0bc1d865726fb37d19829781
SSDEEP

49152:J5uAy25FXlh2ssdh6eLYPNTrA14YrvJrfBvhX+Jd0Uhwx:Jj59lhPM6eLYPNTrq48v1rGhQ

Score

1^/10

Malware Config

Signatures

Files

579b76f744222cdeee57685c4a157d5f
.exe windows:5 windows x86 arch:x86

bde2aa77689ccab24b680d18741abd2c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:10:a6:61:62:04:b0:26:4e:74:f3:52:7f:a2:aa:76
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

11/02/2011, 00:00

Not After

12/03/2012, 23:59

Subject

CN=TGSM Inc.,OU=Dev Team,O=TGSM Inc.,L=Haeundae-gu,ST=Busan,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

sqliteencrypt

sqlite3_exec
sqlite3_free_table
sqlite3_free
sqlite3_get_table
sqlite3_close
sqlite3_open

kernel32

HeapCreate
VirtualFree
GetStdHandle
GetTimeZoneInformation
GetStringTypeA
GetFileType
SetHandleCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
LCMapStringW
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
CompareStringW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
LCMapStringA
IsValidCodePage
QueryPerformanceCounter
GetACP
SetStdHandle
GetSystemTimeAsFileTime
HeapSize
ExitProcess
VirtualQuery
GetSystemInfo
VirtualAlloc
RaiseException
RtlUnwind
GetStartupInfoA
GetCommandLineA
CreateThread
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapAlloc
HeapReAlloc
HeapFree
FindResourceExA
VirtualProtect
GetProfileIntA
SearchPathA
GetTempPathA
GetTempFileNameA
GetFileSizeEx
SetErrorMode
GetOEMCP
GetCPInfo
GlobalFlags
GetCurrentDirectoryA
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
InterlockedIncrement
GetModuleHandleW
GetVolumeInformationA
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
SetFilePointer
GetThreadLocale
GetCurrentProcessId
WritePrivateProfileStringA
GetPrivateProfileIntA
FreeResource
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
lstrcmpW
InterlockedDecrement
GetModuleFileNameW
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetModuleFileNameA
GetLocaleInfoA
CompareStringA
InterlockedExchange
lstrcmpA
GetModuleHandleA
SetLastError
GlobalFree
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
lstrlenW
MulDiv
GetFileTime
WriteFile
lstrcpyA
GetFullPathNameA
GetFileSize
CreateFileA
CopyFileA
lstrlenA
FindClose
Module32Next
Module32First
LocalFree
GetCurrentProcess
Process32Next
TerminateProcess
GetExitCodeProcess
OpenProcess
Process32First
CreateToolhelp32Snapshot
CreateDirectoryA
GetFileAttributesA
GetVersionExA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindFirstFileA
SetThreadPriority
TerminateThread
WaitForSingleObject
ResumeThread
GetTickCount
DisconnectNamedPipe
FlushFileBuffers
ReadFile
ConnectNamedPipe
CreateNamedPipeA
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CloseHandle
CreateMutexA
MultiByteToWideChar
Sleep
OutputDebugStringA
FreeLibrary
GetProcAddress
LoadLibraryA
GetLastError
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
GetStringTypeW

user32

DestroyCursor
GetWindowRgn
CreateMenu
GetDoubleClickTime
GetIconInfo
SubtractRect
CopyIcon
CharUpperBuffA
GetUpdateRect
FrameRect
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcA
DefFrameProcA
IsClipboardFormatAvailable
MapVirtualKeyExA
GetKeyNameTextA
IsCharLowerA
GetMenuDefaultItem
SetMenuDefaultItem
UpdateLayeredWindow
EnableScrollBar
UnionRect
SetCursorPos
DrawIconEx
DrawFocusRect
DrawFrameControl
DrawEdge
UnpackDDElParam
ReuseDDElParam
TranslateAcceleratorA
GetNextDlgGroupItem
InvalidateRgn
SetRect
CharNextA
GetMenuItemInfoA
UnregisterClassA
EmptyClipboard
CloseClipboard
SetClipboardData
LoadImageA
DestroyIcon
CopyImage
OpenClipboard
DrawStateA
RegisterClipboardFormatA
EnumChildWindows
LockWindowUpdate
IsRectEmpty
InvalidateRect
InflateRect
IsMenu
GetSystemMenu
SetClassLongA
SetParent
CreatePopupMenu
NotifyWinEvent
SetWindowRgn
CreateAcceleratorTableA
LoadAcceleratorsA
DestroyAcceleratorTable
GetAsyncKeyState
GetKeyboardState
GetKeyboardLayout
MapVirtualKeyA
ToAsciiEx
CopyAcceleratorTableA
DestroyMenu
PostThreadMessageA
LoadMenuA
SetRectEmpty
DeleteMenu
WaitMessage
ReleaseCapture
WindowFromPoint
SetCapture
LoadCursorA
GetSysColorBrush
CharUpperA
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
MoveWindow
SetWindowTextA
CheckDlgButton
GetWindowThreadProcessId
ShowOwnedPopups
SetCursor
GetMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamA
IsWindowEnabled
GetNextDlgTabItem
EndDialog
SetWindowContextHelpId
MapDialogRect
RegisterWindowMessageA
SendDlgItemMessageA
wsprintfA
SetWindowPos
SetActiveWindow
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetFocus
IsWindow
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
IsWindowVisible
UpdateWindow
MessageBoxA
CreateWindowExA
GetClassInfoExA
RegisterClassA
GetSysColor
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
CopyRect
SetWindowPlacement
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
BringWindowToTop
SetForegroundWindow
SetFocus
ShowWindow
GetClassInfoA
LoadIconA
IsIconic
SendMessageA
GetSystemMetrics
GetClientRect
DrawIcon
SetTimer
KillTimer
EnableWindow
GetWindowLongA
GetParent
GetWindow
PeekMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
RemoveMenu
GetSubMenu
GetMenuItemCount
InsertMenuA
GetMenuItemID
AppendMenuA
GetMenuStringA
GetMenuState
PostMessageA
PostQuitMessage
IsZoomed
RedrawWindow
MessageBeep
OffsetRect
SystemParametersInfoA
WinHelpA
UnhookWindowsHookEx
GetWindowRect
GetWindowPlacement
IntersectRect
SetWindowLongA
InsertMenuItemA

gdi32

Ellipse
Polygon
Rectangle
RoundRect
CreatePalette
GetPaletteEntries
GetWindowOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
GetViewportOrgEx
LPtoDP
ExtFloodFill
SetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
Polyline
CreateEllipticRgn
GetTextFaceA
SetPixelV
GetTextMetricsA
CreateCompatibleBitmap
CreateFontIndirectA
EnumFontFamiliesExA
CreatePolygonRgn
DPtoLP
GetMapMode
SetRectRgn
GetBkColor
CreateDIBSection
SetPixel
StretchBlt
CombineRgn
RealizePalette
GetDIBits
PatBlt
SetDIBColorTable
GetTextExtentPoint32A
GetTextColor
CreateRoundRectRgn
GetTextCharsetInfo
GetDeviceCaps
CopyMetaFileA
GetDCOrgEx
GetClipBox
CreateDIBitmap
GetRgnBox
OffsetRgn
CreateRectRgnIndirect
CreateHatchBrush
CreateSolidBrush
CreatePen
GetObjectType
SelectPalette
SetTextColor
SetBkColor
GetObjectA
CreateBitmap
SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
GetStockObject
CreateCompatibleDC
CreatePatternBrush
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
SelectClipRgn
DeleteObject
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
SetMapMode
EnumFontFamiliesA

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegOpenKeyA
RegQueryValueExA
RegCloseKey
OpenProcessToken
DuplicateTokenEx
ConvertStringSidToSidA
SetTokenInformation
GetLengthSid
CreateProcessAsUserA
RegEnumKeyExA
RegQueryValueA
RegOpenKeyExA
RegEnumKeyA
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA
RegCreateKeyExA

shell32

SHGetSpecialFolderPathA
SHGetFileInfoA
SHGetPathFromIDListA
SHBrowseForFolderA
ShellExecuteA
DragQueryFileA
DragFinish
SHAppBarMessage

comctl32

InitCommonControlsEx
ImageList_GetIconSize

shlwapi

PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathRemoveFileSpecW
PathFindExtensionA

oledlg

ord8

ole32

DoDragDrop
OleFlushClipboard
OleIsCurrentClipboard
OleLockRunning
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CreateStreamOnHGlobal
OleGetClipboard
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRegisterMessageFilter
CoRevokeClassObject
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
CLSIDFromProgID
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CLSIDFromString
CoInitializeEx

oleaut32

SysAllocString
OleCreateFontIndirect
SystemTimeToVariantTime
SafeArrayDestroy
SysFreeString
SysAllocStringLen
VariantInit
VariantClear
SysStringLen
SysAllocStringByteLen
VariantChangeType
VariantCopy
VariantTimeToSystemTime

gdiplus

GdipDrawImageI
GdipGetImageGraphicsContext
GdiplusShutdown
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipCloneImage

wininet

InternetOpenA
InternetCloseHandle
DeleteUrlCacheEntry
InternetReadFile
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetCrackUrlA

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundA

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 273KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bde2aa77689ccab24b680d18741abd2c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

51:10:a6:61:62:04:b0:26:4e:74:f3:52:7f:a2:aa:76Certificate

Extended Key Usages

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6dCertificate

Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

sqliteencrypt

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

gdiplus

wininet

imm32

winmm

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 273KB - Virtual size: 272KB

.data Size: 29KB - Virtual size: 57KB

.rsrc Size: 17KB - Virtual size: 17KB

.reloc Size: 144KB - Virtual size: 144KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

51:10:a6:61:62:04:b0:26:4e:74:f3:52:7f:a2:aa:76
Certificate

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 273KB - Virtual size: 272KB

.data
Size: 29KB - Virtual size: 57KB

.rsrc
Size: 17KB - Virtual size: 17KB

.reloc
Size: 144KB - Virtual size: 144KB