7f9c7d42e099e0a7bec13c6221929990

Sharing

Copy URL Twitter E-mail

General

Target

7f9c7d42e099e0a7bec13c6221929990
Size

1.6MB
MD5

7f9c7d42e099e0a7bec13c6221929990
SHA1

065c2b161c814be3bd778667a560bd556c6b1390
SHA256

fc16feaa418c10b4d9bd195a8cd771979b80f6a9e6eb6b907c99307778489523
SHA512

98b7ca29f5f7e2af6581776821bd8cd8bb51ee2e0c913051dfc1f338705a4169c09e51f815199d6fa693e26f0a86a9b3918b005c2ed5412d9711b8bba1170e3f
SSDEEP

49152:f4Jo+YldiJekoVzKQw2BJZhyUIsj1q0MUyUAQ4cPG/jdvNye:fMYl4JmzK2BJZhyUt1qrUBAGijd3

Score

1^/10

Malware Config

Signatures

Files

7f9c7d42e099e0a7bec13c6221929990
.exe windows:5 windows x86 arch:x86

b8c18ce4f492055372def190d467c9b8

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:10:a6:61:62:04:b0:26:4e:74:f3:52:7f:a2:aa:76
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

11/02/2011, 00:00

Not After

12/03/2012, 23:59

Subject

CN=TGSM Inc.,OU=Dev Team,O=TGSM Inc.,L=Haeundae-gu,ST=Busan,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEnvironmentVariableA
GetConsoleMode
GetConsoleCP
CompareStringW
InitializeCriticalSectionAndSpinCount
QueryPerformanceCounter
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetTimeZoneInformation
IsValidCodePage
GetACP
VirtualFree
GetLastError
HeapCreate
GetFileType
SetStdHandle
GetSystemTimeAsFileTime
HeapSize
VirtualQuery
GetSystemInfo
VirtualAlloc
CreateThread
WriteConsoleW
RaiseException
ExitProcess
RtlUnwind
GetStartupInfoA
GetCommandLineA
GetDateFormatA
GetTimeFormatA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapAlloc
HeapReAlloc
HeapFree
FindResourceExA
VirtualProtect
GetFileTime
GetFileSizeEx
Sleep
GetProfileIntA
SearchPathA
GetTempPathA
GetTempFileNameA
SetErrorMode
GetModuleHandleW
GetFullPathNameA
GetConsoleOutputCP
WriteConsoleA
ExitThread
GetVolumeInformationA
FindClose
GetCurrentProcess
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
ReadFile
GetOEMCP
GetCPInfo
GetFileSize
GetFileAttributesA
lstrcpyA
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GlobalFlags
GetCurrentDirectoryA
GetThreadLocale
CopyFileA
GlobalSize
FormatMessageA
LocalFree
lstrlenW
MulDiv
GetCurrentProcessId
WaitForSingleObject
ResumeThread
SetThreadPriority
GlobalUnlock
lstrlenA
WritePrivateProfileStringA
GetPrivateProfileIntA
GlobalFree
FreeResource
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
MultiByteToWideChar
lstrcmpW
InterlockedDecrement
GetModuleFileNameW
SetLastError
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetModuleFileNameA
GetLocaleInfoA
CompareStringA
InterlockedExchange
GlobalLock
lstrcmpA
GlobalAlloc
GetModuleHandleA
GetTickCount
lstrcmpiA
GetVersionExA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindFirstFileA
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
WriteFile
CreateFileA
WaitNamedPipeA
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CloseHandle
CreateMutexA
FreeLibrary
GetProcAddress
LoadLibraryA
IsBadWritePtr

user32

IsClipboardFormatAvailable
MapVirtualKeyExA
GetKeyNameTextA
IsCharLowerA
GetMenuDefaultItem
SetMenuDefaultItem
UpdateLayeredWindow
EnableScrollBar
UnionRect
SetCursorPos
DrawIconEx
DrawFocusRect
DrawFrameControl
DrawEdge
UnpackDDElParam
ReuseDDElParam
InsertMenuItemA
TranslateAcceleratorA
GetNextDlgGroupItem
InvalidateRgn
SetRect
CharNextA
GetMenuItemInfoA
UnregisterClassA
EmptyClipboard
CloseClipboard
SetClipboardData
LoadImageA
DestroyIcon
CopyImage
OpenClipboard
DrawStateA
RegisterClipboardFormatA
EnumChildWindows
LockWindowUpdate
BringWindowToTop
IsRectEmpty
InvalidateRect
InflateRect
IsMenu
GetSystemMenu
SetClassLongA
CreatePopupMenu
NotifyWinEvent
SetWindowRgn
CreateAcceleratorTableA
LoadAcceleratorsA
DestroyAcceleratorTable
GetAsyncKeyState
CharUpperA
GetKeyboardState
GetKeyboardLayout
MapVirtualKeyA
ToAsciiEx
CopyAcceleratorTableA
DestroyMenu
PostThreadMessageA
LoadMenuA
GetSysColorBrush
SetRectEmpty
DeleteMenu
ReleaseCapture
LoadCursorA
WindowFromPoint
SetCapture
GetMenuStringA
AppendMenuA
InsertMenuA
RemoveMenu
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
ShowWindow
SetWindowTextA
IsDialogMessageA
CheckDlgButton
GetWindowThreadProcessId
ShowOwnedPopups
SetCursor
GetMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamA
IsWindowEnabled
GetNextDlgTabItem
EndDialog
SetWindowContextHelpId
MapDialogRect
RegisterWindowMessageA
SendDlgItemMessageA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetFocus
IsWindow
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
IsWindowVisible
UpdateWindow
GetSubMenu
GetMenuItemID
GetMenuItemCount
MessageBoxA
DefFrameProcA
DefMDIChildProcA
DrawMenuBar
TranslateMDISysAccel
FrameRect
GetUpdateRect
DestroyCursor
GetWindowRgn
CreateWindowExA
GetClassInfoExA
RegisterClassA
GetSysColor
AdjustWindowRectEx
GetParent
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
CreateMenu
GetDoubleClickTime
GetIconInfo
SubtractRect
CopyIcon
MoveWindow
CharUpperBuffA
CopyRect
SetWindowPlacement
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
GetWindowLongA
SetWindowLongA
SetWindowPos
IntersectRect
GetWindowPlacement
GetWindowRect
GetWindow
UnhookWindowsHookEx
WinHelpA
SystemParametersInfoA
OffsetRect
MessageBeep
RedrawWindow
IsZoomed
PostMessageA
DispatchMessageA
TranslateMessage
PeekMessageA
EnableWindow
PostQuitMessage
KillTimer
SetParent
GetClassNameA
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
wsprintfA
SetTimer
SendMessageA
LoadIconA
GetClassInfoA
WaitMessage

gdi32

CreateRectRgnIndirect
OffsetRgn
GetRgnBox
CreateDIBitmap
CreateFontIndirectA
CreateCompatibleBitmap
GetTextMetricsA
EnumFontFamiliesA
GetTextCharsetInfo
CreateRoundRectRgn
GetTextColor
GetTextExtentPoint32A
SetDIBColorTable
PatBlt
GetDIBits
RealizePalette
CombineRgn
StretchBlt
SetPixel
CreateDIBSection
GetBkColor
SetRectRgn
GetMapMode
DPtoLP
CreateEllipticRgn
CreatePolygonRgn
Polyline
Ellipse
Polygon
Rectangle
RoundRect
GetPaletteEntries
GetWindowOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
GetViewportOrgEx
LPtoDP
ExtFloodFill
SetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
EnumFontFamiliesExA
GetTextFaceA
SetPixelV
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
CreateHatchBrush
CopyMetaFileA
Escape
SetViewportExtEx
CreateSolidBrush
CreatePen
GetDeviceCaps
GetObjectType
SelectPalette
GetStockObject
CreateCompatibleDC
CreatePatternBrush
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
CreatePalette
GetDCOrgEx
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
SelectClipRgn
DeleteObject
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
SetMapMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetClipBox
ScaleViewportExtEx

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegQueryValueExA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyA
RegOpenKeyA
RegQueryValueA
RegOpenKeyExA
RegEnumKeyExA

shell32

DragFinish
SHGetPathFromIDListA
SHBrowseForFolderA
ShellExecuteA
DragQueryFileA
SHGetSpecialFolderPathA
SHGetFileInfoA
SHAppBarMessage

comctl32

InitCommonControlsEx
ImageList_GetIconSize

shlwapi

PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathFindExtensionA
PathRemoveFileSpecW

oledlg

ord8

ole32

OleGetClipboard
DoDragDrop
OleFlushClipboard
OleIsCurrentClipboard
OleLockRunning
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoDisconnectObject
CreateStreamOnHGlobal
OleUninitialize
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
CoUninitialize
CoCreateInstance
CoInitialize
CoFreeUnusedLibraries
OleInitialize
CoRegisterMessageFilter
CoRevokeClassObject
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleDuplicateData
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoInitializeEx

oleaut32

VariantClear
LoadTypeLi
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
SysAllocStringByteLen
SysStringLen
SysAllocString
VariantCopy
SysAllocStringLen
VariantInit
VariantChangeType
SysFreeString

gdiplus

GdipDrawImageI
GdipGetImageGraphicsContext
GdiplusShutdown
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipCloneImage

wininet

InternetConnectA
InternetOpenA
InternetCloseHandle
InternetReadFile
HttpSendRequestA
HttpOpenRequestA
InternetCrackUrlA

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

PlaySoundA

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 269KB - Virtual size: 269KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 141KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b8c18ce4f492055372def190d467c9b8

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

51:10:a6:61:62:04:b0:26:4e:74:f3:52:7f:a2:aa:76Certificate

Extended Key Usages

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6dCertificate

Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

gdiplus

wininet

imm32

winmm

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 269KB - Virtual size: 269KB

.data Size: 24KB - Virtual size: 51KB

.rsrc Size: 17KB - Virtual size: 17KB

.reloc Size: 141KB - Virtual size: 140KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

51:10:a6:61:62:04:b0:26:4e:74:f3:52:7f:a2:aa:76
Certificate

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 269KB - Virtual size: 269KB

.data
Size: 24KB - Virtual size: 51KB

.rsrc
Size: 17KB - Virtual size: 17KB

.reloc
Size: 141KB - Virtual size: 140KB