011545389afa1f9da836bfbfa2da45ce

Sharing

Copy URL Twitter E-mail

General

Target

011545389afa1f9da836bfbfa2da45ce
Size

1.3MB
MD5

011545389afa1f9da836bfbfa2da45ce
SHA1

02e9ee899321ba13df822cc9ca43bf8a3f5e759e
SHA256

b4536b59430cf45c56f18f7a22d977711e70a5930c7193e791c1e68c7e7e8a09
SHA512

aa231d3a242285abda27e6e121dc03aadec80018552b3974267a5492f248a18e22508506d58b160c5bc915a3f77d3dc6ada61e35cfdabdd6207211ca7d25678e
SSDEEP

24576:gHJeU8qi0BwikfHuk2h82cf1XMw4PAXmOvMmwhI9awiC64GG2vW:29HiqwzfHpL42mOw1wK4mW

Score

1^/10

Malware Config

Signatures

Files

011545389afa1f9da836bfbfa2da45ce
.dll windows:5 windows x86 arch:x86

fe5df5b68b7d5dc1b4e093be07bd286c

Code Sign

63:97:40:8a:a8:8e:f2:0c:c5:eb:36:c1:9a:59:06:70
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

22/11/2016, 00:00

Not After

22/11/2018, 23:59

Subject

CN=Beijing Funplay Interactive Information Technology Co. Ltd.,OU=IT,O=Beijing Funplay Interactive Information Technology Co. Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:3d:c3:81:cf:cd:b3:5e:f5:de:10:5a:20:9d:98:a9
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

24/11/2016, 00:00

Not After

24/11/2019, 23:59

Subject

SERIALNUMBER=911101053397640183,CN=Beijing Funplay Interactive Information Technology Co. Ltd.,OU=IT,O=Beijing Funplay Interactive Information Technology Co. Ltd.,L=Beijing,ST=Beijing,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13074265696a696e67,1.3.6.1.4.1.311.60.2.1.2=#13074265696a696e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

2a:94:e9:cb:27:c6:ae:fc:74:43:b0:6f:bd:5d:8c:f8:07:fc:b3:11:c8:19:2b:a1:28:3d:ae:66:2a:56:ca:78
Signer

Actual PE Digest

2a:94:e9:cb:27:c6:ae:fc:74:43:b0:6f:bd:5d:8c:f8:07:fc:b3:11:c8:19:2b:a1:28:3d:ae:66:2a:56:ca:78

Digest Algorithm

sha256

PE Digest Matches

true

4a:e0:7c:49:2c:ed:00:67:04:69:d4:23:1a:fb:9c:d5:74:58:be:5f
Signer

Actual PE Digest

4a:e0:7c:49:2c:ed:00:67:04:69:d4:23:1a:fb:9c:d5:74:58:be:5f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateIoCompletionPort
GetQueuedCompletionStatus
ReadFile
GetFileSize
WideCharToMultiByte
OpenFile
GetFileSizeEx
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
CreateMutexW
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
WritePrivateProfileStringW
ReleaseMutex
SetFileAttributesW
DeleteFileW
MoveFileExW
lstrlenA
GetThreadLocale
SetThreadLocale
MultiByteToWideChar
FlushViewOfFile
SetEndOfFile
OpenFileMappingW
MapViewOfFileEx
RemoveDirectoryW
GetFileAttributesW
GetLongPathNameW
FindFirstFileW
GetDriveTypeW
OpenProcess
FindNextFileW
FindClose
TlsSetValue
TlsGetValue
TlsAlloc
TlsFree
CreateDirectoryW
GetNativeSystemInfo
GetVersionExW
LocalFree
SetLastError
GetTempPathW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
TerminateProcess
GetCurrentProcess
PeekNamedPipe
CreateEventW
WaitForSingleObject
GetCurrentThreadId
InterlockedExchange
GetTickCount
GetCurrentProcessId
GetFileAttributesExW
Sleep
InitializeCriticalSection
GetSystemTime
LockFileEx
CreateFileMappingA
UnlockFile
DeleteFileA
GetVersionExA
LoadLibraryA
CreateFileA
TerminateThread
GetDiskFreeSpaceA
GetTempPathA
HeapValidate
UnlockFileEx
LockFile
FreeLibrary
GetProcAddress
LoadLibraryW
GetModuleHandleW
WriteFile
OutputDebugStringW
SetFilePointer
CreateFileW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetModuleFileNameW
CloseHandle
EncodePointer
DecodePointer
RaiseException
LeaveCriticalSection
EnterCriticalSection
GlobalAlloc
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
GetDiskFreeSpaceW
InterlockedCompareExchange
HeapCreate
AreFileApisANSI
OutputDebugStringA
WriteConsoleW
FlushFileBuffers
GetConsoleCP
ReadConsoleW
GetConsoleMode
SetStdHandle
GetFullPathNameA
GetFullPathNameW
GetCurrentDirectoryW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
GetLastError
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetACP
SetFilePointerEx
GetModuleFileNameA
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
LoadLibraryExW
RtlUnwind
InterlockedFlushSList
ExpandEnvironmentStringsA
GetStdHandle
GetFileType
WaitForMultipleObjects
FormatMessageA
VerifyVersionInfoW
SleepEx
VerSetConditionMask
InitializeSListHead
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
GetLocaleInfoW
LCMapStringW
CompareStringW
GetSystemTimeAsFileTime
GetCPInfo
GetStringTypeW
FormatMessageW
GetExitCodeThread
GetSystemInfo
PostQueuedCompletionStatus
SetEvent
GetFileAttributesA
ResetEvent
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
IsDebuggerPresent

user32

KillTimer
SendMessageTimeoutW
FindWindowW
PostMessageW
SendMessageW
RegisterWindowMessageW
IsWindow
LoadImageW
DestroyIcon
PrivateExtractIconsW
DefWindowProcW
RegisterClassExW
CreateWindowExW
SetWindowLongW
ShowWindow
DestroyWindow
GetWindowLongW
SetTimer

advapi32

CryptDestroyHash
CryptCreateHash
CryptEncrypt
CryptImportKey
CryptGetHashParam
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptHashData

ole32

CoLoadLibrary
StringFromGUID2
CLSIDFromString
CoCreateInstance
CreateStreamOnHGlobal

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW
ord165
ExtractIconW
SHGetFileInfoW
ShellExecuteW

oleaut32

SysAllocStringLen
LoadRegTypeLi
LoadTypeLi
SysStringLen
SysStringByteLen
SysAllocStringByteLen
SysFreeString
SysAllocString
VarBstrCmp

shlwapi

PathRelativePathToW
PathIsPrefixW
PathRemoveBackslashW
PathCanonicalizeW
PathIsRootW
PathIsRelativeW
PathRemoveFileSpecW
PathFindFileNameW
PathCombineW
PathAppendW
PathFileExistsW
PathFindExtensionW
PathIsDirectoryW
StrRStrIW
StrStrW
StrChrW
StrCmpIW
PathAddBackslashW

ws2_32

listen
accept
sendto
recvfrom
freeaddrinfo
getaddrinfo
WSAIoctl
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
closesocket
WSAStartup
WSACleanup
WSAGetLastError
__WSAFDIsSet
select
WSASetLastError
recv
send
gethostname
bind
ioctlsocket

wldap32

ord301
ord133
ord79
ord142
ord167
ord127
ord145
ord27
ord26
ord118
ord41
ord208
ord216
ord14
ord46
ord147

wininet

InternetCrackUrlW
InternetOpenW
InternetSetOptionW
InternetConnectW
InternetCloseHandle
HttpSendRequestW
HttpQueryInfoW
InternetReadFile
HttpOpenRequestW

psapi

GetModuleFileNameExW

Exports

Exports

DllGetClassObject
GetCoreComponentList

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 187KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fe5df5b68b7d5dc1b4e093be07bd286c

Code Sign

63:97:40:8a:a8:8e:f2:0c:c5:eb:36:c1:9a:59:06:70Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49Certificate

Extended Key Usages

Key Usages

0b:3d:c3:81:cf:cd:b3:5e:f5:de:10:5a:20:9d:98:a9Certificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6Certificate

Extended Key Usages

Key Usages

2a:94:e9:cb:27:c6:ae:fc:74:43:b0:6f:bd:5d:8c:f8:07:fc:b3:11:c8:19:2b:a1:28:3d:ae:66:2a:56:ca:78Signer

4a:e0:7c:49:2c:ed:00:67:04:69:d4:23:1a:fb:9c:d5:74:58:be:5fSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

shell32

oleaut32

shlwapi

ws2_32

wldap32

wininet

psapi

Exports

Exports

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 187KB - Virtual size: 186KB

.data Size: 16KB - Virtual size: 21KB

.gfids Size: 1024B - Virtual size: 572B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 44KB - Virtual size: 43KB

63:97:40:8a:a8:8e:f2:0c:c5:eb:36:c1:9a:59:06:70
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

0b:3d:c3:81:cf:cd:b3:5e:f5:de:10:5a:20:9d:98:a9
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

2a:94:e9:cb:27:c6:ae:fc:74:43:b0:6f:bd:5d:8c:f8:07:fc:b3:11:c8:19:2b:a1:28:3d:ae:66:2a:56:ca:78
Signer

4a:e0:7c:49:2c:ed:00:67:04:69:d4:23:1a:fb:9c:d5:74:58:be:5f
Signer

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 187KB - Virtual size: 186KB

.data
Size: 16KB - Virtual size: 21KB

.gfids
Size: 1024B - Virtual size: 572B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 44KB - Virtual size: 43KB