0c5e26e467f2f171b576be224f17956a

Sharing

Copy URL Twitter E-mail

General

Target

0c5e26e467f2f171b576be224f17956a
Size

21.1MB
MD5

0c5e26e467f2f171b576be224f17956a
SHA1

ae0ce38db36e29dd27b1402848cb6364ef4c8288
SHA256

5b35fa17ff616e0679001c52a8f19468bb9cf6afc037028edb99924502f090f5
SHA512

fcfced78984700c5fdf86436c3705ae7fe6eb714a84f735ae52e77ca6e2acf22d94ef3595e88433a623629ac8177623fb916cd5dfec47873018bce2cce6bc795
SSDEEP

393216:idIZwGGU5QcFoZDEOeZ8NrwIqWW1P3qzp37QemlFPJuRaCJrlvHQlW/Xti:iiwGjmLDr74P3y37QeMFPnE1QkP8

Score

1^/10

Malware Config

Signatures

Files

0c5e26e467f2f171b576be224f17956a
.exe windows:5 windows x86 arch:x86

0646bc74786ab86147a633edabe15e2d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

41:da:d5:9a:6c:a7:7a:2d:24:61:25:08:38:03:46:4f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

12/04/2018, 00:00

Not After

12/07/2019, 23:59

Subject

CN=Shenzhen Thinksky Technology Co.\,Ltd,OU=R&D Dept.,O=Shenzhen Thinksky Technology Co.\,Ltd,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:da:d5:9a:6c:a7:7a:2d:24:61:25:08:38:03:46:4f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

12/04/2018, 00:00

Not After

12/07/2019, 23:59

Subject

CN=Shenzhen Thinksky Technology Co.\,Ltd,OU=R&D Dept.,O=Shenzhen Thinksky Technology Co.\,Ltd,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

24:93:67:01:3c:71:47:a3:4c:c1:fc:df:4e:71:89:72:90:d3:3c:8e:d0:0c:b8:5e:4e:3f:fd:a6:7d:5e:c3:a9
Signer

Actual PE Digest

24:93:67:01:3c:71:47:a3:4c:c1:fc:df:4e:71:89:72:90:d3:3c:8e:d0:0c:b8:5e:4e:3f:fd:a6:7d:5e:c3:a9

Digest Algorithm

sha256

PE Digest Matches

true

95:14:97:17:1b:2b:84:b3:8f:01:67:f1:8a:ed:2f:40:51:89:3f:63
Signer

Actual PE Digest

95:14:97:17:1b:2b:84:b3:8f:01:67:f1:8a:ed:2f:40:51:89:3f:63

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetNamedPipeHandleState
WriteFile
WaitNamedPipeW
GetVolumeInformationW
InterlockedDecrement
InterlockedIncrement
FreeLibrary
LoadLibraryW
SetFileAttributesW
CreateDirectoryW
OutputDebugStringW
Module32NextW
Module32FirstW
OpenProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
lstrlenW
CreateProcessW
RemoveDirectoryW
GetModuleFileNameW
GetModuleHandleW
GetVersionExW
SetFilePointer
ReadFile
GetFileSize
GetCurrentProcess
TerminateProcess
LocalFree
GetCommandLineW
GetProcAddress
MultiByteToWideChar
GetCurrentThreadId
UnmapViewOfFile
MapViewOfFile
DeleteFileW
MoveFileW
Sleep
GetTickCount
CreateFileMappingW
CreateFileW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
TerminateThread
OpenThread
SetEnvironmentVariableA
CompareStringW
SetEndOfFile
WriteConsoleW
FlushFileBuffers
SetStdHandle
GlobalFree
GetTimeZoneInformation
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
GetConsoleMode
GetConsoleCP
RtlUnwind
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapCreate
GetStdHandle
ExitProcess
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetDateFormatW
GetTimeFormatW
ResumeThread
GetStartupInfoW
HeapSetInformation
GetSystemTimeAsFileTime
DecodePointer
EncodePointer
CreateThread
ExitThread
InitializeCriticalSectionAndSpinCount
RaiseException
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
MulDiv
GetSystemInfo
CloseHandle
WideCharToMultiByte
GetNativeSystemInfo
GlobalAlloc
GlobalReAlloc
GlobalUnlock
GlobalLock
FreeResource
LCMapStringW
GetTempPathW
WaitForSingleObject
InterlockedExchange
GetLastError
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CreateFileA

user32

SetCapture
GetMessageW
GetCapture
ReleaseDC
ReleaseCapture
PtInRect
SetCursor
LoadCursorW
GetWindowLongW
SetWindowLongW
SetFocus
DefWindowProcW
GetWindowTextLengthW
SendMessageW
PostMessageW
SetWindowTextW
DrawTextW
DispatchMessageW
GetCursor
KillTimer
SetTimer
UpdateLayeredWindow
GetCursorPos
EndPaint
BeginPaint
IntersectRect
EqualRect
SetRectEmpty
EnumChildWindows
EnumThreadWindows
SystemParametersInfoW
IsZoomed
SetWindowRgn
IsRectEmpty
SetRect
SetWindowPos
MessageBoxW
SendMessageTimeoutW
MsgWaitForMultipleObjects
PeekMessageW
InflateRect
TranslateMessage
PostQuitMessage
UpdateWindow
EnableWindow
InvalidateRect
OffsetRect
ShowWindow
GetDesktopWindow
GetWindowRect
GetClientRect
GetWindowTextW
GetParent
MoveWindow
IsWindowVisible
GetDC
RegisterClassExW
EndDialog
GetPropW
IsWindow
DestroyWindow
CreateWindowExW
SetPropW
RemovePropW
ScreenToClient

gdi32

DeleteObject
SelectObject
PatBlt
CreateRectRgn
BitBlt
CombineRgn
OffsetRgn
CreateFontIndirectW
SaveDC
RestoreDC
SelectClipRgn
CreateCompatibleDC
SetBkMode
CreateDIBSection
CreateCompatibleBitmap
DeleteDC
GetObjectA
ExtCreateRegion
GetTextExtentPoint32W
RectVisible
SetTextColor

advapi32

RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
OpenProcessToken
CheckTokenMembership
GetTokenInformation
CreateWellKnownSid

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
SHGetMalloc
SHFileOperationW
ShellExecuteExW
SHCreateDirectoryExW
SHGetSpecialFolderPathW
ShellExecuteW
CommandLineToArgvW

ole32

CreateStreamOnHGlobal
CoCreateGuid
CoUninitialize
CoInitialize
StringFromGUID2

shlwapi

PathFileExistsW
PathFindFileNameW
PathFindExtensionW
PathRemoveFileSpecW
PathIsDirectoryW
PathStripToRootW

gdiplus

GdipImageSelectActiveFrame
GdipDrawImageRectI
GdipCloneImage
GdipLoadImageFromStream
GdipGetImageRawFormat
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipDisposeImage
GdipGetPropertyItem
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatFlags
GdipSetStringFormatTrimming
GdipSetClipRectI
GdipDrawString
GdipMeasureString
GdipGetPropertyItemSize
GdipDrawLineI
GdipDeletePen
GdipCreatePen1
GdipFillRectangleI
GdipDeleteGraphics
GdipCreateFromHDC
GdipCloneBrush
GdipAlloc
GdipFree
GdipDeleteBrush
GdipCreateSolidFill
GdipCreateFontFromDC
GdiplusShutdown
GdiplusStartup
GdipGetImageHeight
GdipGetImageWidth
GdipCreateBitmapFromStream
GdipGetImagePixelFormat

msimg32

TransparentBlt
AlphaBlend

comctl32

_TrackMouseEvent
InitCommonControlsEx

msvfw32

DrawDibDraw
DrawDibOpen
DrawDibClose

imagehlp

ImageLoad
ImageUnload

iphlpapi

GetAdaptersInfo

ws2_32

ioctlsocket
connect
htons
inet_ntoa
gethostbyname
socket
recv
send
__WSAFDIsSet
select
closesocket
WSACleanup
WSAStartup
ntohl
inet_addr

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 326KB - Virtual size: 326KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 341KB - Virtual size: 340KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0646bc74786ab86147a633edabe15e2d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

41:da:d5:9a:6c:a7:7a:2d:24:61:25:08:38:03:46:4fCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

41:da:d5:9a:6c:a7:7a:2d:24:61:25:08:38:03:46:4fCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

24:93:67:01:3c:71:47:a3:4c:c1:fc:df:4e:71:89:72:90:d3:3c:8e:d0:0c:b8:5e:4e:3f:fd:a6:7d:5e:c3:a9Signer

95:14:97:17:1b:2b:84:b3:8f:01:67:f1:8a:ed:2f:40:51:89:3f:63Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

gdiplus

msimg32

comctl32

msvfw32

imagehlp

iphlpapi

ws2_32

version

Sections

.text Size: 326KB - Virtual size: 326KB

.rdata Size: 67KB - Virtual size: 66KB

.data Size: 8KB - Virtual size: 24KB

.rsrc Size: 341KB - Virtual size: 340KB

.reloc Size: 25KB - Virtual size: 25KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

41:da:d5:9a:6c:a7:7a:2d:24:61:25:08:38:03:46:4f
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

41:da:d5:9a:6c:a7:7a:2d:24:61:25:08:38:03:46:4f
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

24:93:67:01:3c:71:47:a3:4c:c1:fc:df:4e:71:89:72:90:d3:3c:8e:d0:0c:b8:5e:4e:3f:fd:a6:7d:5e:c3:a9
Signer

95:14:97:17:1b:2b:84:b3:8f:01:67:f1:8a:ed:2f:40:51:89:3f:63
Signer

.text
Size: 326KB - Virtual size: 326KB

.rdata
Size: 67KB - Virtual size: 66KB

.data
Size: 8KB - Virtual size: 24KB

.rsrc
Size: 341KB - Virtual size: 340KB

.reloc
Size: 25KB - Virtual size: 25KB