1097523591a68110a30220219b61da50

Sharing

Copy URL Twitter E-mail

General

Target

1097523591a68110a30220219b61da50
Size

769KB
MD5

1097523591a68110a30220219b61da50
SHA1

d676d09e774f134da77f68f624d2996e5ecc1986
SHA256

b44a8f76b6e28c93d49cc4a78c8ae87a4ff3c1ef17a66e22ada96e1b4dca6cca
SHA512

e66b141a6b49fa4c168d3e1de005a03c79827318a77614472a32e71a9a473fd119723db3a5542967fa89aec204a4921470842d656ed883917347eeaa595063e8
SSDEEP

24576:GJ9hJp2Jy9FT6HrMEE0vv9Oc7QbwF46U8cN1u:UhX776L870QbwF46U8q1u

Score

1^/10

Malware Config

Signatures

Files

1097523591a68110a30220219b61da50
.dll regsvr32 windows:4 windows x86 arch:x86

6b39edda937c6a6d7be874317a139016

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/01/2010, 00:00

Not After

25/01/2013, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

60:48:2c:0e:d5:e1:8c:bf:2d:41:ac:f8:1a:b3:f9:d1:06:42:f2:31
Signer

Actual PE Digest

60:48:2c:0e:d5:e1:8c:bf:2d:41:ac:f8:1a:b3:f9:d1:06:42:f2:31

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

trae_qt

TRAE_SetLogFunc
TRAE_DestroyEngine
TRAE_CreateEngine

kernel32

LoadLibraryW
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
GetCurrentThreadId
WriteFile
CreateFileW
GetPrivateProfileIntW
CreateEventW
QueryPerformanceFrequency
QueryPerformanceCounter
ReleaseSemaphore
Sleep
CreateSemaphoreW
RaiseException
GetLastError
GetCurrentThread
GetThreadPriority
SetThreadPriority
MulDiv
lstrcpyW
ResetEvent
GetModuleHandleW
GetProcAddress
FreeLibrary
SetEvent
WaitForSingleObject
TerminateThread
GetSystemInfo
CloseHandle
OutputDebugStringA
GetTickCount
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
lstrlenW
lstrcmpW
WaitForMultipleObjects
lstrcpynW
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetThreadLocale
GetLocaleInfoA
GetACP
GetVersionExA
GetSystemTimeAsFileTime
GetCurrentProcessId
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
DeleteCriticalSection
InitializeCriticalSection
InterlockedIncrement
InterlockedDecrement

user32

DispatchMessageW
RegisterWindowMessageW
MsgWaitForMultipleObjects
PeekMessageW
GetQueueStatus
PostThreadMessageW
UnregisterClassA
OffsetRect
GetSystemMetrics
GetDC
ReleaseDC
GetClientRect
ClientToScreen
GetWindowRect
CopyRect

gdi32

GetDeviceCaps
SetDIBitsToDevice

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW

ole32

CoTaskMemFree
CoTaskMemAlloc
CoUninitialize
CoFreeUnusedLibraries
CoInitialize
CoCreateInstance
HWND_UserSize
HWND_UserMarshal
HWND_UserUnmarshal
HWND_UserFree

oleaut32

SysAllocStringByteLen
VariantClear
VariantInit
LoadTypeLi
SysStringByteLen
LoadRegTypeLi
SysAllocString
SysFreeString
BSTR_UserSize
BSTR_UserMarshal
BSTR_UserUnmarshal
BSTR_UserFree
SysStringLen

rpcrt4

CStdStubBuffer_CountRefs
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_Disconnect
CStdStubBuffer_Connect
CStdStubBuffer_AddRef
CStdStubBuffer_QueryInterface
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrOleAllocate
CStdStubBuffer_DebugServerRelease
NdrStubForwardingFunction
NdrStubCall2
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
NdrCStdStubBuffer2_Release
CStdStubBuffer_DebugServerQueryInterface

msvcr80

_vswprintf
_vscwprintf
_beginthreadex
fclose
fwrite
memcpy_s
tolower
isspace
realloc
_vsnprintf
ceil
floor
feof
fopen
__RTDynamicCast
_CIsin
_CIcos
_snprintf
memmove
wcsncpy
wcsstr
_wcslwr
malloc
calloc
longjmp
_setjmp3
_CIlog
rand
_CIsqrt
_CIexp
_CIpow
_CIlog10
strtol
getenv
?terminate@@YAXXZ
_except_handler4_common
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__clean_type_info_names_internal
memmove_s
vswprintf_s
??0exception@std@@QAE@ABV01@@Z
_invalid_parameter_noinfo
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
strncat
??_U@YAPAXI@Z
_CxxThrowException
memset
memcpy
__CxxFrameHandler3
??2@YAPAXI@Z
??_V@YAXPAX@Z
free
??3@YAXPAX@Z
fgets

atl80

ord31
ord58
ord32
ord61
ord23
ord15
ord64
ord30

msvcp80

??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z

winmm

timeKillEvent
timeSetEvent
timeGetTime
timeEndPeriod
timeBeginPeriod

msvfw32

DrawDibDraw
DrawDibRealize
DrawDibBegin
DrawDibOpen
DrawDibClose

Exports

Exports

??0CVideoFilter@@QAE@HH@Z
??1CVideoFilter@@QAE@XZ
??4CVideoFilter@@QAEAAV0@ABV0@@Z
?BlockMotionEst@CVideoFilter@@IAEHPAE0HHPAUS_MV@@HHHH@Z
?CalcBlockSad@CVideoFilter@@KAHPAE0HH@Z
?ChangeComplexity@CVideoFilter@@QAEXH@Z
?DoSpaceFilter@CVideoFilter@@QAEHPAEHH@Z
?DoTempalFilter@CVideoFilter@@QAEHPAEHHW4E_ColorType@@@Z
?FrameMotionEst2@CVideoFilter@@IAEXPAUPictureInfo@@0PAUS_MV@@1@Z
?FrameMotionEst@CVideoFilter@@IAEXPAUPictureInfo@@0PAUS_MV@@@Z
?InitFilter@CVideoFilter@@IAEHHHW4E_ColorType@@@Z
?InitPicInfo@CVideoFilter@@IAEPAUPictureInfo@@PAE@Z
?MMXCalcBlockSad8x8@CVideoFilter@@KAHPAE0HH@Z
?MMXTFOneBlock2@CVideoFilter@@KAHPAE0HH@Z
?MMXTFOneBlock3@CVideoFilter@@KAHPAE00HH@Z
?MMXTFOneChrBlock2@CVideoFilter@@KAHPAE000HH@Z
?MMXTFOneChrBlock3@CVideoFilter@@KAHPAE00000HH@Z
?SpaceFilter@CVideoFilter@@IAEXPAEH@Z
?StopFilter@CVideoFilter@@QAEXXZ
?TFOneBlock2@CVideoFilter@@KAHPAE0HH@Z
?TFOneBlock3@CVideoFilter@@KAHPAE00HH@Z
?TFOneChrBlock2@CVideoFilter@@KAHPAE000HH@Z
?TFOneChrBlock3@CVideoFilter@@KAHPAE00000HH@Z
?TempalFilter@CVideoFilter@@IAEXPAUPictureInfo@@00@Z
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 628KB - Virtual size: 626KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 4KB - Virtual size: 576B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6b39edda937c6a6d7be874317a139016

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0Certificate

Extended Key Usages

Key Usages

60:48:2c:0e:d5:e1:8c:bf:2d:41:ac:f8:1a:b3:f9:d1:06:42:f2:31Signer

Headers

File Characteristics

Imports

trae_qt

kernel32

user32

gdi32

advapi32

ole32

oleaut32

rpcrt4

msvcr80

atl80

msvcp80

winmm

msvfw32

Exports

Exports

Sections

.text Size: 628KB - Virtual size: 626KB

.orpc Size: 4KB - Virtual size: 576B

.rdata Size: 80KB - Virtual size: 79KB

.data Size: 8KB - Virtual size: 100KB

.rodata Size: 4KB - Virtual size: 3KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 28KB - Virtual size: 24KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

60:48:2c:0e:d5:e1:8c:bf:2d:41:ac:f8:1a:b3:f9:d1:06:42:f2:31
Signer

.text
Size: 628KB - Virtual size: 626KB

.orpc
Size: 4KB - Virtual size: 576B

.rdata
Size: 80KB - Virtual size: 79KB

.data
Size: 8KB - Virtual size: 100KB

.rodata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 28KB - Virtual size: 24KB