13f7d25c77afdb77e5aeab88ba3db4cc

Sharing

Copy URL Twitter E-mail

General

Target

13f7d25c77afdb77e5aeab88ba3db4cc
Size

577KB
MD5

13f7d25c77afdb77e5aeab88ba3db4cc
SHA1

e3b0481da29d86f8b04e845cfc8881c13905e44f
SHA256

ace3b95755ef6b7b5f20ab4b8c644771141f284a4fa306bfdd60f35dacfa603c
SHA512

df5a879c0680dfb6d27e1386784c6e31f76c28a5b0f81b751d123cd0a9a94628e12f2b4cae007037e7d8bfb17cc288c1f10edf1c39d522b3a73543002da8b8e4
SSDEEP

12288:WoENlELMltAgXtHF7B+ELKVEVxVn6Y9MRGM4h/qof6:hUlXJgELMEVxVnl9MRGJ/qof6

Score

1^/10

Malware Config

Signatures

Files

13f7d25c77afdb77e5aeab88ba3db4cc
.dll windows:4 windows x86 arch:x86

78af19ef734d586fca8baddc52125988

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

63:b4:d4:81:05:76:53:2e:1b:10:b9:9d:39:89:4c:78
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/05/2013, 00:00

Not After

22/05/2016, 23:59

Subject

CN=2345.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=总办,O=2345.com,L=上海,ST=上海,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c1:5f:a2:70:cc:be:8e:f2:c1:36:c6:51:08:bf:00:7f:70:a7:b0:e2
Signer

Actual PE Digest

c1:5f:a2:70:cc:be:8e:f2:c1:36:c6:51:08:bf:00:7f:70:a7:b0:e2

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

gdiplus

GdiplusStartup
GdipDisposeImageAttributes
GdipDisposeImage
GdipCloneBrush
GdipFillRectangleI
GdipCreateBitmapFromScan0
GdipSetSmoothingMode
GdipCreateSolidFill
GdipDeleteGraphics
GdipCreateHBITMAPFromBitmap
GdipCloneImage
GdipCreateImageAttributes
GdipDrawImageRectRectI
GdipSetImageAttributesColorKeys
GdiplusShutdown
GdipCreateBitmapFromHBITMAP
GdipGetImageWidth
GdipGetImageHeight
GdipAlloc
GdipFree
GdipGetImageGraphicsContext
GdipCreateFromHDC
GdipDeleteBrush

kernel32

DisableThreadLibraryCalls
DeleteCriticalSection
InterlockedExchangeAdd
CreateDirectoryW
GetFileAttributesW
RemoveDirectoryW
ResumeThread
ResetEvent
CreateEventW
ReleaseMutex
CreateMutexW
FindClose
FindNextFileW
FindFirstFileW
GetFileSize
WriteFile
SetFilePointer
ReadFile
CreateFileW
SetEndOfFile
GetTempPathW
DeleteFileW
GetLongPathNameW
SetEvent
GetFullPathNameW
SetUnhandledExceptionFilter
Sleep
LocalFree
MapViewOfFile
InterlockedIncrement
GetEnvironmentVariableW
FreeLibrary
GetVersionExW
HeapAlloc
GetProcessHeap
HeapFree
GetModuleHandleExW
SetLastError
OpenFileMappingW
ExpandEnvironmentStringsW
GetFileAttributesExW
GetShortPathNameW
GetUserDefaultLangID
IsBadWritePtr
IsBadReadPtr
IsBadStringPtrW
MulDiv
GetProcAddress
WaitForSingleObject
WaitForMultipleObjects
CloseHandle
GetCurrentProcessId
GetSystemTimeAsFileTime
CreateProcessW
GetVersionExA
WideCharToMultiByte
GetFileSizeEx
GetComputerNameW
FindResourceW
GetModuleFileNameW
SizeofResource
SetErrorMode
InitializeCriticalSection
GetLastError
LeaveCriticalSection
GetCurrentProcess
lstrlenW
RaiseException
InterlockedDecrement
EnterCriticalSection
GetCurrentThreadId
MultiByteToWideChar
lstrcmpiW
TerminateProcess
InterlockedExchange
GetModuleHandleW
LoadResource
OpenProcess
UnmapViewOfFile
LoadLibraryExW
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
UnhandledExceptionFilter
InterlockedCompareExchange
CreateFileMappingW
LoadLibraryW
FormatMessageW
GetACP
SetFileAttributesW
GetThreadLocale
GetLocaleInfoA

user32

GetKeyNameTextW
DrawIconEx
GetKeyboardLayout
MonitorFromPoint
MonitorFromRect
FillRect
MapVirtualKeyExW
GetMonitorInfoW
DrawTextW
EqualRect
WindowFromPoint
SetCapture
WaitMessage
GetCapture
TranslateMessage
GetKeyState
SystemParametersInfoW
ReleaseCapture
DispatchMessageW
GetSystemMetrics
PeekMessageW
GetClassNameW
GetDesktopWindow
CopyRect
GetMenuItemInfoW
SetRectEmpty
SetWindowLongW
UpdateWindow
CreatePopupMenu
IsWindowEnabled
SetRect
GetUpdateRect
DestroyIcon
GetDC
InsertMenuW
IsRectEmpty
DeleteMenu
IntersectRect
BeginPaint
GetFocus
PtInRect
InflateRect
UpdateLayeredWindow
GetCursorPos
SetMenuItemInfoW
InvalidateRect
PostMessageW
GetMenuItemCount
ClientToScreen
LoadMenuW
LoadCursorW
RegisterClassExW
SetTimer
ReleaseDC
RemovePropW
DefWindowProcW
ScreenToClient
IsIconic
GetClientRect
SendMessageW
GetWindowRect
DestroyMenu
EndPaint
IsMenu
AppendMenuW
GetSubMenu
SetFocus
CreateWindowExW
GetWindowLongW
GetDlgItem
FindWindowExA
GetWindowThreadProcessId
SetWindowPos
ShowWindow
GetClassNameA
IsWindow
KillTimer
IsWindowVisible
DestroyWindow
CharNextW
MessageBoxW
UnregisterClassA
GetMenuStringW

gdi32

CreateCompatibleBitmap
MoveToEx
CreateCompatibleDC
ExtCreatePen
DeleteDC
SelectClipRgn
LineTo
BitBlt
SelectObject
DeleteObject
CreateFontIndirectW
CreateDIBSection
GetTextExtentPointW
SetTextColor
SetBkMode
CreatePen
CreateSolidBrush
GetObjectW
CreateRectRgn

advapi32

SetSecurityDescriptorDacl
GetLengthSid
CopySid
AllocateAndInitializeSid
RegSetKeySecurity
FreeSid
InitializeSecurityDescriptor
AddAce
RegEnumKeyW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegQueryValueExW
InitializeAcl
GetTokenInformation

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHChangeNotify
SHFileOperationW
ord155
SHGetFileInfoW
ShellExecuteExW

ole32

CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
OleUninitialize
OleInitialize
CLSIDFromString
RegisterDragDrop
RevokeDragDrop

oleaut32

VarUI4FromStr
VariantClear
SysAllocString
VariantInit
SysFreeString

msvcr80

wcschr
_recalloc
malloc
wcsncpy_s
towlower
_wcsdup
??_V@YAXPAX@Z
free
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
_invalid_parameter_noinfo
?what@exception@std@@UBEPBDXZ
??3@YAXPAX@Z
_purecall
memmove_s
??2@YAPAXI@Z
??0exception@std@@QAE@ABV01@@Z
memcpy_s
??0exception@std@@QAE@ABQBD@Z
towupper
_vsnwprintf_s
_errno
wcsstr
_wrename
_beginthreadex
wcscpy_s
wcsncmp
isalnum
_vswprintf_c_l
_waccess
_wcsicmp
_wtoi
memchr
calloc
wcsrchr
__RTDynamicCast
wcsncpy
_wcsupr
swprintf_s
_CxxThrowException
__CxxFrameHandler3
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_except_handler4_common
__clean_type_info_names_internal
memset
memmove
tolower
__CppXcptFilter
memcpy

comctl32

_TrackMouseEvent

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

Exports

Exports

CheckInitApp
GetGlobalInstance
InitApp
LoadCoralApp

Sections

.text
Size: 374KB - Virtual size: 374KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

78af19ef734d586fca8baddc52125988

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78Certificate

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

63:b4:d4:81:05:76:53:2e:1b:10:b9:9d:39:89:4c:78Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

c1:5f:a2:70:cc:be:8e:f2:c1:36:c6:51:08:bf:00:7f:70:a7:b0:e2Signer

Headers

File Characteristics

Imports

gdiplus

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msvcr80

comctl32

version

Exports

Exports

Sections

.text Size: 374KB - Virtual size: 374KB

.rdata Size: 74KB - Virtual size: 74KB

.data Size: 9KB - Virtual size: 13KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 28KB - Virtual size: 28KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

63:b4:d4:81:05:76:53:2e:1b:10:b9:9d:39:89:4c:78
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

c1:5f:a2:70:cc:be:8e:f2:c1:36:c6:51:08:bf:00:7f:70:a7:b0:e2
Signer

.text
Size: 374KB - Virtual size: 374KB

.rdata
Size: 74KB - Virtual size: 74KB

.data
Size: 9KB - Virtual size: 13KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 28KB - Virtual size: 28KB