156627e674c9709d53b0d65b5dbb6162

Sharing

Copy URL

Twitter E-mail

General

Target

156627e674c9709d53b0d65b5dbb6162
Size

644KB
MD5

156627e674c9709d53b0d65b5dbb6162
SHA1

1a2d834fa52b1d14e1e91f39c206e719a8bedce6
SHA256

05280f224dd57003143ca3b072209ae6a8e21145da4ff0a14338ceddba6e1c3d
SHA512

d04c7d3df8e5967cce5142d328a925aa893e5e948b477ab1b58c306c01532fc895dbaceef8b18beb59848291d6319b209bda805853f4e9d708d2c0ddd65da76e
SSDEEP

12288:YUuFGfBqwFjGTkxSoGRgvTwmEV4G4tbvV:YUpfoYykQoGyvTwHVhqv

Score

1^/10

Malware Config

Signatures

Files

156627e674c9709d53b0d65b5dbb6162
.exe windows:5 windows x86 arch:x86

c2feaf1b8afcf42054fbd00f7b98fb31

Code Sign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08-08-2009 01:00

Not After

08-08-2024 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

46:c1:8f:66:01:63:3d:ae:52:ff:d9:a4:fa:16:2f:40
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

19-11-2013 00:00

Not After

09-02-2017 23:59

Subject

CN=BEIJING QIYI CENTURY SCIENCE&TECHNOLOGY CO.\,LTD.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=TECHNOLOGY PRODUCTS DEPARTMENT,O=BEIJING QIYI CENTURY SCIENCE&TECHNOLOGY CO.\,LTD.,L=BEIJING,ST=BEIJING,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:22:53:b4:5d:15:ba:02:92:92:a0:5f:1d:45:d0:95:3b:48:25:44
Signer

Actual PE Digest

10:22:53:b4:5d:15:ba:02:92:92:a0:5f:1d:45:d0:95:3b:48:25:44

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetPrivateProfileIntA
CreateMutexA
FileTimeToDosDateTime
GlobalMemoryStatus
VirtualQuery
SetUnhandledExceptionFilter
GetModuleHandleW
GetCurrentThread
IsBadReadPtr
GetSystemTimeAsFileTime
InitializeCriticalSection
GlobalAlloc
LoadLibraryW
FormatMessageW
GetVersionExW
LeaveCriticalSection
IsBadWritePtr
GetModuleFileNameW
CreateFileW
lstrlenW
RaiseException
GetProcAddress
EnterCriticalSection
GlobalFree
WritePrivateProfileStringA
GetSystemInfo
GetFileTime
DeleteCriticalSection
GetCurrentThreadId
FileTimeToLocalFileTime
lstrcpyW
DeleteFileA
FreeLibrary
GetFileAttributesW
CreateProcessW
CreateEventW
MultiByteToWideChar
lstrcpyA
lstrlenA
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
lstrcpynA
CreateDirectoryA
GetWindowsDirectoryA
GetVersion
GetLocalTime
OutputDebugStringA
ReleaseMutex
SetEvent
WaitForSingleObject
GetPrivateProfileStringA
GetLastError
GetEnvironmentVariableA
ReadFile
WriteFile
GetTickCount
GetNativeSystemInfo
SetEndOfFile
GetCurrentProcess
SetFilePointer
GetFileSize
CreateFileA
GetCurrentProcessId
CloseHandle
CreateToolhelp32Snapshot
Process32NextW
GetModuleFileNameA
Module32FirstW
Process32FirstW
TerminateProcess
WideCharToMultiByte
OpenProcess
GetFileAttributesA
InterlockedExchangeAdd
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetProcessHeap
LocalFree
CreateThread
WriteConsoleW
QueryPerformanceFrequency
CreateIoCompletionPort
PostQueuedCompletionStatus
GetQueuedCompletionStatus
InterlockedCompareExchange
GetModuleHandleA
FormatMessageA
CreateMutexW
InterlockedIncrement
InterlockedDecrement
Sleep
InterlockedExchange
HeapFree
UnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
HeapAlloc
GetStartupInfoW
RtlUnwind
LCMapStringA
LCMapStringW
GetCPInfo
GetTimeZoneInformation
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
FlushFileBuffers
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
QueryPerformanceCounter
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
SetStdHandle
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP

user32

MessageBoxW
PostMessageW
BeginPaint
CharLowerA
DispatchMessageW
DefWindowProcW
UpdateWindow
CreateWindowExW
ShowWindow
LoadStringW
EndDialog
LoadIconW
RegisterClassExW
UnregisterClassW
CallMsgFilterW
MsgWaitForMultipleObjectsEx
GetQueueStatus
PeekMessageW
WaitMessage
SetTimer
wvsprintfW
wsprintfW
MessageBoxA
EndPaint
DestroyWindow
TranslateAcceleratorW
GetMessageW
PostQuitMessage
DialogBoxParamW
LoadCursorW
LoadAcceleratorsW
TranslateMessage
KillTimer

advapi32

GetUserNameW

dbghelp

MiniDumpWriteDump

psapi

GetModuleInformation

wininet

InternetSetOptionA

ws2_32

WSAStartup
WSACleanup

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

winmm

timeBeginPeriod
timeEndPeriod
timeGetTime

Sections

.text
Size: 328KB - Virtual size: 328KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 112KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c2feaf1b8afcf42054fbd00f7b98fb31

Code Sign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

46:c1:8f:66:01:63:3d:ae:52:ff:d9:a4:fa:16:2f:40Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

10:22:53:b4:5d:15:ba:02:92:92:a0:5f:1d:45:d0:95:3b:48:25:44Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

dbghelp

psapi

wininet

ws2_32

version

winmm

Sections

.text Size: 328KB - Virtual size: 328KB

.rdata Size: 65KB - Virtual size: 65KB

.data Size: 11KB - Virtual size: 32KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 125KB - Virtual size: 124KB

.reloc Size: 112KB - Virtual size: 133KB

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

46:c1:8f:66:01:63:3d:ae:52:ff:d9:a4:fa:16:2f:40
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

10:22:53:b4:5d:15:ba:02:92:92:a0:5f:1d:45:d0:95:3b:48:25:44
Signer

.text
Size: 328KB - Virtual size: 328KB

.rdata
Size: 65KB - Virtual size: 65KB

.data
Size: 11KB - Virtual size: 32KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 125KB - Virtual size: 124KB

.reloc
Size: 112KB - Virtual size: 133KB