198bb220115446c258b25191334f9ce3

Sharing

Copy URL Twitter E-mail

General

Target

198bb220115446c258b25191334f9ce3
Size

1.1MB
MD5

198bb220115446c258b25191334f9ce3
SHA1

58bcd4d0db555ee303ca39296be30af8bf8af5cb
SHA256

12b069f4adda789703c456f097637713e3b330871370f9f61fa2bc1b948966a1
SHA512

89eac87c9a934ed375704b468e7e776897a9a748e035a39a93ea1da0a4f15877c259f36b3dece98abf49534be6e74883a03bd0719af9910d2381aef4ffe17f9f
SSDEEP

24576:fO2FknaZhVCWV6Itu8ET7S5RXpXNJt7kgqSM:fO/aZPUItubTcRXp1FBM

Score

1^/10

Malware Config

Signatures

Files

198bb220115446c258b25191334f9ce3
.exe windows:4 windows x86 arch:x86

33539fb416015f68ac20fa215959fab9

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/01/2010, 00:00

Not After

25/01/2013, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

78:30:8a:fd:e6:3c:70:ae:61:45:12:37:73:75:67:1e:c2:17:7a:c3
Signer

Actual PE Digest

78:30:8a:fd:e6:3c:70:ae:61:45:12:37:73:75:67:1e:c2:17:7a:c3

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
DeviceIoControl
GetTickCount
DeleteCriticalSection
InitializeCriticalSection
WriteConsoleW
GetStdHandle
FreeResource
MapViewOfFile
ReleaseMutex
ProcessIdToSessionId
GlobalAlloc
GlobalFree
GetDriveTypeW
SetUnhandledExceptionFilter
VirtualQuery
GetThreadSelectorEntry
GetModuleFileNameW
GetCurrentProcessId
FreeLibrary
GetProcAddress
LoadLibraryW
GetFileSizeEx
GlobalUnlock
GlobalLock
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetDriveTypeA
SetEndOfFile
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
InterlockedIncrement
GetStringTypeW
GetStringTypeA
EnumSystemLocalesA
VirtualQueryEx
FlushFileBuffers
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetCurrentDirectoryA
GetDateFormatA
GetTimeFormatA
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
HeapCreate
ExitProcess
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
LCMapStringW
LCMapStringA
RtlUnwind
GetStartupInfoW
CreateDirectoryW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetSystemTimeAsFileTime
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
GetCurrentThreadId
RaiseException
SetLastError
CreateMutexW
GetVersionExW
GetUserDefaultLCID
CreateFileA
FlushInstructionCache
GetCurrentProcess
OpenMutexW
LeaveCriticalSection
EnterCriticalSection
LocalFree
GetPrivateProfileIntW
GetCurrentThread
IsDBCSLeadByte
GetCPInfo
GetFullPathNameW
OpenFileMappingW
WritePrivateProfileStringW
MulDiv
GetPrivateProfileStringW
SetFileTime
GetSystemTime
CopyFileW
GetFileAttributesW
SetFileAttributesW
VirtualFreeEx
ReadProcessMemory
VirtualAllocEx
OpenProcess
GetVersion
ReadFile
FindNextFileW
DeleteFileW
GetFileTime
FindClose
FindFirstFileW
WaitForSingleObject
WideCharToMultiByte
lstrlenW
Sleep
IsValidLocale
InterlockedDecrement
UnmapViewOfFile
GetLastError
SetFilePointer
WriteFile
SystemTimeToFileTime
GetLocalTime
GetFileSize
CreateFileMappingW
MapViewOfFileEx
CloseHandle
CreateFileW
FindResourceExW
LoadResource
LockResource
SizeofResource
MultiByteToWideChar
SetStdHandle
FindResourceW

user32

MessageBoxW
GetCursorPos
OffsetRect
ClientToScreen
GetMessagePos
ScreenToClient
MapVirtualKeyW
GetKeyNameTextW
EnumDisplayMonitors
GetClientRect
PtInRect
KillTimer
InvalidateRect
UnregisterClassA
SetTimer
SetCursor
LoadCursorW
CallWindowProcW
GetDlgItem
SendMessageW
SetWindowTextW
LoadImageW
MoveWindow
UpdateLayeredWindow
PostMessageW
GetWindowLongW
DestroyIcon
SetWindowLongW
SetWindowPos
IsWindowVisible
UpdateWindow
CreateWindowExW
RegisterClassExW
GetClassInfoExW
UnregisterClassW
GetMonitorInfoW
MonitorFromPoint
GetWindowThreadProcessId
SetRectEmpty
FindWindowExW
GetSysColorBrush
CallNextHookEx
CopyRect
GetMenuItemID
DrawTextW
FillRect
WindowFromPoint
MenuItemFromPoint
UnhookWindowsHookEx
SetWindowsHookExW
GetSysColor
SetRect
ReleaseDC
GetDC
DialogBoxParamW
LoadBitmapW
TrackPopupMenu
GetKeyState
GetMenuItemRect
DestroyMenu
GetMenuItemInfoW
LoadIconW
GetMenuItemCount
CheckMenuRadioItem
SystemParametersInfoW
FindWindowW
PostQuitMessage
SetMenuItemBitmaps
AppendMenuW
GetWindowRect
CreateMenu
InsertMenuW
CreatePopupMenu
ModifyMenuW
DestroyWindow
DispatchMessageW
CreateDialogParamW
TranslateMessage
IsDialogMessageW
GetMessageW
ShowWindow
RegisterWindowMessageW
SetForegroundWindow
GetPropW
IsWindow
GetWindow
GetDesktopWindow
EndPaint
BeginPaint
DefWindowProcW
EndDialog

gdi32

CreateDIBSection
Rectangle
PatBlt
GetDeviceCaps
GetObjectW
BitBlt
CreateCompatibleBitmap
SelectObject
SetPixel
GetPixel
CreatePen
Ellipse
CreateSolidBrush
SetBkMode
CreateFontIndirectW
StretchDIBits
SetStretchBltMode
DeleteDC
SetTextColor
DeleteObject
CreateFontW
CreateCompatibleDC

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
GetTokenInformation
OpenProcessToken
IsTextUnicode
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
SetEntriesInAclW
BuildExplicitAccessWithNameW
GetSecurityInfo
RegCreateKeyExW
RegSetValueExW
LookupAccountNameW
ConvertSidToStringSidW
LookupAccountSidW
RegQueryValueExA

shell32

ShellExecuteW
SHCreateDirectoryExW
SHGetSpecialFolderPathW
ShellExecuteExW
Shell_NotifyIconW
SHGetFolderPathW

ole32

CoInitialize
CoCreateGuid
CoUninitialize
CoTaskMemFree
CreateILockBytesOnHGlobal
StgCreateDocfile
StgOpenStorage
StgOpenStorageOnILockBytes

shlwapi

PathFileExistsW

comctl32

ord17

msimg32

TransparentBlt

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

ws2_32

sendto
WSAStartup
WSACleanup
socket
gethostbyname
htons
closesocket

netapi32

NetApiBufferFree
Netbios
NetWkstaTransportEnum

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

Sections

.text
Size: 572KB - Virtual size: 571KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

�dm
Size: 236KB - Virtual size: 236KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

33539fb416015f68ac20fa215959fab9

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0Certificate

Extended Key Usages

Key Usages

78:30:8a:fd:e6:3c:70:ae:61:45:12:37:73:75:67:1e:c2:17:7a:c3Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

comctl32

msimg32

version

ws2_32

netapi32

wtsapi32

Sections

.text Size: 572KB - Virtual size: 571KB

.rdata Size: 132KB - Virtual size: 129KB

.data Size: 12KB - Virtual size: 22KB

.rsrc Size: 128KB - Virtual size: 125KB

�dm Size: 236KB - Virtual size: 236KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

78:30:8a:fd:e6:3c:70:ae:61:45:12:37:73:75:67:1e:c2:17:7a:c3
Signer

.text
Size: 572KB - Virtual size: 571KB

.rdata
Size: 132KB - Virtual size: 129KB

.data
Size: 12KB - Virtual size: 22KB

.rsrc
Size: 128KB - Virtual size: 125KB

�dm
Size: 236KB - Virtual size: 236KB