1aecc0c7f0a94c55e1a8e06c5ce7c0fa

Sharing

Copy URL Twitter E-mail

General

Target

1aecc0c7f0a94c55e1a8e06c5ce7c0fa
Size

825KB
MD5

1aecc0c7f0a94c55e1a8e06c5ce7c0fa
SHA1

ca98858733922da055e6fc70965530005d5649c0
SHA256

e100ea7da57681e9b8a9cf041e7b37ada83eedbe3f0085da09d1e5decab416a5
SHA512

995d6d077e65d32f70e61ffe07901d849932e896b2d53370e384f10a0b248e56fccaabfa7edb1652569cfeecfea3e02f23999766db6e189d96c92ae45c819cb1
SSDEEP

12288:fGvv/ZkuiTK/s+OjRXD6lRW2HAd1zy1qI2WiZwOpEb88FNjfRh17ARi:fK/ZkuU+yRXD0AdIqITwpn8LjfRhlAw

Score

1^/10

Malware Config

Signatures

Files

1aecc0c7f0a94c55e1a8e06c5ce7c0fa
.dll regsvr32 windows:4 windows x86 arch:x86

165613a37d9069e98d0391e9508aeefe

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:f4:37:cb:40:e7:c3:e6:b6:63:b3:e3:ba:45:2f:de
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/05/2009, 00:00

Not After

26/05/2011, 23:59

Subject

CN=ShenZhen Thunder Networking Technologies Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ShenZhen Thunder Networking Technologies Ltd.,L=ShenZhen,ST=GuangDong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:ae:b6:82:86:63:fe:d9:75:55:f8:fe:24:f3:3b:1a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority - G2+OU=(c) 1998 VeriSign\, Inc. - For authorized use only+OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US

Not Before

01/04/2009, 00:00

Not After

31/03/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:f6:e0:88:38:65:1d:81:d5:d8:89:eb:39:12:50:b9:5d:c2:02:54
Signer

Actual PE Digest

38:f6:e0:88:38:65:1d:81:d5:d8:89:eb:39:12:50:b9:5d:c2:02:54

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CompareStringA
CompareStringW
GetEnvironmentVariableA
GetModuleHandleA
FreeLibrary
GetProcAddress
OpenMutexA
Process32Next
Process32First
CreateToolhelp32Snapshot
CreateEventW
GetModuleFileNameW
LoadLibraryA
SetCurrentDirectoryA
GetCurrentDirectoryA
LocalFree
LocalAlloc
OpenProcess
GetCurrentProcess
Module32Next
Module32First
WinExec
FlushInstructionCache
HeapFree
GetProcessHeap
HeapAlloc
GlobalDeleteAtom
GlobalAddAtomA
InterlockedIncrement
ExpandEnvironmentStringsA
GetTempPathW
GetFileSize
GetSystemDirectoryA
GetDiskFreeSpaceExA
GetModuleHandleW
VerifyVersionInfoA
VerSetConditionMask
lstrcpyW
CreateFileW
SetFileAttributesA
FormatMessageA
GetFileAttributesExA
GetExitCodeProcess
WaitForMultipleObjects
ResetEvent
SetEvent
GetVolumeInformationA
RaiseException
CreateMutexA
LoadLibraryW
SetEnvironmentVariableA
SetEndOfFile
GetLocaleInfoW
SetStdHandle
IsBadCodePtr
IsBadReadPtr
IsValidCodePage
IsValidLocale
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
ReadFile
GetTimeZoneInformation
GetFullPathNameA
SetUnhandledExceptionFilter
QueryPerformanceCounter
TerminateProcess
IsBadWritePtr
VirtualFree
HeapCreate
SetLastError
GetOEMCP
GetCPInfo
LCMapStringW
LCMapStringA
GetCommandLineA
GetFileAttributesW
GetDateFormatA
GetTimeFormatA
GetDriveTypeA
RtlUnwind
GetSystemTimeAsFileTime
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapSize
HeapReAlloc
HeapDestroy
FileTimeToLocalFileTime
FileTimeToSystemTime
FindResourceExA
CreateFileMappingA
MapViewOfFile
ExitProcess
InitializeCriticalSection
MoveFileA
CopyFileA
GetPrivateProfileStringA
GetPrivateProfileIntA
FindFirstFileA
FindNextFileA
FindClose
GetCurrentThreadId
OutputDebugStringA
lstrlenA
CreateFileA
GetTempPathA
GetLastError
WriteFile
SetFilePointer
WritePrivateProfileStringA
FlushFileBuffers
DeleteFileA
InterlockedExchangeAdd
DeleteCriticalSection
TlsFree
FindResourceA
LoadResource
LockResource
SizeofResource
CreateThread
CreateEventA
Sleep
TerminateThread
TlsAlloc
GetLocalTime
TlsGetValue
FindFirstChangeNotificationA
EnumSystemLocalesA
ExitThread
WaitForSingleObject
InterlockedDecrement
FindCloseChangeNotification
EnterCriticalSection
UnmapViewOfFile
ReleaseMutex
lstrlenW
TlsSetValue
GetCurrentProcessId
CloseHandle
GetFileAttributesA
CreateDirectoryA
GetModuleFileNameA
GlobalUnlock
GlobalFree
GlobalAlloc
GlobalLock
VirtualQuery
GetTickCount
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
LeaveCriticalSection

user32

GetLastInputInfo
mouse_event
UpdateWindow
GetWindow
MonitorFromRect
GetMonitorInfoA
CharLowerBuffA
GetDC
GetCursorPos
IsWindowVisible
wsprintfW
BeginPaint
GetClientRect
EndPaint
GetFocus
IsChild
InvalidateRect
GetKeyState
CallWindowProcA
IntersectRect
EqualRect
OffsetRect
GetMessageA
TranslateMessage
DispatchMessageA
MessageBoxA
PostMessageA
SetActiveWindow
IsWindow
FindWindowExW
SendMessageTimeoutA
FindWindowA
KillTimer
SetTimer
UnregisterHotKey
UnhookWindowsHookEx
PostThreadMessageA
SetWindowsHookExA
GetForegroundWindow
GetAncestor
SetForegroundWindow
EnumChildWindows
wsprintfA
CharUpperBuffA
DefWindowProcA
LoadCursorA
SendMessageW
SetCursor
ShowCursor
CreateWindowExA
DestroyWindow
GetClassNameA
SetWindowLongA
CallNextHookEx
SendMessageA
SetWindowPos
ScreenToClient
SetWindowRgn
UnionRect
PtInRect
ShowWindow
SetParent
GetWindowThreadProcessId
RegisterHotKey
SetFocus
GetClassInfoExA
GetWindowInfo
GetSystemMetrics
GetWindowLongA
GetWindowRect
GetClassNameW
GetParent

gdi32

GetStockObject
CreateRectRgnIndirect
GetDeviceCaps
LPtoDP
SetBkMode
SetMapMode
SetWindowOrgEx
SetViewportOrgEx
DeleteDC
RestoreDC
SetBkColor
SaveDC
BitBlt

advapi32

GetSidSubAuthority
RegOpenKeyExA
RegQueryValueExA
GetSidSubAuthorityCount
RegCreateKeyA
RegCreateKeyExA
RegDeleteValueA
RegOpenKeyA
RegEnumKeyExA
RegSetValueExA
RegDeleteKeyA
LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges
GetTokenInformation
RegCloseKey

shell32

SHGetFolderPathA
ShellExecuteA
ord680
SHGetPathFromIDListA
ShellExecuteExA
ShellExecuteW
SHGetMalloc
SHBrowseForFolderA
SHGetFolderPathW

ole32

CoUninitialize
CoTaskMemFree
StringFromIID
CoCreateGuid
CoCreateInstance
CoInitialize
CoGetObject
StringFromGUID2
CoSetProxyBlanket
OleRegEnumVerbs
OleRegGetUserType
CreateOleAdviseHolder
OleRegGetMiscStatus

oleaut32

VarBstrCat
SysStringLen
VariantCopy
SysFreeString
SysStringByteLen
GetErrorInfo
SysAllocStringByteLen
SysAllocString
VariantClear
VariantInit
SafeArrayCreateVector
DispCallFunc
OleCreatePropertyFrame
LoadTypeLi
LoadRegTypeLi
SysAllocStringLen
VariantChangeType
SafeArrayUnaccessData
SafeArrayDestroy
SafeArrayAccessData
VarBstrCmp

atl71

ord65
ord11
ord32
ord10
ord54
ord30
ord43
ord44
ord46
ord23
ord61
ord26
ord27
ord50
ord51
ord58
ord31
ord18
ord22
ord64
ord15
ord42
ord52
ord53
ord48
ord47
ord40
ord66

shlwapi

AssocQueryStringW
PathFileExistsW
StrStrW
PathAddBackslashA
PathFindFileNameA
PathFindFileNameW
PathRemoveFileSpecA
PathAppendA
PathFileExistsA
PathFindExtensionA

urlmon

URLDownloadToFileW
URLDownloadToCacheFileA

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

wininet

InternetCombineUrlA
HttpSendRequestA
InternetOpenA
InternetConnectA
HttpOpenRequestA
InternetCreateUrlA
HttpSendRequestExA
InternetWriteFile
HttpEndRequestA
InternetQueryDataAvailable
InternetReadFile
InternetCrackUrlA
HttpAddRequestHeadersA
HttpQueryInfoA
InternetCloseHandle

wintrust

WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
WinVerifyTrust
WTHelperGetProvCertFromChain

crypt32

CertGetNameStringW
CertGetNameStringA

ws2_32

setsockopt
recvfrom
ntohs
select
ioctlsocket
sendto
shutdown
send
connect
socket
bind
listen
accept
closesocket
WSACleanup
WSAStartup
WSAGetLastError
gethostname
gethostbyname
inet_ntoa
inet_addr
recv
htons

iphlpapi

GetAdaptersInfo

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
RegisterServerDirect
Repair_realplayer11
UnregisterServerDirect

Sections

.text
Size: 576KB - Virtual size: 574KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 176KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

165613a37d9069e98d0391e9508aeefe

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

1b:f4:37:cb:40:e7:c3:e6:b6:63:b3:e3:ba:45:2f:deCertificate

Extended Key Usages

Key Usages

2e:ae:b6:82:86:63:fe:d9:75:55:f8:fe:24:f3:3b:1aCertificate

Extended Key Usages

Key Usages

38:f6:e0:88:38:65:1d:81:d5:d8:89:eb:39:12:50:b9:5d:c2:02:54Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

atl71

shlwapi

urlmon

version

wininet

wintrust

crypt32

ws2_32

iphlpapi

Exports

Exports

Sections

.text Size: 576KB - Virtual size: 574KB

.rdata Size: 176KB - Virtual size: 172KB

.data Size: 8KB - Virtual size: 37KB

.rsrc Size: 12KB - Virtual size: 11KB

.reloc Size: 44KB - Virtual size: 43KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

1b:f4:37:cb:40:e7:c3:e6:b6:63:b3:e3:ba:45:2f:de
Certificate

2e:ae:b6:82:86:63:fe:d9:75:55:f8:fe:24:f3:3b:1a
Certificate

38:f6:e0:88:38:65:1d:81:d5:d8:89:eb:39:12:50:b9:5d:c2:02:54
Signer

.text
Size: 576KB - Virtual size: 574KB

.rdata
Size: 176KB - Virtual size: 172KB

.data
Size: 8KB - Virtual size: 37KB

.rsrc
Size: 12KB - Virtual size: 11KB

.reloc
Size: 44KB - Virtual size: 43KB