26f53f8635866da2c8b93d1989b90771

Sharing

Copy URL

Twitter E-mail

General

Target

26f53f8635866da2c8b93d1989b90771
Size

585KB
MD5

26f53f8635866da2c8b93d1989b90771
SHA1

b8f6dd5a37fbe981e4211cfa9c4f542c74bcf8b2
SHA256

2059a12947856caf061a8a1cd6cf80cadea01fcbb0ec837ec49d61b060615aa2
SHA512

15bc51f4041925a9bfd2b3993f9820fb141ed454160766998228f060ceda2870836d95f5b700e95bf2bf8e79d1d33ff54e1f746a03298830c3422d134ebe5017
SSDEEP

12288:/tqZzkw6tSWpkbvV6EB0p/skcnze97UPaQOxbmLoKizWjCyvFJEAAV:/tE0Sj5LWp/MGUPaHbmLc7MbEAAV

Score

1^/10

Malware Config

Signatures

Files

26f53f8635866da2c8b93d1989b90771
.exe windows:5 windows x86 arch:x86

156b62a7fd769045dd29259663bbc0e1

Code Sign

01:1e
Certificate

Issuer

CN=DriverDevelop.com CA,OU=DriverDevelop.com CA,O=DriverDevelop.com,L=BeiJing,ST=BeiJing,C=CN,1.2.840.113549.1.9.1=#0c0c6361407a6e6465762e636f6d

Not Before

15/08/2009, 03:02

Not After

13/08/2019, 03:02

Subject

CN=DriverDevelop.com Signtools Test cert,OU=Dept. CodeSign CA,O=DriverDevelop.com,ST=BeiJing,C=CN,1.2.840.113549.1.9.1=#0c0c6361407a6e6465762e636f6d

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

f7:08:aa:9b:e2:75:2a:2f:65:a9:99:60:72:24:f3:75:07:3c:9a:c7
Signer

Actual PE Digest

f7:08:aa:9b:e2:75:2a:2f:65:a9:99:60:72:24:f3:75:07:3c:9a:c7

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedIncrement
InterlockedDecrement
InitializeCriticalSectionAndSpinCount
MulDiv
lstrcmpW
lstrcmpiW
LoadLibraryExW
DeleteFileW
SetEnvironmentVariableA
CompareStringW
SetEndOfFile
CreateFileA
WriteConsoleW
FlushFileBuffers
SetStdHandle
GetStringTypeW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetConsoleMode
GetConsoleCP
IsValidCodePage
GetOEMCP
GetACP
HeapCreate
GetFileType
GetStdHandle
GetTickCount
SetFilePointer
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
LCMapStringW
RtlUnwind
RaiseException
GetCommandLineW
CreateThread
ExitThread
GetSystemTimeAsFileTime
GetTimeZoneInformation
DecodePointer
EncodePointer
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GlobalFree
SetLastError
GetCurrentThreadId
FlushInstructionCache
SystemTimeToFileTime
GlobalUnlock
GlobalLock
GlobalAlloc
GetModuleHandleW
ReadFile
FreeLibrary
GetProcAddress
LoadLibraryW
CreateDirectoryW
LeaveCriticalSection
ReleaseMutex
EnterCriticalSection
WideCharToMultiByte
lstrlenW
DeleteCriticalSection
InitializeCriticalSection
GetLocalTime
FindResourceExW
FindResourceW
LoadResource
CreateFileW
LockResource
GetVersionExW
SetEvent
TerminateThread
WaitForSingleObject
CreateEventW
LoadLibraryA
ProcessIdToSessionId
ExitProcess
CreateProcessW
GetStartupInfoW
CopyFileW
CreateDirectoryA
GetModuleFileNameA
DeleteFileA
TerminateProcess
GetCurrentProcess
CreateFileMappingW
OpenFileMappingW
GetLastError
LocalFree
LocalAlloc
Sleep
GetCurrentProcessId
GetModuleFileNameW
Process32NextW
OpenProcess
Process32FirstW
HeapSetInformation
CreateToolhelp32Snapshot
SizeofResource
MultiByteToWideChar
CloseHandle
WriteFile
SetHandleCount

user32

DrawTextW
GetWindowRect
InvalidateRect
IsRectEmpty
CallWindowProcW
SendMessageW
GetParent
AppendMenuW
TrackPopupMenu
GetMonitorInfoW
MonitorFromPoint
MonitorFromWindow
PostQuitMessage
CreatePopupMenu
AnimateWindow
FillRect
SetParent
EnableWindow
IntersectRect
ReleaseDC
LoadIconW
GetClientRect
GetDC
IsWindow
GetMessageW
GetSystemMetrics
DispatchMessageW
TranslateMessage
PeekMessageW
PostThreadMessageW
OpenClipboard
PostMessageW
DefWindowProcW
SetWindowLongW
GetWindowLongW
RegisterClassExW
GetClassInfoExW
LoadCursorW
CreateWindowExW
SetWindowPos
SetTimer
UpdateLayeredWindow
BeginPaint
EndPaint
KillTimer
ShowWindow
GetWindowDC
UpdateWindow
IsIconic
IsWindowVisible
UnionRect
CopyRect
PtInRect
DestroyAcceleratorTable
GetDesktopWindow
InvalidateRgn
GetClipboardData
CloseClipboard
EmptyClipboard
SetClipboardData
MapWindowPoints
ReleaseCapture
SetCapture
MoveWindow
ScreenToClient
ClientToScreen
CreateAcceleratorTableW
DestroyWindow
RedrawWindow
CharNextW
GetSysColor
GetClassNameW
GetDlgItem
GetWindow
SetFocus
GetFocus
IsChild
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
RegisterWindowMessageW
SystemParametersInfoW
FindWindowExW
GetUpdateRect
GetCursorPos
UnregisterClassA

gdi32

CreatePalette
GetDIBits
GdiFlush
SetDIBitsToDevice
RealizePalette
SelectPalette
GetDeviceCaps
CreateFontW
SetTextColor
SetBkMode
SaveDC
GetStockObject
CreateSolidBrush
GetObjectW
BitBlt
StretchBlt
CreateDIBSection
DeleteDC
SelectObject
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
RestoreDC
SetBkColor

advapi32

OpenProcessToken
RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegCreateKeyW
SetServiceStatus
GetTokenInformation
LookupAccountSidW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceConfigW
CreateServiceW
ControlService
DeleteService
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
QueryServiceStatus
StartServiceW
CreateProcessAsUserW
LookupPrivilegeValueW
DuplicateTokenEx
RegDeleteKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteValueW
RegQueryValueExW

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetSpecialFolderPathA
SHGetSpecialFolderPathW
Shell_NotifyIconW

ole32

CoInitializeEx
CoTaskMemRealloc
OleInitialize
CLSIDFromString
CoGetClassObject
OleLockRunning
StringFromGUID2
CoTaskMemAlloc
OleUninitialize
CoUninitialize
CoCreateInstance
CoInitialize
CLSIDFromProgID
CoTaskMemFree
CreateStreamOnHGlobal

oleaut32

DispCallFunc
VarUI4FromStr
SysStringLen
SysAllocStringLen
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
VariantInit
SysFreeString
VariantClear
SysAllocString

shlwapi

SHDeleteValueW
SHSetValueW
SHGetValueW
PathFileExistsA
PathAppendA
PathFileExistsW

comctl32

_TrackMouseEvent
InitCommonControlsEx

msimg32

TransparentBlt

ws2_32

recv
send
socket
closesocket
connect
setsockopt
htons
WSAStartup
inet_addr
WSACleanup

wininet

InternetOpenW
InternetCloseHandle
InternetReadFile
HttpQueryInfoW
InternetOpenUrlW

iphlpapi

GetAdaptersInfo

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

msvfw32

DrawDibClose
DrawDibSetPalette
DrawDibDraw
DrawDibRealize

gdiplus

GdipDeleteBrush
GdipCreateSolidFill
GdipCreateBitmapFromFile
GdipDrawImageRectI
GdipReleaseDC
GdipDrawImagePointsI
GdipSetSmoothingMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipGetImageWidth
GdipCloneImage
GdipAlloc
GdipFree
GdipLoadImageFromStream
GdipFillRectangle
GdipGetImageHeight
GdipDrawImageRectRect
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipDrawLineI
GdipDeletePen
GdipCreatePen1
GdipMeasureString
GdiplusShutdown
GdiplusStartup
GdipFillRectangleI
GdipDrawString
GdipSetTextRenderingHint
GdipSetStringFormatFlags
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeleteFont
GdipDeleteGraphics
GdipCreateFont

Sections

.text
Size: 309KB - Virtual size: 308KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 13KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 169KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

156b62a7fd769045dd29259663bbc0e1

Code Sign

01:1eCertificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

f7:08:aa:9b:e2:75:2a:2f:65:a9:99:60:72:24:f3:75:07:3c:9a:c7Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

ws2_32

wininet

iphlpapi

userenv

msvfw32

gdiplus

Sections

.text Size: 309KB - Virtual size: 308KB

.rdata Size: 62KB - Virtual size: 61KB

.data Size: 13KB - Virtual size: 22KB

.rsrc Size: 169KB - Virtual size: 168KB

.reloc Size: 26KB - Virtual size: 26KB

01:1e
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

f7:08:aa:9b:e2:75:2a:2f:65:a9:99:60:72:24:f3:75:07:3c:9a:c7
Signer

.text
Size: 309KB - Virtual size: 308KB

.rdata
Size: 62KB - Virtual size: 61KB

.data
Size: 13KB - Virtual size: 22KB

.rsrc
Size: 169KB - Virtual size: 168KB

.reloc
Size: 26KB - Virtual size: 26KB