2a1cc8fee62944ade24705b339c1d5d1

Sharing

Copy URL Twitter E-mail

General

Target

2a1cc8fee62944ade24705b339c1d5d1
Size

556KB
MD5

2a1cc8fee62944ade24705b339c1d5d1
SHA1

4230801127e815f4557a6bb2034045bc95777446
SHA256

107da51d2b6299c4d93bd84bf2278cebd3edbb65bed04645439c186efa4a0e43
SHA512

24cea1f6c54ff8cab8223049a2c1973bf8bb6b13f910363a03e1516f7e861fffbfde1c97782bc36cb41a24bf2662d4014810579867bb43e7dc2d2bb8bed9ce49
SSDEEP

12288:BlEsyRdNFZ3cey9+s1ElmpkrfBTQFLXv/rIWeekJJjATMhfteIIRC:BlOlGElNr5TQFTHr6yT2f0IIY

Score

1^/10

Malware Config

Signatures

Files

2a1cc8fee62944ade24705b339c1d5d1
.exe windows:4 windows x86 arch:x86

f63adb1f451a06fc93905492fdccf14a

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:bc:3a:51:b5:89:e5:af:43:29:1d:f8:4e:a4:c5:71
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

26/12/2011, 00:00

Not After

25/12/2014, 23:59

Subject

CN=Beijing Kingsoft Security software Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing Kingsoft Security software Co.\,Ltd,L=beijing,ST=beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c1:47:c3:e1:38:f8:fd:9d:c6:40:2a:c3:d4:22:bf:06:b8:aa:b8:00
Signer

Actual PE Digest

c1:47:c3:e1:38:f8:fd:9d:c6:40:2a:c3:d4:22:bf:06:b8:aa:b8:00

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalAlloc
ExpandEnvironmentStringsW
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
GetVersionExA
GetLocaleInfoA
GetACP
InterlockedExchange
VerSetConditionMask
GetThreadLocale
VerifyVersionInfoW
CreateFileW
InterlockedCompareExchange
GlobalDeleteAtom
GlobalGetAtomNameW
GlobalAddAtomW
SetEvent
CreateEventW
DeleteCriticalSection
WaitForMultipleObjects
ResetEvent
GetTickCount
GetCurrentProcessId
WaitForSingleObject
TerminateThread
GetExitCodeThread
GetDiskFreeSpaceExW
CreateThread
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
WritePrivateProfileStringA
GetModuleFileNameA
WritePrivateProfileStringW
SetFileAttributesW
GetCurrentThread
SetThreadPriority
GetVersionExW
CreateDirectoryW
RemoveDirectoryW
FindClose
FindNextFileW
DeleteFileW
FindFirstFileW
Sleep
GetFileSize
SetLastError
ReadFile
RaiseException
GetPrivateProfileIntW
FreeLibrary
lstrlenA
GetProcAddress
WideCharToMultiByte
GlobalFree
MultiByteToWideChar
FlushInstructionCache
LoadLibraryW
GetCurrentProcess
lstrlenW
GetModuleHandleW
GlobalAlloc
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
FindResourceExW
GlobalLock
LoadResource
GlobalUnlock
CreateMutexW
GetPrivateProfileStringW
LockResource
CloseHandle
GetModuleFileNameW
SizeofResource
GetWindowsDirectoryW
OpenMutexW
GetFileAttributesW
GetLastError
FindResourceW
InitializeCriticalSection
LocalFree
FreeResource
OutputDebugStringW
HeapSize

user32

GetDlgItem
GetKeyState
PtInRect
LoadIconW
GetFocus
SetRectEmpty
GetWindowThreadProcessId
IsChild
GetForegroundWindow
DestroyIcon
SetCursor
GetDesktopWindow
OffsetRect
IsDialogMessageW
LoadCursorW
SystemParametersInfoW
GetDC
WindowFromPoint
SetForegroundWindow
SetWindowPos
IsWindow
EndPaint
CopyRect
GetClientRect
GetDlgCtrlID
AttachThreadInput
IsWindowEnabled
FlashWindow
LoadImageW
RegisterWindowMessageW
BeginPaint
MonitorFromWindow
SetActiveWindow
GetMonitorInfoW
PeekMessageW
FindWindowW
GetMessageW
ReleaseDC
TranslateMessage
GetClassInfoExW
DispatchMessageW
SetRect
UpdateLayeredWindow
MoveWindow
SetFocus
DrawTextW
PostMessageW
GetParent
InflateRect
DestroyWindow
CallWindowProcW
MapWindowPoints
LoadBitmapW
CreateWindowExW
EnableWindow
GetWindowRect
RegisterClassExW
GetActiveWindow
ReleaseCapture
GetWindowLongW
ShowWindow
GetWindow
GetScrollPos
GetNextDlgTabItem
SetCapture
SetWindowLongW
SendMessageW
DrawIconEx
SetWindowTextW
EqualRect
InvalidateRect
DrawFrameControl
UnregisterClassA
IsWindowVisible
DefWindowProcW
BringWindowToTop
GetSystemMetrics
SetScrollPos
GetScrollInfo
ScrollWindowEx
SetScrollInfo
GetWindowDC
RedrawWindow
ExitWindowsEx
ScreenToClient
PostThreadMessageW
SetTimer
GetCursorPos
KillTimer
ClientToScreen
UpdateWindow
FindWindowExW
SetWindowRgn

gdi32

OffsetRgn
MoveToEx
GetClipRgn
GetStockObject
SelectObject
CreateBitmap
SetViewportOrgEx
SelectClipRgn
DeleteObject
RectInRegion
DeleteDC
CombineRgn
CreateCompatibleBitmap
GetTextColor
CreatePen
GetTextExtentPoint32W
CreateDIBSection
StretchBlt
CreateRectRgn
LineTo
Rectangle
SetTextColor
SetStretchBltMode
SetBkColor
CreateRectRgnIndirect
ExtTextOutW
SaveDC
CreateCompatibleDC
RoundRect
BitBlt
RestoreDC
SetBkMode
GetCurrentObject
CreateFontIndirectW
TextOutW
GetObjectW

advapi32

QueryServiceConfigW
OpenSCManagerW
InitializeSid
InitializeAcl
IsValidSid
AddAce
GetAclInformation
GetSidSubAuthority
SetNamedSecurityInfoW
ChangeServiceConfigW
CloseServiceHandle
GetSidLengthRequired
StartServiceW
QueryServiceLockStatusW
QueryServiceStatus
LockServiceDatabase
UnlockServiceDatabase
GetNamedSecurityInfoW
CopySid
GetLengthSid
GetAce
LookupPrivilegeValueW
OpenProcessToken
AdjustTokenPrivileges
RegQueryValueExW
OpenServiceW
RegOpenKeyExW
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
RegCloseKey
InitializeSecurityDescriptor

shell32

Shell_NotifyIconW
SHGetSpecialFolderPathW
ord680
ShellExecuteW

ole32

CoUninitialize
CoInitialize
CreateStreamOnHGlobal

oleaut32

SysFreeString

shlwapi

StrToIntA
StrToIntW
PathAddBackslashW
PathRemoveFileSpecW
PathRemoveFileSpecA
PathAppendW
PathAppendA
PathIsDirectoryW
SHGetValueW
PathStripToRootW
PathFindFileNameW
PathFileExistsW

comctl32

_TrackMouseEvent

msimg32

AlphaBlend
GradientFill

msvcp80

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?at@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z

gdiplus

GdipFillRectangle
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipClosePathFigure
GdipTranslateWorldTransform
GdipSetStringFormatAlign
GdipRotateWorldTransform
GdipSetStringFormatLineAlign
GdipResetWorldTransform
GdipSetStringFormatTrimming
GdipAddPathRectangleI
GdipDrawImageRectRectI
GdipCreateImageAttributes
GdipCloneBrush
GdipSetTextRenderingHint
GdipDisposeImageAttributes
GdipCreateLineBrushI
GdipDrawString
GdipDeleteBrush
GdipSetSmoothingMode
GdipGetImageWidth
GdipCreateFont
GdipSetClipPath
GdipLoadImageFromStream
GdipDisposeImage
GdipCloneImage
GdipSetImageAttributesColorMatrix
GdipDeleteFont
GdipDeleteStringFormat
GdipLoadImageFromFile
GdipCreateFontFromLogfontW
GdipImageRotateFlip
GdipNewPrivateFontCollection
GdipClonePath
GdipAddPathArcI
GdipAddPathLineI
GdipDrawLineI
GdipDrawPath
GdipDeleteFontFamily
GdipAddPathPieI
GdipSetStringFormatFlags
GdipCloneFontFamily
GdipDrawLinesI
GdipCreateBitmapFromStream
GdipDrawImageRectI
GdipGetImageHeight
GdipDeletePrivateFontCollection
GdiplusShutdown
GdipDrawImageRectRect
GdipCreateSolidFill
GdipCreateHBITMAPFromBitmap
GdipDeleteGraphics
GdipPrivateAddFontFile
GdipCreatePen1
GdipCreateFromHDC
GdiplusStartup
GdipGetFontCollectionFamilyCount
GdipDrawImagePointsRectI
GdipAlloc
GdipMeasureString
GdipDeletePen
GdipCreatePath
GdipFillRectangleI
GdipGetFontCollectionFamilyList
GdipCreateStringFormat
GdipDeletePath
GdipFree

msvcr80

??0exception@std@@QAE@ABV01@@Z
strcmp
swprintf_s
abs
??0exception@std@@QAE@XZ
?what@exception@std@@UBEPBDXZ
memset
_beginthreadex
fprintf
_vsnprintf_s
_recalloc
_mbschr
??0exception@std@@QAE@ABQBD@Z
strlen
calloc
labs
wcscpy_s
_waccess
_mbscmp
free
_wtoi
wcslen
_CxxThrowException
_purecall
??2@YAPAXI@Z
wcsspn
wcsrchr
wcscspn
_invalid_parameter_noinfo
vswprintf_s
wcsstr
??_V@YAXPAX@Z
malloc
_vscwprintf
wcscmp
vsprintf_s
_vscprintf
memcpy
memcpy_s
wcschr
isalnum
strncmp
strchr
tolower
isspace
isalpha
wcspbrk
_wcslwr_s
wcstol
wcscat
ceil
wcscat_s
_wcsicmp
_wcsnicmp
swscanf
_vswprintf
?terminate@@YAXXZ
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
__CxxFrameHandler3
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_invoke_watson
_controlfp_s
_stricmp
??1exception@std@@UAE@XZ
atoi
memmove_s
??3@YAXPAX@Z

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

ws2_32

recvfrom
sendto
WSASocketW
inet_addr
ioctlsocket
select

Exports

Exports

??4_Init_locks@std@@QAEAAV01@ABV01@@Z

Sections

.text
Size: 260KB - Virtual size: 258KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 202KB - Virtual size: 202KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

zyqbsvn
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f63adb1f451a06fc93905492fdccf14a

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

07:bc:3a:51:b5:89:e5:af:43:29:1d:f8:4e:a4:c5:71Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

c1:47:c3:e1:38:f8:fd:9d:c6:40:2a:c3:d4:22:bf:06:b8:aa:b8:00Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

msvcp80

gdiplus

msvcr80

version

ws2_32

Exports

Exports

Sections

.text Size: 260KB - Virtual size: 258KB

.rdata Size: 72KB - Virtual size: 71KB

.data Size: 16KB - Virtual size: 14KB

.rsrc Size: 202KB - Virtual size: 202KB

zyqbsvn Size: - Virtual size: 4KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

07:bc:3a:51:b5:89:e5:af:43:29:1d:f8:4e:a4:c5:71
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

c1:47:c3:e1:38:f8:fd:9d:c6:40:2a:c3:d4:22:bf:06:b8:aa:b8:00
Signer

.text
Size: 260KB - Virtual size: 258KB

.rdata
Size: 72KB - Virtual size: 71KB

.data
Size: 16KB - Virtual size: 14KB

.rsrc
Size: 202KB - Virtual size: 202KB

zyqbsvn
Size: - Virtual size: 4KB