3a147b4a8f36e09603afddd7b4fd04ef

Sharing

Copy URL Twitter E-mail

General

Target

3a147b4a8f36e09603afddd7b4fd04ef
Size

4.2MB
MD5

3a147b4a8f36e09603afddd7b4fd04ef
SHA1

6a4ea114382f3df955da1b56aa7c03346401d175
SHA256

15155c2e9ce14a2fe28980a737b20596a5278b071502b6c5a3315704dce55718
SHA512

8301fd519d211c33ec7f7cea0869316b4298c5eed6c4b9bb0a9e665726734a8e7838fd79171924f2f44ca91a216ced2a61b155cf70602249c9eab06e71114f99
SSDEEP

98304:ULsLubWCzSDNnG6eWcgOiaCF0Zq6ehD6fQoqKD9dfhRHs5QxZus1lenqRH8y:UL8ubWyJfPep6fQoTD9NM5+ss1len2Hx

Score

1^/10

Malware Config

Signatures

Files

3a147b4a8f36e09603afddd7b4fd04ef
.rar
MsgPlusLive-410.exe
.exe windows:4 windows x86 arch:x86

cb7947cd7996e589bb8ff116e77fabc4

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

75:37:98:be:7f:17:9e:a9:62:92:57:13:e8:e5:a5:8c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

24/07/2006, 00:00

Not After

04/10/2008, 23:59

Subject

CN=Patchou,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Software Development,O=Patchou,L=Laval,ST=Quebec,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

riched20

ord4

comctl32

ImageList_Destroy
ImageList_Add
ImageList_SetOverlayImage
ImageList_Create

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

EnterCriticalSection
CreateFileA
WriteFile
GetTickCount
GetTempPathW
GetTempPathA
SetFileAttributesA
FileTimeToLocalFileTime
FormatMessageW
InterlockedDecrement
SetFilePointer
ReadFile
GlobalFree
GlobalLock
GlobalUnlock
GlobalAlloc
FreeResource
InitializeCriticalSection
GetModuleFileNameW
lstrcmpW
MulDiv
InterlockedIncrement
DeleteCriticalSection
GetProcAddress
GetLocaleInfoW
DuplicateHandle
WaitForMultipleObjects
TlsAlloc
lstrcpyA
GlobalHandle
TlsSetValue
TlsFree
IsBadReadPtr
TlsGetValue
lstrlenA
GetDriveTypeA
lstrcatA
lstrcpynA
GlobalReAlloc
GlobalSize
lstrcmpA
IsDBCSLeadByte
lstrcmpiA
CreateDirectoryA
FileTimeToDosDateTime
FindFirstFileA
IsBadStringPtrA
GetWindowsDirectoryA
CreateProcessA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetVolumeInformationA
GetCurrentDirectoryA
GetLocalTime
GetModuleHandleA
GetCurrentThreadId
GetVersionExA
FlushFileBuffers
VirtualFree
VirtualAlloc
LocalAlloc
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapCreate
GetStringTypeW
GetStringTypeA
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetModuleFileNameA
GetStdHandle
LCMapStringW
LCMapStringA
GetOEMCP
GetCPInfo
ExitProcess
RtlUnwind
GetFullPathNameA
GetStartupInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
CreateThread
ExitThread
GetThreadLocale
GetLocaleInfoA
GetACP
HeapSize
HeapReAlloc
HeapDestroy
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
LoadLibraryA
InterlockedExchange
FreeLibrary
LeaveCriticalSection
WideCharToMultiByte
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
RaiseException
SetLastError
FlushInstructionCache
GetCurrentProcess
GetCommandLineW
GetBinaryTypeW
GetUserDefaultLangID
FindClose
FindNextFileW
GetPrivateProfileIntW
GetPrivateProfileStringW
FindFirstFileW
GetFileAttributesA
MultiByteToWideChar
GetModuleHandleW
RemoveDirectoryW
CreateMutexW
CreateProcessW
DeleteFileA
lstrlenW
LocalFree
CreateDirectoryW
CopyFileW
SetFileAttributesW
CreateFileW
GetLastError
GetFileAttributesW
Sleep
GetVersionExW
WaitForSingleObject
DeleteFileW
SetEvent
CreateEventW
CloseHandle
CompareStringW
SetEnvironmentVariableA

user32

PeekMessageA
DispatchMessageA
CharUpperA
OemToCharA
CharNextA
CharPrevA
CharUpperBuffA
wsprintfA
PostQuitMessage
MessageBeep
IsDlgButtonChecked
CheckDlgButton
CreateDialogIndirectParamW
DialogBoxIndirectParamW
MapDialogRect
SetActiveWindow
GetCursorPos
SetWindowRgn
GetActiveWindow
GetWindowPlacement
IsZoomed
SetForegroundWindow
BringWindowToTop
CharLowerA
GetWindowThreadProcessId
DestroyIcon
LockSetForegroundWindow
EqualRect
TrackPopupMenu
SetMenuItemInfoW
GetMenuItemCount
EnableMenuItem
AppendMenuW
UnregisterClassA
SendMessageW
GetDlgItem
SetWindowTextW
SetMenuInfo
CreatePopupMenu
DestroyMenu
KillTimer
SetTimer
IsWindowVisible
CopyRect
GetWindowDC
ShowWindow
GetSystemMetrics
DrawTextW
SystemParametersInfoW
DrawFocusRect
PostMessageA
WaitForInputIdle
SetDlgItemTextA
SetWindowTextA
DialogBoxParamA
MessageBoxA
LoadCursorA
IsIconic
SendMessageA
GetDesktopWindow
MessageBoxW
EnableWindow
SetCursor
LoadCursorW
EndDialog
SetWindowLongW
EnumWindows
RegisterWindowMessageW
SendMessageTimeoutW
GetSysColorBrush
GetClassNameW
GetWindowTextW
GetMessageW
IsWindowEnabled
DefWindowProcW
GetClassInfoExW
RegisterClassExW
CreateWindowExW
DestroyWindow
DestroyAcceleratorTable
GetSysColor
BeginPaint
FillRect
EndPaint
IsChild
GetFocus
SetFocus
IsWindow
RedrawWindow
CharNextW
CreateAcceleratorTableW
ClientToScreen
ScreenToClient
MoveWindow
SetCapture
ReleaseCapture
InvalidateRgn
GetWindowTextLengthW
GetUpdateRect
FindWindowExW
CallWindowProcW
GetKeyState
InflateRect
PostThreadMessageW
LoadImageW
PostMessageW
PeekMessageW
SetWindowPos
MapWindowPoints
GetClientRect
GetWindow
GetWindowLongW
InvalidateRect
OffsetRect
PtInRect
ReleaseDC
GetDC
GetWindowRect
MonitorFromRect
GetMonitorInfoW
MonitorFromPoint
GetParent
DialogBoxParamW
DispatchMessageW
TranslateMessage
IsDialogMessageW

gdi32

SetBkColor
GetBkColor
CreateRoundRectRgn
MoveToEx
GetDeviceCaps
CreateFontIndirectW
GetPixel
CombineRgn
CreateRectRgn
SetBitmapDimensionEx
ExcludeClipRect
GetBitmapDimensionEx
LineTo
GetObjectA
GetObjectW
SelectClipRgn
DeleteObject
RestoreDC
SetBkMode
SaveDC
SetTextColor
SetLayout
GetLayout
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
BitBlt
DeleteDC
Rectangle
SelectObject
GetStockObject
CreatePen
GetTextExtentPoint32W

comdlg32

GetSaveFileNameA

advapi32

RegFlushKey
RegSetValueExW
RegQueryValueExW
SetNamedSecurityInfoW
SetEntriesInAclW
BuildExplicitAccessWithNameW
GetNamedSecurityInfoW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegOpenKeyExW
RegNotifyChangeKeyValue

shell32

SHGetMalloc
SHGetPathFromIDListW
SHBrowseForFolderW
CommandLineToArgvW
SHFileOperationW
SHChangeNotify
SHGetFolderPathW
SHCreateDirectoryExW
ShellExecuteW

ole32

CLSIDFromString
OleInitialize
CoInitializeEx
CoUninitialize
CoTaskMemAlloc
StringFromGUID2
CoCreateInstance
OleUninitialize
CLSIDFromProgID
OleRun
OleLockRunning
CreateStreamOnHGlobal
CoGetClassObject

oleaut32

DispCallFunc
SysFreeString
VariantInit
VariantClear
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
SysAllocString
VariantChangeType
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
SysStringLen
GetErrorInfo

Sections

.text
Size: 596KB - Virtual size: 595KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
下载说明.htm
.html .js polyglot

Sharing

General

Malware Config

Signatures

Files

cb7947cd7996e589bb8ff116e77fabc4

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

75:37:98:be:7f:17:9e:a9:62:92:57:13:e8:e5:a5:8cCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

riched20

comctl32

version

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 596KB - Virtual size: 595KB

.rdata Size: 100KB - Virtual size: 98KB

.data Size: 36KB - Virtual size: 42KB

.rsrc Size: 3.9MB - Virtual size: 3.9MB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

75:37:98:be:7f:17:9e:a9:62:92:57:13:e8:e5:a5:8c
Certificate

.text
Size: 596KB - Virtual size: 595KB

.rdata
Size: 100KB - Virtual size: 98KB

.data
Size: 36KB - Virtual size: 42KB

.rsrc
Size: 3.9MB - Virtual size: 3.9MB