3b808662f4e4cfb373565730c27e7b5f

Sharing

Copy URL Twitter E-mail

General

Target

3b808662f4e4cfb373565730c27e7b5f
Size

39KB
MD5

3b808662f4e4cfb373565730c27e7b5f
SHA1

5f010d2b9ec65b538e349d4b6612fd99d86e0419
SHA256

2429d9bd591199aedde9f1b39071dd48701d233f3b0a94e81146dd3bb2864200
SHA512

6e9ac21285e7345c452ef70c545b6a73ebc3567c0e90575135dd74eaa335dffa3c5fb45cbb9cc024c7476048cf1ce30c533cdd9d6d96c4dfe4ee36f086298c60
SSDEEP

384:nf+6sRNNq/T8eOrTZs3ElktPb+g0om/CayKyWWKuFKNKIkYENPDKjMCpqBYj5Q/y:W6sRO+Zmtad99IsKIkXpXlE5Ab22

Score

1^/10

Malware Config

Signatures

Files

3b808662f4e4cfb373565730c27e7b5f
.exe windows:4 windows x86 arch:x86

811870f6377020b4f0fdc36945d857f2

Code Sign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

11:21:df:76:75:aa:a0:8d:1b:49:a8:3a:48:0f:14:85:5d:24
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

22/02/2012, 09:18

Not After

22/02/2015, 09:18

Subject

CN=Baidu (China) Co.\, Ltd.,O=Baidu (China) Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileW
lstrcatW
FindFirstFileW
lstrcpyW
RemoveDirectoryW
CreateProcessW
SetCurrentDirectoryW
CopyFileW
GetTempPathW
GetModuleFileNameW
FreeLibrary
GetProcAddress
LoadLibraryW
GetCurrentDirectoryW
GetWindowsDirectoryW
lstrlenW
GetFileAttributesW
CloseHandle
WaitForSingleObject
Sleep
FindNextFileW
CreateEventW
TerminateProcess
InterlockedIncrement
InterlockedDecrement
VirtualFree
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess
SetErrorMode
VirtualAlloc
GetSystemInfo
SetEvent
IsBadReadPtr
GetStartupInfoW
GetModuleHandleW
FindClose
MoveFileExW
GetThreadLocale
GetLastError
LCMapStringW

user32

DestroyIcon
DialogBoxParamW
GetActiveWindow
wsprintfW
MessageBoxW
IsWindow
FindWindowExW
EndDialog
RegisterWindowMessageW
SendMessageW
MapWindowPoints
GetWindowLongW
GetParent
GetWindow
GetWindowRect
SystemParametersInfoW
GetClientRect
GetDlgItem
SetWindowPos
SetWindowLongW
DefWindowProcW
LoadIconW
SetClassLongW
CheckDlgButton
SetDlgItemTextW
SetWindowTextW
IsDlgButtonChecked

advapi32

RegQueryValueExW
RegDeleteKeyW
RegOpenKeyExW
RegCloseKey

shell32

SHGetSpecialFolderPathW
ShellExecuteW

ole32

CoUninitialize
CoInitialize

wininet

HttpSendRequestW
InternetCrackUrlW
InternetConnectW
HttpOpenRequestW
InternetOpenW
InternetCloseHandle
InternetSetStatusCallbackW

msvcrt

_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
_wcslwr
wcscpy
memset
_except_handler3
vswprintf
malloc
realloc
wcsstr
free
memcpy
wcslen
__p__fmode
__set_app_type
_controlfp
__p__commode
wcschr
wcsncpy
wcscat
wcsrchr

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

811870f6377020b4f0fdc36945d857f2

Code Sign

04:00:00:00:00:01:2f:4e:e1:35:5cCertificate

Extended Key Usages

Key Usages

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

11:21:df:76:75:aa:a0:8d:1b:49:a8:3a:48:0f:14:85:5d:24Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

wininet

msvcrt

Sections

.text Size: 11KB - Virtual size: 11KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 5KB - Virtual size: 5KB

.rsrc Size: 18KB - Virtual size: 84KB

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

11:21:df:76:75:aa:a0:8d:1b:49:a8:3a:48:0f:14:85:5d:24
Certificate

.text
Size: 11KB - Virtual size: 11KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 18KB - Virtual size: 84KB