3bb4db2497694d234e34e285d5315391

Sharing

Copy URL Twitter E-mail

General

Target

3bb4db2497694d234e34e285d5315391
Size

300KB
MD5

3bb4db2497694d234e34e285d5315391
SHA1

61a5a616178a939beb482d59044fb12583da5922
SHA256

143a4cfcc38e37ac68ff62b8a3937e98c43996bf6c774d9c813321a98e1df6ac
SHA512

941beee91bd7dc62cd659d1e3202b1ef1718bc3f9b480ff5532481b2004aa110ffc67a725dc188eef6e1ee55339985a1a565bb00c8dbde27cee8ff0fc206c22b
SSDEEP

6144:nTxxgfVxIi5Vca2eDrRTBqFhszD3JOzfq4McDN7I7tIWA:Tx2fv526DrRTsFhs/d4Mcp7IJ

Score

1^/10

Malware Config

Signatures

Files

3bb4db2497694d234e34e285d5315391
.exe windows:4 windows x86 arch:x86

637df51cae655fac645d6f32c086920e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

30/09/2010, 00:00

Not After

01/01/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ce:e4:ce:e3:31:52:d4:2c:a6:2a:52:b2:7b:2d:00:33:dd:4f:2b:85
Signer

Actual PE Digest

ce:e4:ce:e3:31:52:d4:2c:a6:2a:52:b2:7b:2d:00:33:dd:4f:2b:85

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

dbghelp

SymGetModuleInfoW
SymLoadModule
SymInitialize
SymSetOptions
SymCleanup

wininet

InternetOpenA
InternetCloseHandle
InternetReadFile
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenUrlA

psapi

GetModuleFileNameExW
GetModuleFileNameExA

comctl32

ImageList_Create
ImageList_ReplaceIcon
InitCommonControlsEx

tinyxml

??1TiXmlDocument@@UAE@XZ
?Print@TiXmlDocument@@UBEXPAU_iobuf@@H@Z
?Parse@TiXmlDocument@@UAEPBDPBDPAVTiXmlParsingData@@W4TiXmlEncoding@@@Z
?ToDocument@TiXmlDocument@@UAEPAV1@XZ
?ToDocument@TiXmlDocument@@UBEPBV1@XZ
?ToElement@TiXmlNode@@UAEPAVTiXmlElement@@XZ
?ToComment@TiXmlNode@@UAEPAVTiXmlComment@@XZ
?ToComment@TiXmlNode@@UBEPBVTiXmlComment@@XZ
?ToUnknown@TiXmlNode@@UAEPAVTiXmlUnknown@@XZ
?ToUnknown@TiXmlNode@@UBEPBVTiXmlUnknown@@XZ
?ToText@TiXmlNode@@UAEPAVTiXmlText@@XZ
??0TiXmlDocument@@QAE@XZ
?ToText@TiXmlNode@@UBEPBVTiXmlText@@XZ
?ToDeclaration@TiXmlNode@@UAEPAVTiXmlDeclaration@@XZ
?RootElement@TiXmlDocument@@QAEPAVTiXmlElement@@XZ
?ToDeclaration@TiXmlNode@@UBEPBVTiXmlDeclaration@@XZ
?Clone@TiXmlDocument@@MBEPAVTiXmlNode@@XZ
?FirstChildElement@TiXmlNode@@QAEPAVTiXmlElement@@XZ
?Accept@TiXmlDocument@@UBE_NPAVTiXmlVisitor@@@Z
?Value@TiXmlNode@@QBEPBDXZ
?NextSiblingElement@TiXmlNode@@QAEPAVTiXmlElement@@XZ
?GetText@TiXmlElement@@QBEPBDXZ
?LoadFile@TiXmlDocument@@QAE_NPB_WW4TiXmlEncoding@@@Z
?Attribute@TiXmlElement@@QBEPBDPBD@Z
?ToElement@TiXmlNode@@UBEPBVTiXmlElement@@XZ

kernel32

HeapDestroy
HeapReAlloc
GetVersionExA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
InterlockedCompareExchange
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapSize
DeviceIoControl
QueryPerformanceCounter
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
MoveFileW
VirtualQuery
SetFileAttributesW
GetSystemTimeAsFileTime
GetCurrentProcess
GetProcessTimes
GetCurrentThreadId
GetCurrentProcessId
GetModuleHandleW
HeapAlloc
GetProcessHeap
VirtualProtect
CloseHandle
HeapFree
GetTickCount
SetCurrentDirectoryW
lstrcatW
DeleteFileW
CopyFileW
LoadLibraryW
FindFirstFileW
GetExitCodeProcess
FindNextFileW
VirtualQueryEx
TerminateProcess
FindClose
CreateFileA
SetEvent
lstrcpyW
WaitForSingleObject
CreateProcessW
SizeofResource
LockResource
LoadResource
FreeLibrary
FindResourceExW
OpenThread
ReadProcessMemory
FindResourceW
WriteProcessMemory
CreateThread
OpenProcess
GetLastError
lstrlenW
MultiByteToWideChar
GlobalAlloc
IsDBCSLeadByte
GlobalLock
GlobalUnlock
GlobalFree
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
FileTimeToSystemTime
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
ResumeThread
FreeResource
CreateEventW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
Sleep
CreateFileW
WriteFile
DeleteCriticalSection
RaiseException
GetSystemDefaultLCID
GetPrivateProfileIntW
GetTempPathW
WritePrivateProfileStringW
CreateDirectoryW
GetVersionExW
ReadFile
SetFilePointer
GetProcAddress
GetFileSize
GetModuleFileNameW
GetPrivateProfileSectionW
GetThreadSelectorEntry
GetFileAttributesW
GetCommandLineW

user32

GetClassInfoExW
DefWindowProcW
DestroyMenu
TrackPopupMenu
GetWindowThreadProcessId
GetMenuItemCount
CreatePopupMenu
IsWindow
ReleaseDC
GetKeyState
DialogBoxParamW
SetDlgItemTextW
GetWindow
EnableWindow
RegisterClassExW
GetWindowTextW
SendDlgItemMessageW
EmptyClipboard
GetWindowTextLengthW
SetTimer
OpenClipboard
RegisterClipboardFormatW
CallWindowProcW
InvalidateRect
MapDialogRect
GetWindowRect
MapWindowPoints
DrawTextW
SetWindowLongW
GetDC
ClientToScreen
EndPaint
KillTimer
GetSysColorBrush
BeginPaint
GetDesktopWindow
PostMessageW
EndDialog
DrawIconEx
GetDlgItem
GetClientRect
ShowWindow
LoadImageW
SetWindowPos
SetWindowTextW
SendMessageW
LoadIconW
CreateWindowExW
DestroyWindow
UnregisterClassA
SetClipboardData
CloseClipboard

gdi32

SetBkMode
DeleteObject
SelectObject
CreateFontW
GetStockObject
SetTextColor

advapi32

RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW

shell32

ord155
SHBindToParent
SHGetDesktopFolder
SHGetFileInfoW
ShellExecuteW
SHGetSpecialFolderPathW
ShellExecuteExW

ole32

CreateStreamOnHGlobal
OleInitialize
OleUninitialize
DoDragDrop

oleaut32

SysFreeString
SysAllocStringByteLen
SysAllocString
SysStringByteLen
SysStringLen

gdiplus

GdipImageSelectActiveFrame
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipAlloc
GdipFree
GdiplusShutdown
GdiplusStartup
GdipCreateFromHDC
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipLoadImageFromStreamICM
GdipDeleteGraphics
GdipDisposeImage
GdipCloneImage
GdipDrawImageRectI
GdipGetImageHeight
GdipGetImageWidth

shlwapi

PathFileExistsW

msvcp80

??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z

msvcr80

wcschr
_wcslwr_s
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
wcsrchr
memset
wcscmp
??_V@YAXPAX@Z
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??2@YAPAXI@Z
_mbslwr_s
_mbsstr
_snprintf
srand
wcslen
memcpy_s
_purecall
memmove_s
??3@YAXPAX@Z
_vscwprintf
_mbscmp
vswprintf_s
_vscprintf
vsprintf_s
free
__argc
__wargv
wcsncmp
swscanf
_invalid_parameter_noinfo
malloc
memcpy
??0exception@std@@QAE@XZ
_time32
strlen
iswspace
_wcsicmp
memcmp
strcmp
strtoul
_wfopen
fseek
ftell
fwrite
fclose
_lock
_encode_pointer
fprintf
__dllonexit
_unlock
wcscpy
wcscat
_onexit
_decode_pointer
?terminate@@YAXXZ
_amsg_exit
strncpy_s
tolower
sprintf_s
isalnum
_wtoi
_time64
memmove
wcsncpy
iswalnum
iswalpha
iswdigit
_gmtime32
_snwprintf
fread
wcscat_s
wcscpy_s
_mbschr
_mbsicmp
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
_beginthreadex
wcsstr
towlower
strncmp
strchr
strrchr
__CxxFrameHandler3
atoi
isspace
_CxxThrowException

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

crypt32

CertGetNameStringW

wintrust

WTHelperGetProvCertFromChain
WTHelperProvDataFromStateData
WinVerifyTrust
WTHelperGetProvSignerFromChain

iphlpapi

GetAdaptersAddresses
GetAdaptersInfo

netapi32

Netbios

Sections

.text
Size: 132KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

637df51cae655fac645d6f32c086920e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4Certificate

Extended Key Usages

Key Usages

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0eCertificate

Extended Key Usages

Key Usages

ce:e4:ce:e3:31:52:d4:2c:a6:2a:52:b2:7b:2d:00:33:dd:4f:2b:85Signer

Headers

File Characteristics

Imports

version

dbghelp

wininet

psapi

comctl32

tinyxml

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

gdiplus

shlwapi

msvcp80

msvcr80

wtsapi32

crypt32

wintrust

iphlpapi

netapi32

Sections

.text Size: 132KB - Virtual size: 129KB

.rdata Size: 64KB - Virtual size: 61KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 96KB - Virtual size: 96KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

ce:e4:ce:e3:31:52:d4:2c:a6:2a:52:b2:7b:2d:00:33:dd:4f:2b:85
Signer

.text
Size: 132KB - Virtual size: 129KB

.rdata
Size: 64KB - Virtual size: 61KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 96KB - Virtual size: 96KB