40a40c3beece474b2be3398fc841650b

Sharing

Copy URL Twitter E-mail

General

Target

40a40c3beece474b2be3398fc841650b
Size

137KB
MD5

40a40c3beece474b2be3398fc841650b
SHA1

52dc759453f31ad4ed2356ada492625824732ec5
SHA256

05820eb428979eba29b973514cde3f1e33551c97824d479a2406585b00ab8bf4
SHA512

75c9b665cfb6f63f0a58a0acdecf2f562c2291a350f40bdbd16f6da9d1f7221476da6e6cb44f625d1c33c504c503b625dd1874241f3c05b3336156e768dc88de
SSDEEP

3072:Ul3bZJJSDl5UhTJJniIhmE9IDZJ6+dUyT4gVM3hHs1MPw1t449:UlzJu2TJZIE9MZJ6E43hHs1MPw1t44

Score

1^/10

Malware Config

Signatures

Files

40a40c3beece474b2be3398fc841650b
.exe windows:5 windows x64 arch:x64

89abb49c1a787bd191d13bf3c3bf33bf

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

34:8a:4d:46:c9:a1:a9:ed:c2:b4:81:84:65:a6:6b:ed
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/05/2014, 00:00

Not After

21/06/2016, 23:59

Subject

CN=TAOBAO (CHINA) SOFTWARE CO.\,LTD.,OU=RDC,O=TAOBAO (CHINA) SOFTWARE CO.\,LTD.,L=Hangzhou,ST=Zhejiang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e9:eb:ee:a2:7f:f9:34:ae:d8:e3:15:f8:0c:8c:66:f8:16:97:8b:bb
Signer

Actual PE Digest

e9:eb:ee:a2:7f:f9:34:ae:d8:e3:15:f8:0c:8c:66:f8:16:97:8b:bb

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shlwapi

PathRemoveFileSpecW
PathAppendW

kernel32

HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetCurrentProcess
FindResourceExW
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadResource
LockResource
SizeofResource
FindResourceW
Sleep
FreeLibrary
LoadLibraryW
OpenProcess
WaitForMultipleObjects
GetCommandLineW
SetLastError
EnterCriticalSection
LeaveCriticalSection
SetEvent
WaitForSingleObject
CreateMutexW
CreateEventW
CreateThread
GetCurrentThreadId
FlushInstructionCache
LocalFree
SetDllDirectoryW
HeapDestroy
GetLastError
RaiseException
CloseHandle
DecodePointer
TlsFree
GetStartupInfoW
VirtualAlloc
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
CreateFileW
FlushFileBuffers
WriteConsoleW
SetStdHandle
OutputDebugStringW
SetFilePointerEx
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetConsoleMode
GetConsoleCP
GetStringTypeW
LCMapStringW
RtlVirtualUnwind
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
WriteFile
GetFileType
GetStdHandle
VirtualFree
LoadLibraryExA
EncodePointer
ExitThread
LoadLibraryExW
IsDebuggerPresent
IsProcessorFeaturePresent
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
RtlCaptureContext

advapi32

RegCloseKey
RegQueryInfoKeyW
RegOpenKeyExW
RegDeleteKeyW

ole32

StringFromGUID2
CoReleaseServerProcess
CoAddRefServerProcess
CoResumeClassObjects
CoRevokeClassObject
CoRegisterClassObject
CoInitializeEx
CoUninitialize
CoCreateInstance

oleaut32

SysStringLen
UnRegisterTypeLi
RegisterTypeLi
LoadTypeLi
SysFreeString
SysAllocString

user32

LoadCursorW
SetWindowLongPtrW
GetWindowLongPtrW
CharNextW
CharUpperW
IsWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
CallWindowProcW
PostQuitMessage
PostThreadMessageW
DispatchMessageW
TranslateMessage
GetMessageW
GetWindowThreadProcessId
PostMessageW
FindWindowW
UnregisterClassW
RegisterWindowMessageW
DefWindowProcW

comctl32

InitCommonControlsEx

Sections

.text
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

��
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

89abb49c1a787bd191d13bf3c3bf33bf

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

34:8a:4d:46:c9:a1:a9:ed:c2:b4:81:84:65:a6:6b:edCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

e9:eb:ee:a2:7f:f9:34:ae:d8:e3:15:f8:0c:8c:66:f8:16:97:8b:bbSigner

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

advapi32

ole32

oleaut32

user32

comctl32

Sections

.text Size: 69KB - Virtual size: 68KB

.rdata Size: 39KB - Virtual size: 39KB

.data Size: 7KB - Virtual size: 16KB

.pdata Size: 4KB - Virtual size: 3KB

.rsrc Size: 2KB - Virtual size: 1KB

�� Size: 2KB - Virtual size: 2KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

34:8a:4d:46:c9:a1:a9:ed:c2:b4:81:84:65:a6:6b:ed
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

e9:eb:ee:a2:7f:f9:34:ae:d8:e3:15:f8:0c:8c:66:f8:16:97:8b:bb
Signer

.text
Size: 69KB - Virtual size: 68KB

.rdata
Size: 39KB - Virtual size: 39KB

.data
Size: 7KB - Virtual size: 16KB

.pdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 2KB - Virtual size: 1KB

��
Size: 2KB - Virtual size: 2KB