43b42e3c90a9a4a1c789767d597e4d39

Sharing

Copy URL Twitter E-mail

General

Target

43b42e3c90a9a4a1c789767d597e4d39
Size

279KB
MD5

43b42e3c90a9a4a1c789767d597e4d39
SHA1

0691f299ac5632db4e3a4d40ad76dc2360f4de35
SHA256

40c74b00ed3ddcb7a40a19fba3b8bacd53947d1ea0a2f6478d06c75e73fb00e2
SHA512

99725f4d7843dd15a3d98199d9f0396df94b0835153beedfdcb620d0ccd3beb9de1759fbfb93a40e201255ae2b1ed68a79fb38929ce95aef9f13c179dc2d96be
SSDEEP

6144:S0Jpbow6wrQrZs/axE/GpI7lmXopiLABq3sBLbfIhIRs0tXLZDdbhxcJ9G:RJOw6wrQrZs/axE/GpI7lmXopiLABq3R

Score

1^/10

Malware Config

Signatures

Files

43b42e3c90a9a4a1c789767d597e4d39
.dll windows:5 windows x86 arch:x86

217e7fd9910d71ab9bbee408e8b05ed7

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6b:66:9b:73:b2:5f:87:63:b3:33:78:e5
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

13/07/2016, 09:16

Not After

21/07/2019, 08:09

Subject

CN=深圳市为爱普信息技术有限公司,OU=IT Dept.,O=深圳市为爱普信息技术有限公司,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

49:26:24:17:81:9c:53:c2:84:d7:b4:d3:b2:cc:62:13:2b:36:df:ad
Signer

Actual PE Digest

49:26:24:17:81:9c:53:c2:84:d7:b4:d3:b2:cc:62:13:2b:36:df:ad

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

libeay32

ord2202
ord3846
ord227
ord84
ord248
ord2203
ord3823
ord943
ord504
ord2131
ord2111
ord671
ord95
ord281
ord486
ord1973
ord673
ord52
ord283
ord669
ord150
ord1954
ord670
ord664
ord674
ord1253
ord421
ord633
ord541
ord8
ord161
ord419
ord1175
ord1508
ord279
ord668
ord3686
ord1177
ord333
ord129
ord641
ord78
ord400
ord1882
ord53
ord4445
ord401
ord484
ord66
ord98
ord503
ord502

ssleay32

ord155
ord63
ord77
ord72
ord58
ord170
ord48
ord8
ord78
ord86
ord94
ord25
ord83
ord28
ord12
ord96
ord75
ord125
ord108

kernel32

GetCurrentThreadId
ExitProcess
CreateThread
CancelIo
DeviceIoControl
GetOverlappedResult
CreateEventA
DeleteCriticalSection
EnterCriticalSection
InterlockedExchange
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
FormatMessageA
GetTickCount
CloseHandle
LockFileEx
GetLastError
UnlockFileEx
FreeLibrary
CreateDirectoryA
MultiByteToWideChar
Sleep
ReleaseSemaphore
PostQueuedCompletionStatus
CreateIoCompletionPort
TryEnterCriticalSection
SetEvent
ResetEvent
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
DisableThreadLibraryCalls
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetVersion
GetQueuedCompletionStatus
InitializeCriticalSectionAndSpinCount
CreateFileA
IsDebuggerPresent
CreateSemaphoreA

advapi32

CryptAcquireContextA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
CryptGenRandom

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetSpecialFolderPathA

ole32

CoTaskMemFree

msvcr90

memcpy
_tempnam
_strnicmp
_unlink
_except_handler4_common
_onexit
_lock
_wassert
strcpy_s
sscanf
strncmp
strstr
strncpy
toupper
_ftelli64
free
malloc
strerror
_fseeki64
_errno
fopen
fread
fclose
sprintf_s
__iob_func
vsprintf_s
printf
rand
srand
fwrite
strrchr
vfprintf
_time64
remove
realloc
strchr
fprintf
getenv
rename
sprintf
_access
tolower
strtok
strtoul
_stat64i32
_snprintf
calloc
exit
_beginthreadex
atoi
_stricmp
_vscprintf
perror
isspace
abort
memmove
_close
strtol
isdigit
_strdup
_beginthread
_open
_read
memset
_vsnprintf
_ftime64
_fstat64
_getpid
signal
_encode_pointer
_malloc_crt
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit

setupapi

SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA

libplist2

plist_from_xml
plist_new_dict
plist_access_path
plist_to_xml
plist_to_bin
plist_new_bool
plist_get_bool_val
plist_new_uint
plist_dict_get_item
plist_dict_set_item
plist_get_string_val
plist_get_uint_val
plist_free
plist_get_node_type
plist_set_uint_val
plist_compare_node_value
plist_from_bin
plist_new_array
plist_array_append_item
plist_array_insert_item
plist_get_data_val
plist_dict_next_item
plist_dict_new_iter
plist_dict_get_size
plist_array_get_size
plist_dict_remove_item
plist_new_data
plist_array_get_item
plist_new_string
plist_copy

libcurl

curl_easy_perform
curl_easy_cleanup
curl_easy_init
curl_slist_append
curl_slist_free_all
curl_easy_setopt

libzip

zip_add
zip_source_free
zip_source_buffer
zip_get_num_files
zip_delete
zip_get_name
zip_replace
zip_strerror
zip_fclose
zip_open_w
zip_stat_init
zip_close
zip_name_locate
zip_unchange_all
zip_fread
zip_fopen_index
zip_stat_index

ws2_32

ntohl
sendto
WSAGetOverlappedResult
WSASetLastError
ioctlsocket
WSARecv
WSASend
connect
htonl
select
WSAGetLastError
shutdown
setsockopt
recv
bind
socket
closesocket
gethostbyname
send
listen
accept
htons
ntohs
getsockname
getnameinfo
WSAStartup
WSACleanup
WSAIoctl
getsockopt
getprotobynumber
getservbyname
freeaddrinfo
getaddrinfo
recvfrom

Exports

Exports

ios_get_product_type
ios_restore_data

Sections

.text
Size: 194KB - Virtual size: 193KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

217e7fd9910d71ab9bbee408e8b05ed7

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cdCertificate

Extended Key Usages

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

6b:66:9b:73:b2:5f:87:63:b3:33:78:e5Certificate

Extended Key Usages

Key Usages

49:26:24:17:81:9c:53:c2:84:d7:b4:d3:b2:cc:62:13:2b:36:df:adSigner

Headers

DLL Characteristics

File Characteristics

Imports

libeay32

ssleay32

kernel32

advapi32

shell32

ole32

msvcr90

setupapi

libplist2

libcurl

libzip

ws2_32

Exports

Exports

Sections

.text Size: 194KB - Virtual size: 193KB

.rdata Size: 51KB - Virtual size: 51KB

.data Size: 5KB - Virtual size: 10KB

.rsrc Size: 1024B - Virtual size: 688B

.reloc Size: 20KB - Virtual size: 20KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

6b:66:9b:73:b2:5f:87:63:b3:33:78:e5
Certificate

49:26:24:17:81:9c:53:c2:84:d7:b4:d3:b2:cc:62:13:2b:36:df:ad
Signer

.text
Size: 194KB - Virtual size: 193KB

.rdata
Size: 51KB - Virtual size: 51KB

.data
Size: 5KB - Virtual size: 10KB

.rsrc
Size: 1024B - Virtual size: 688B

.reloc
Size: 20KB - Virtual size: 20KB