44f2b278a7b08954fd830ff9edb6910a

Sharing

Copy URL Twitter E-mail

General

Target

44f2b278a7b08954fd830ff9edb6910a
Size

308KB
MD5

44f2b278a7b08954fd830ff9edb6910a
SHA1

6473c0d86f5aecb227b05c1843b39300a7fe4ae4
SHA256

1144755054c5a414c4c632be380da832d51159742a9f4fc5923d3b5f031b8389
SHA512

d83c406fa94c2004dca553986a49ceabae9f05162d38f06fc25875641f1c567e48e91a2648c189d8f20131eab784afce3ca6ff5ab81bd08aa605eccc773f2d8e
SSDEEP

6144:Ih0qKMVJZKq7ZigEpSemEPSTxRyXxi9UF+4ZKLQAOZ+SBMmxu/q:PqKMViq7ZiLpSemEPS9chxlckxu

Score

1^/10

Malware Config

Signatures

Files

44f2b278a7b08954fd830ff9edb6910a
.exe windows:5 windows x86 arch:x86

888258e1acc3ee4372b592d9b3833ce2

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4d:1f:75:09:57:03:d7:81:12:87:68:7a:d7:75:82:4d:50:61:30:90
Signer

Actual PE Digest

4d:1f:75:09:57:03:d7:81:12:87:68:7a:d7:75:82:4d:50:61:30:90

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

UuidToStringA
UuidCreateSequential
RpcStringFreeA

netapi32

Netbios

kernel32

WriteFile
CopyFileW
DeleteFileW
LoadLibraryW
GetProcAddress
FreeLibrary
LocalFree
lstrlenW
WideCharToMultiByte
GetLastError
lstrlenA
CreateMutexW
GetModuleHandleW
GetCurrentThreadId
GetTempPathW
GetVolumeInformationW
GetLongPathNameW
IsBadReadPtr
GetFileAttributesW
SetFileAttributesW
FindFirstFileW
FindClose
FindNextFileW
RemoveDirectoryW
CreateDirectoryW
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameW
GetVersionExW
GetSystemInfo
GetSystemDefaultLangID
VirtualQuery
InitializeCriticalSectionAndSpinCount
SetFilePointerEx
RaiseException
HeapAlloc
GetProcessHeap
HeapReAlloc
HeapFree
IsBadWritePtr
GetSystemDirectoryW
CreatePipe
DuplicateHandle
GetCurrentProcess
CreateProcessW
ReadFile
DeviceIoControl
CreateFileA
SetFilePointer
SetEndOfFile
InterlockedCompareExchange
GetPrivateProfileIntA
CreateDirectoryA
InterlockedExchange
GetPrivateProfileStringA
SwitchToThread
MoveFileW
GetLocalTime
GetFileAttributesExW
WaitForSingleObject
GetExitCodeProcess
MoveFileExW
CreateEventW
SetEvent
GetTickCount
UnhandledExceptionFilter
GetModuleFileNameA
HeapSetInformation
DecodePointer
EncodePointer
HeapSize
HeapDestroy
CreateFileW
GetFileSize
CloseHandle
FindResourceExW
LoadResource
FindResourceW
LockResource
SizeofResource
MultiByteToWideChar
Sleep
LeaveCriticalSection
EnterCriticalSection
GetStartupInfoW
TerminateProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
IsProcessorFeaturePresent

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetFolderPathA
ShellExecuteExW
SHCreateDirectoryExW
SHGetSpecialFolderPathW

ole32

CoCreateInstance
CoFreeUnusedLibrariesEx
CoCreateGuid
StringFromGUID2
CoUninitialize
CoInitialize
CoTaskMemFree

oleaut32

SysAllocString
VariantClear
VariantInit

shlwapi

PathAddBackslashW
wnsprintfW
PathFileExistsW
PathFindExtensionW
PathAppendW
PathRemoveFileSpecW
PathFindFileNameA

msvcp100

?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?uncaught_exception@std@@YA_NXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
?_BADOFF@std@@3_JB
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ
??1_Container_base12@std@@QAE@XZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z

msvcr100

_vscprintf
_CxxThrowException
_mktime64
wcsncmp
_time64
srand
rand
_beginthreadex
strstr
_time32
_purecall
realloc
_vsnwprintf_s
isprint
tolower
isspace
strncmp
vsprintf_s
_controlfp_s
_invoke_watson
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__CxxFrameHandler3
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
??3@YAXPAX@Z
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
wcslen
memcpy
wmemcpy_s
memmove
strlen
memcpy_s
memset
??0exception@std@@QAE@ABV01@@Z
??2@YAPAXI@Z
??_V@YAXPAX@Z
_wcsicmp
wcsnlen
memmove_s
_vscwprintf
vswprintf_s
?what@exception@std@@UBEPBDXZ
free
_recalloc
calloc
_wtol
wcschr
wcscpy_s
atoi
_wtoi
malloc
_waccess
wcsrchr
_wcsupr_s
_wsplitpath_s
swscanf_s
_wfopen_s
fread
fclose
_itoa_s
_snwprintf_s
_snprintf_s
wcsncpy_s
memcmp
wcsncat_s
strchr
isalnum
_stricmp
_wmkdir
_wstat64
_strnset_s
strncpy_s
strnlen
_mbschr
_mbsstr
_mbslwr_s
strtoul
_unlock

ws2_32

recv
sendto
setsockopt
WSAGetLastError
select
inet_addr
getpeername
ioctlsocket
connect
inet_ntoa
WSAStartup
bind
recvfrom
htons
htonl
ntohl
ntohs
accept
listen
send
gethostbyname
socket
__WSAFDIsSet
closesocket

iphlpapi

GetIpForwardTable

winhttp

WinHttpCrackUrl
WinHttpCloseHandle
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpOpenRequest
WinHttpConnect
WinHttpSetOption
WinHttpOpen

zlib

inflateEnd
inflateInit2_
crc32
inflate

Exports

Exports

??0_Mutex@std@@QAE@W4_Uninitialized@1@@Z
??4_Init_locks@std@@QAEAAV01@ABV01@@Z

Sections

.text
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.QMGuid
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

qmnet
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

888258e1acc3ee4372b592d9b3833ce2

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0eCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

4d:1f:75:09:57:03:d7:81:12:87:68:7a:d7:75:82:4d:50:61:30:90Signer

Headers

DLL Characteristics

File Characteristics

Imports

rpcrt4

netapi32

kernel32

advapi32

shell32

ole32

oleaut32

shlwapi

msvcp100

msvcr100

ws2_32

iphlpapi

winhttp

zlib

Exports

Exports

Sections

.text Size: 196KB - Virtual size: 196KB

.rdata Size: 44KB - Virtual size: 43KB

.data Size: 8KB - Virtual size: 9KB

.QMGuid Size: 512B - Virtual size: 20B

qmnet Size: 512B - Virtual size: 32B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 56KB - Virtual size: 56KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

4d:1f:75:09:57:03:d7:81:12:87:68:7a:d7:75:82:4d:50:61:30:90
Signer

.text
Size: 196KB - Virtual size: 196KB

.rdata
Size: 44KB - Virtual size: 43KB

.data
Size: 8KB - Virtual size: 9KB

.QMGuid
Size: 512B - Virtual size: 20B

qmnet
Size: 512B - Virtual size: 32B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 56KB - Virtual size: 56KB