48a1a734f7715133634ddb83ca3d465b

Sharing

Copy URL Twitter E-mail

General

Target

48a1a734f7715133634ddb83ca3d465b
Size

725KB
MD5

48a1a734f7715133634ddb83ca3d465b
SHA1

995ce9b1da213014460cdf5d65704d085ecde9cf
SHA256

105e4491cb1fbbc71b6724c768b7c204456b94f9a20891a1183fc3eb1ca331b5
SHA512

d9467d75e1f1c7bda12c0beb8c378827b075968c1f2beef11e9aec3079a735afc229717932a9289254d3f7dd43377dfc7ec6e623364eb3d447f1e039861269bb
SSDEEP

12288:hYj5Don/2QOyHjOW+xUshbIZfSyc8nCgpZihcr0n1Nddw7+++++++++++++++++C:s5DwelG+xjVycKCgpZihRn1Nk++++++M

Score

1^/10

Malware Config

Signatures

Files

48a1a734f7715133634ddb83ca3d465b
.exe windows:5 windows x86 arch:x86

33c4861c951a8febc7d7c73caa94aeea

Code Sign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

46:c1:8f:66:01:63:3d:ae:52:ff:d9:a4:fa:16:2f:40
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

19/11/2013, 00:00

Not After

09/02/2017, 23:59

Subject

CN=BEIJING QIYI CENTURY SCIENCE&TECHNOLOGY CO.\,LTD.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=TECHNOLOGY PRODUCTS DEPARTMENT,O=BEIJING QIYI CENTURY SCIENCE&TECHNOLOGY CO.\,LTD.,L=BEIJING,ST=BEIJING,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a3:94:68:b6:88:fd:8a:1b:90:a8:37:ae:92:66:14:4c:59:ad:de:b4
Signer

Actual PE Digest

a3:94:68:b6:88:fd:8a:1b:90:a8:37:ae:92:66:14:4c:59:ad:de:b4

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindClose
MoveFileA
LockResource
DeleteFileA
MultiByteToWideChar
GetModuleFileNameA
GetPrivateProfileIntA
GetVersionExA
CreateProcessA
CloseHandle
OutputDebugStringA
GetFullPathNameW
GetFullPathNameA
HeapReAlloc
GetFileSize
CreateMutexW
SetFilePointer
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
FreeLibrary
HeapAlloc
SystemTimeToFileTime
QueryPerformanceCounter
HeapFree
WaitForSingleObject
InterlockedCompareExchange
UnlockFile
LockFile
OutputDebugStringW
GetTickCount
UnlockFileEx
GetProcessHeap
GetSystemTimeAsFileTime
FormatMessageA
InitializeCriticalSection
LoadLibraryW
FormatMessageW
HeapDestroy
LeaveCriticalSection
GetFileAttributesA
HeapCreate
HeapValidate
GetFileAttributesW
ReadFile
CreateFileW
FlushFileBuffers
GetTempPathW
GetProcAddress
HeapSize
LockFileEx
EnterCriticalSection
GetDiskFreeSpaceW
LoadLibraryA
CreateFileMappingA
CreateFileMappingW
GetDiskFreeSpaceA
GetSystemInfo
GetFileAttributesExW
DeleteCriticalSection
DeleteFileW
GetCurrentProcessId
GetTempPathA
LocalFree
GetSystemTime
AreFileApisANSI
MoveFileExA
SetEnvironmentVariableA
CompareStringW
GetLastError
FindFirstFileA
SizeofResource
WideCharToMultiByte
FindResourceExA
WriteFile
LoadResource
FindResourceA
CreateFileA
Sleep
GetModuleFileNameW
CompareStringA
GetModuleHandleA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetEnvironmentStringsW
FreeEnvironmentStringsW
RaiseException
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
RtlUnwind
GetCPInfo
LCMapStringA
LCMapStringW
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
ExitProcess
GetACP
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
SetHandleCount
GetStdHandle
GetFileType
GetStringTypeA
GetStringTypeW
VirtualFree
VirtualAlloc
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings

advapi32

RegCloseKey
RegOpenKeyA
RegOpenKeyExW
RegOpenKeyExA
RegCreateKeyExA
RegCreateKeyA
RegDeleteKeyW
RegQueryValueExA
RegCreateKeyExW
RegSetValueExA
RegSetValueExW

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc
SHGetFolderPathA

wininet

InternetQueryOptionA
InternetSetOptionA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 520KB - Virtual size: 520KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

�(�
Size: 77KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

33c4861c951a8febc7d7c73caa94aeea

Code Sign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

46:c1:8f:66:01:63:3d:ae:52:ff:d9:a4:fa:16:2f:40Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

a3:94:68:b6:88:fd:8a:1b:90:a8:37:ae:92:66:14:4c:59:ad:de:b4Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

wininet

version

Sections

.text Size: 520KB - Virtual size: 520KB

.rdata Size: 58KB - Virtual size: 58KB

.data Size: 9KB - Virtual size: 19KB

.rsrc Size: 28KB - Virtual size: 27KB

.reloc Size: 25KB - Virtual size: 24KB

�(� Size: 77KB - Virtual size: 80KB

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

46:c1:8f:66:01:63:3d:ae:52:ff:d9:a4:fa:16:2f:40
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

a3:94:68:b6:88:fd:8a:1b:90:a8:37:ae:92:66:14:4c:59:ad:de:b4
Signer

.text
Size: 520KB - Virtual size: 520KB

.rdata
Size: 58KB - Virtual size: 58KB

.data
Size: 9KB - Virtual size: 19KB

.rsrc
Size: 28KB - Virtual size: 27KB

.reloc
Size: 25KB - Virtual size: 24KB

�(�
Size: 77KB - Virtual size: 80KB