4aa43f436f5227d1225a3aed0f43dfde

Sharing

Copy URL Twitter E-mail

General

Target

4aa43f436f5227d1225a3aed0f43dfde
Size

689KB
MD5

4aa43f436f5227d1225a3aed0f43dfde
SHA1

227b79d257eda7fa92819f341c8289d4f67f552d
SHA256

692011c158f70d3c5395188fda55fd814bd99580d3b256d36c82b00516f65e78
SHA512

5c0e568a7b4b457183b06d241ed334c1ff29e4575af2a30bf6a54e8e4be673c255cfcfe2fea5e969ccbad2365579a6067cc0c5f6a5132ba15838de409a01e8f7
SSDEEP

12288:Bpk6PZwRT1TyEO7IrvRdRkB8rxGbxEHMOg4:Bpk6PZwzT6IrvRd2B8xGbGsOg4

Score

1^/10

Malware Config

Signatures

Files

4aa43f436f5227d1225a3aed0f43dfde
.dll windows:4 windows x86 arch:x86

7cd863d19207b57aea829628c48bb2bc

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/01/2010, 00:00

Not After

25/01/2013, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f7:65:1c:27:fe:75:8b:cf:da:03:38:d7:4d:aa:1f:59:30:39:49:02
Signer

Actual PE Digest

f7:65:1c:27:fe:75:8b:cf:da:03:38:d7:4d:aa:1f:59:30:39:49:02

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcp80

??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

msvcr80

_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
_except_handler4_common
_CIacos
_CIlog10
_CIcos
_CIsin
_CIexp
_CIatan2
memcpy
__CxxFrameHandler3
floor
memset
_CIsqrt
_CIlog
_CIpow
exit
sprintf
strncmp
_onexit
_lock
_unlock
?terminate@@YAXXZ
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_CxxThrowException
_encoded_null
_malloc_crt
_encode_pointer
vsprintf_s
_itoa_s
vsprintf
memmove_s
_beginthreadex
_endthreadex
rand
__iob_func
fprintf
realloc
calloc
wcsstr
wcsncpy_s
div
fwrite
fseek
vfprintf
fclose
fopen_s
_itoa
memmove
malloc
free
_itow_s
_invalid_parameter_noinfo
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??_V@YAXPAX@Z
_purecall
??3@YAXPAX@Z
??2@YAPAXI@Z
__dllonexit

winmm

waveInClose
waveInStart
waveInUnprepareHeader
waveInStop
waveInMessage
waveInPrepareHeader
waveInGetDevCapsW
waveInOpen
mixerGetLineInfoW
mixerSetControlDetails
mixerGetLineControlsW
mixerClose
waveOutUnprepareHeader
timeBeginPeriod
waveOutGetVolume
waveInGetNumDevs
mixerGetControlDetailsW
mixerGetDevCapsW
waveOutClose
waveOutOpen
waveOutWrite
mixerGetID
timeGetTime
waveInAddBuffer
waveOutMessage
mixerOpen
waveOutPrepareHeader
waveOutReset
waveOutSetVolume
timeEndPeriod
waveOutGetDevCapsW
waveOutGetNumDevs
mixerGetNumDevs

ws2_32

recvfrom
shutdown
sendto
WSACleanup
closesocket

dsound

ord11
ord8
ord12
ord9
ord3

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
MultiByteToWideChar
CreateEventA
OutputDebugStringA
ResetEvent
WaitForMultipleObjects
CreateMutexA
GetCurrentProcessId
ReleaseMutex
GetLastError
CreateFileMappingA
UnmapViewOfFile
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetSystemTimeAsFileTime
CreateEventW
FreeLibrary
LoadLibraryW
GetProcAddress
Sleep
GetVersionExW
SetEvent
SetThreadPriority
CreateThread
TerminateThread
WideCharToMultiByte
InterlockedDecrement
CloseHandle
EnterCriticalSection
ReleaseSemaphore
InterlockedIncrement
LeaveCriticalSection
DeleteCriticalSection
WaitForSingleObject
CreateSemaphoreW
InitializeCriticalSection
MapViewOfFile

user32

GetForegroundWindow
GetDesktopWindow
PostQuitMessage
RegisterClassW
LoadCursorW
SetTimer
DispatchMessageW
SetWindowLongW
AdjustWindowRect
PostMessageW
GetWindowLongW
CreateWindowExW
SetWindowTextW
DefWindowProcW
GetMessageW
ShowWindow

shell32

SHGetFolderPathW

ole32

CoInitializeEx
CoUninitialize
CoInitialize
PropVariantClear
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
StringFromGUID2

Exports

Exports

TRAE_CreateEngine
TRAE_CreateQueue
TRAE_DestroyEngine
TRAE_DestroyQueue
TRAE_SetLogFunc

Sections

.text
Size: 504KB - Virtual size: 503KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7cd863d19207b57aea829628c48bb2bc

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0Certificate

Extended Key Usages

Key Usages

f7:65:1c:27:fe:75:8b:cf:da:03:38:d7:4d:aa:1f:59:30:39:49:02Signer

Headers

File Characteristics

Imports

msvcp80

msvcr80

winmm

ws2_32

dsound

kernel32

user32

shell32

ole32

Exports

Exports

Sections

.text Size: 504KB - Virtual size: 503KB

.rdata Size: 136KB - Virtual size: 135KB

.data Size: 8KB - Virtual size: 7KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 28KB - Virtual size: 24KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

f7:65:1c:27:fe:75:8b:cf:da:03:38:d7:4d:aa:1f:59:30:39:49:02
Signer

.text
Size: 504KB - Virtual size: 503KB

.rdata
Size: 136KB - Virtual size: 135KB

.data
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 28KB - Virtual size: 24KB