4b99ae76eb4a505d889d4be0219e3711

Sharing

Copy URL Twitter E-mail

General

Target

4b99ae76eb4a505d889d4be0219e3711
Size

970KB
MD5

4b99ae76eb4a505d889d4be0219e3711
SHA1

71c87f0dff306cffd9d705b9357b27e172b58209
SHA256

531a69a4c1adba44572d74832b18eb463ff9f4b1ecae686c0f54ddd8294494c5
SHA512

4e17d19d3a656b626000672bc0472530735298a51da665a683806ac419002cfcc35d7e58864a387a0c87f00509369fcabdac6c68f7a15aaa43c36bc1f42e0029
SSDEEP

12288:t0C1VYKkciIWEMoEckQuO5aneC3tfn8fEuFNcPjEGLi+3Z6b4EEwY01JD2JPbLs3:CsYci4MS5u4UuIjEKTEbOdvsffn

Score

1^/10

Malware Config

Signatures

Files

4b99ae76eb4a505d889d4be0219e3711
.rar
knsdwy-v1.2.exe
.exe windows:4 windows x86 arch:x86

8f729fe0b351bfad449737b756a5b4a7

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

52:3b:3d:05:0e:d9:00:64:b3:74:36:7a:fb:d5:71:84
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

04/11/2009, 00:00

Not After

03/11/2012, 23:59

Subject

CN=Keniu Network Technology (Beijing) Co.\, Ltd.,OU=Class 3 - for Microsoft Authenticode Signing,O=可牛网络技术（北京）有限公司,L=朝阳区,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

91:91:51:bd:b0:17:0d:65:aa:17:f9:24:25:d7:78:e6:45:46:bb:90
Signer

Actual PE Digest

91:91:51:bd:b0:17:0d:65:aa:17:f9:24:25:d7:78:e6:45:46:bb:90

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CopyFileW
GetLongPathNameW
GetFileTime
GetTempPathW
GetCurrentDirectoryW
SetFilePointer
FlushFileBuffers
GetFileSize
ReadFile
CreateDirectoryW
GetEnvironmentVariableW
GetFileAttributesExW
SetEndOfFile
FreeResource
GetDriveTypeW
ExpandEnvironmentStringsW
SearchPathW
VirtualAlloc
VirtualFree
WritePrivateProfileStringW
GetEnvironmentVariableA
GetSystemTime
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CreateFileA
SetStdHandle
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
SetConsoleCtrlHandler
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
Module32NextW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetTimeZoneInformation
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCurrentThread
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetSystemDefaultUILanguage
GetStdHandle
GetModuleHandleA
HeapCreate
FatalAppExitA
FileTimeToSystemTime
GetVersionExW
MoveFileW
GetPrivateProfileStringW
lstrlenA
GetProcAddress
LoadLibraryW
lstrcpyW
GetWindowsDirectoryW
GetLogicalDriveStringsW
lstrcatW
RemoveDirectoryW
FindClose
FindNextFileW
FindFirstFileW
Process32NextW
CloseHandle
OpenProcess
FindResourceExW
GetLocalTime
DeleteFileW
Module32FirstW
SetFileAttributesW
Process32FirstW
LockResource
CreateToolhelp32Snapshot
GetCurrentThreadId
TerminateThread
TerminateProcess
ExitProcess
WaitForSingleObject
GetCommandLineW
GetSystemDirectoryW
Sleep
lstrcmpW
MoveFileExW
WriteFile
CreateFileW
WideCharToMultiByte
GetFileAttributesW
LocalFree
GetVersion
InitializeCriticalSection
InterlockedIncrement
SetLastError
SetErrorMode
DeleteCriticalSection
FlushInstructionCache
GetCurrentProcess
lstrcmpiW
FreeLibrary
GetModuleFileNameW
LoadLibraryExW
EnterCriticalSection
FindResourceW
LoadResource
SizeofResource
GetModuleHandleW
RaiseException
GetLastError
lstrlenW
LeaveCriticalSection
RtlUnwind
GetStartupInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ExitThread
HeapSize
HeapReAlloc
HeapDestroy
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
GetModuleFileNameA
CreateThread
MultiByteToWideChar
InterlockedDecrement
QueryPerformanceCounter

user32

ReleaseCapture
GetActiveWindow
SetWindowLongW
DestroyWindow
CharNextW
DefWindowProcW
DialogBoxParamW
GetDlgItem
GetDlgCtrlID
SetCursor
GetSysColor
LoadCursorW
LoadBitmapW
BeginPaint
InflateRect
GetWindowTextW
LoadImageW
EndPaint
DrawTextW
GetDC
CallWindowProcW
DrawIcon
SetWindowPos
PostMessageW
MapWindowPoints
EndDialog
GetWindowTextLengthW
GetClientRect
GetParent
DestroyIcon
GetIconInfo
IsCharAlphaNumericW
wsprintfA
MessageBoxW
wsprintfW
CharLowerW
SetWindowTextW
UnregisterClassA
SetCapture
SendMessageW
InvalidateRect
GetSystemMetrics
GetWindowLongW
GetWindow
SystemParametersInfoW
ReleaseDC
GetWindowRect

gdi32

SetBkColor
GetDIBits
SetTextColor
CreateBitmap
CreateDIBSection
StretchBlt
BitBlt
DeleteDC
ExtTextOutW
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
SetBkMode
LineTo
CreateFontIndirectW
MoveToEx
GetStockObject
GetObjectW

advapi32

RegQueryInfoKeyW
RegDeleteValueW
RegSetValueExW
RegGetKeySecurity
RegSetKeySecurity
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
AllocateAndInitializeSid
RegSetValueW
RegQueryValueW
RegEnumKeyW
RegOpenKeyW
StartServiceW
CloseServiceHandle
OpenServiceW
CreateServiceW
OpenSCManagerW
RegCreateKeyW
AdjustTokenPrivileges
GetAce
CopySid
GetSidSubAuthority
GetAclInformation
InitializeSid
RegQueryValueExW
AddAce
GetSidLengthRequired
InitializeAcl
LookupPrivilegeValueW
RegEnumValueW
OpenProcessToken
IsValidSid
SetNamedSecurityInfoW
GetLengthSid
GetNamedSecurityInfoW
RegEnumKeyExW
RegCloseKey
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW

shell32

SHGetFileInfoW
SHGetSpecialFolderPathW
SHFileOperationW
SHGetFolderPathW
SHChangeNotify
ExtractIconW
ord59
ShellExecuteW
CommandLineToArgvW

ole32

CoGetMalloc
StringFromCLSID
CoCreateGuid
CoTaskMemAlloc
CoInitialize
CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance
CoUninitialize

oleaut32

VarUI4FromStr
SysFreeString

shlwapi

StrRChrW
PathFileExistsW
PathIsDirectoryEmptyW
PathIsDirectoryW
SHSetValueW
SHGetValueW
PathRemoveFileSpecW
StrChrW
StrStrW
StrStrIW

comctl32

_TrackMouseEvent
InitCommonControlsEx

wininet

InternetSetOptionW
InternetConnectW
InternetOpenW
HttpAddRequestHeadersW
HttpSendRequestW
InternetGetConnectedState
InternetCrackUrlW
InternetCloseHandle
HttpOpenRequestW
HttpQueryInfoW

urlmon

URLDownloadToFileW

psapi

GetModuleFileNameExW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

iphlpapi

GetAdaptersInfo

ws2_32

WSCDeinstallProvider

Sections

.text
Size: 444KB - Virtual size: 440KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

8f729fe0b351bfad449737b756a5b4a7

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04Certificate

Extended Key Usages

Key Usages

52:3b:3d:05:0e:d9:00:64:b3:74:36:7a:fb:d5:71:84Certificate

Extended Key Usages

Key Usages

91:91:51:bd:b0:17:0d:65:aa:17:f9:24:25:d7:78:e6:45:46:bb:90Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

wininet

urlmon

psapi

version

iphlpapi

ws2_32

Sections

.text Size: 444KB - Virtual size: 440KB

.rdata Size: 88KB - Virtual size: 84KB

.data Size: 16KB - Virtual size: 34KB

.rsrc Size: 2.0MB - Virtual size: 2.0MB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

52:3b:3d:05:0e:d9:00:64:b3:74:36:7a:fb:d5:71:84
Certificate

91:91:51:bd:b0:17:0d:65:aa:17:f9:24:25:d7:78:e6:45:46:bb:90
Signer

.text
Size: 444KB - Virtual size: 440KB

.rdata
Size: 88KB - Virtual size: 84KB

.data
Size: 16KB - Virtual size: 34KB

.rsrc
Size: 2.0MB - Virtual size: 2.0MB