547e11b0f41bbe4635692c24c1896b08

Sharing

Copy URL

Twitter E-mail

General

Target

547e11b0f41bbe4635692c24c1896b08
Size

29.0MB
MD5

547e11b0f41bbe4635692c24c1896b08
SHA1

2231b6346cb9b9720d37419053d9358ab1c60225
SHA256

502e2f32013509074ad2bf97b6b354c9ff6ac48774042d162586a81c2bb34a8c
SHA512

dd9e76f52c27c7f5940e58a8ea1b16ba7f4ca8127b3cbecf90aa1b2d105d4bf551d758c961d2face91ad618c1968fd7b71093cf46ef627e4ca014b24b34e0bc2
SSDEEP

786432:eT1WyWZzCFiqcSmLjlm3DBXT9OpMIt/+uuTBF4njKmoIaXgawe:61RMCFiqZW0F9OozF4CgY

Score

1^/10

Malware Config

Signatures

Files

547e11b0f41bbe4635692c24c1896b08
.exe windows:5 windows x86 arch:x86

33172f967edd03ef14f23a8222b8ee19

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

21:ab:7d:91:33:ad:7d:52:57:83:6d:c5:ab:b8:b7:fa
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

19/07/2017, 00:00

Not After

17/09/2019, 23:59

Subject

CN=暴风集团股份有限公司,OU=IT,O=暴风集团股份有限公司,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

82:6c:49:c9:a0:4a:79:ee:db:97:ab:c6:52:3d:22:70:72:f2:b8:94
Signer

Actual PE Digest

82:6c:49:c9:a0:4a:79:ee:db:97:ab:c6:52:3d:22:70:72:f2:b8:94

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemDirectoryW
GetWindowsDirectoryW
OutputDebugStringW
GetCurrentThreadId
lstrcpyW
OpenMutexW
GetCurrentProcessId
CreateMutexW
GetLogicalDriveStringsW
GetDiskFreeSpaceExW
GetDriveTypeW
GetTempPathW
TerminateThread
InitializeCriticalSectionAndSpinCount
GlobalFree
lstrcmpW
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
FlushInstructionCache
RaiseException
CreateFileMappingW
OpenFileMappingW
GetModuleFileNameW
SetLastError
SetEndOfFile
SetEnvironmentVariableA
CompareStringW
WritePrivateProfileStringW
SetStdHandle
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
GetConsoleMode
GetConsoleCP
RtlUnwind
LCMapStringW
GetStringTypeW
IsValidCodePage
GetOEMCP
GetACP
TlsFree
TlsSetValue
TlsGetValue
CreateEventW
GetCPInfo
HeapCreate
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
HeapSetInformation
GetCommandLineW
EncodePointer
CreateThread
ExitThread
GetSystemTimeAsFileTime
DecodePointer
ExitProcess
VirtualQuery
VirtualProtect
InterlockedPopEntrySList
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedCompareExchange
HeapSize
HeapReAlloc
HeapDestroy
SetEvent
CreateDirectoryA
SetFileTime
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
VirtualAlloc
VirtualFree
ReadFile
CreateFileA
SetFilePointer
GetFileSize
GetPrivateProfileStringW
GetSystemInfo
GetVersionExW
LoadLibraryW
LocalFree
GetModuleHandleW
CopyFileW
Sleep
MoveFileExW
CreateDirectoryW
CreateFileW
HeapFree
GetModuleHandleA
GetProcessHeap
HeapAlloc
FindClose
DeleteFileW
SetFileAttributesW
FindNextFileW
lstrcmpiW
RemoveDirectoryW
FindFirstFileW
lstrcatW
lstrlenW
GetFileAttributesW
lstrcpynW
TerminateProcess
OpenProcess
Process32NextW
FindResourceExW
Process32FirstW
CreateToolhelp32Snapshot
SystemTimeToFileTime
GetLocalTime
WideCharToMultiByte
GetCurrentProcess
FreeLibrary
GetProcAddress
LoadLibraryExW
SetErrorMode
WriteFile
LockResource
LoadResource
SizeofResource
FindResourceW
GetVersionExA
LoadLibraryA
GlobalMemoryStatus
QueryPerformanceCounter
GetStdHandle
GetFileType
GetVersion
GlobalReAlloc
lstrcmpiA
InterlockedIncrement
InterlockedDecrement
TlsAlloc
GetTickCount
CloseHandle
WaitForSingleObject
CreateProcessW
lstrlenA
MultiByteToWideChar
WriteConsoleW
GetLastError

user32

DestroyAcceleratorTable
GetDesktopWindow
ReleaseDC
GetDC
InvalidateRect
CallWindowProcW
InvalidateRgn
GetClientRect
CharNextW
GetSysColor
GetClassNameW
IsWindow
FillRect
ReleaseCapture
SendMessageW
GetDlgItem
GetWindow
SetFocus
GetFocus
IsChild
EndPaint
BeginPaint
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
RegisterWindowMessageW
DialogBoxParamW
SetTimer
KillTimer
GetSystemMenu
GetWindowLongW
SetCapture
MoveWindow
ScreenToClient
SetWindowLongW
ClientToScreen
CreateAcceleratorTableW
DestroyWindow
CreateWindowExW
GetClassInfoExW
RedrawWindow
UnregisterClassA
MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW
TrackMouseEvent
SetWindowRgn
PostQuitMessage
SetMenuItemInfoW
RemoveMenu
GetMenuState
SetMenuInfo
GetMenuInfo
GetClassNameA
CallNextHookEx
GetCursorPos
SetWindowsHookExW
SetPropA
SetClassLongW
GetClassLongW
UnhookWindowsHookEx
GetMenuItemInfoW
SetWindowTextA
FindWindowA
GetWindowDC
GetMenuItemCount
GetPropA
CopyRect
IsWindowVisible
SetParent
EqualRect
DrawIconEx
SetCursor
SetRect
IsRectEmpty
GetWindowThreadProcessId
IsIconic
PeekMessageW
GetMessageW
TranslateMessage
LoadCursorW
RegisterClassExW
DefWindowProcW
SetForegroundWindow
GetParent
SetWindowPos
EnableMenuItem
LoadIconW
SetRectEmpty
IsZoomed
PostMessageW
FindWindowExW
SendMessageTimeoutW
FindWindowW
AdjustWindowRectEx
GetMenu
PtInRect
GetDlgCtrlID
GetCapture
UpdateWindow
EndDialog
DrawFocusRect
InflateRect
DrawEdge
IsWindowEnabled
LoadBitmapW
ShowWindow
OffsetRect
EnableWindow
GetWindowRect
MapWindowPoints
IsDialogMessageW
GetSystemMetrics
SystemParametersInfoW
GetMonitorInfoW
MonitorFromWindow
DrawTextW
DispatchMessageW

gdi32

CreatePen
CreateFontW
ExtTextOutW
SetBkColor
SetViewportOrgEx
SetTextColor
SetBkMode
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteObject
BitBlt
DeleteDC
GetStockObject
GetObjectW
GetDeviceCaps
CreateDIBSection
CreateFontIndirectW
GetClipBox
ExcludeClipRect
Rectangle
GetRgnBox
StretchBlt
GetPixel
GetObjectA
RoundRect
GetTextExtentPoint32W
Ellipse
CreateDCW
SelectPalette
RealizePalette
GetDIBits
CreateDIBitmap
ExtCreateRegion
CombineRgn

advapi32

RegOpenKeyW
ReportEventA
DeregisterEventSource
RegEnumKeyExW
RegDeleteKeyW
OpenProcessToken
RegEnumValueW
DeleteService
ControlService
CloseServiceHandle
StartServiceW
OpenServiceW
CreateServiceW
OpenSCManagerW
GetUserNameW
BuildExplicitAccessWithNameW
DeleteAce
GetExplicitEntriesFromAclW
SetNamedSecurityInfoW
SetEntriesInAclW
GetNamedSecurityInfoW
RegQueryInfoKeyW
RegDeleteValueW
RegisterEventSourceA
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
SetFileSecurityW
GetSecurityDescriptorControl
SetSecurityDescriptorDacl
AddAccessAllowedAce
AddAce
EqualSid
GetAce
InitializeAcl
GetLengthSid
GetAclInformation
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetFileSecurityW
LookupAccountNameW
AdjustTokenPrivileges
LookupPrivilegeValueW

shell32

SHGetFolderPathW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
SHGetSpecialFolderPathW
ShellExecuteW
SHFileOperationW
SHCreateDirectoryExW

ole32

OleInitialize
OleUninitialize
CLSIDFromProgID
CoCreateInstance
CoTaskMemRealloc
CoTaskMemFree
CoInitialize
CoTaskMemAlloc
StringFromGUID2
CreateStreamOnHGlobal
CoGetClassObject
CLSIDFromString
CoUninitialize
PropVariantClear
OleLockRunning

oleaut32

VarUI4FromStr
SysAllocString
SysFreeString
VariantClear
SysAllocStringLen
SysAllocStringByteLen
SysStringByteLen
VariantInit
SysStringLen
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi

wininet

InternetGetConnectedState

sensapi

IsNetworkAlive

shlwapi

SHDeleteKeyW
SHDeleteValueW
StrCmpW
PathAddBackslashW
PathStripToRootW
PathRemoveFileSpecW
PathSkipRootW
PathIsSameRootW
SHStrDupW
StrChrIW
StrStrIW
PathIsDirectoryW
PathAppendW
PathFileExistsW
SHGetValueW
SHSetValueW

comctl32

_TrackMouseEvent
ImageList_Destroy
ImageList_Draw
ImageList_GetIconSize
InitCommonControlsEx
ImageList_LoadImageW

msimg32

TransparentBlt

urlmon

CoInternetSetFeatureEnabled

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

iphlpapi

GetAdaptersInfo

winhttp

WinHttpReceiveResponse
WinHttpWriteData
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpQueryHeaders
WinHttpSetOption
WinHttpConnect
WinHttpCrackUrl
WinHttpSetTimeouts
WinHttpOpen
WinHttpCloseHandle
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpOpenRequest

winmm

timeSetEvent
timeKillEvent

gdiplus

GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipCreateBitmapFromStream
GdipGetImageHeight
GdipGetImageWidth
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipCloneImage
GdipDisposeImage
GdipDrawString
GdipSetTextRenderingHint
GdipSetStringFormatFlags
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeleteFont
GdipGetPropertyItemSize
GdipCreateFontFromDC
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipDrawImageRectRect
GdipFillRectangle
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipGetPropertyItem
GdipSetPixelOffsetMode
GdipSetSmoothingMode
GdipSetCompositingQuality
GdipSetCompositingMode
GdipCreateFromHDC
GdipAlloc
GdipReleaseDC
GdipFree
GdipDeleteGraphics
GdiplusShutdown
GdiplusStartup
GdipImageSelectActiveFrame
GdipCreateFontFromLogfontA
GdipSetInterpolationMode

Sections

.text
Size: 694KB - Virtual size: 694KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28.0MB - Virtual size: 28.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

33172f967edd03ef14f23a8222b8ee19

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

21:ab:7d:91:33:ad:7d:52:57:83:6d:c5:ab:b8:b7:faCertificate

Extended Key Usages

Key Usages

82:6c:49:c9:a0:4a:79:ee:db:97:ab:c6:52:3d:22:70:72:f2:b8:94Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

wininet

sensapi

shlwapi

comctl32

msimg32

urlmon

wtsapi32

version

iphlpapi

winhttp

winmm

gdiplus

Sections

.text Size: 694KB - Virtual size: 694KB

.rdata Size: 168KB - Virtual size: 168KB

.data Size: 52KB - Virtual size: 74KB

.rsrc Size: 28.0MB - Virtual size: 28.0MB

.reloc Size: 134KB - Virtual size: 133KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

21:ab:7d:91:33:ad:7d:52:57:83:6d:c5:ab:b8:b7:fa
Certificate

82:6c:49:c9:a0:4a:79:ee:db:97:ab:c6:52:3d:22:70:72:f2:b8:94
Signer

.text
Size: 694KB - Virtual size: 694KB

.rdata
Size: 168KB - Virtual size: 168KB

.data
Size: 52KB - Virtual size: 74KB

.rsrc
Size: 28.0MB - Virtual size: 28.0MB

.reloc
Size: 134KB - Virtual size: 133KB