702d049551f19a0486c53acd3fe60e6a

Sharing

Copy URL Twitter E-mail

General

Target

702d049551f19a0486c53acd3fe60e6a
Size

423KB
MD5

702d049551f19a0486c53acd3fe60e6a
SHA1

4a782bb14e42e83b4ae9027544f68bcab8e4cb78
SHA256

2c267df44704f5ad26568808925eb275be2a08a3de4ea824892941cd83e90776
SHA512

4236cfa649478ebb0a87f25fbea3ef0880cc7bbc692ccb61fe9c44da15491a629b5ddeaef35a2dbd4f4fcdb40b92bb5ebcc8229f49e6abb46b9b13e2d9790b79
SSDEEP

6144:1K28hI+T3KcFvdyGpw6RYXP1hPi+x2KngNOcUhHe5gDZoZ99X2C:1Ma6vdZpw6Ri14+x2Kn0OrHYmZo92C

Score

1^/10

Malware Config

Signatures

Files

702d049551f19a0486c53acd3fe60e6a
.dll windows:5 windows x86 arch:x86

bbb4fde3da327c84fae510e2322837a6

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

63:b4:d4:81:05:76:53:2e:1b:10:b9:9d:39:89:4c:78
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/05/2013, 00:00

Not After

22/05/2016, 23:59

Subject

CN=2345.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=总办,O=2345.com,L=上海,ST=上海,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

de:57:38:29:5d:ca:8e:3a:f8:9f:ae:a7:3a:42:32:8d:ce:10:0a:9d
Signer

Actual PE Digest

de:57:38:29:5d:ca:8e:3a:f8:9f:ae:a7:3a:42:32:8d:ce:10:0a:9d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

gdiplus

GdipFree
GdipCreateFromHDC
GdipReleaseDC
GdipRestoreGraphics
GdipSetCompositingMode
GdipBitmapLockBits
GdipDeleteMatrix
GdipCreateRegion
GdipTranslateWorldTransform
GdipGetWorldTransform
GdipGetDC
GdipTransformPointsI
GdipDeleteRegion
GdipGetClipBoundsI
GdipSaveGraphics
GdipBitmapUnlockBits
GdipGraphicsClear
GdipGetMatrixElements
GdipSetClipRectI
GdipGetClip
GdipCreateMatrix
GdipScaleWorldTransform
GdipDrawImagePointRectI
GdipGetRegionHRgn
GdipCloneBitmapAreaI
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeleteGraphics
GdipCreateFontFromLogfontW
GdipCreateHBITMAPFromBitmap
GdipDrawString
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetStringFormatAlign
GdipDeleteFont
GdipSetTextRenderingHint
GdipSetStringFormatLineAlign
GdipMeasureString
GdipDrawImageRectRectI
GdipSetImageAttributesColorMatrix
GdiplusStartup
GdipSetPixelOffsetMode
GdipGetImageWidth
GdipCloneImage
GdipFillRectangleI
GdipGetImagePaletteSize
GdipDisposeImage
GdipCreateSolidFill
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipGetImagePixelFormat
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImageHeight
GdipCloneBrush
GdipDeleteBrush
GdipDrawImageRectRect
GdiplusShutdown
GdipAlloc

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

kernel32

TerminateProcess
Sleep
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetModuleFileNameA
GetStartupInfoW
GetFileType
GetStdHandle
HeapSize
GetModuleHandleExW
ExitProcess
RtlUnwind
GetCommandLineA
EncodePointer
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
GetProcessHeap
HeapFree
HeapAlloc
OutputDebugStringW
IsDebuggerPresent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
WriteFile
InitializeCriticalSectionAndSpinCount
RaiseException
GetLastError
GetDiskFreeSpaceW
DecodePointer
DeleteCriticalSection
GetVersion
FreeResource
SetErrorMode
FindResourceW
LoadResource
SizeofResource
LockResource
GlobalAlloc
WideCharToMultiByte
lstrcpynW
MultiByteToWideChar
GlobalFree
lstrcpyW
FindFirstFileW
GetFileAttributesW
lstrlenW
FindClose
lstrcatW
GetVersionExW
GetCurrentProcess
GlobalLock
LeaveCriticalSection
GlobalUnlock
FlushInstructionCache
SetLastError
EnterCriticalSection
GetCurrentThreadId
GetModuleHandleW
GetProcAddress
GetACP
InitializeCriticalSection
MulDiv
GetModuleFileNameW
IsValidCodePage
GetOEMCP
GetCPInfo
GetStringTypeW
HeapReAlloc
LoadLibraryExW
LCMapStringW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
SetStdHandle
WriteConsoleW
FlushFileBuffers
CreateFileW
CloseHandle

user32

SetRect
DialogBoxParamW
SetWindowRgn
SystemParametersInfoW
IsRectEmpty
UnionRect
SetRectEmpty
SetCursor
ReleaseCapture
RedrawWindow
InvalidateRect
TrackMouseEvent
SetCapture
InflateRect
GetWindowThreadProcessId
GetPropW
EnableWindow
IsWindowVisible
CreateWindowExW
RegisterClassExW
GetForegroundWindow
SetPropW
GetClassInfoExW
SetForegroundWindow
IsIconic
RemovePropW
UpdateLayeredWindow
MonitorFromWindow
GetMonitorInfoW
GetClassLongW
GetClientRect
BeginPaint
LoadCursorW
PtInRect
OffsetRect
ReleaseDC
GetDesktopWindow
IsWindow
CopyRect
CharNextW
CharPrevW
DefWindowProcW
GetDlgItem
GetWindowLongW
SetWindowPos
UnregisterClassW
PostMessageW
GetDC
LoadIconW
SetWindowLongW
EndDialog
ShowWindow
GetActiveWindow
SendMessageW
SetWindowTextW
EndPaint
MapWindowPoints
ScreenToClient
GetWindowRect
CallWindowProcW
GetWindow
DestroyWindow
GetParent

gdi32

CreateFontIndirectW
DeleteDC
EnumFontsW
ExtTextOutW
CreateCompatibleDC
SetBkColor
CreateCompatibleBitmap
SelectObject
SetViewportOrgEx
BitBlt
CreatePolygonRgn
DeleteObject
SetROP2
SetWorldTransform
SetStretchBltMode
SetDCPenColor
SelectClipRgn
SetBkMode
SetArcDirection
SetDCBrushColor
SetBrushOrgEx
GetStockObject
GetObjectW
SetTextColor
SetGraphicsMode

shell32

SHGetSpecialFolderPathW

ole32

CreateStreamOnHGlobal
OleInitialize

shlwapi

StrToIntA

comctl32

InitCommonControlsEx
_TrackMouseEvent

Exports

Exports

GetCheckValue
GetInstDir
GetInstallResult
Init
IsSupportedOS
OnRepair
OnSetup
OnSetupPost
OnUninstall
PopInt
PopString
PushInt
PushString
ShowInstallDlg
ShowUnInstallDlg

Sections

.text
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 163KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bbb4fde3da327c84fae510e2322837a6

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78Certificate

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

63:b4:d4:81:05:76:53:2e:1b:10:b9:9d:39:89:4c:78Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

de:57:38:29:5d:ca:8e:3a:f8:9f:ae:a7:3a:42:32:8d:ce:10:0a:9dSigner

Headers

DLL Characteristics

File Characteristics

Imports

gdiplus

version

kernel32

user32

gdi32

shell32

ole32

shlwapi

comctl32

Exports

Exports

Sections

.text Size: 184KB - Virtual size: 183KB

.rdata Size: 48KB - Virtual size: 48KB

.data Size: 7KB - Virtual size: 17KB

.rsrc Size: 163KB - Virtual size: 162KB

.reloc Size: 12KB - Virtual size: 12KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

63:b4:d4:81:05:76:53:2e:1b:10:b9:9d:39:89:4c:78
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

de:57:38:29:5d:ca:8e:3a:f8:9f:ae:a7:3a:42:32:8d:ce:10:0a:9d
Signer

.text
Size: 184KB - Virtual size: 183KB

.rdata
Size: 48KB - Virtual size: 48KB

.data
Size: 7KB - Virtual size: 17KB

.rsrc
Size: 163KB - Virtual size: 162KB

.reloc
Size: 12KB - Virtual size: 12KB