7b67b127e429c887e62e0a58ebe91d52

Sharing

Copy URL Twitter E-mail

General

Target

7b67b127e429c887e62e0a58ebe91d52
Size

161KB
MD5

7b67b127e429c887e62e0a58ebe91d52
SHA1

27a281d0f63ee7e03bb3bcbdc35f9cfe36fcde18
SHA256

21132c4e7c382de67ae78f348b4b2a77deae36fb505eddced1339ca7469012a1
SHA512

6b24565a1589a58665b4771e759e6ad3eeba51deed251883fd59f35e509bd0450cff314f50c6ea477527d26fa9e7a3a6ed8f253e779b87da979270d9112719bf
SSDEEP

3072:aZEx3Ub52eqwWyYQEQCf9d/tJLMb1KWoJpS+N+qsUxUC8P0T0/fKzopeQ6xjPdHs:jF3lBhbLhpvuT5tQUU22gQUoOpYY

Score

1^/10

Malware Config

Signatures

Files

7b67b127e429c887e62e0a58ebe91d52
.exe windows:4 windows x86 arch:x86

a591ecb52a64a51f3ad39856b20f14ce

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:3b:f8:85:49:64:12:20:7e:cb:70:ac:fa:c6:75:5b
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

24/11/2006, 00:00

Not After

23/11/2008, 23:59

Subject

CN=Qizhi Software (beijing) Co. Ltd,OU=Secure Application Development,O=Qizhi Software (beijing) Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcr80

_decode_pointer
_onexit
_lock
__dllonexit
_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_crt_debugger_hook
_controlfp_s
_strnicmp
_unlock
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_stricmp
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_except_handler4_common
calloc
_beginthreadex
realloc
strncat
_errno
strncmp
atoi
strncpy
??0exception@std@@QAE@ABV01@@Z
_invalid_parameter_noinfo
strrchr
??_U@YAPAXI@Z
free
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
malloc
strchr
memmove
ceil
strstr
memcpy
memset
??3@YAXPAX@Z
_CxxThrowException
__CxxFrameHandler3
??2@YAPAXI@Z

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoA
InterlockedCompareExchange
SetErrorMode
GetProcAddress
LoadLibraryA
CloseHandle
Sleep
WaitForSingleObject
SetEvent
InitializeCriticalSection
DeleteCriticalSection
VirtualFree
VirtualAlloc
LeaveCriticalSection
EnterCriticalSection
lstrcpyA
lstrlenA
lstrcatA
FreeLibrary
lstrcmpA
LocalFree
LocalAlloc
GetTickCount
InterlockedExchange
WriteFile
WaitForMultipleObjects

user32

GetWindowTextA
LoadCursorA
DestroyCursor
GetCursorInfo
GetDC
SetProcessWindowStation
OpenWindowStationA
GetProcessWindowStation
CloseWindow
SendMessageA
IsWindow
CreateWindowExA
GetWindowThreadProcessId
TranslateMessage
GetMessageA
wsprintfA

gdi32

DeleteDC
GetDIBits
CreateCompatibleBitmap
BitBlt
SelectObject
CreateDIBSection
CreateCompatibleDC
DeleteObject

advapi32

RegCreateKeyExA
ClearEventLogA
CloseEventLog
RegOpenKeyA
RegQueryValueExA
RegSetValueExA
OpenServiceA
RegOpenKeyExA
RegQueryValueA
RegCloseKey
LsaFreeMemory
LsaOpenPolicy
LsaRetrievePrivateData
LsaClose
LookupAccountNameA
IsValidSid
RegDeleteKeyA
RegDeleteValueA

shell32

SHGetFileInfoA
SHGetSpecialFolderPathA

winmm

waveInGetNumDevs
waveInStart
waveOutUnprepareHeader
waveOutReset
waveOutWrite
waveInClose
waveInUnprepareHeader
waveInReset
waveInStop
waveOutPrepareHeader
waveOutOpen
waveOutGetNumDevs
waveInAddBuffer
waveOutClose

msvcp80

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

ws2_32

ntohs
getsockname
bind
sendto
inet_addr
__WSAFDIsSet
getpeername
accept
listen
WSACleanup
gethostname
inet_ntoa
socket
gethostbyname
htons
connect
select
recv
send
closesocket
WSAStartup
recvfrom
setsockopt

msvfw32

ICSeqCompressFrameEnd
ICSeqCompressFrameStart
ICSendMessage
ICOpen
ICSeqCompressFrame
ICClose
ICCompressorFree

psapi

EnumProcessModules

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationA

Exports

Exports

Sha

Sections

.text
Size: 104KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

AAA
Size: 4KB - Virtual size: 883B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PPP
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a591ecb52a64a51f3ad39856b20f14ce

Code Sign

01Certificate

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

61:3b:f8:85:49:64:12:20:7e:cb:70:ac:fa:c6:75:5bCertificate

Extended Key Usages

Signer

Headers

File Characteristics

Imports

msvcr80

kernel32

user32

gdi32

advapi32

shell32

winmm

msvcp80

ws2_32

msvfw32

psapi

wtsapi32

Exports

Exports

Sections

.text Size: 104KB - Virtual size: 100KB

AAA Size: 4KB - Virtual size: 883B

PPP Size: 8KB - Virtual size: 4KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 12KB - Virtual size: 11KB

.rsrc Size: 4KB - Virtual size: 3KB

01
Certificate

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

61:3b:f8:85:49:64:12:20:7e:cb:70:ac:fa:c6:75:5b
Certificate

.text
Size: 104KB - Virtual size: 100KB

AAA
Size: 4KB - Virtual size: 883B

PPP
Size: 8KB - Virtual size: 4KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 12KB - Virtual size: 11KB

.rsrc
Size: 4KB - Virtual size: 3KB