7aa5989d9bc7953e5278faaf4b8104e8

Sharing

Copy URL Twitter E-mail

General

Target

7aa5989d9bc7953e5278faaf4b8104e8
Size

1.9MB
MD5

7aa5989d9bc7953e5278faaf4b8104e8
SHA1

1fcdecabdd141a881e273eeb34edb472e7a42eed
SHA256

e05a147c0e627ffc4730b05176c4b55c49bab691223ea461153b4e954d7f9d6c
SHA512

9dd36ad4dcfe3038d5d7c5f179cc7d0a7a003ec1f9a586a84e6f96713c65964720bf68b7f283f9fb3ad2368707ddc789d069adf72cb1acad051449472613ec9f
SSDEEP

12288:H0h2A9mbhmI58EjKaix+AyZrr/wMtjeZ0:Hoj9mkIfjlix2Z//wAeZ0

Score

1^/10

Malware Config

Signatures

Files

7aa5989d9bc7953e5278faaf4b8104e8
.exe windows:4 windows x86 arch:x86

d9fb0ca3dd7c29a3020587453f70d7de

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2009, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:c9:83:68:62:49:9c:49:6b:a8:b5:36:8c:4f:21:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

23/09/2005, 00:00

Not After

23/09/2006, 23:59

Subject

CN=Synacast Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Synacast Corp.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

23:e7:6f:38:00:cc:3e:8f:b6:be:ea:9f:1c:e6:48:50:21:4c:0e:7a
Signer

Actual PE Digest

23:e7:6f:38:00:cc:3e:8f:b6:be:ea:9f:1c:e6:48:50:21:4c:0e:7a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrStrIW
PathAppendW
PathRemoveFileSpecW

mfc42u

ord4401
ord5237
ord2377
ord5157
ord6370
ord4347
ord5286
ord3793
ord4831
ord4435
ord2640
ord2047
ord6372
ord3744
ord5059
ord1720
ord5257
ord2438
ord2116
ord5273
ord2977
ord3142
ord3254
ord4459
ord3131
ord3257
ord2980
ord3076
ord2971
ord3825
ord3826
ord3820
ord3074
ord4075
ord4621
ord4418
ord3605
ord567
ord656
ord4270
ord2371
ord2855
ord6195
ord3871
ord1941
ord818
ord3792
ord2144
ord1134
ord6211
ord5977
ord1937
ord6193
ord6375
ord1258
ord2225
ord613
ord289
ord3084
ord3087
ord6871
ord283
ord2746
ord3215
ord4312
ord4282
ord755
ord470
ord3397
ord556
ord809
ord4294
ord6354
ord2810
ord1088
ord2114
ord1230
ord1165
ord6597
ord2567
ord4390
ord3569
ord609
ord4279
ord5047
ord4768
ord6266
ord4155
ord5261
ord4370
ord4847
ord4992
ord2506
ord6048
ord1767
ord5276
ord4419
ord3592
ord641
ord324
ord2127
ord2294
ord4229
ord6376
ord4704
ord1197
ord2445
ord925
ord3716
ord795
ord2680
ord5798
ord3491
ord6451
ord3693
ord765
ord5949
ord1130
ord2637
ord4219
ord690
ord1980
ord5351
ord5804
ord1075
ord5198
ord3224
ord1225
ord389
ord2362
ord3523
ord6090
ord4029
ord927
ord1826
ord4744
ord5010
ord4369
ord4846
ord355
ord4224
ord5228
ord1177
ord1173
ord1561
ord5264
ord4828
ord4602
ord4710
ord1768
ord4629
ord5061
ord3706
ord783
ord1787
ord1833
ord4583
ord4582
ord4893
ord4364
ord4886
ord4527
ord5070
ord4334
ord4341
ord4883
ord4525
ord4539
ord4537
ord4520
ord4523
ord4518
ord4957
ord4954
ord4103
ord6050
ord5236
ord3743
ord1718
ord5256
ord2083
ord4426
ord364
ord784
ord4236
ord5031
ord4714
ord2078
ord5277
ord2350
ord2293
ord2287
ord2356
ord3915
ord6330
ord2403
ord2015
ord4213
ord2570
ord4392
ord3577
ord802
ord616
ord542
ord2281
ord2291
ord3312
ord6565
ord5597
ord1086
ord3494
ord3626
ord683
ord3221
ord4803
ord1808
ord2634
ord4667
ord4269
ord6371
ord4480
ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord4074
ord4692
ord5303
ord5710
ord4616
ord3733
ord815
ord561
ord2613
ord1131
ord1196
ord1244
ord801
ord6921
ord6919
ord5706
ord2717
ord5285
ord4118
ord6237
ord541
ord1569
ord562
ord860
ord3865
ord3016
ord3701
ord2104
ord6373
ord2706
ord922
ord6655
ord6122
ord5857
ord6139
ord6105
ord291
ord713
ord5855
ord414
ord937
ord835
ord1763
ord857
ord6865
ord6191
ord4470
ord4450
ord3516
ord3517
ord3393
ord3728
ord810
ord5274
ord3490
ord3808
ord2836
ord2099
ord326
ord4266
ord2290
ord1921
ord3633
ord6466
ord1151
ord1105
ord665
ord1971
ord2385
ord6381
ord5349
ord5352
ord1256
ord5180
ord354
ord5777
ord4073
ord6051
ord6379
ord5436
ord6390
ord5446
ord472
ord537
ord1192
ord2745
ord2444
ord536
ord5852
ord4197
ord2756
ord1614
ord4292
ord4128
ord5783
ord942
ord941
ord940
ord2910
ord5568
ord1143
ord1637
ord1172
ord554
ord2112
ord4158
ord3284
ord2004
ord2915
ord807
ord538
ord5856
ord2400
ord2088
ord2859
ord2397
ord323
ord1633
ord5781
ord6190
ord640
ord3591
ord5860
ord6057
ord5567
ord5575
ord5732
ord5674
ord5790
ord5785
ord5869
ord6168
ord6017
ord6185
ord4324
ord6182
ord5752
ord6188
ord5755
ord2966
ord3614
ord1634
ord858
ord2606
ord5784
ord2559
ord2406
ord5679
ord4272
ord2755
ord4124
ord5871
ord3621
ord3688
ord3568
ord3566
ord2854
ord5602
ord2858
ord4078
ord6138
ord823
ord2430
ord3658
ord3649
ord2576
ord4215
ord1854
ord825
ord500
ord3696
ord772
ord540
ord861
ord535
ord800
ord686
ord384
ord4601
ord816

msvcrt

fclose
_controlfp
??1type_info@@UAE@XZ
free
memset
malloc
__CxxFrameHandler
_EH_prolog
wcscpy
wcslen
_ftol
wcscmp
memcpy
memmove
wcsncpy
rand
_wtol
_wcsicmp
sprintf
wcscat
_CxxThrowException
srand
strlen
swprintf
_wtoi
swscanf
fwrite
fopen
isspace
isalnum
wcstoul
atoi
tolower
isupper
_exit
_XcptFilter
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
__dllonexit
_onexit
?terminate@@YAXXZ

kernel32

MultiByteToWideChar
GetVersion
GetVersionExW
lstrlenA
GetCPInfo
LockResource
LoadResource
FindResourceW
lstrcmpiW
lstrlenW
lstrcpyW
MulDiv
LoadLibraryW
GetWindowsDirectoryW
GetProcAddress
GetLastError
FreeLibrary
GetModuleFileNameW
GetTempPathW
CloseHandle
CreateProcessW
InitializeCriticalSection
CreateEventW
DeleteCriticalSection
SetEvent
LeaveCriticalSection
EnterCriticalSection
CreateThread
GetCurrentThreadId
WaitForSingleObject
CreateEventA
GetCurrentProcessId
GetTickCount
WideCharToMultiByte
OpenEventW
GetCommandLineW
GlobalFree
GlobalReAlloc
GlobalUnlock
GlobalLock
GlobalAlloc
WritePrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileStringW
CreateDirectoryW
SetProcessWorkingSetSize
GetCurrentProcess
GetPrivateProfileStringA
DeleteFileW
GetModuleHandleW
GetStartupInfoW
GetACP

user32

SetFocus
IsWindowEnabled
GetFocus
DestroyMenu
TrackPopupMenuEx
LoadIconW
GetSystemMenu
DrawIcon
IsIconic
MessageBoxW
IsWindowVisible
GetWindow
GetWindowTextW
LoadAcceleratorsW
SetForegroundWindow
EnumWindows
ModifyMenuW
UnregisterHotKey
GetNextDlgGroupItem
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
GetWindowRgn
RegisterHotKey
GetTopWindow
SetWindowLongW
IsChild
MessageBeep
GetMenuItemInfoW
SetWindowRgn
GetIconInfo
DrawStateW
DrawFocusRect
PostMessageW
WindowFromPoint
GetActiveWindow
GetNextDlgTabItem
GetClassNameW
GetWindowLongW
DestroyCursor
ClientToScreen
SubtractRect
GetCapture
GetCursorPos
ScreenToClient
SetCursor
EqualRect
ReleaseCapture
PtInRect
OffsetRect
SetCapture
LoadCursorW
IsRectEmpty
IntersectRect
UpdateWindow
InflateRect
FrameRect
SetRectEmpty
SetActiveWindow
GetWindowRect
RedrawWindow
GetClientRect
GetParent
IsWindow
SendMessageW
EnableWindow
InvalidateRect
LoadImageW
GrayStringW
DrawTextW
TabbedTextOutW
GetMenuItemCount
InsertMenuW
AppendMenuW
GetSubMenu
RemoveMenu
LoadBitmapW
CopyIcon
CheckMenuItem
LoadMenuW
DrawFrameControl
GetSysColorBrush
GetMenuStringW
CreateMenu
GetMessagePos
KillTimer
IsMenu
SetTimer
GetSystemMetrics
CreatePopupMenu
GetMenuItemID
IsZoomed
GetMenuState
GetDesktopWindow
GetDC
ReleaseDC
DrawIconEx
DestroyIcon
SystemParametersInfoW
GetSysColor
CopyRect
FillRect
DrawEdge
TranslateAcceleratorW
SetRect

gdi32

CreateFontW
GetRgnBox
CreateRectRgn
CreateRectRgnIndirect
SetRectRgn
ExtCreateRegion
CombineRgn
GetDIBits
SetBkColor
SetTextColor
GetStockObject
CreateBitmap
MaskBlt
GetGlyphOutlineW
StretchDIBits
StretchBlt
SetBkMode
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
PatBlt
GetObjectW
GetPixel
SetPixel
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
Ellipse
GetTextExtentPoint32W
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
CreateFontIndirectW
CreateSolidBrush
CreatePen
GetDeviceCaps
GetBkMode

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

shell32

SHBrowseForFolderW
ShellExecuteW
SHGetMalloc
Shell_NotifyIconW
ShellExecuteExW
SHGetPathFromIDListW

comctl32

ImageList_GetImageCount
ImageList_Draw
_TrackMouseEvent
ImageList_AddMasked
ImageList_ReplaceIcon
ImageList_GetIcon

oleaut32

SysAllocString
SysFreeString
VariantClear

wsock32

inet_addr
gethostbyname
gethostname
ioctlsocket

msvcp60

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z

winmm

PlaySoundW

Sections

.text
Size: 180KB - Virtual size: 178KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d9fb0ca3dd7c29a3020587453f70d7de

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0aCertificate

Extended Key Usages

Key Usages

6d:c9:83:68:62:49:9c:49:6b:a8:b5:36:8c:4f:21:d1Certificate

Extended Key Usages

Key Usages

23:e7:6f:38:00:cc:3e:8f:b6:be:ea:9f:1c:e6:48:50:21:4c:0e:7aSigner

Headers

File Characteristics

Imports

shlwapi

mfc42u

msvcrt

kernel32

user32

gdi32

comdlg32

advapi32

shell32

comctl32

oleaut32

wsock32

msvcp60

winmm

Sections

.text Size: 180KB - Virtual size: 178KB

.rdata Size: 52KB - Virtual size: 48KB

.data Size: 12KB - Virtual size: 10KB

.rsrc Size: 1.7MB - Virtual size: 1.7MB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

6d:c9:83:68:62:49:9c:49:6b:a8:b5:36:8c:4f:21:d1
Certificate

23:e7:6f:38:00:cc:3e:8f:b6:be:ea:9f:1c:e6:48:50:21:4c:0e:7a
Signer

.text
Size: 180KB - Virtual size: 178KB

.rdata
Size: 52KB - Virtual size: 48KB

.data
Size: 12KB - Virtual size: 10KB

.rsrc
Size: 1.7MB - Virtual size: 1.7MB