7c3c4840249b17d9d2ff485d4f369473

Sharing

Copy URL Twitter E-mail

General

Target

7c3c4840249b17d9d2ff485d4f369473
Size

4.9MB
MD5

7c3c4840249b17d9d2ff485d4f369473
SHA1

3464f85d0ad0f339bb634f8f1e0ac9efa00aac09
SHA256

824c2b0a18375f1a0594493794294ee31835e34effa28d7d6612a4f3f587ae52
SHA512

23e733344ced693fd2abbccaae0b473ddc1ea480c5c626fde38b345d2940ba2f29d20f1f98d655b9b47c39813a5c7a3620ec7f55b46eb7182e1a898332e32e8e
SSDEEP

98304:7bXETPI3t/g5xitIDPIoYsfwRj2t/7qpQfW+ZLvS3gZBItUiFHiZ8n:7bXETPI3t4Xui2Urt/7qsWqGw7nZi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/pt.exe

Files

7c3c4840249b17d9d2ff485d4f369473
.rar
petst.exe
.exe windows:1 windows x86 arch:x86

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

63:65:ce:f4:a6:4e:10:54:77:9b:87:cb:36:4f:5b:a7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

19/10/2006, 00:00

Not After

19/10/2007, 23:59

Subject

CN=PassMark Software Pty Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=PassMark Software Pty Ltd,ST=NSW,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

d4:6a:db:f9:9f:74:ec:a0:2e:3c:56:93:8d:6b:b0:62:6f:51:ee:d0
Signer

Actual PE Digest

d4:6a:db:f9:9f:74:ec:a0:2e:3c:56:93:8d:6b:b0:62:6f:51:ee:d0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
pt.exe
.exe windows:4 windows x86 arch:x86

65598be9bd2a9d04f9202fda484f0177

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

QueryServiceConfigW
OpenSCManagerW
DeleteService
ControlService
OpenServiceW
StartServiceW
CreateServiceW
CloseServiceHandle
RegCloseKey

comctl32

ImageList_Destroy
ImageList_ReplaceIcon
ImageList_Create
ImageList_LoadImageW
MenuHelp
CreateStatusWindowW
InitCommonControlsEx
CreateToolbarEx

dsetup

DirectXSetupGetVersion

gdi32

SetTextAlign
GetStockObject
CreateCompatibleDC
CreateDIBSection
DeleteDC
SetBkColor
SetTextColor
SelectObject
CreateSolidBrush
Rectangle
DeleteObject
GetDeviceCaps
SetAbortProc
BitBlt
StretchDIBits
GetDIBColorTable
SetPixel
GetPixel
DeleteEnhMetaFile
CloseEnhMetaFile
PatBlt
GetMapMode
RoundRect
Ellipse
SetMapMode
GetDIBits
SetWindowExtEx
GdiFlush
SetBkMode
CreatePalette
GetSystemPaletteEntries
LineTo
CreatePen
MoveToEx
SelectPalette
EndDoc
EndPage
StartPage
SetViewportOrgEx
SetViewportExtEx
RealizePalette

kernel32

GlobalAlloc
GlobalReAlloc
LocalAlloc
LocalFree
lstrcmp
GetSystemTimeAsFileTime
GetFileTime
IsBadReadPtr
LeaveCriticalSection
EnterCriticalSection
SetEvent
WaitForSingleObject
ResetEvent
GetExitCodeThread
SystemTimeToFileTime
LockResource
LoadResource
SizeofResource
GetACP
ReleaseMutex
DeleteCriticalSection
InitializeCriticalSection
GetCommandLineW
UnmapViewOfFile
MapViewOfFile
CancelIo
FlushFileBuffers
WriteFile
WriteFileEx
SetFilePointer
WaitForSingleObjectEx
SetEndOfFile
ReadFileEx
GlobalLock
LocalFileTimeToFileTime
SetFileTime
GlobalSize
CompareStringA
GetModuleHandleA
GetWindowsDirectoryA
GetSystemDirectoryA
InterlockedExchange
SetLastError
GetCurrentThreadId
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
GetProcessHeap
GetVersionExA
GetCommandLineA
ResumeThread
GetLocalTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
SetCurrentDirectoryA
RaiseException
HeapAlloc
HeapFree
RtlUnwind
GlobalUnlock
GlobalFree
GetTickCount
MulDiv
GetSystemInfo
HeapReAlloc
GetStdHandle
LockResource
GetFileType
SetProcessAffinityMask
GetTimeZoneInformation
GetOEMCP
GetTimeFormatA
GetDateFormatA
VirtualQuery
HeapSize
LCMapStringA
FreeEnvironmentStringsA
GetEnvironmentStrings
GetCurrentProcess
GetProcessAffinityMask
GetCurrentThread
GetThreadPriority
SetThreadPriority
QueryPerformanceFrequency
QueryPerformanceCounter
GetModuleFileNameA
GetFileSize
InterlockedDecrement
GetCurrentProcessId
SetStdHandle
InterlockedIncrement
GetLogicalDrives
SetErrorMode
ExitThread
GetUserDefaultLangID
LoadLibraryA
GetEnvironmentVariableA
CreateThread
Sleep
GlobalMemoryStatus
FindClose
DeviceIoControl
VirtualAlloc
VirtualFree
ReadFile
GetLastError
CloseHandle
FreeLibrary
WriteConsoleA
GetConsoleOutputCP
GetStringTypeA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
CreateFileA
SetEnvironmentVariableA
GetConsoleCP
GetConsoleMode
HeapDestroy
ExitProcess
HeapCreate

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

shell32

CommandLineToArgvW
IsUserAnAdmin

shlwapi

StrStrIW
UrlGetPartW

user32

BeginPaint
EndPaint
SetScrollInfo
ShowScrollBar
CopyImage
CheckMenuItem
RemoveMenu
GetParent
GetSystemMenu
SetScrollRange
SetScrollPos
GetWindowInfo
FillRect
DlgDirListComboBoxA
MoveWindow
GetDlgItemInt
IsDlgButtonChecked
SetFocus
CheckRadioButton
GetDlgCtrlID
ScrollWindow
OffsetRect
BringWindowToTop
EnableMenuItem
DrawMenuBar
GetIconInfo
SetRect
AdjustWindowRect
TranslateMessage
SetForegroundWindow
ShowOwnedPopups
GetSubMenu
TrackPopupMenuEx
DestroyMenu
DestroyWindow
PostQuitMessage
GetCursorPos
ScreenToClient
GetWindowRect
ClipCursor
SetCursor
GetWindowDC
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
UpdateWindow
DrawIconEx
ShowWindow
GetSystemMetrics
DestroyCursor
InvalidateRect
GetDlgItem
MessageBeep
KillTimer
SetTimer
SetDlgItemInt
EndDialog
SetDlgItemTextA
GetDC
GetClientRect
ReleaseDC
ShowCursor
GetAsyncKeyState
GetDlgItemTextA
SetWindowPos
GetMenu

wininet

HttpQueryInfoW
FtpPutFileW
InternetSetOptionW
InternetOpenW
InternetCloseHandle
InternetConnectW
HttpSendRequestW
HttpOpenRequestW
InternetCrackUrlW
InternetReadFileExA
InternetGetLastResponseInfoW

winmm

timeGetTime

comdlg32

CommDlgExtendedError

ole32

StgOpenStorageEx
CoCreateInstance
CoInitialize
ReleaseStgMedium
OleDuplicateData
OleCreateStaticFromData
OleSetContainedObject
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
StgCreateStorageEx
CoUninitialize
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx

Sections

.text
Size: 637KB - Virtual size: 640KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 124KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.0MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mackt
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nano
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
安装说明.url
.url

Sharing

General

Malware Config

Signatures

Files

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

63:65:ce:f4:a6:4e:10:54:77:9b:87:cb:36:4f:5b:a7Certificate

Extended Key Usages

Key Usages

d4:6a:db:f9:9f:74:ec:a0:2e:3c:56:93:8d:6b:b0:62:6f:51:ee:d0Signer

Headers

DLL Characteristics

File Characteristics

Sections

CODE Size: 36KB - Virtual size: 35KB

DATA Size: 1024B - Virtual size: 584B

BSS Size: - Virtual size: 3KB

.idata Size: 2KB - Virtual size: 2KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: - Virtual size: 2KB

.rsrc Size: 10KB - Virtual size: 10KB

65598be9bd2a9d04f9202fda484f0177

Headers

File Characteristics

Imports

advapi32

comctl32

dsetup

gdi32

kernel32

oleaut32

shell32

shlwapi

user32

wininet

winmm

comdlg32

ole32

Sections

.text Size: 637KB - Virtual size: 640KB

.rdata Size: 124KB - Virtual size: 128KB

.data Size: 1.0MB - Virtual size: 2.6MB

.rsrc Size: 1.2MB - Virtual size: 1.2MB

.mackt Size: 8KB - Virtual size: 8KB

.nano Size: 14KB - Virtual size: 16KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

63:65:ce:f4:a6:4e:10:54:77:9b:87:cb:36:4f:5b:a7
Certificate

d4:6a:db:f9:9f:74:ec:a0:2e:3c:56:93:8d:6b:b0:62:6f:51:ee:d0
Signer

CODE
Size: 36KB - Virtual size: 35KB

DATA
Size: 1024B - Virtual size: 584B

BSS
Size: - Virtual size: 3KB

.idata
Size: 2KB - Virtual size: 2KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: - Virtual size: 2KB

.rsrc
Size: 10KB - Virtual size: 10KB

.text
Size: 637KB - Virtual size: 640KB

.rdata
Size: 124KB - Virtual size: 128KB

.data
Size: 1.0MB - Virtual size: 2.6MB

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

.mackt
Size: 8KB - Virtual size: 8KB

.nano
Size: 14KB - Virtual size: 16KB