7ee4a49f066b61c8d598c4a526f54ecb

Sharing

Copy URL

Twitter E-mail

General

Target

7ee4a49f066b61c8d598c4a526f54ecb
Size

106KB
MD5

7ee4a49f066b61c8d598c4a526f54ecb
SHA1

ff77630cb1f445324c92c7bd93ad10913dabde64
SHA256

596c594d6014b633accf20f21f6373eff1182be0e0596ee9e643b3b9c07eb335
SHA512

aa5df616326a3c594a0d8ad35036e79d73930ec9a2c3d57ee8cf1435abda829120b81179f54565a078c339d25912d44886c6caa03f652ae46295d9b8a3682f51
SSDEEP

3072:FJAmDLQbt8pJBgMyzKOw7Pk3oyOf46vtEkYT:FJAmD0bt8pJBfD/yOf4Utvc

Score

1^/10

Malware Config

Signatures

Files

7ee4a49f066b61c8d598c4a526f54ecb
.dll windows:5 windows x86 arch:x86

c7246a6e9b923b87799a25a14eef79f6

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

21:ab:7d:91:33:ad:7d:52:57:83:6d:c5:ab:b8:b7:fa
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

19-07-2017 00:00

Not After

17-09-2019 23:59

Subject

CN=暴风集团股份有限公司,OU=IT,O=暴风集团股份有限公司,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

9c:01:81:87:83:51:b6:65:bd:9d:f4:1b:e9:cc:bb:34:ab:46:50:a5
Signer

Actual PE Digest

9c:01:81:87:83:51:b6:65:bd:9d:f4:1b:e9:cc:bb:34:ab:46:50:a5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\BFWORKSPACE\workspace\暴风主干官网\trunk2\bin\Release\bin\FloatADDll.pdb

Imports

crt

ord77
ord18
ord46
ord55
ord16
ord78
ord37
ord23
ord34
ord5

kernel32

CreateEventW
WaitForSingleObject
CloseHandle
SetEvent
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
FreeLibrary
LoadLibraryExW
InterlockedIncrement
InterlockedDecrement
GetModuleHandleW
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetModuleFileNameW
lstrlenW
RaiseException
GetLastError
MultiByteToWideChar
EnterCriticalSection
lstrcmpiW
DeleteCriticalSection
GetTickCount
Sleep
WritePrivateProfileStringW
OutputDebugStringW
TerminateThread
GetPrivateProfileStringW
GetVersionExW
DeleteFileW
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetSystemTimeAsFileTime
lstrlenA
LocalFree
SystemTimeToFileTime
GetLocalTime
EncodePointer
DecodePointer
InterlockedExchange
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetProcAddress
GetCurrentThreadId
GetCurrentProcessId

user32

PostThreadMessageW
KillTimer
SetTimer
PtInRect
GetDC
SendMessageW
GetSystemMetrics
PostMessageW
FindWindowW
MsgWaitForMultipleObjects
GetMessageW
CharNextW
TranslateMessage
PeekMessageW
DispatchMessageW
SendMessageTimeoutW

gdi32

GetDeviceCaps
CreateCompatibleDC
SelectObject
CreateDIBSection
DeleteDC
DeleteObject

advapi32

RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW

ole32

CoLoadLibrary
OleCreate
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoInitializeEx
CoCreateInstance
CoUninitialize
CoInitialize
CoFreeLibrary

oleaut32

GetErrorInfo
SysAllocString
VariantClear
VariantInit
DispGetParam
VarUI4FromStr
SysStringByteLen
SysAllocStringByteLen
SysStringLen
VarBstrCmp
SysAllocStringLen
SysFreeString

shlwapi

StrRChrW
PathAddBackslashW
StrCmpW
PathFindFileNameW
PathFileExistsW
PathAppendW

msvcr100

_except_handler4_common
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_initterm_e
_crt_debugger_hook
_CxxThrowException
__CxxFrameHandler3
_encoded_null
_malloc_crt
memcpy
_onexit
__CppXcptFilter
_initterm
_lock
_amsg_exit
__dllonexit
_unlock
?terminate@@YAXXZ
memset
wcsnlen
_wcsicmp
wcscpy_s
wcscat_s
_recalloc
wcsstr
malloc
wcsncpy_s
_purecall
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABV01@@Z
??2@YAPAXI@Z
_beginthreadex
wmemcpy_s
??1exception@std@@UAE@XZ
??3@YAXPAX@Z
_wtoi
free
??_U@YAPAXI@Z
??_V@YAXPAX@Z
memcpy_s
memmove_s
_vscwprintf
vswprintf_s
??0exception@std@@QAE@ABQBD@Z

msvcp100

?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c7246a6e9b923b87799a25a14eef79f6

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

21:ab:7d:91:33:ad:7d:52:57:83:6d:c5:ab:b8:b7:faCertificate

Extended Key Usages

Key Usages

9c:01:81:87:83:51:b6:65:bd:9d:f4:1b:e9:cc:bb:34:ab:46:50:a5Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

crt

kernel32

user32

gdi32

advapi32

ole32

oleaut32

shlwapi

msvcr100

msvcp100

Exports

Exports

Sections

.text Size: 65KB - Virtual size: 64KB

.rdata Size: 22KB - Virtual size: 22KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 8KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

21:ab:7d:91:33:ad:7d:52:57:83:6d:c5:ab:b8:b7:fa
Certificate

9c:01:81:87:83:51:b6:65:bd:9d:f4:1b:e9:cc:bb:34:ab:46:50:a5
Signer

.text
Size: 65KB - Virtual size: 64KB

.rdata
Size: 22KB - Virtual size: 22KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 8KB