981a2073ab365c00833456951be40ea2

Sharing

Copy URL Twitter E-mail

General

Target

981a2073ab365c00833456951be40ea2
Size

185KB
MD5

981a2073ab365c00833456951be40ea2
SHA1

420cff1cd2e36cf8827cdb57e322a0fcad1a13d6
SHA256

e7e69cea5a29362d030510b86c2d89fd7709249b1dd86c45f176c53b77e1fc6b
SHA512

5aea20668ec3b0f45424bff4394cebce4619db4ba3f26af361c7cf25dedac887b0ce294404e118ce53b83f26b1663a0b46a55ebee105a0db75d5513554caa723
SSDEEP

3072:Eobe13eQCW9DRTGqdPFb2A6LBGPMfkzP5HNPtADTCDsCxtxt:Eb+WJRGiFb21BGEI7iDTtst

Score

1^/10

Malware Config

Signatures

Files

981a2073ab365c00833456951be40ea2
.exe windows:4 windows x86 arch:x86

72dbe0734460b0ba85dcd8df50fa191c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

64:6b:15:9c:b6:dc:c3:20:a9:33:a9:39:d9:2b:e8:1e
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

10/01/2011, 00:00

Not After

10/01/2012, 23:59

Subject

CN=北京寻几网际网络技术有限公司,OU=WoSign Class 3 Code Signing,O=北京寻几网际网络技术有限公司,L=海淀区,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

e4:89:b6:36:73:dc:38:1b:27:5f:07:22:3c:8a:60:f0:24:75:32:23
Signer

Actual PE Digest

e4:89:b6:36:73:dc:38:1b:27:5f:07:22:3c:8a:60:f0:24:75:32:23

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SizeofResource
LoadLibraryExW
GetModuleHandleW
Sleep
GetTickCount
GetCommandLineW
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
GetStringTypeW
GetStringTypeA
HeapSize
LoadLibraryA
LCMapStringW
WideCharToMultiByte
LCMapStringA
GetOEMCP
GetCPInfo
IsDebuggerPresent
MultiByteToWideChar
GetProcessHeap
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetModuleFileNameA
GetStdHandle
WriteFile
RtlUnwind
ExitProcess
VirtualQuery
GetSystemInfo
GetModuleHandleA
GetProcAddress
VirtualAlloc
VirtualProtect
HeapReAlloc
GetStartupInfoW
FreeLibrary
SetLastError
GlobalAlloc
GlobalLock
GlobalUnlock
GetModuleFileNameW
MulDiv
lstrcmpW
FindResourceW
LoadResource
LockResource
GetVersionExW
InterlockedIncrement
lstrcmpiW
GetLastError
lstrlenW
InterlockedDecrement
GetCurrentThreadId
TerminateProcess
SetUnhandledExceptionFilter
HeapFree
HeapAlloc
GetCurrentProcess
FlushInstructionCache
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException

user32

DestroyWindow
CharNextW
LoadImageW
DefWindowProcW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
DestroyMenu
EnableWindow
ShowWindow
MoveWindow
GetWindowLongW
SetWindowLongW
wvsprintfW
DialogBoxParamW
GetActiveWindow
LoadAcceleratorsW
CreateAcceleratorTableW
RegisterWindowMessageW
UnregisterClassA
RegisterClassExW
EndDialog
SystemParametersInfoW
TrackPopupMenuEx
PtInRect
MessageBeep
RemoveMenu
MonitorFromPoint
GetMonitorInfoW
LoadStringA
PostQuitMessage
GetWindowRect
CreatePopupMenu
TranslateAcceleratorW
LoadStringW
SetMenuItemInfoW
MapWindowPoints
GetWindowTextLengthW
GetWindowTextW
PostMessageW
GetWindow
DestroyAcceleratorTable
BeginPaint
EndPaint
FillRect
GetClassNameW
GetDlgItem
IsChild
InvalidateRgn
ScreenToClient
ReleaseCapture
GetSystemMetrics
GetDesktopWindow
GetFocus
InflateRect
ReleaseDC
GetDC
AdjustWindowRectEx
GetKeyState
SetFocus
SetCursor
SetMenuDefaultItem
GetMenuItemInfoW
CheckMenuRadioItem
GetMenuItemID
GetMenuItemCount
EnableMenuItem
AppendMenuW
DeleteMenu
CallWindowProcW
IsWindow
GetDlgCtrlID
GetParent
SetCapture
RedrawWindow
IsWindowVisible
InvalidateRect
UpdateWindow
ClientToScreen
GetClientRect
SetWindowPos
SetWindowTextW
SendMessageW
GetSysColor
CreateWindowExW
GetClassInfoExW
LoadCursorW
LoadMenuW

advapi32

RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteKeyW

ole32

StringFromCLSID
CoInitialize
CoUninitialize
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc

shell32

CommandLineToArgvW

oleaut32

VariantClear
SysStringLen
DispCallFunc
VarCmp
VarBstrCmp
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
SysAllocStringLen
VariantInit
SysStringByteLen
VarUI4FromStr
SysAllocString
SysFreeString

shlwapi

StrStrW
StrCmpW

comctl32

InitCommonControlsEx
ImageList_Destroy
ImageList_AddMasked
ImageList_BeginDrag
ImageList_EndDrag
ImageList_DragMove
ImageList_DragShowNolock
ImageList_DragEnter
ImageList_DragLeave
ImageList_LoadImageW
ImageList_Create

gdi32

GetStockObject
SelectObject
SetViewportOrgEx
CreateCompatibleBitmap
DeleteObject
GetObjectW
Polygon
CreatePen
CreateSolidBrush
DeleteDC
BitBlt
GetDeviceCaps
CreateCompatibleDC

Sections

.text
Size: 104KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

72dbe0734460b0ba85dcd8df50fa191c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04Certificate

Extended Key Usages

Key Usages

64:6b:15:9c:b6:dc:c3:20:a9:33:a9:39:d9:2b:e8:1eCertificate

Extended Key Usages

Key Usages

e4:89:b6:36:73:dc:38:1b:27:5f:07:22:3c:8a:60:f0:24:75:32:23Signer

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

shell32

oleaut32

shlwapi

comctl32

gdi32

Sections

.text Size: 104KB - Virtual size: 100KB

.rdata Size: 20KB - Virtual size: 18KB

.data Size: 8KB - Virtual size: 8KB

.rsrc Size: 44KB - Virtual size: 42KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

64:6b:15:9c:b6:dc:c3:20:a9:33:a9:39:d9:2b:e8:1e
Certificate

e4:89:b6:36:73:dc:38:1b:27:5f:07:22:3c:8a:60:f0:24:75:32:23
Signer

.text
Size: 104KB - Virtual size: 100KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 44KB - Virtual size: 42KB