1a94dd00f363e98e050a1c77bbe170d48fcd086c2f0a7ffb120579e4b23dcd8c

Sharing

Copy URL Twitter E-mail

General

Target

1a94dd00f363e98e050a1c77bbe170d48fcd086c2f0a7ffb120579e4b23dcd8c
Size

2.9MB
MD5

765a40d98dd1b4e420f4117eec6dc436
SHA1

b47d2bd770ce378fbd43d5e15e022fc62b6c2cfa
SHA256

1a94dd00f363e98e050a1c77bbe170d48fcd086c2f0a7ffb120579e4b23dcd8c
SHA512

0b3dea6e1767a81217b4064791db786566f80c5d6dcb360f41a24a0cba53412662a9f6932e589230225c2f3f179629dddc898b8daabe7c40c7e377c46b87b811
SSDEEP

49152:E+hpmhb76mLsiarYQ6p7Jc6keWEeJMeqse/Lp/He2utT6W2/BNPFvR9eG3R:E+hpAb7607YSlJcIeJMIAHe2un2/BNPz

Score

1^/10

Malware Config

Signatures

Files

1a94dd00f363e98e050a1c77bbe170d48fcd086c2f0a7ffb120579e4b23dcd8c
.exe windows:5 windows x86 arch:x86

6c8ddc4df6b08f65953baade6e378f7a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:0f:11:a8:e1:80:1b:d7:b7:7f:5b:10:5b:e1:23:e9
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/09/2012, 00:00

Not After

20/09/2015, 23:59

Subject

CN=YY Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IT,O=YY Inc.,L=guangzhou,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:bf:1a:9a:11:5c:9b:f1:fa:ff:f6:30:dd:14:a9:46:e8:2b:0b:fe
Signer

Actual PE Digest

2e:bf:1a:9a:11:5c:9b:f1:fa:ff:f6:30:dd:14:a9:46:e8:2b:0b:fe

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTimeZoneInformation
CreateProcessA
TerminateProcess
ResetEvent
OpenEventA
GetExitCodeProcess
WaitForMultipleObjects
GetCommandLineA
GetModuleFileNameA
CreateThread
TlsAlloc
TlsSetValue
GetEnvironmentVariableA
GetSystemInfo
GetVersionExA
SetEvent
CreateEventA
SetConsoleCtrlHandler
FreeConsole
OpenMutexA
SetEnvironmentVariableA
CreateIoCompletionPort
GetQueuedCompletionStatus
TlsGetValue
RemoveDirectoryA
SetFilePointer
MoveFileExA
HeapReAlloc
HeapSetInformation
LeaveCriticalSection
EnterCriticalSection
RtlUnwind
GetDateFormatA
GetTimeFormatA
InterlockedIncrement
GetSystemTimeAsFileTime
MapViewOfFileEx
SetFilePointerEx
SetEndOfFile
CreateFileMappingA
MapViewOfFile
GetFileAttributesExW
CreateFileW
GetLongPathNameW
GetDiskFreeSpaceA
FindNextFileA
FindFirstFileA
InterlockedDecrement
GetModuleFileNameW
WriteConsoleW
DecodePointer
GetProcessHeap
UnmapViewOfFile
RaiseException
HeapSize
CompareStringW
GetCurrentDirectoryW
PeekNamedPipe
GetFullPathNameA
FlushFileBuffers
GetConsoleCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStartupInfoW
SetHandleCount
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
TlsFree
GetLocaleInfoW
LoadLibraryW
IsProcessorFeaturePresent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapCreate
GetConsoleMode
SetConsoleMode
ReadConsoleInputA
FindFirstFileExA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
EncodePointer
SetFileTime
WriteFile
ReadFile
FormatMessageA
Sleep
SwitchToThread
InterlockedCompareExchange
ExitProcess
GetModuleHandleW
HeapAlloc
HeapFree
FlushConsoleInputBuffer
WideCharToMultiByte
LoadLibraryA
FreeLibrary
GlobalMemoryStatus
GetTickCount
GetFileType
GetVersion
GetModuleHandleA
GetProcAddress
MultiByteToWideChar
QueryPerformanceFrequency
QueryPerformanceCounter
GetSystemTime
CreateFileA
SetLastError
FindClose
GetFileInformationByHandle
InterlockedExchangeAdd
CreateDirectoryA
DeleteFileA
SetStdHandle
GetCurrentThreadId
GetCurrentProcessId
CreateMutexA
WaitForSingleObject
ReleaseMutex
CloseHandle
GetCurrentDirectoryA
MoveFileA
GetLastError
GetDriveTypeW
GetStdHandle

user32

MessageBoxA
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
CharToOemBuffA

lua51

luaL_optnumber
luaL_loadfile
lua_iscfunction
luaL_findtable
lua_load
lua_setfenv
lua_topointer
lua_atpanic
lua_resume
lua_xmove
luaL_newstate
luaL_openlibs
lua_close
lua_pcall
lua_gc
lua_newthread
luaL_gsub
luaL_buffinit
lua_call
luaL_pushresult
lua_replace
lua_isnumber
lua_tointeger
lua_concat
lua_pushstring
luaL_unref
luaL_loadbuffer
lua_tothread
luaL_ref
luaL_checknumber
lua_setmetatable
lua_pushlightuserdata
luaL_checktype
lua_rawgeti
lua_tonumber
luaL_checklstring
lua_yield
lua_createtable
lua_pushboolean
lua_pushlstring
lua_pushvalue
lua_rawget
lua_rawset
lua_insert
lua_rawseti
lua_objlen
lua_pushnumber
lua_pushnil
lua_next
lua_isstring
lua_pushcclosure
luaL_checkinteger
lua_remove
lua_pushinteger
lua_setfield
lua_getstack
lua_getinfo
lua_gettop
lua_type
lua_tolstring
lua_toboolean
lua_newuserdata
lua_typename
lua_pushfstring
luaL_argerror
luaL_error
lua_getfield
lua_touserdata
lua_settop
luaL_addlstring

advapi32

RegCreateKeyExA
CryptCreateHash
CryptSetHashParam
CryptSignHashA
CryptDestroyHash
CryptExportKey
CryptGetUserKey
CryptAcquireContextA
CryptGetProvParam
CryptDestroyKey
CryptReleaseContext
CryptEnumProvidersA
DeregisterEventSource
ReportEventA
RegisterEventSourceA
RegCloseKey
RegSetValueExA
CryptDecrypt

ws2_32

WSAIoctl
WSASend
WSAGetOverlappedResult
WSARecv
ioctlsocket
WSADuplicateSocketA
accept
connect
gethostname
setsockopt
bind
closesocket
listen
getsockname
WSAStartup
getsockopt
getaddrinfo
freeaddrinfo
ntohs
htons
ntohl
htonl
WSASocketA
__WSAFDIsSet
select
recv
shutdown
WSACleanup
inet_addr
inet_ntoa
socket
gethostbyname
gethostbyaddr
WSASetLastError
WSAGetLastError
send

crypt32

CertDuplicateCertificateContext
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertOpenStore
CertGetCertificateContextProperty
CertFreeCertificateContext

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 387KB - Virtual size: 386KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 7.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dtors
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.debug_a
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_i
Size: 187KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_l
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_f
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_l
Size: 135KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_p
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_p
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_a
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_r
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_s
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.stab
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.stabstr
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6c8ddc4df6b08f65953baade6e378f7a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

04:0f:11:a8:e1:80:1b:d7:b7:7f:5b:10:5b:e1:23:e9Certificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

2e:bf:1a:9a:11:5c:9b:f1:fa:ff:f6:30:dd:14:a9:46:e8:2b:0b:feSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

lua51

advapi32

ws2_32

crypt32

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 387KB - Virtual size: 386KB

.data Size: 108KB - Virtual size: 7.4MB

.dtors Size: 512B - Virtual size: 4B

.debug_a Size: 18KB - Virtual size: 18KB

.debug_i Size: 187KB - Virtual size: 187KB

.debug_l Size: 37KB - Virtual size: 37KB

.debug_f Size: 24KB - Virtual size: 23KB

.debug_l Size: 135KB - Virtual size: 134KB

.debug_p Size: 9KB - Virtual size: 9KB

.debug_p Size: 16KB - Virtual size: 15KB

.debug_a Size: 1KB - Virtual size: 1KB

.debug_r Size: 6KB - Virtual size: 6KB

.debug_s Size: 2KB - Virtual size: 1KB

.stab Size: 5KB - Virtual size: 5KB

.stabstr Size: 33KB - Virtual size: 33KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 120KB - Virtual size: 119KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

04:0f:11:a8:e1:80:1b:d7:b7:7f:5b:10:5b:e1:23:e9
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

2e:bf:1a:9a:11:5c:9b:f1:fa:ff:f6:30:dd:14:a9:46:e8:2b:0b:fe
Signer

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 387KB - Virtual size: 386KB

.data
Size: 108KB - Virtual size: 7.4MB

.dtors
Size: 512B - Virtual size: 4B

.debug_a
Size: 18KB - Virtual size: 18KB

.debug_i
Size: 187KB - Virtual size: 187KB

.debug_l
Size: 37KB - Virtual size: 37KB

.debug_f
Size: 24KB - Virtual size: 23KB

.debug_l
Size: 135KB - Virtual size: 134KB

.debug_p
Size: 9KB - Virtual size: 9KB

.debug_p
Size: 16KB - Virtual size: 15KB

.debug_a
Size: 1KB - Virtual size: 1KB

.debug_r
Size: 6KB - Virtual size: 6KB

.debug_s
Size: 2KB - Virtual size: 1KB

.stab
Size: 5KB - Virtual size: 5KB

.stabstr
Size: 33KB - Virtual size: 33KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 120KB - Virtual size: 119KB