a21c46110ca4139a8b78ddec4a1e4078

Sharing

Copy URL Twitter E-mail

General

Target

a21c46110ca4139a8b78ddec4a1e4078
Size

6.8MB
MD5

a21c46110ca4139a8b78ddec4a1e4078
SHA1

07d06531d7318a533225dcd41062c09474e580a0
SHA256

cae19f5b8fef41531fe4ffe61fc2100398ef5a6236783c6ddaa874160e576341
SHA512

aa5bf3689bf94bb92508bac83840516143b4bc9015ddd5cba48244d91df56e6383c42cb166030aa8a4c3dcf536cc70ad9fe74500eaaed04442a125efcb724729
SSDEEP

196608:Bo6N9BJWthWb7CyrzFap0HuKGJia/aZVO:1N3JWsuyUeTq+VO

Score

1^/10

Malware Config

Signatures

Files

a21c46110ca4139a8b78ddec4a1e4078
.exe windows:5 windows x86 arch:x86

d77cad2223b06f3b40425e1435617f37

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

53:60:3f:0f:22:8b:e5:91:52:1b:98:22:ca:85:2a:d4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/07/2015, 00:00

Not After

15/10/2018, 23:59

Subject

CN=YY Inc.,OU=PM,O=YY Inc.,L=Guangzhou,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2f:71:d2:97:94:6e:d7:86:12:43:73:68:c7:11:df:d0:33:7a:60:38
Signer

Actual PE Digest

2f:71:d2:97:94:6e:d7:86:12:43:73:68:c7:11:df:d0:33:7a:60:38

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\DUOWAN_BUILD\build\Build_Src\yygb\yygb\bin\install_bind.pdb

Imports

kernel32

FindClose
FindNextFileW
RemoveDirectoryW
FindFirstFileW
MoveFileExW
CreateFileW
TerminateProcess
OpenProcess
Sleep
LoadLibraryW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
lstrcatW
DeleteFileW
GetPrivateProfileIntW
WritePrivateProfileStringW
CreateMutexW
OpenMutexW
ReleaseMutex
GetPrivateProfileStringW
GetCommandLineW
LocalFree
FreeResource
OutputDebugStringW
CreateProcessW
WaitForSingleObject
CloseHandle
GetSystemDirectoryW
ResumeThread
OutputDebugStringA
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetTimeZoneInformation
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
InterlockedExchange
FlushFileBuffers
GetConsoleMode
GetConsoleCP
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
lstrlenA
WideCharToMultiByte
FindResourceExW
LockResource
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
GlobalAlloc
GlobalLock
GlobalUnlock
SetLastError
GetModuleFileNameW
MulDiv
lstrcmpW
GetCurrentProcess
FlushInstructionCache
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
GetLastError
lstrlenW
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetModuleFileNameA
GetStdHandle
HeapCreate
ExitProcess
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
MoveFileW
GetSystemTimeAsFileTime
GetStartupInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
GetFileInformationByHandle
CreateSemaphoreW
GetFileSizeEx
ReleaseSemaphore
EnterCriticalSection
RaiseException
TerminateThread
SetFilePointerEx
SetEndOfFile
GetSystemTime
GetVolumeInformationW
GetCurrentThreadId
GetModuleHandleW
GetProcAddress
DeviceIoControl
GetLogicalDriveStringsW
GetDriveTypeW
lstrcpyW
GetDiskFreeSpaceExW
GetFileAttributesW
GetModuleHandleA
CopyFileW
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
HeapDestroy
HeapReAlloc
HeapSize
ReadFile
GetFileSize
CreateFileA
GetVersion
GlobalFree
CreateDirectoryW
SetFileAttributesW
CreateThread
SwitchToThread
SetFilePointer
WriteFile
GetVersionExW

user32

SetWindowLongW
DefWindowProcW
CharNextW
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
BringWindowToTop
SetForegroundWindow
RegisterWindowMessageW
GetWindowLongW
PostMessageW
LoadStringW
SetRect
PtInRect
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
AdjustWindowRectEx
GetMenu
OffsetRect
SetWindowRgn
GetWindowRect
KillTimer
SetTimer
FindWindowW
ShowWindow
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
CreateAcceleratorTableW
CreateWindowExW
UnregisterClassA
LoadBitmapW
LoadImageA
LoadIconW
InflateRect
IsRectEmpty
SetActiveWindow
EnableWindow
IsWindowEnabled
GetActiveWindow
PostThreadMessageW
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
UpdateLayeredWindow
GetCursorPos
GetCapture
CreateCaret
GetCaretBlinkTime
SetCaretPos
IsIconic
GetWindowDC
HideCaret
ShowCaret
CopyRect
UnionRect
SetCursor
EqualRect
IntersectRect
GetMessagePos
DestroyCursor
GetKeyState
UpdateWindow
LoadImageW
DrawIconEx
DestroyIcon
DrawTextW
DrawTextA
IsWindowVisible
GetDlgCtrlID
SetPropW
AnimateWindow
SystemParametersInfoW
SetRectEmpty
wsprintfW
GetSystemMetrics
wsprintfA
RegisterClassExW
LoadCursorW
GetClassInfoExW
IsWindow
SendMessageW
SetFocus
GetFocus
GetWindow
DestroyAcceleratorTable
GetDesktopWindow
BeginPaint
EndPaint
CallWindowProcW
FillRect
ReleaseCapture
GetClassNameW
GetDlgItem
GetParent
IsChild
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
ScreenToClient
ClientToScreen
GetClientRect
SetWindowPos
MoveWindow
GetSysColor
DestroyWindow

gdi32

CreateSolidBrush
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
SelectObject
DeleteObject
SaveDC
RestoreDC
CombineRgn
RoundRect
ExtTextOutW
SetBkColor
CreatePen
CreateFontIndirectW
GetObjectA
OffsetViewportOrgEx
SetBkMode
GetObjectW
StretchBlt
CreateRectRgnIndirect
GetRgnBox
ExcludeClipRect
GetTextColor
SetTextColor
ExtSelectClipRgn
Rectangle
RectInRegion
MoveToEx
LineTo
GetTextMetricsW
GetClipBox
GetTextExtentPointW
GetClipRgn
CreateBitmap
GetViewportOrgEx
GetStockObject
OffsetRgn
GetTextExtentPoint32W
CreateRectRgn
GetCurrentObject
CreateDIBSection
SetRectRgn
SelectClipRgn
TextOutW

advapi32

RegOpenKeyW
RegSetValueExA
RegCreateKeyW
RegFlushKey
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegQueryValueExA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExW

shell32

ShellExecuteExW
SHGetSpecialFolderPathW
SHCreateDirectoryExW
SHGetPathFromIDListW
SHGetFileInfoA
SHFileOperationW
ShellExecuteW
SHGetFolderPathW
CommandLineToArgvW
SHBrowseForFolderW

ole32

CoInitializeSecurity
CoSetProxyBlanket
CoInitializeEx
CoCreateGuid
RevokeDragDrop
RegisterDragDrop
CoInitialize
CoUninitialize
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

VariantInit
SysFreeString
SysStringLen
SysAllocStringLen
SysAllocString
VariantChangeType
VarUI4FromStr
VariantClear
OleCreateFontIndirect
LoadRegTypeLi
VariantCopy
LoadTypeLi
DispCallFunc

shlwapi

StrToIntExA
PathAppendW
PathFileExistsW
PathRemoveFileSpecW
PathFileExistsA
StrToIntW
StrToIntA
StrStrIW

comctl32

InitCommonControlsEx
_TrackMouseEvent

gdiplus

GdipDrawImageRectRectI
GdipLoadImageFromFile
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipCloneImage
GdiplusStartup
GdiplusShutdown
GdipLoadImageFromFileICM
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipFree
GdipAlloc
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetTextRenderingHint
GdipSetSmoothingMode
GdipDrawString
GdipCreateFontFromDC
GdipDeleteFont
GdipDrawImageRectI
GdipCreateBitmapFromHICON
GdipDisposeImage

riched20

ord4

imm32

ImmReleaseContext
ImmGetContext

psapi

GetModuleFileNameExW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wininet

InternetWriteFile
InternetConnectW
HttpOpenRequestW
InternetOpenUrlW
InternetOpenW
HttpEndRequestW
HttpSendRequestExW
InternetCloseHandle

Sections

.text
Size: 812KB - Virtual size: 812KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5.8MB - Virtual size: 5.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d77cad2223b06f3b40425e1435617f37

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

53:60:3f:0f:22:8b:e5:91:52:1b:98:22:ca:85:2a:d4Certificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

2f:71:d2:97:94:6e:d7:86:12:43:73:68:c7:11:df:d0:33:7a:60:38Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

riched20

imm32

psapi

version

wininet

Sections

.text Size: 812KB - Virtual size: 812KB

.rdata Size: 125KB - Virtual size: 125KB

.data Size: 18KB - Virtual size: 98KB

.rsrc Size: 5.8MB - Virtual size: 5.8MB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

53:60:3f:0f:22:8b:e5:91:52:1b:98:22:ca:85:2a:d4
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

2f:71:d2:97:94:6e:d7:86:12:43:73:68:c7:11:df:d0:33:7a:60:38
Signer

.text
Size: 812KB - Virtual size: 812KB

.rdata
Size: 125KB - Virtual size: 125KB

.data
Size: 18KB - Virtual size: 98KB

.rsrc
Size: 5.8MB - Virtual size: 5.8MB