a2990b9120cfc2437cb20c61ac983121

Sharing

Copy URL

Twitter E-mail

General

Target

a2990b9120cfc2437cb20c61ac983121
Size

329KB
MD5

a2990b9120cfc2437cb20c61ac983121
SHA1

a3c66e67fc289aecf109ac5c8d25ff789a76c45e
SHA256

0546b53bd778ab5d3dc248ab0ebb29e37b83d790bf08464ce4bd94455ab031c0
SHA512

3c482ed37dacf7013c1cce250185f010aa6428cd2590c1e43c312138b5247c00ef43501a1939faa5238279a92c0d9b0f92674d59bb6649e06d38084512f5bc36
SSDEEP

3072:+Wy9QAbJIPg98aR6dKekqeLEPMAIUyMTSntmaSkAs/t0CfvKiqldfvJCO64rTGsT:VIeowKl9+M/5MutmGAs2bTcpVRTssQN

Score

1^/10

Malware Config

Signatures

Files

a2990b9120cfc2437cb20c61ac983121
.exe windows:5 windows x86 arch:x86

934e5af00d0eb52256100e7abe21ebcf

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:27:47:4d:e0:10:da:49:d3:1d:0e:e8:19:3e:ac:2d:0e
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

06/03/2015, 06:19

Not After

04/03/2016, 09:26

Subject

CN=Taiwan Shui Mu Chih Ching Technology Limited,O=Taiwan Shui Mu Chih Ching Technology Limited,L=Taipei City,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

58:ab:c7:a5:36:2d:c0:b3:d4:2d:53:3e:00:4c:91:8d:40:c0:b1:ec
Signer

Actual PE Digest

58:ab:c7:a5:36:2d:c0:b3:d4:2d:53:3e:00:4c:91:8d:40:c0:b1:ec

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\build\ecyber\trunk\sc\bin.32\DeskSvc.pdb

Imports

kernel32

GetLogicalDriveStringsW
QueryDosDeviceW
GetSystemWindowsDirectoryW
ProcessIdToSessionId
InterlockedDecrement
FreeLibrary
DeviceIoControl
DeleteFileW
WritePrivateProfileStringW
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
InterlockedIncrement
InterlockedExchange
PostQueuedCompletionStatus
TlsAlloc
TlsFree
GetFileSize
SetFileAttributesW
SetFilePointer
GetFileAttributesW
OutputDebugStringW
SetEndOfFile
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemDefaultLangID
SetThreadPriority
ResetEvent
GetExitCodeThread
GetQueuedCompletionStatus
CreateIoCompletionPort
GetProcessTimes
GlobalFree
LocalAlloc
GlobalAlloc
GetVolumeInformationW
InitializeCriticalSectionAndSpinCount
RaiseException
GetProcessHeap
HeapAlloc
HeapFree
FormatMessageA
CreateFileA
SetStdHandle
WriteConsoleW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetLocaleInfoW
FlushFileBuffers
GetStringTypeW
GetConsoleMode
GetConsoleCP
GetFileType
SetHandleCount
SetLastError
TlsSetValue
TlsGetValue
IsValidCodePage
GetOEMCP
GetSystemInfo
lstrcmpiW
LoadLibraryW
GetSystemDirectoryW
LocalFree
TerminateThread
CreateEventW
SetPriorityClass
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
TerminateProcess
WaitForMultipleObjects
ExitThread
SetProcessWorkingSetSize
OpenProcess
GlobalMemoryStatusEx
WriteFile
CreateNamedPipeW
DisconnectNamedPipe
ConnectNamedPipe
ReleaseMutex
CreateMutexW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
WaitForSingleObject
ReadFile
CreateThread
CreateFileW
GetCurrentProcess
GetVersionExW
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
FindResourceExW
FindResourceW
SizeofResource
LockResource
LoadResource
GetLastError
CloseHandle
Sleep
SetEvent
GetACP
HeapCreate
GetStdHandle
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
LCMapStringW
RtlUnwind
ExitProcess
GetSystemTimeAsFileTime
GetStartupInfoW
HeapSetInformation
GetCommandLineW
HeapSize
HeapReAlloc
HeapDestroy
DecodePointer
EncodePointer

user32

GetSystemMetrics
wsprintfW

advapi32

QueryServiceStatusEx
SetServiceStatus
ChangeServiceConfigW
ChangeServiceConfig2W
ReportEventA
DeregisterEventSource
RegisterServiceCtrlHandlerExW
EnumDependentServicesW
StartServiceCtrlDispatcherW
RegisterEventSourceW
CreateServiceW
ControlService
DeleteService
CloseServiceHandle
StartServiceW
OpenServiceW
OpenSCManagerW
SetTokenInformation
ConvertStringSidToSidW
DuplicateTokenEx
GetTokenInformation
CreateProcessAsUserW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCreateKeyW
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW

oleaut32

VariantClear

shlwapi

PathRemoveFileSpecW
PathCanonicalizeW
PathFileExistsW
PathCombineW

winhttp

WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpSendRequest
WinHttpGetIEProxyConfigForCurrentUser
WinHttpQueryDataAvailable
WinHttpOpen
WinHttpOpenRequest
WinHttpGetProxyForUrl
WinHttpCrackUrl
WinHttpReadData
WinHttpWriteData
WinHttpSetOption
WinHttpSetTimeouts
WinHttpReceiveResponse
WinHttpAddRequestHeaders
WinHttpConnect

psapi

GetProcessMemoryInfo
EnumProcessModules
EnumProcesses
GetModuleFileNameExW
EmptyWorkingSet

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

ws2_32

WSACleanup
WSAStartup

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

sensapi

IsNetworkAlive

wininet

InternetCheckConnectionW

Sections

.text
Size: 218KB - Virtual size: 217KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

934e5af00d0eb52256100e7abe21ebcf

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:2f:4e:e1:35:5cCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

11:21:27:47:4d:e0:10:da:49:d3:1d:0e:e8:19:3e:ac:2d:0eCertificate

Extended Key Usages

Key Usages

58:ab:c7:a5:36:2d:c0:b3:d4:2d:53:3e:00:4c:91:8d:40:c0:b1:ecSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

oleaut32

shlwapi

winhttp

psapi

userenv

ws2_32

version

sensapi

wininet

Sections

.text Size: 218KB - Virtual size: 217KB

.rdata Size: 66KB - Virtual size: 66KB

.data Size: 15KB - Virtual size: 26KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 20KB - Virtual size: 20KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

11:21:27:47:4d:e0:10:da:49:d3:1d:0e:e8:19:3e:ac:2d:0e
Certificate

58:ab:c7:a5:36:2d:c0:b3:d4:2d:53:3e:00:4c:91:8d:40:c0:b1:ec
Signer

.text
Size: 218KB - Virtual size: 217KB

.rdata
Size: 66KB - Virtual size: 66KB

.data
Size: 15KB - Virtual size: 26KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 20KB - Virtual size: 20KB