a461d988d1efcb86a41f3b134e30d9a2

Sharing

Copy URL

Twitter E-mail

General

Target

a461d988d1efcb86a41f3b134e30d9a2
Size

150KB
MD5

a461d988d1efcb86a41f3b134e30d9a2
SHA1

f38fb0c58dd231431845ffaecd9f5d398692d4e7
SHA256

eb298bcb85ad58e2be3b5fd3ea6a20f3ea23f9c0d9bbabedfea80982aac623d4
SHA512

e6a44bdcbb78210c75bfeab431a80252c2b219ecb2805aaf578cb4033625bc1430c7151920fcd89f83b4d2c61e181cc692ced2b94ef21169a02fd6fe587160fa
SSDEEP

1536:X7B205YSqJ1+qpgPp44YAJOXAFRgD0Ac0Fbtc3zpE0UmFohUpJPKGtypvbykE:XA2YSy1lgPp44YmOjnb4GmuyJPHtydby

Score

1^/10

Malware Config

Signatures

Files

a461d988d1efcb86a41f3b134e30d9a2
.exe windows:4 windows x86 arch:x86

933168e4c9cbc53e160f4a0d4378f53d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:92:ae:b3:83:26:5c:7c:64:53:bd:92:a0:40:a0:20
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

15-02-2009 00:00

Not After

15-02-2010 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tencent,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

70:3b:db:9b:ae:0c:a9:d2:f1:ef:50:c2:5f:03:e2:27:85:4c:46:cc
Signer

Actual PE Digest

70:3b:db:9b:ae:0c:a9:d2:f1:ef:50:c2:5f:03:e2:27:85:4c:46:cc

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

i:\Hummer\platform_ForQQ1.26Proj\Basic_HummerPlatform_VOB\Platform\Output\bin\TXPlatform.pdb

Imports

kernel32

InterlockedDecrement
FreeLibrary
MultiByteToWideChar
LoadLibraryExW
GetModuleHandleW
GetModuleFileNameW
EnterCriticalSection
LeaveCriticalSection
SetProcessWorkingSetSize
GetCurrentProcess
CloseHandle
WaitForSingleObject
GetTickCount
CreateProcessW
CreateFileW
GetFileAttributesW
OpenProcess
GetCurrentProcessId
ReleaseMutex
GetProcAddress
Sleep
CreateThread
CreateEventW
GetCurrentThreadId
SetEvent
CreateMutexW
GetVersion
GetCommandLineW
LoadLibraryA
GetVersionExW
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
InterlockedIncrement
GetConsoleMode
GetConsoleCP
SetFilePointer
lstrcmpiW
GetLastError
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetStringTypeW
GetStringTypeA
QueryPerformanceCounter
GetStartupInfoA
GetFileType
VirtualAlloc
VirtualFree
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetCPInfo
GetStartupInfoW
ExitProcess
GetModuleHandleA
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
WideCharToMultiByte
LCMapStringA
GetModuleFileNameA
lstrlenW
GetStdHandle
WriteFile
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
GetSystemTimeAsFileTime
HeapCreate

user32

CharNextW
SendMessageW
IsWindow
SendMessageTimeoutW
GetWindowThreadProcessId
PostQuitMessage
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
PostThreadMessageW
CharUpperW
UnregisterClassA

advapi32

RegSetValueExW
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW

ole32

StringFromGUID2
CLSIDFromString
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoInitialize
CoCreateInstance
CoRevokeClassObject
CoRegisterClassObject
CoUninitialize

oleaut32

VariantChangeType
VariantClear
VariantInit
RegisterTypeLi
UnRegisterTypeLi
SysStringByteLen
SysAllocStringByteLen
SysAllocString
LoadTypeLi
LoadRegTypeLi
SysStringLen
VarUI4FromStr
SysFreeString

wintrust

CryptCATAdminReleaseCatalogContext
CryptCATAdminAcquireContext
CryptCATAdminReleaseContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminEnumCatalogFromHash
CryptCATCatalogInfoFromContext
WinVerifyTrust
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WTHelperGetProvCertFromChain

crypt32

CertGetNameStringW

psapi

GetModuleFileNameExW

Sections

.text
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.M7cY4A
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

933168e4c9cbc53e160f4a0d4378f53d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

7b:92:ae:b3:83:26:5c:7c:64:53:bd:92:a0:40:a0:20Certificate

Extended Key Usages

Key Usages

70:3b:db:9b:ae:0c:a9:d2:f1:ef:50:c2:5f:03:e2:27:85:4c:46:ccSigner

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

wintrust

crypt32

psapi

Sections

.text Size: 100KB - Virtual size: 96KB

.rdata Size: 24KB - Virtual size: 21KB

.data Size: 8KB - Virtual size: 11KB

.rsrc Size: 8KB - Virtual size: 7KB

.M7cY4A Size: 1KB - Virtual size: 1KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

7b:92:ae:b3:83:26:5c:7c:64:53:bd:92:a0:40:a0:20
Certificate

70:3b:db:9b:ae:0c:a9:d2:f1:ef:50:c2:5f:03:e2:27:85:4c:46:cc
Signer

.text
Size: 100KB - Virtual size: 96KB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 8KB - Virtual size: 11KB

.rsrc
Size: 8KB - Virtual size: 7KB

.M7cY4A
Size: 1KB - Virtual size: 1KB