a9d8d3487bb51622e626f83b68ec4f31

Sharing

Copy URL Twitter E-mail

General

Target

a9d8d3487bb51622e626f83b68ec4f31
Size

1.6MB
MD5

a9d8d3487bb51622e626f83b68ec4f31
SHA1

0ee2420425ee9c10b58b9604985549fa3a00baa9
SHA256

57737972fac0cfce14c1e20129c43e5aa617fb6b480729d1fdf5b08a0ac067fd
SHA512

a119c81d112536a385e3d5f8a3a3fbfdb5c3370bcfbaecedddab76f25c335d61b05c25286f006777e477036bebaf6287e53cd34c41ace0d0d9f22596bd4f1001
SSDEEP

24576:QJxpRX3SogNtAogLc1jD/SZLh542I7Njy8W8nvYMO3Tc36V63fMwDazWYH:QJxuNtAogLcVoM7Njy8LnxO3TWLEqaLH

Score

1^/10

Malware Config

Signatures

Files

a9d8d3487bb51622e626f83b68ec4f31
.exe windows:5 windows x86 arch:x86

91eee20e4eb5a0fe516b9b3e20e1876c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

44:5b:56:58:ee:9e:e3:6e:0d:e7:2a:56:b9:41:52:15
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Not Before

20/12/2016, 06:05

Not After

20/12/2017, 06:05

Subject

CN=Chongqing Yizhenze Technology Co.\, Ltd.,O=Chongqing Yizhenze Technology Co.\, Ltd.,L=Chongqing,ST=Chongqing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

19:c2:85:30:e9:3b:36
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 22:46

Not After

31/12/2019, 23:59

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:76:e8:8f:71:50:f3:eb:32:6a:47:74:fe:62:d2:b4:70:eb:41:82
Signer

Actual PE Digest

07:76:e8:8f:71:50:f3:eb:32:6a:47:74:fe:62:d2:b4:70:eb:41:82

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
GetModuleHandleA
GetModuleFileNameW
GetVersionExA
FreeLibrary
LoadLibraryW
MulDiv
HeapCreate
HeapAlloc
HeapFree
GetCurrentProcess
FlushInstructionCache
HeapDestroy
GetFullPathNameW
FreeResource
SetLastError
FindResourceW
SizeofResource
LoadResource
LockResource
LeaveCriticalSection
LocalFree
SetEnvironmentVariableA
CompareStringW
CreateFileW
GetProcessHeap
SetEndOfFile
WriteConsoleW
IsValidLocale
EnumSystemLocalesA
EnterCriticalSection
GetUserDefaultLCID
SetStdHandle
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
CreateFileA
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetACP
GetCurrentThreadId
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetLocaleInfoW
HeapSize
FlushFileBuffers
GetConsoleMode
GetConsoleCP
WriteFile
SetFilePointer
GetFileType
GetStdHandle
SetHandleCount
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
LCMapStringW
RaiseException
ReadFile
RtlUnwind
HeapReAlloc
GetStartupInfoW
HeapSetInformation
ExitProcess
CreateThread
ResumeThread
ExitThread
GetSystemTimeAsFileTime
GetFileAttributesA
InterlockedExchange
DecodePointer
EncodePointer
DeleteCriticalSection
InitializeCriticalSection
LoadLibraryA
WritePrivateProfileStringW
GetPrivateProfileStringW
GetCommandLineW
GlobalUnlock
GlobalAlloc
GlobalLock
InterlockedDecrement
InterlockedIncrement
GetProcAddress
GetSystemDirectoryA
GetVersionExW
GetModuleHandleW
CreateToolhelp32Snapshot
FindNextFileW
Process32NextW
Process32FirstW
FindClose
TerminateProcess
FindFirstFileW
CloseHandle
MoveFileA
WritePrivateProfileStringA
GetPrivateProfileStringA
CreateProcessA
WaitForSingleObject
GetSystemFirmwareTable
OutputDebugStringA
MultiByteToWideChar
WideCharToMultiByte
GetModuleFileNameA
GetTempPathA
GetTempFileNameA
GetLastError
Sleep
DeleteFileA
GetLocaleInfoA
lstrlenA

user32

FindWindowW
PostMessageW
wsprintfW
FindWindowExW
GetActiveWindow
IsWindowVisible
GetParent
OffsetRect
CreateWindowExW
GetFocus
IsRectEmpty
CopyRect
InflateRect
GetWindow
GetMonitorInfoW
MapWindowPoints
SendMessageW
ShowWindow
SetWindowPos
MonitorFromWindow
GetWindowLongW
GetClientRect
GetWindowRect
SetWindowTextW
IsIconic
PostQuitMessage
ClientToScreen
KillTimer
SetTimer
InvertRect
FillRect
DrawIconEx
DestroyWindow
PtInRect
SetRect
EqualRect
IntersectRect
UnionRect
SetCursor
DestroyCursor
LoadCursorW
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
IsWindow
DefWindowProcW
SetFocus
DestroyIcon
GetIconInfo
CharNextW
UpdateWindow
SetWindowLongW
InvalidateRect
ScreenToClient
GetDC
UpdateLayeredWindow
ReleaseDC
SetCapture
GetCursorPos
AppendMenuW
CreatePopupMenu
DestroyMenu
TrackPopupMenu
ReleaseCapture
GetMenuItemInfoW
MapVirtualKeyA
CharLowerBuffW
DrawTextW
SystemParametersInfoA
GetSystemMetrics
EnableMenuItem
GetKeyState
GetSysColor
RegisterClassExW
GetMenuItemCount
CallWindowProcW
GetDlgItem
UnregisterClassW
SetForegroundWindow
GetForegroundWindow
MsgWaitForMultipleObjects
CreateIconFromResource
LoadImageW
LoadBitmapW
SetLayeredWindowAttributes
BeginPaint
EndPaint
GetClassNameW
TrackMouseEvent
AnimateWindow
IsZoomed
SetCaretPos
GetCaretBlinkTime
CreateCaret
HideCaret
GetCapture

gdi32

CreateCompatibleBitmap
SetViewportOrgEx
StretchBlt
CreateBitmap
CreateCompatibleDC
DeleteDC
CreateSolidBrush
SelectObject
Rectangle
SetBkMode
CreateFontIndirectW
GetClipBox
GetDeviceCaps
SetGraphicsMode
EnumFontsW
GetStockObject
GetObjectW
CreateRoundRectRgn
BitBlt
DeleteObject
CreatePen
CreatePatternBrush
GetClipRgn
CreateDIBSection
CombineRgn
PtInRegion
RectInRegion
GetRgnBox
OffsetRgn
SetRectRgn
SetTextColor
GetTextColor
ExtSelectClipRgn
SaveDC
CreateRectRgnIndirect
RestoreDC
ExcludeClipRect
IntersectClipRect
CreateRectRgn
GetTextExtentPoint32W
RoundRect
Ellipse
SetWorldTransform
GetWorldTransform
Polyline
Arc
GetCurrentObject
GetViewportOrgEx
Chord

advapi32

CloseServiceHandle
QueryServiceStatus
StartServiceW
OpenServiceW
OpenSCManagerW
OpenServiceA
RegEnumKeyExW
RegOpenKeyExW
RegDeleteKeyA
RegQueryValueExW
RegCloseKey
RegCreateKeyExA
RegSetValueExA

shell32

ShellExecuteA
CommandLineToArgvW
SHGetPathFromIDListA
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteW

ole32

CreateBindCtx
OleLockRunning
CLSIDFromString
CLSIDFromProgID
OleInitialize
CreateStreamOnHGlobal
CoCreateInstance
OleUninitialize

oleaut32

SysFreeString
GetErrorInfo
VariantInit
SysAllocString

imagehlp

MakeSureDirectoryPathExists

wininet

HttpSendRequestA
HttpQueryInfoA
InternetConnectA
InternetReadFileExA
InternetCrackUrlA
InternetCloseHandle
HttpOpenRequestA
InternetOpenA

shlwapi

StrToIntExW

netapi32

Netbios

gdiplus

GdipSaveImageToFile
GdipCreateFromHDC
GdipTranslateWorldTransform
GdipRotateWorldTransform
GdipSetSmoothingMode
GdipDrawImageRectI
GdiplusStartup
GdipGetImageEncodersSize
GdipGetImageWidth
GdipCloneImage
GdipBitmapLockBits
GdipGetImageEncoders
GdipGetPropertyItemSize
GdipCreateBitmapFromFile
GdipGraphicsClear
GdipAlloc
GdipDrawImageI
GdipBitmapUnlockBits
GdipGetPropertyItem
GdipImageSelectActiveFrame
GdipImageGetFrameDimensionsList
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImageHeight
GdipFree
GdiplusShutdown
GdipImageGetFrameDimensionsCount
GdipImageGetFrameCount
GdipDisposeImage

ws2_32

htons
recv
socket
closesocket
send
connect
WSAStartup
inet_addr

imm32

ImmReleaseContext
ImmGetContext

msimg32

AlphaBlend
GradientFill

Sections

.text
Size: 747KB - Virtual size: 747KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 299KB - Virtual size: 299KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 431KB - Virtual size: 431KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

91eee20e4eb5a0fe516b9b3e20e1876c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

44:5b:56:58:ee:9e:e3:6e:0d:e7:2a:56:b9:41:52:15Certificate

Extended Key Usages

Key Usages

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79Certificate

Extended Key Usages

Key Usages

19:c2:85:30:e9:3b:36Certificate

Key Usages

07:76:e8:8f:71:50:f3:eb:32:6a:47:74:fe:62:d2:b4:70:eb:41:82Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

imagehlp

wininet

shlwapi

netapi32

gdiplus

ws2_32

imm32

msimg32

Sections

.text Size: 747KB - Virtual size: 747KB

.rdata Size: 299KB - Virtual size: 299KB

.data Size: 35KB - Virtual size: 114KB

.rsrc Size: 431KB - Virtual size: 431KB

.reloc Size: 75KB - Virtual size: 75KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

44:5b:56:58:ee:9e:e3:6e:0d:e7:2a:56:b9:41:52:15
Certificate

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79
Certificate

19:c2:85:30:e9:3b:36
Certificate

07:76:e8:8f:71:50:f3:eb:32:6a:47:74:fe:62:d2:b4:70:eb:41:82
Signer

.text
Size: 747KB - Virtual size: 747KB

.rdata
Size: 299KB - Virtual size: 299KB

.data
Size: 35KB - Virtual size: 114KB

.rsrc
Size: 431KB - Virtual size: 431KB

.reloc
Size: 75KB - Virtual size: 75KB