ab35b346a72943efefbcc9655b7e9cee

Sharing

Copy URL Twitter E-mail

General

Target

ab35b346a72943efefbcc9655b7e9cee
Size

223KB
MD5

ab35b346a72943efefbcc9655b7e9cee
SHA1

9e0562f37832a39002ab0a35e31a47d8e8dc317d
SHA256

15daa25f09f5860d46c3cdc1dafb7456b6762f43b5ee89335d9c188b30bd2829
SHA512

7968ba61ff9497a5e618802387813d4f6cb02ae287217e8d6d0e4f651d526e022d649743cf53fe81529d00cb645026870d89eb255a7d0c38238897fe23494bf4
SSDEEP

3072:NPLqSGD4MWePihWZ5VnYrTOoiTZveJIQOZ0KQKG5q7TFcEtiGuYqw:NPCsePiS59YrC5Z0KQKwq3O7Gus

Score

1^/10

Malware Config

Signatures

Files

ab35b346a72943efefbcc9655b7e9cee
.exe windows:4 windows x86 arch:x86

e6a6e63b5be327c77657dcb6f4026fed

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

63:b4:d4:81:05:76:53:2e:1b:10:b9:9d:39:89:4c:78
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/05/2013, 00:00

Not After

22/05/2016, 23:59

Subject

CN=2345.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=总办,O=2345.com,L=上海,ST=上海,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:16:3a:96:b4:ed:46:2d:ef:cf:5f:ca:83:b3:c4:c8:21:d6:a3:b5
Signer

Actual PE Digest

25:16:3a:96:b4:ed:46:2d:ef:cf:5f:ca:83:b3:c4:c8:21:d6:a3:b5

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ShellExecuteA

kernel32

GlobalAlloc
GlobalLock
LoadResource
FindResourceA
LockResource
GlobalFree
GlobalUnlock
GetModuleHandleA
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetVersion
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
GlobalDeleteAtom
MulDiv
LocalAlloc
LocalFree
InitializeCriticalSection
TlsAlloc
DeleteCriticalSection
GlobalHandle
LeaveCriticalSection
GlobalReAlloc
EnterCriticalSection
TlsSetValue
LocalReAlloc
TlsGetValue
lstrcpynA
GlobalFlags
WritePrivateProfileStringA
GetProcessVersion
SizeofResource
GetThreadLocale
GetCPInfo
GetOEMCP
DuplicateHandle
GetCurrentProcess
CreateFileA
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
FindClose
FindFirstFileA
GetVolumeInformationA
GetFullPathNameA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileAttributesA
GetFileSize
GetFileTime
FormatMessageA
RtlUnwind
RaiseException
HeapReAlloc
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetStartupInfoA
GetCommandLineA
HeapSize
GetACP
SetUnhandledExceptionFilter
VirtualFree
VirtualAlloc
IsBadWritePtr
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
SetHandleCount
GetStdHandle
GetFileType
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetProfileStringA
lstrcmpA
GetCurrentThread
GetCurrentThreadId
GetSystemDefaultUILanguage
GetSystemInfo
lstrcmpiA
GetModuleFileNameA
GetWindowsDirectoryA
CopyFileA
CreateMutexA
GetLastError
WaitForSingleObject
CreateToolhelp32Snapshot
Process32First
Process32Next
OpenProcess
TerminateProcess
OutputDebugStringA
MultiByteToWideChar
OpenMutexA
ReleaseMutex
ExitProcess
WinExec
FreeLibrary
CloseHandle
CreateThread
lstrlenA
ExitThread
GetCurrentProcessId
GetTickCount
Sleep
lstrcpyA
lstrcatA
LoadLibraryA
GetProcAddress
HeapAlloc
HeapFree
SetLastError

user32

MapWindowPoints
SendDlgItemMessageA
UpdateWindow
IsDialogMessageA
SetWindowTextA
MoveWindow
ShowWindow
LoadStringA
DestroyMenu
ClientToScreen
GetDC
ReleaseDC
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
LoadCursorA
GetClassNameA
PtInRect
GetSysColorBrush
CharNextA
CopyAcceleratorTableA
SetRect
GetNextDlgGroupItem
MessageBeep
InvalidateRect
CharUpperA
InflateRect
RegisterClipboardFormatA
PostThreadMessageA
IsWindowUnicode
DefDlgProcA
DrawFocusRect
ExcludeUpdateRgn
ShowCaret
HideCaret
AdjustWindowRectEx
ScreenToClient
CopyRect
GetSysColor
GetTopWindow
IsChild
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
CreateWindowExA
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
SetWindowLongA
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowRect
MapDialogRect
SetWindowPos
GetWindow
SetWindowContextHelpId
EndDialog
SetActiveWindow
IsWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
MessageBoxA
SetCursor
EnableWindow
LoadIconA
SendMessageA
AppendMenuA
GetSystemMenu
DrawIcon
GetClientRect
GetSystemMetrics
PostQuitMessage
PostMessageA
SetFocus
IsIconic
wsprintfA
GetDesktopWindow
GetWindowPlacement

advapi32

RegEnumValueA
RegCreateKeyExA
CreateServiceA
LockServiceDatabase
ChangeServiceConfig2A
UnlockServiceDatabase
StartServiceA
RegOpenKeyA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
OpenSCManagerA
OpenServiceA
CloseServiceHandle
DeleteService
RegSetValueExA
RegQueryValueExA
RegEnumKeyExA
RegOpenKeyExA
RegCloseKey

comctl32

ord17

oledlg

ord8

olepro32

ord253

ws2_32

gethostbyname
inet_addr
sendto
htonl
htons
setsockopt
socket
WSAStartup
send
connect
WSACleanup
closesocket
WSAGetLastError
WSASocketA
inet_ntoa
gethostname
shutdown
WSAIoctl
recv
__WSAFDIsSet
select

shlwapi

SHDeleteKeyA

netapi32

NetUserAdd
NetLocalGroupAddMembers

gdi32

CreateDIBitmap
GetClipBox
SetTextColor
SetBkColor
GetObjectA
DeleteDC
SaveDC
RestoreDC
SelectObject
GetStockObject
SetBkMode
GetTextExtentPointA
PatBlt
GetMapMode
CreateCompatibleDC
DPtoLP
GetBkColor
GetTextColor
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateSolidBrush
GetWindowExtEx
GetViewportExtEx
GetDeviceCaps
LPtoDP
BitBlt
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
IntersectClipRect
DeleteObject
CreateBitmap

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

comdlg32

GetFileTitleA

ole32

CoRevokeClassObject
CoRegisterMessageFilter
OleFlushClipboard
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
OleIsCurrentClipboard
CoTaskMemAlloc
CoTaskMemFree
StgOpenStorageOnILockBytes

oleaut32

SysStringLen
SysFreeString
SysAllocStringLen
VariantClear
VariantTimeToSystemTime
VariantCopy
VariantChangeType
SysAllocString
SysAllocStringByteLen

Sections

.text
Size: 152KB - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e6a6e63b5be327c77657dcb6f4026fed

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78Certificate

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

63:b4:d4:81:05:76:53:2e:1b:10:b9:9d:39:89:4c:78Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

25:16:3a:96:b4:ed:46:2d:ef:cf:5f:ca:83:b3:c4:c8:21:d6:a3:b5Signer

Headers

File Characteristics

Imports

shell32

kernel32

user32

advapi32

comctl32

oledlg

olepro32

ws2_32

shlwapi

netapi32

gdi32

winspool.drv

comdlg32

ole32

oleaut32

Sections

.text Size: 152KB - Virtual size: 150KB

.rdata Size: 36KB - Virtual size: 35KB

.data Size: 20KB - Virtual size: 35KB

.rsrc Size: 4KB - Virtual size: 2KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

63:b4:d4:81:05:76:53:2e:1b:10:b9:9d:39:89:4c:78
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

25:16:3a:96:b4:ed:46:2d:ef:cf:5f:ca:83:b3:c4:c8:21:d6:a3:b5
Signer

.text
Size: 152KB - Virtual size: 150KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 20KB - Virtual size: 35KB

.rsrc
Size: 4KB - Virtual size: 2KB