97432c84944931bfdbc4211e7169f7a5a6875a4d8eb98b32c6decd8d38b880e1[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

97432c84944931bfdbc4211e7169f7a5a6875a4d8eb98b32c6decd8d38b880e1.exe
Size

624KB
MD5

ad4e05a6c23f54f1b675324c9df8d527
SHA1

67b4981843626fb2c3f7293d8e3d5e47238dc250
SHA256

97432c84944931bfdbc4211e7169f7a5a6875a4d8eb98b32c6decd8d38b880e1
SHA512

22f3880111ada73abcaa8d10c900829ca7970d31d1f95a2d5967583da941b734113499dc4f71d2b374552f4fc023eec438ac28d6b6b2428371cb0e6791489281
SSDEEP

6144:7K6xLX9XVmKXiyuxTkUOjfh7LKYOpjg3OjUAUG:7KCLxVmUiyIah7LKpnUA

Score

1^/10

Malware Config

Signatures

Files

97432c84944931bfdbc4211e7169f7a5a6875a4d8eb98b32c6decd8d38b880e1.exe
.exe windows:4 windows x86 arch:x86

9b470f6bb7006cf4712136cdcdf14255

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01-05-2012 00:00

Not After

31-12-2012 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26-01-2010 00:00

Not After

25-01-2013 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f4:0e:ab:2b:82:d3:23:1b:26:fa:00:91:fc:ba:77:a4:4e:f1:64:38
Signer

Actual PE Digest

f4:0e:ab:2b:82:d3:23:1b:26:fa:00:91:fc:ba:77:a4:4e:f1:64:38

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Imports

comctl32

InitCommonControlsEx

common

?RemoveFileSystem@FS@@YAHPB_W@Z
?AddFileSystem@FS@@YAJW4FILESYSTEM_TYPE@@PB_W1HHH@Z
?InitPlatformFileSystem@Boot@Util@@YAHXZ
?InitPlatformI18NConfig@Boot@Util@@YAHXZ
?InitPlatformCoreConfig@Boot@Util@@YAHXZ
?OnExitCoreCenter@Misc@Util@@YAXXZ
?OnExitWinMain@Misc@Util@@YAXXZ
?OnUninitCom@Misc@Util@@YAXXZ
?GetPlatformCore@Core@Util@@YAHPAPAUITXCore@@@Z
??BCTXStringW@@QBEPB_WXZ
??H@YA?AVCTXStringW@@ABV0@PB_W@Z
??H@YA?AVCTXStringW@@_WABV0@@Z
?GetParentDir@FS@Util@@YA?AVCTXStringW@@V3@@Z
??0CTXStringW@@QAE@PA_W@Z
?InitPlatformGFConfig@Boot@Util@@YAHXZ
??1CTXStringW@@QAE@XZ
?CreateObjectFromDllFile@Com@Util@@YGJPB_WABU_GUID@@1PAPAXPAUIUnknown@@@Z
?GetExeDir@Sys@Util@@YA?AVCTXStringW@@XZ
?InitPlatform@CoreCenter@Util@@YAHPA_W@Z
?TrimRight@CTXStringW@@QAEAAV1@PB_W@Z

gf

?SetCustomObjectFactory@GF@Util@@YAXP6AHABU_GUID@@0PAPAX@Z@Z
?CreateObject@GF@Util@@YAJABU_GUID@@0PAPAX@Z

kernel32

lstrlenW
LoadResource
CreateMutexW
GetCurrentProcessId
FindResourceExW
MulDiv
FlushInstructionCache
InterlockedIncrement
ReleaseMutex
GlobalUnlock
HeapCreate
CreateFileMappingW
GlobalLock
HeapAlloc
InitializeCriticalSection
MapViewOfFile
GlobalAlloc
HeapFree
DeleteCriticalSection
RaiseException
HeapDestroy
EnterCriticalSection
UnmapViewOfFile
GetCurrentProcess
LeaveCriticalSection
AllocConsole
SetEvent
InterlockedDecrement
SetUnhandledExceptionFilter
GetEnvironmentVariableW
SetEnvironmentVariableW
lstrcpynW
LockResource
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
Sleep
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
HeapSize
HeapReAlloc
GetVersionExA
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
GetProcAddress
GetProcessHeap
InterlockedCompareExchange
GetCurrentThreadId
SizeofResource
CreateFileW
LocalFree
FindResourceW
lstrcmpW
WaitForSingleObject
GetCommandLineW
SetLastError
GetLastError
GetModuleHandleW
GetModuleFileNameW
CloseHandle

user32

SetTimer
GetParent
CreateWindowExW
ReleaseCapture
SetCapture
GetClassNameW
GetClassInfoExW
GetKeyState
SendMessageW
PostMessageW
LoadCursorW
RegisterWindowMessageW
RegisterClassExW
GetWindowTextLengthW
UnregisterClassA
SetParent
FindWindowExW
InSendMessage
ShowWindow
TrackMouseEvent
GetPropW
RemovePropW
SetPropW
GetSysColor
BeginPaint
IsChild
GetWindowTextW
DestroyWindow
GetClientRect
GetFocus
SetWindowTextW
CharNextW
IsWindow
SetFocus
GetWindowLongW
PostQuitMessage
DestroyAcceleratorTable
GetWindow
InvalidateRgn
KillTimer
CreateAcceleratorTableW
FillRect
GetDesktopWindow
DispatchMessageW
RedrawWindow
TranslateMessage
PeekMessageW
SetWindowLongW
InvalidateRect
GetMessageW
MessageBoxW
EndPaint
GetDlgItem
CallWindowProcW
ClientToScreen
GetDC
ScreenToClient
ReleaseDC
MoveWindow
PostThreadMessageW
DefWindowProcW
SetWindowPos

gdi32

GetDeviceCaps
DeleteDC
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetStockObject
CreateSolidBrush
GetObjectW
BitBlt
DeleteObject

advapi32

RegQueryValueW
RegCloseKey
RegOpenKeyExW

shell32

CommandLineToArgvW

ole32

CreateStreamOnHGlobal
CoCreateInstance
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoUninitialize
CoGetClassObject
CoInitializeEx
OleLockRunning
OleInitialize
OleUninitialize
CoInitialize
StringFromGUID2

oleaut32

SysStringByteLen
GetErrorInfo
DispCallFunc
SysAllocString
VariantClear
VariantInit
OleCreateFontIndirect
SysFreeString
SysStringLen
SysAllocStringLen
LoadRegTypeLi
LoadTypeLi

livelog

?DOLOG@@YAXPB_WZZ
?IsDoLog@@YAHXZ
?GetUserAppDataPath3@@YA?AVCComBSTR@ATL@@XZ

shlwapi

PathFileExistsW

msvcp80

??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

dbghelp

MiniDumpWriteDump

msvcr80

freopen
_recalloc
_purecall
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
??2@YAPAXI@Z
__iob_func
setlocale
_wctime64_s
_time64
wcschr
wcsstr
memset
_CxxThrowException
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
??0exception@std@@QAE@ABQBD@Z
memmove_s
_vscwprintf
free
??_V@YAXPAX@Z
_vswprintf_c_l
memcpy_s
ldiv
?what@exception@std@@UBEPBDXZ
memcpy
_wtoi64
??0exception@std@@QAE@ABV01@@Z
swprintf_s
_invalid_parameter_noinfo
malloc
wcsrchr
vswprintf_s
??3@YAXPAX@Z
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
__CxxFrameHandler3
_initterm

Sections

.text
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9b470f6bb7006cf4712136cdcdf14255

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0Certificate

Extended Key Usages

Key Usages

f4:0e:ab:2b:82:d3:23:1b:26:fa:00:91:fc:ba:77:a4:4e:f1:64:38Signer

Headers

File Characteristics

PDB Paths

Imports

comctl32

common

gf

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

livelog

shlwapi

msvcp80

version

dbghelp

msvcr80

Sections

.text Size: 100KB - Virtual size: 97KB

.rdata Size: 36KB - Virtual size: 35KB

.data Size: 8KB - Virtual size: 6KB

.rsrc Size: 4KB - Virtual size: 1KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

f4:0e:ab:2b:82:d3:23:1b:26:fa:00:91:fc:ba:77:a4:4e:f1:64:38
Signer

.text
Size: 100KB - Virtual size: 97KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 8KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 1KB