bdae75747cf1369601b95092f183adfd

Sharing

Copy URL Twitter E-mail

General

Target

bdae75747cf1369601b95092f183adfd
Size

8.1MB
MD5

bdae75747cf1369601b95092f183adfd
SHA1

16402126e8fafd4f70a9a91227b10f7e56205c24
SHA256

e70d76197e856aa83f4ef9538a88be67625f837f78906fe84ae8a8f029c4e533
SHA512

87b43e05665f49943acd1161f9de64319b3ed4e357d09f071b24e2ef5a14656e94313204743e7885c9e1459a72fa6774225da571937f040500a0320d88fc1dd5
SSDEEP

49152:VcEyTaCVaym5DCGuNXwImZd9QvAfzaxUtaS3xDexEcRPnRvGiszAPyKE:oRmdQcZdffTtagxD0RJ+ist

Score

1^/10

Malware Config

Signatures

Files

bdae75747cf1369601b95092f183adfd
.exe windows:4 windows x64 arch:x64

d5efca15e3a8d381c98acaad9af9d141

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

13:22:2a:5d:cc:f7:16:df:5a:f9:c8:70:84:41:2d:d9
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

13/05/2013, 00:00

Not After

11/07/2016, 23:59

Subject

CN=Realtek Semiconductor Corp,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Realtek Semiconductor Corp,L=Hsinchu,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:1d:c3:1a:76:16:24:75:4f:80:00:00:00:00:00:1d
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/12/2014, 19:27

Not After

19/03/2016, 19:27

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

88:b2:c2:79:aa:84:a3:ea:8a:0e:e5:27:21:92:1c:cf:64:76:06:85:e9:c1:cd:ca:3a:ab:14:29:1b:b5:ca:83
Signer

Actual PE Digest

88:b2:c2:79:aa:84:a3:ea:8a:0e:e5:27:21:92:1c:cf:64:76:06:85:e9:c1:cd:ca:3a:ab:14:29:1b:b5:ca:83

Digest Algorithm

sha256

PE Digest Matches

true

45:dc:ea:59:43:b3:3a:03:78:22:e6:ea:db:c6:f7:c3:40:39:fa:fa
Signer

Actual PE Digest

45:dc:ea:59:43:b3:3a:03:78:22:e6:ea:db:c6:f7:c3:40:39:fa:fa

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\Users\Chunyung\Documents\Visual Studio 2005\Projects\RtkNGui\x64\release\RtkNGUI64.pdb

Imports

dwmapi

DwmExtendFrameIntoClientArea

winmm

mmioDescend
mmioAscend
mmioSeek
mmioRead
mmioOpenW
mmioCreateChunk
mmioGetInfo
mmioClose
mmioSetInfo
mmioWrite
timeGetTime
mciSendStringW
mmioAdvance

imm32

ImmDisableIME

setupapi

SetupDiGetClassDevsW
SetupDiGetDeviceInstanceIdW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

dsound

ord1
ord3
ord6

kernel32

GetVersionExA
lstrcmpW
CompareStringW
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
GetModuleHandleA
SuspendThread
CompareStringA
GetLocaleInfoW
EnumResourceLanguagesW
ConvertDefaultLocale
GetCurrentThread
GetCurrentProcessId
WritePrivateProfileStringW
GetThreadLocale
ReadFile
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetVolumeInformationW
GetFullPathNameW
FileTimeToSystemTime
FileTimeToLocalFileTime
TlsGetValue
TlsAlloc
GlobalHandle
TlsSetValue
LocalReAlloc
TlsFree
SetThreadPriority
GlobalFlags
SetErrorMode
GetFileTime
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoW
RtlPcToFileHeader
HeapReAlloc
VirtualProtect
VirtualAlloc
VirtualQuery
GetSystemTimeAsFileTime
ExitThread
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
HeapSize
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
RtlVirtualUnwind
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
GetCurrentDirectoryA
GetDriveTypeA
lstrcmpA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
CreateFileA
SetEnvironmentVariableA
SetFilePointer
GetTimeFormatW
GetDateFormatW
GetLocalTime
GetSystemInfo
IsBadReadPtr
OpenMutexW
CreateDirectoryW
ReleaseMutex
GetSystemPowerStatus
WriteConsoleW
GetStdHandle
AllocConsole
DeleteFileW
GetTempPathW
ResetEvent
GetSystemDirectoryA
ResumeThread
DuplicateHandle
GetPrivateProfileIntW
GetFileSize
GetPrivateProfileStringW
CompareFileTime
SystemTimeToFileTime
DeviceIoControl
GetSystemTime
GetTimeZoneInformation
GetWindowsDirectoryW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
WriteFile
CreateFileW
SetThreadExecutionState
GetFileAttributesW
WaitForMultipleObjects
GetExitCodeThread
DeleteCriticalSection
InitializeCriticalSection
OutputDebugStringW
Sleep
GetModuleFileNameW
LoadLibraryA
GetSystemDirectoryW
SearchPathW
FindResourceExW
GetUserDefaultUILanguage
MulDiv
FreeLibrary
TerminateThread
CreateThread
CreateEventW
GetVersionExW
GetVersion
GetCPInfo
FreeResource
lstrlenA
lstrcmpiW
GetTickCount
FormatMessageW
SetEvent
GetModuleHandleW
SetLastError
lstrcpyW
WideCharToMultiByte
lstrlenW
LeaveCriticalSection
EnterCriticalSection
GlobalFree
GlobalReAlloc
GlobalUnlock
GlobalLock
GlobalAlloc
WaitForSingleObject
CreateProcessW
GetCurrentProcess
IsWow64Process
SetThreadUILanguage
GetCurrentThreadId
MultiByteToWideChar
FindClose
FindNextFileW
FindFirstFileW
GetProcAddress
LoadLibraryW
CloseHandle
GetLastError
CreateMutexW
FindResourceW
LoadResource
LockResource
SizeofResource
LocalFree
LocalAlloc
RaiseException

user32

IsDialogMessageW
MoveWindow
IsWindowEnabled
ClientToScreen
BeginPaint
EndPaint
GetActiveWindow
GetMessageW
CharUpperW
EndDialog
GetNextDlgTabItem
CreateDialogIndirectParamW
WindowFromPoint
DestroyMenu
UnregisterClassW
TrackPopupMenuEx
TrackPopupMenu
GetKeyState
GetScrollRange
GetScrollPos
GetMenu
CreateWindowExW
GetClassInfoExW
RegisterClassW
AdjustWindowRectEx
SetScrollInfo
DefWindowProcW
SystemParametersInfoA
IsIconic
GetWindowPlacement
UnregisterClassA
UnregisterDeviceNotification
RegisterDeviceNotificationW
GetMonitorInfoW
MonitorFromWindow
GetShellWindow
ExitWindowsEx
RegisterWindowMessageW
GetClassInfoW
SetMenuDefaultItem
SetWindowTextW
SetWindowPos
LoadIconW
IsWindow
DrawTextW
LoadBitmapW
TabbedTextOutW
CreatePopupMenu
DrawEdge
CreateMenu
GetSubMenu
ModifyMenuW
DeleteMenu
GetMenuItemInfoW
GetMenuItemID
InsertMenuW
GetMenuItemCount
GetMenuState
GrayStringW
DrawTextExW
DrawIconEx
GetWindowTextW
LoadImageW
DestroyCursor
SetClassLongW
GetClassLongW
TranslateAcceleratorW
GetSysColorBrush
GetScrollInfo
CallWindowProcW
GetWindowLongPtrW
SetWindowLongPtrW
GetCursorPos
KillTimer
SetTimer
SetWindowLongW
ValidateRect
GetClassNameW
GetDlgCtrlID
ScreenToClient
FillRect
AppendMenuW
SystemParametersInfoW
IntersectRect
EqualRect
GetComboBoxInfo
SetCursor
ReleaseCapture
FrameRect
IsRectEmpty
SetCapture
ReleaseDC
GetDC
PtInRect
InflateRect
SetRect
GetMessagePos
SetRectEmpty
PeekMessageW
SetForegroundWindow
AttachThreadInput
GetWindowThreadProcessId
ShowWindow
GetWindowLongW
DispatchMessageW
TranslateMessage
PostQuitMessage
SetParent
SetWindowRgn
GetWindowRgn
LockWindowUpdate
IsWindowVisible
GetDesktopWindow
SetClassLongPtrW
CallNextHookEx
UnhookWindowsHookEx
GetForegroundWindow
GetAncestor
SetDlgItemTextW
GetDlgItem
MessageBoxW
SetWindowsHookExW
OffsetRect
GetSystemMetrics
SetActiveWindow
UnionRect
ChildWindowFromPointEx
WindowFromDC
ShowScrollBar
SetScrollPos
CopyRect
SetScrollRange
GetParent
GetWindow
GetWindowRect
RedrawWindow
PostMessageW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
EnableMenuItem
CheckMenuItem
GetMenuStringW
SendDlgItemMessageA
SendDlgItemMessageW
WinHelpW
GetCapture
FindWindowExW
SetProcessDPIAware
SendMessageW
GetClientRect
SetCaretPos
GetClassLongPtrW
SetPropW
GetPropW
RemovePropW
SetFocus
DestroyIcon
GetWindowTextLengthW
GetFocus
EnableWindow
GetCaretPos
UpdateWindow
InvalidateRect
GetSysColor
GetLastActivePopup
GetTopWindow
DestroyWindow
GetMessageTime
UpdateLayeredWindow
MapWindowPoints
LoadCursorW
FindWindowW

gdi32

SaveDC
RestoreDC
SetBkMode
SetMapMode
DPtoLP
LineTo
MoveToEx
SetTextAlign
PtVisible
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
SetBkColor
SetTextColor
RectVisible
GetClipBox
EnumFontFamiliesExW
CreateFontW
GetBkMode
Ellipse
Escape
PatBlt
GetDeviceCaps
GetCurrentObject
CreatePen
ExtTextOutW
CreateFontIndirectW
CreateBitmap
CreateSolidBrush
CreateCompatibleBitmap
SetDIBColorTable
GetMapMode
CombineRgn
ExtCreateRegion
CreateDIBSection
GetObjectW
DeleteObject
CreateRectRgn
CreateCompatibleDC
SelectObject
DeleteDC
GetTextExtentPoint32W
GetStockObject
SetViewportOrgEx
BitBlt
SetPixel
TextOutW
GetPixel

msimg32

AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegOpenKeyW
RegQueryValueW
RegCloseKey
RegQueryValueExW
RegEnumKeyW
RegDeleteKeyW
RegEnumKeyExW
StartServiceW
CloseServiceHandle
OpenServiceW
OpenSCManagerW
RegOpenKeyExW
RegNotifyChangeKeyValue
LookupPrivilegeValueW
OpenProcessToken
AdjustTokenPrivileges
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW

shell32

Shell_NotifyIconW
ShellExecuteExW
SHGetFolderPathW

comctl32

_TrackMouseEvent
InitCommonControlsEx
ord380

shlwapi

PathFindExtensionW
PathFindFileNameW
PathStripToRootW
SHStrDupW
PathIsUNCW

ole32

CoInitializeEx
CoCreateInstance
CoUninitialize
CreateStreamOnHGlobal
PropVariantClear
CLSIDFromProgID
CoTaskMemFree
CLSIDFromString
StringFromGUID2
CoInitialize
CoFreeUnusedLibrariesEx
CoInitializeSecurity
FreePropVariantArray
PropVariantCopy
CoTaskMemAlloc

oleaut32

SysFreeString
VariantChangeType
SafeArrayCreate
VariantClear
VariantInit
SysAllocString

gdiplus

GdipGetFontSize
GdipGetLogFontW
GdipGetFontUnit
GdipCreateFont
GdipCreateFontFromDC
GdipCreateFontFromLogfontW
GdipSetStringFormatAlign
GdipDeleteBrush
GdipSetStringFormatFlags
GdipSetStringFormatLineAlign
GdipCloneBrush
GdipSetTextRenderingHint
GdipDrawString
GdipCreateSolidFill
GdipCreateStringFormat
GdipDeleteStringFormat
GdipDrawImage
GdipGetFontStyle
GdiplusShutdown
GdiplusStartup
GdipGetImageWidth
GdipGetImageHeight
GdipCreateHBITMAPFromBitmap
GdipDrawImageRectI
GdipDisposeImage
GdipCloneImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipGetImagePixelFormat
GdipDrawImageI
GdipCreateFromHDC
GdipBitmapUnlockBits
GdipSetInterpolationMode
GdipBitmapLockBits
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipCreateBitmapFromHBITMAP
GdipGetImagePaletteSize
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipImageRotateFlip
GdipDrawImageRectRectI
GdipCreateImageAttributes
GdipDrawImageRectRect
GdipCreateBitmapFromHICON
GdipSetSmoothingMode
GdipDrawImageRect
GdipCreatePen1
GdipDeletePen
GdipDrawLineI
GdipDeleteFont
GdipMeasureString
GdipDeleteFontFamily
GdipGetFamily

Exports

Exports

?AsSysSvr_RegisterNotify@@3P6AHPEAUHWND__@@PEB_W@ZEA
?AsSysSvr_UnregisterNotify@@3P6AHPEAUHWND__@@PEB_W@ZEA

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 466KB - Virtual size: 466KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6.0MB - Virtual size: 6.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d5efca15e3a8d381c98acaad9af9d141

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

13:22:2a:5d:cc:f7:16:df:5a:f9:c8:70:84:41:2d:d9Certificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

33:00:00:00:1d:c3:1a:76:16:24:75:4f:80:00:00:00:00:00:1dCertificate

Extended Key Usages

61:0b:aa:c1:00:00:00:00:00:09Certificate

Key Usages

88:b2:c2:79:aa:84:a3:ea:8a:0e:e5:27:21:92:1c:cf:64:76:06:85:e9:c1:cd:ca:3a:ab:14:29:1b:b5:ca:83Signer

45:dc:ea:59:43:b3:3a:03:78:22:e6:ea:db:c6:f7:c3:40:39:fa:faSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

dwmapi

winmm

imm32

setupapi

version

dsound

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

gdiplus

Exports

Exports

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 466KB - Virtual size: 466KB

.data Size: 100KB - Virtual size: 130KB

.pdata Size: 98KB - Virtual size: 98KB

.rsrc Size: 6.0MB - Virtual size: 6.0MB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

13:22:2a:5d:cc:f7:16:df:5a:f9:c8:70:84:41:2d:d9
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

33:00:00:00:1d:c3:1a:76:16:24:75:4f:80:00:00:00:00:00:1d
Certificate

61:0b:aa:c1:00:00:00:00:00:09
Certificate

88:b2:c2:79:aa:84:a3:ea:8a:0e:e5:27:21:92:1c:cf:64:76:06:85:e9:c1:cd:ca:3a:ab:14:29:1b:b5:ca:83
Signer

45:dc:ea:59:43:b3:3a:03:78:22:e6:ea:db:c6:f7:c3:40:39:fa:fa
Signer

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 466KB - Virtual size: 466KB

.data
Size: 100KB - Virtual size: 130KB

.pdata
Size: 98KB - Virtual size: 98KB

.rsrc
Size: 6.0MB - Virtual size: 6.0MB