c0499392ee70de263575a10070ac55b6

Sharing

Copy URL

Twitter E-mail

General

Target

c0499392ee70de263575a10070ac55b6
Size

8.4MB
MD5

c0499392ee70de263575a10070ac55b6
SHA1

1aafa681eac4b6aed9829542e640aa4b3281a37b
SHA256

b45140b19ac62ffa1093df0bc35d68dc86ae80f3186d5fc254a2a5e31eca61a7
SHA512

f66b0f4f602dc32673ab9bce4983b676f9723f0c9bf7acba668451bb5ac67a514a89be20bf205276f1eb587aa24a05c23da257d08970d4e802ed9ab126635626
SSDEEP

98304:zzvwH+rx/UCl+vd5cCZXuxg6ED4sVOba1v6uAt3hRg37tR1p:nC3NUxjE9Q0eh61p

Score

1^/10

Malware Config

Signatures

Files

c0499392ee70de263575a10070ac55b6
.dll windows:4 windows x86 arch:x86

752d5b559b92b1aa316c1efcbf4247c6

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

52:04:8b:9c:8a:67:e2:8f:0c:c8:cc:75:81:3d:dc:5a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04-02-2016 00:00

Not After

28-03-2019 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:d5:15:37:03:d8:d5:f8:1f:ef:76:19:69:00:9a:14
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28-01-2016 00:00

Not After

28-03-2019 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

70:a0:1c:f4:ea:ef:99:fd:46:6c:ed:16:30:c1:b0:1f
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11-06-2015 00:00

Not After

29-12-2020 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 4,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01-01-1997 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e4:d8:94:fb:62:22:43:49:4a:99:76:aa:2a:7c:fd:f0:98:4d:4f:00:c1:e8:6c:68:20:af:6c:a1:f2:43:05:02
Signer

Actual PE Digest

e4:d8:94:fb:62:22:43:49:4a:99:76:aa:2a:7c:fd:f0:98:4d:4f:00:c1:e8:6c:68:20:af:6c:a1:f2:43:05:02

Digest Algorithm

sha256

PE Digest Matches

true

e1:2a:63:b5:b3:10:92:46:ce:05:b5:1e:69:be:8a:fa:90:66:c9:e7
Signer

Actual PE Digest

e1:2a:63:b5:b3:10:92:46:ce:05:b5:1e:69:be:8a:fa:90:66:c9:e7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WideCharToMultiByte
lstrlenW
CreateTimerQueueTimer
InterlockedExchange
CreateThread
ResumeThread
InterlockedExchangeAdd
SuspendThread
ReleaseMutex
WaitForSingleObject
Sleep
GetModuleFileNameA
GetCommandLineA
MapViewOfFile
CreateFileMappingA
GetCurrentProcessId
LoadLibraryA
GetModuleHandleA
GetProcAddress
GetModuleHandleW
MultiByteToWideChar
GetModuleFileNameW
VirtualAlloc
GetVersionExA
VirtualFree
CloseHandle
GetCurrentProcess
UnmapViewOfFile
GetFileSize
GetLastError
CreateFileA
GetSystemDirectoryA
IsBadReadPtr
GetExitCodeThread
OpenThread
GetCurrentThreadId
Module32Next
Module32First
CreateToolhelp32Snapshot
Process32Next
OpenProcess
Process32First
Thread32Next
Thread32First
GetSystemInfo
WriteFile
CreateMutexW
OpenMutexW
CreateFileMappingW
OpenFileMappingW
TerminateThread
DeleteTimerQueueTimer
CreateMutexA
CreateEventA
SetEvent
GetTickCount
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
OutputDebugStringA
DeviceIoControl
ReadFile
GetEnvironmentVariableA
GetVolumeInformationA
SystemTimeToFileTime
SetLastError
GetComputerNameW
LocalFree
lstrlenA
FreeLibrary
GetWindowsDirectoryA
GetTempPathA
FindFirstFileA
FindClose
GetLogicalDriveStringsA
QueryDosDeviceA
GetProcessTimes
GlobalMemoryStatusEx
GetDiskFreeSpaceExA
SetFilePointer
SearchPathA
SetThreadPriority
IsBadWritePtr
ExitProcess
lstrcmpW
InterlockedDecrement
InitializeCriticalSection

ws2_32

ntohl
ntohs
htons
socket
bind
setsockopt
send
sendto
__WSAFDIsSet
shutdown
getsockname
htonl
recv
ioctlsocket
connect
WSAGetLastError
select
getsockopt
WSAStartup
gethostname
gethostbyname
inet_ntoa
inet_addr
WSACleanup
closesocket

winmm

timeGetTime

shlwapi

PathAddBackslashA
PathAppendA
PathIsRelativeA
PathCombineA
PathRemoveFileSpecA

psapi

GetProcessMemoryInfo

shell32

SHGetSpecialFolderPathA

msvcp60

?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Xlen@std@@YAXXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADHD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ifstream@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?open@?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAEPAV12@PBDH@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z

msvcrt

memmove
_mbsnbcpy
_mbsnbcat
_mbslwr
_vsnprintf
strncpy
time
_except_handler3
atol
strtok
strrchr
_snprintf
strncat
_wcsicmp
wcslen
wcsrchr
localtime
fclose
fread
fopen
sprintf
ftell
fseek
_strnicmp
swscanf
wcschr
_snwprintf
_purecall
atoi
strstr
sscanf
islower
isdigit
isxdigit
strpbrk
strspn
isspace
strtol
mktime
srand
malloc
free
_mbsnbicmp
wcsncpy
wcscmp
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
_CxxThrowException
fgets
strncmp
strlen
memcmp
memcpy
memset
_mbsstr
_mbsrchr
_assert
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
_mbschr
wcsstr
__dllonexit
_onexit
_initterm
_adjust_fdiv
??1type_info@@UAE@XZ
__CxxFrameHandler
??2@YAPAXI@Z
_ultoa
_stricmp
_memicmp
_strlwr
strchr
strtod
atof
toupper
mbstowcs
setlocale
wcstombs
tolower
_pctype
_isctype
__mb_cur_max
fprintf
vfprintf
rand

user32

EnumDisplayDevicesA
wsprintfA
PeekMessageA
TranslateMessage
DispatchMessageA
IsWindow
SendMessageA
DestroyWindow
CreateWindowExA
SetTimer
KillTimer

advapi32

ReadEventLogW
OpenEventLogW
GetOldestEventLogRecord
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegQueryValueExW
RegConnectRegistryW
CloseEventLog

ole32

CoCreateInstance
CoInitializeSecurity
CoCreateGuid
CoSetProxyBlanket
CoUninitialize
CoInitializeEx

oleaut32

GetErrorInfo
VariantClear
SysAllocString
CreateErrorInfo
SetErrorInfo
VariantChangeType
SysFreeString
VariantInit

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

netapi32

Netbios

setupapi

SetupDiGetClassDevsA
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailA

Exports

Exports

CreateObj
DllEntry
DllEntry1
DllEntry2
DllEntry3
DllEntry4
DllEntry5
DllEntry6
DllEntry7
DllEntry8

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tvm0
Size: 6.8MB - Virtual size: 6.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

752d5b559b92b1aa316c1efcbf4247c6

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

52:04:8b:9c:8a:67:e2:8f:0c:c8:cc:75:81:3d:dc:5aCertificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

0b:d5:15:37:03:d8:d5:f8:1f:ef:76:19:69:00:9a:14Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

70:a0:1c:f4:ea:ef:99:fd:46:6c:ed:16:30:c1:b0:1fCertificate

Extended Key Usages

Key Usages

Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

e4:d8:94:fb:62:22:43:49:4a:99:76:aa:2a:7c:fd:f0:98:4d:4f:00:c1:e8:6c:68:20:af:6c:a1:f2:43:05:02Signer

e1:2a:63:b5:b3:10:92:46:ce:05:b5:1e:69:be:8a:fa:90:66:c9:e7Signer

Headers

File Characteristics

Imports

kernel32

ws2_32

winmm

shlwapi

psapi

shell32

msvcp60

msvcrt

user32

advapi32

ole32

oleaut32

version

netapi32

setupapi

Exports

Exports

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 120KB - Virtual size: 116KB

.data Size: 100KB - Virtual size: 118KB

.rsrc Size: 4KB - Virtual size: 968B

.tvm0 Size: 6.8MB - Virtual size: 6.8MB

.reloc Size: 44KB - Virtual size: 44KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

52:04:8b:9c:8a:67:e2:8f:0c:c8:cc:75:81:3d:dc:5a
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

0b:d5:15:37:03:d8:d5:f8:1f:ef:76:19:69:00:9a:14
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

70:a0:1c:f4:ea:ef:99:fd:46:6c:ed:16:30:c1:b0:1f
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

e4:d8:94:fb:62:22:43:49:4a:99:76:aa:2a:7c:fd:f0:98:4d:4f:00:c1:e8:6c:68:20:af:6c:a1:f2:43:05:02
Signer

e1:2a:63:b5:b3:10:92:46:ce:05:b5:1e:69:be:8a:fa:90:66:c9:e7
Signer

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 120KB - Virtual size: 116KB

.data
Size: 100KB - Virtual size: 118KB

.rsrc
Size: 4KB - Virtual size: 968B

.tvm0
Size: 6.8MB - Virtual size: 6.8MB

.reloc
Size: 44KB - Virtual size: 44KB