2eb6a8cb29dad26380d3cac4d54a192c0ddee67f14053a6b3f9940f5c96543ec

Sharing

Copy URL Twitter E-mail

General

Target

2eb6a8cb29dad26380d3cac4d54a192c0ddee67f14053a6b3f9940f5c96543ec
Size

5.3MB
MD5

3a9603679960c263ee16336018ea1465
SHA1

930ff8259738cf4a25d0499d0af410cd801785dd
SHA256

2eb6a8cb29dad26380d3cac4d54a192c0ddee67f14053a6b3f9940f5c96543ec
SHA512

5ff7a9ba22983537d07fed2631f6c99b9a957d9690d0f1732a940f33928e9c2af6d33b050c753efd0ab6f9fc524d0266215eb4afce0d986057dc2f5358855b37
SSDEEP

98304:9npMNNQdkHNNqVDUzZtGl9QPhT/h1dLCWBhIjr8RZYS4VcOt14C/ouCrKou:9npxstZ9h1dLCWjICZYS4VkMouNR

Score

1^/10

Malware Config

Signatures

Files

2eb6a8cb29dad26380d3cac4d54a192c0ddee67f14053a6b3f9940f5c96543ec
.exe windows:5 windows x86 arch:x86

f28083ef896bd1076533a9ae70dd9c06

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

4a:a6:9c:d8:36:7c:1b:a3:a5:52:a6:b6:b5:76:78:30
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

17/12/2014, 00:00

Not After

17/12/2019, 23:59

Subject

CN=SuZhou MorningSun Information Technology LLC,O=SuZhou MorningSun Information Technology LLC,POSTALCODE=215000,STREET=328 Xing Hu Road (Suzhou Industrial Park)+STREET=16-A305 International Science and Technology Park 5,L=Suzhou,ST=Jiangsu,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a2:87:e6:ff:b0:b5:4e:4d:94:5d:17:23:91:99:b0:b9:c7:4f:a0:75
Signer

Actual PE Digest

a2:87:e6:ff:b0:b5:4e:4d:94:5d:17:23:91:99:b0:b9:c7:4f:a0:75

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

wininet

InternetSetFilePointer
InternetCrackUrlW
InternetOpenW
InternetOpenUrlW
InternetCloseHandle
InternetReadFile
InternetCanonicalizeUrlW
InternetQueryOptionW
InternetSetOptionExW
InternetWriteFile
InternetSetStatusCallbackW
InternetGetLastResponseInfoW
HttpQueryInfoW
InternetQueryDataAvailable

kernel32

IsProcessorFeaturePresent
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
GetStringTypeW
LCMapStringW
WriteConsoleW
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetDriveTypeW
GetProcessHeap
SetEnvironmentVariableA
MultiByteToWideChar
SizeofResource
LockResource
LoadResource
FindResourceW
lstrlenA
GetLastError
lstrlenW
IsDebuggerPresent
GetModuleFileNameW
FindFirstFileW
HeapCreate
FindClose
FileTimeToSystemTime
InterlockedExchange
GetFileAttributesW
CreateDirectoryW
InterlockedIncrement
CreateProcessW
WaitForSingleObject
CloseHandle
DeleteFileW
InterlockedDecrement
CopyFileW
CreatePipe
SetHandleInformation
GetStartupInfoW
ReadFile
GenerateConsoleCtrlEvent
TerminateProcess
Sleep
RemoveDirectoryW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetVersionExA
GetModuleHandleW
UnhandledExceptionFilter
QueryPerformanceCounter
WideCharToMultiByte
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
SetUnhandledExceptionFilter
VirtualQuery
GetSystemInfo
VirtualAlloc
GetFileType
SetStdHandle
HeapSize
HeapQueryInformation
HeapReAlloc
RaiseException
RtlUnwind
GetDateFormatW
GetTimeFormatW
CreateThread
ExitThread
EncodePointer
DecodePointer
ExitProcess
HeapFree
GetSystemTimeAsFileTime
HeapAlloc
HeapSetInformation
GetCommandLineW
GetProcAddress
MoveFileExW
GetUserDefaultLCID
GlobalLock
GlobalUnlock
MulDiv
SearchPathW
GetProfileIntW
GetTickCount
GetTempPathW
GetTempFileNameW
GetNumberFormatW
GetWindowsDirectoryW
GetCurrentDirectoryW
FindResourceExW
SetErrorMode
GetFullPathNameW
GetVolumeInformationW
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
lstrcmpiW
lstrcpyW
GetSystemDirectoryW
GlobalFlags
GetThreadLocale
GlobalGetAtomNameW
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
ResumeThread
SetThreadPriority
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
lstrcmpA
GetCurrentThread
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
CompareStringA
GetLocaleInfoW
LoadLibraryExW
LocalAlloc
FindNextFileW
ReleaseActCtx
CreateActCtxW
VirtualProtect
GetFileTime
GetFileSizeEx
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
FileTimeToLocalFileTime
LocalFree
SetFileAttributesW
GetFileAttributesExW
CreateFileW
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetVersionExW
CompareStringW
InitializeCriticalSectionAndSpinCount
LoadLibraryW
FreeLibrary
lstrcmpW
GetCurrentProcessId
ActivateActCtx
DeactivateActCtx
FreeResource
SetLastError
GlobalFree
GlobalSize
GlobalAlloc
FormatMessageW

user32

MapVirtualKeyExW
IsCharLowerW
EmptyClipboard
SetClipboardData
UnpackDDElParam
ReuseDDElParam
InsertMenuItemW
TranslateAcceleratorW
LockWindowUpdate
BringWindowToTop
SetCursorPos
SetRect
CreateAcceleratorTableW
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
CopyAcceleratorTableW
DrawFrameControl
DrawEdge
DrawStateW
SetClassLongW
DestroyAcceleratorTable
SetParent
SetWindowRgn
IsZoomed
DrawIconEx
GetNextDlgGroupItem
LoadImageW
GetIconInfo
MessageBeep
NotifyWinEvent
EnableScrollBar
HideCaret
DrawFocusRect
InvertRect
IsRectEmpty
CreatePopupMenu
GetMenuDefaultItem
DestroyIcon
KillTimer
SetTimer
DeleteMenu
WaitMessage
ReleaseCapture
WindowFromPoint
SetCapture
UnregisterClassW
CharUpperW
SetLayeredWindowAttributes
EnumDisplayMonitors
SetRectEmpty
CopyImage
RealChildWindowFromPoint
GetSysColorBrush
SystemParametersInfoW
DestroyMenu
GetMenuItemInfoW
ShowOwnedPopups
GetMessageW
GetCursorPos
LoadMenuW
PostQuitMessage
MapVirtualKeyW
GetKeyNameTextW
MapDialogRect
GetAsyncKeyState
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
UnionRect
CheckDlgButton
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetFocus
GetForegroundWindow
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetForegroundWindow
ShowScrollBar
IsWindowVisible
ValidateRect
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetDlgCtrlID
UpdateLayeredWindow
MonitorFromPoint
DefWindowProcW
CallWindowProcW
GetMenu
SetWindowLongW
SetWindowPos
CopyRect
PtInRect
GetWindowTextLengthW
GetWindowTextW
GetScrollPos
SetScrollPos
GetWindow
SetFocus
GetSysColor
EndPaint
BeginPaint
GetWindowDC
IsMenu
PostThreadMessageW
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
CreateMenu
SetMenuDefaultItem
SendNotifyMessageW
FrameRect
GetUpdateRect
ReleaseDC
GetDC
ClientToScreen
ScreenToClient
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
GetWindowThreadProcessId
GetLastActivePopup
GetWindowRgn
RegisterClipboardFormatW
DestroyCursor
EnumChildWindows
SubtractRect
GetDoubleClickTime
CharUpperBuffW
CopyIcon
GetDesktopWindow
SetWindowContextHelpId
CharNextW
InvalidateRgn
CountClipboardFormats
GetWindowContextHelpId
GetCaretPos
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetWindowLongW
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
GetMenuState
GetMenuStringW
GetMenuItemID
InsertMenuW
GetMenuItemCount
GetSubMenu
RemoveMenu
CloseClipboard
GetClipboardData
OpenClipboard
IsClipboardFormatAvailable
LoadCursorW
SetCursor
DrawIcon
RedrawWindow
AppendMenuW
GetSystemMenu
LoadIconW
IntersectRect
OffsetRect
SystemParametersInfoA
GetWindowPlacement
IsIconic
GetSystemMetrics
InvalidateRect
InflateRect
GetWindowRect
GetClientRect
UpdateWindow
MessageBoxW
PostMessageW
GetParent
SendMessageW
EnableWindow
TranslateMessage

gdi32

DeleteObject
SelectClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
BitBlt
GetPixel
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreatePatternBrush
CreateBitmap
CreateCompatibleDC
GetStockObject
SelectPalette
GetObjectType
CreatePen
CreateSolidBrush
CreateHatchBrush
CreateRectRgnIndirect
PatBlt
GetTextMetricsW
SetRectRgn
CombineRgn
GetMapMode
DPtoLP
CreateDIBitmap
CreateCompatibleBitmap
GetTextCharsetInfo
EnumFontFamiliesExW
GetBkColor
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
CreateDIBSection
CreateRoundRectRgn
CreatePolygonRgn
GetTextColor
CreateEllipticRgn
Polyline
Ellipse
Polygon
SetDIBColorTable
GetDIBits
StretchBlt
SetPixel
Rectangle
OffsetRgn
GetRgnBox
RoundRect
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
SetPixelV
GetTextFaceW
SetLayout
GetLayout
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
SetMapMode
SetTextColor
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
SetBkColor
RestoreDC
SaveDC
CreateDCW
CopyMetaFileW
GetDeviceCaps
GetDCOrgEx
GetClipBox
GetObjectW
EnumFontFamiliesW
GetTextExtentPoint32W
CreateFontIndirectW

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegFlushKey
RegCloseKey
RegDeleteKeyW
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW
RegQueryInfoKeyW
RegSetValueExW
RegSetValueW
RegEnumKeyW
RegEnumKeyExW
RegEnumValueW
RegQueryValueW
RegCreateKeyExW

shell32

SHGetMalloc
SHGetFolderLocation
SHGetPathFromIDListW
ShellExecuteW
SHGetFileInfoW
SHAppBarMessage
SHBrowseForFolderW
DragAcceptFiles
DragQueryFileW
DragFinish
SHGetSpecialFolderLocation
SHGetDesktopFolder

comctl32

ImageList_GetIconSize
InitCommonControlsEx

shlwapi

UrlUnescapeW
PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathFileExistsW
PathRemoveFileSpecW

ole32

OleCreateFromFile
OleGetClipboard
CoCreateInstance
CLSIDFromString
CoInitialize
CoUninitialize
CoInitializeEx
CreateStreamOnHGlobal
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
CreateFileMoniker
CoDisconnectObject
CoCreateGuid
OleDuplicateData
CoTreatAsClass
StringFromCLSID
CoTaskMemAlloc
ReleaseStgMedium
CreateBindCtx
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleLockRunning
OleSetMenuDescriptor
OleIsCurrentClipboard
OleFlushClipboard
DoDragDrop
StgCreateDocfileOnILockBytes
OleSave
WriteClassStm
OleSaveToStream
OleCreateFromData
OleCreateLinkFromData
OleCreateStaticFromData
OleCreate
OleLoad
GetHGlobalFromILockBytes
OleSetContainedObject
OleCreateLinkToFile
OleGetIconOfClass
CreateItemMoniker
CreateGenericComposite
CLSIDFromProgID
CoRegisterMessageFilter
CoRevokeClassObject
CoGetClassObject
OleInitialize
CoFreeUnusedLibraries
ReadClassStg
ReadFmtUserTypeStg
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CoTaskMemFree
OleUninitialize
OleDraw
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop

oleaut32

SystemTimeToVariantTime
VarBstrFromDate
SysStringLen
SafeArrayDestroy
VariantCopy
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
LoadTypeLi
SysAllocStringLen
SysStringByteLen
SysAllocStringByteLen
SysFreeString
VarBstrCmp
VarUdateFromDate
OleCreateFontIndirect
VariantInit
VariantChangeType
VariantClear
SafeArrayGetElemsize
SysAllocString
VariantTimeToSystemTime

oledlg

OleUIInsertObjectW
OleUIPasteSpecialW
OleUIObjectPropertiesW
OleUIBusyW

gdiplus

GdipCreateBitmapFromStream
GdipDrawImageI
GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipFree
GdipAlloc
GdipDeleteGraphics
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdiplusStartup
GdiplusShutdown
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipCloneImage

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

PlaySoundW

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 653KB - Virtual size: 652KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 41KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 354KB - Virtual size: 353KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f28083ef896bd1076533a9ae70dd9c06

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

4a:a6:9c:d8:36:7c:1b:a3:a5:52:a6:b6:b5:76:78:30Certificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

a2:87:e6:ff:b0:b5:4e:4d:94:5d:17:23:91:99:b0:b9:c7:4f:a0:75Signer

Headers

DLL Characteristics

File Characteristics

Imports

version

wininet

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

gdiplus

oleacc

imm32

winmm

Sections

.text Size: 3.0MB - Virtual size: 3.0MB

.rdata Size: 653KB - Virtual size: 652KB

.data Size: 41KB - Virtual size: 82KB

.rsrc Size: 1.3MB - Virtual size: 1.3MB

.reloc Size: 354KB - Virtual size: 353KB

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

4a:a6:9c:d8:36:7c:1b:a3:a5:52:a6:b6:b5:76:78:30
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

a2:87:e6:ff:b0:b5:4e:4d:94:5d:17:23:91:99:b0:b9:c7:4f:a0:75
Signer

.text
Size: 3.0MB - Virtual size: 3.0MB

.rdata
Size: 653KB - Virtual size: 652KB

.data
Size: 41KB - Virtual size: 82KB

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 354KB - Virtual size: 353KB