d4192584e06bc428f7388e4c73839fda

Sharing

Copy URL

Twitter E-mail

General

Target

d4192584e06bc428f7388e4c73839fda
Size

128KB
MD5

d4192584e06bc428f7388e4c73839fda
SHA1

1f144f33638892de4d4c4e2c0cfc3f3c33065d92
SHA256

1c61a4ed0648f7440ba890e855cfd703cc3387365759ba74fbc80c231a1deca0
SHA512

59f59a8d913706f9382381c4e0a3f91bf5484eedec8b72a3b3832df97b729819cd0163709cae4614a3035cdc404c25c533501aee79289bba68942fd40fbb1c94
SSDEEP

1536:3kEPlKGeQkQ8efandyICiVWcC6IuxPgGCYrbZAcFAORJG1LPaw3d:tKGeQkQ8RndyICqWeIePg0KORJGJd

Score

1^/10

Malware Config

Signatures

Files

d4192584e06bc428f7388e4c73839fda
.exe windows:4 windows x86 arch:x86

d7308d554c188f3b2f71c5057c4e142b

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6c:f2:f2:7c:3d:f2:fb:0e:37:83:aa:d5:45:78:aa:7e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

14-08-2008 00:00

Not After

14-08-2011 23:59

Subject

CN=CHENGDU YIWO Tech Development Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Provided by WoSign.com,O=CHENGDU YIWO Tech Development Co.\, Ltd.,L=Chengdu,ST=Sichuan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

cb:7d:8e:e9:f1:63:73:f6:f0:fb:3b:94:d9:4e:36:ed:fd:16:c9:d0
Signer

Actual PE Digest

cb:7d:8e:e9:f1:63:73:f6:f0:fb:3b:94:d9:4e:36:ed:fd:16:c9:d0

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc80

ord2095
ord741
ord1308
ord2176
ord2370
ord605
ord354
ord3182
ord4262
ord5203
ord4244
ord1401
ord5912
ord6724
ord1551
ord1670
ord1671
ord2020
ord4890
ord4212
ord5182
ord1794
ord1565
ord2160
ord4735
ord784
ord911
ord908
ord6067
ord4580
ord266
ord265
ord3641
ord5712
ord1903
ord3195
ord620
ord1063
ord618
ord370
ord762
ord2271
ord297
ord3934
ord5563
ord2902
ord3997
ord5529
ord3760
ord5613
ord5403
ord2468
ord3683
ord4541
ord757
ord566
ord3333
ord4481
ord2838
ord5566
ord5213
ord5230
ord4568
ord3948
ord2248
ord5226
ord5224
ord2931
ord1920
ord3832
ord5382
ord6219
ord5102
ord1010
ord3806
ord5583
ord2018
ord2063
ord4326
ord6276
ord3801
ord6278
ord4014
ord4038
ord3684
ord1591
ord1191
ord326
ord709
ord5523
ord3401
ord3761
ord5642
ord5640
ord5731
ord5727
ord6037
ord5588
ord501
ord3473
ord642
ord4236
ord1558
ord1637
ord4951
ord3397
ord6754
ord6752
ord3287
ord3161
ord1279
ord5637
ord3214
ord2090
ord602
ord6062
ord347
ord3180
ord5719
ord5921
ord5401
ord5414
ord5647
ord5888
ord6057
ord4161
ord6054
ord5608
ord6060
ord5611
ord2527
ord2075
ord4001
ord4123
ord5641
ord2654
ord502
ord2264
ord2083
ord3163
ord2367
ord2372
ord753
ord563
ord6065
ord1425
ord1009
ord658
ord651
ord3230
ord4238
ord2092
ord6120
ord2794
ord3302
ord2958
ord5866
ord3879
ord416
ord5634
ord2882
ord2866
ord4353
ord2873
ord2585
ord3402
ord5873
ord3651
ord6725
ord5915
ord1620
ord1617
ord3946
ord1402
ord4240
ord5152
ord1908
ord5073
ord6275
ord4185
ord5214
ord3403
ord4722
ord4282
ord1600
ord5960
ord5235
ord5233
ord923
ord928
ord932
ord930
ord934
ord2390
ord2410
ord2394
ord2400
ord2398
ord2396
ord2413
ord2408
ord2392
ord2415
ord2403
ord2385
ord2387
ord2405
ord2178
ord2172
ord1522
ord6279
ord3802
ord6277
ord3345
ord4967
ord1362
ord5175
ord1964
ord1656
ord1655
ord1599
ord5200
ord2537
ord2731
ord2835
ord4307
ord2714
ord2862
ord2540
ord2646
ord2533
ord2991
ord3718
ord3719
ord3709
ord2644
ord3949
ord4486
ord4261
ord3317
ord572
ord760
ord1280
ord3204
ord2368
ord1934
ord310
ord1123
ord3210
ord1084
ord1185
ord304
ord2322
ord781
ord907
ord876
ord578
ord1187
ord764
ord1207

msvcr80

_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
?terminate@@YAXXZ
_decode_pointer
_access
__CxxFrameHandler3
memset
_setmbcp
_tzset
_stricmp
_mbsnbcpy
_mbsrchr
_mbstok
strncpy
_snprintf
__argv
__argc
_mbsstr
_mktime64
memcpy
_except_handler4_common
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_controlfp_s

kernel32

GetModuleFileNameA
GetWindowsDirectoryA
LoadLibraryA
FreeLibrary
GetPrivateProfileStringA
CreateFileA
GetFileSize
ReadFile
CloseHandle
SetFilePointer
GetFileInformationByHandle
GetFileType
MapViewOfFile
CreateFileMappingA
DuplicateHandle
SystemTimeToFileTime
GetLocalTime
UnmapViewOfFile
Sleep
InterlockedCompareExchange
GetStartupInfoA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetLocaleInfoA
lstrcpyA
GetNumberFormatA
lstrcpynA
lstrlenA
GetProcAddress
InterlockedExchange
MultiByteToWideChar
GetLastError
WriteFile
GetModuleHandleA
SetLastError
WinExec
GetCurrentProcess
FileTimeToDosDateTime
GetACP
GetThreadLocale
GetVersionExA
FileTimeToSystemTime

user32

IsWindow
MessageBeep
SetWindowLongA
RegisterWindowMessageA
DrawEdge
UpdateWindow
GetFocus
TabbedTextOutA
InvalidateRect
InflateRect
GetSystemMetrics
GetSysColor
RedrawWindow
GetClientRect
DrawIcon
FillRect
GetParent
MessageBoxA
SetCapture
SetFocus
ReleaseCapture
SetActiveWindow
GetAsyncKeyState
wsprintfA
DestroyCursor
CopyIcon
GetMessagePos
SetCursor
LoadIconA
LoadCursorA
SetTimer
KillTimer
ReleaseDC
GrayStringA
GetDC
DrawTextA
SendMessageA
GetWindowRect
LockWindowUpdate
EnableWindow
ScreenToClient
PtInRect
DrawTextExA

gdi32

Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetCurrentObject
GetTextExtentPoint32A
BitBlt
GetBkColor
CreateCompatibleDC
CreateCompatibleBitmap
GetStockObject
GetObjectA
CreateFontIndirectA
CreateRectRgn

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueA

shell32

ExtractIconA
ShellExecuteExA
ShellExecuteA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d7308d554c188f3b2f71c5057c4e142b

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

6c:f2:f2:7c:3d:f2:fb:0e:37:83:aa:d5:45:78:aa:7eCertificate

Extended Key Usages

Key Usages

cb:7d:8e:e9:f1:63:73:f6:f0:fb:3b:94:d9:4e:36:ed:fd:16:c9:d0Signer

Headers

File Characteristics

Imports

mfc80

msvcr80

kernel32

user32

gdi32

advapi32

shell32

version

Sections

.text Size: 60KB - Virtual size: 57KB

.rdata Size: 24KB - Virtual size: 21KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 32KB - Virtual size: 29KB

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

6c:f2:f2:7c:3d:f2:fb:0e:37:83:aa:d5:45:78:aa:7e
Certificate

cb:7d:8e:e9:f1:63:73:f6:f0:fb:3b:94:d9:4e:36:ed:fd:16:c9:d0
Signer

.text
Size: 60KB - Virtual size: 57KB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 32KB - Virtual size: 29KB