d7117957014e17e92bdd5371856950ee

Sharing

Copy URL Twitter E-mail

General

Target

d7117957014e17e92bdd5371856950ee
Size

1.2MB
MD5

d7117957014e17e92bdd5371856950ee
SHA1

84c0a2e23d4970c881d70032311e69cf85708cf3
SHA256

cc394a23df3b6f59637e9d2598fba27f1c5484c4693c688b4c576503e80eb8de
SHA512

bf09a9c6bea4a4dd6485335417f698686e14c0e935ae70c0b2505c79f384e7801df8bc4d735288f06136617cdc9a3fa9b977859290bc6de18981ffbd9f7beda8
SSDEEP

24576:yZHN3F0UK6n623dwSNSPZjsbVPWkMzl4rJYREzmT2V8P6uc:QHjbVP+GWLT2I5c

Score

1^/10

Malware Config

Signatures

Files

d7117957014e17e92bdd5371856950ee
.exe windows:5 windows x86 arch:x86

4b2b63e1fafe22ece83a3b4ef0b93305

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4a:9b:19:3d:fd:36:39:3e:94:0a:f7:54:51:21:52:9a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

07/09/2017, 00:00

Not After

27/09/2019, 23:59

Subject

CN=Beijing Sogou Technology Development Co.\, Ltd.,OU=Desktop Business Division,O=Beijing Sogou Technology Development Co.\, Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7d:c7:02:07:5f:cc:db:9e:63:38:5f:f5:13:14:c4:ce
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

30/09/2015, 00:00

Not After

28/09/2018, 23:59

Subject

CN=Sogou.com,OU=Desktop,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3e:ba:94:76:3a:f6:4c:2c:dd:f5:e1:1f:12:98:c0:2c:d2:62:62:6d:5d:12:1f:39:fd:55:f8:6d:00:9e:ee:cf
Signer

Actual PE Digest

3e:ba:94:76:3a:f6:4c:2c:dd:f5:e1:1f:12:98:c0:2c:d2:62:62:6d:5d:12:1f:39:fd:55:f8:6d:00:9e:ee:cf

Digest Algorithm

sha256

PE Digest Matches

true

da:39:ad:ca:88:4f:98:cd:e5:98:49:76:27:a5:13:13:d7:44:c9:ec
Signer

Actual PE Digest

da:39:ad:ca:88:4f:98:cd:e5:98:49:76:27:a5:13:13:d7:44:c9:ec

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\project\sogouime\branch\PinyinDev_R_8_1_NK_C3.0\Bin\SogouPdb\SogouInput\SogouComMgr.pdb

Imports

wininet

HttpQueryInfoW
InternetSetOptionW
InternetOpenUrlW
InternetReadFile
InternetOpenW
InternetCloseHandle

kernel32

SetFilePointer
SetEndOfFile
MultiByteToWideChar
WideCharToMultiByte
GlobalFree
GlobalAlloc
SetFileAttributesW
GetFileSize
GetLastError
CreateFileW
ReadFile
WriteFile
GetProcessHeap
CompareStringW
CompareStringA
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
LoadLibraryA
DeleteFileW
MoveFileW
GetTempPathW
UnmapViewOfFile
GetTempFileNameW
FindClose
GetLocaleInfoA
CloseHandle
DeleteCriticalSection
GetStringTypeW
GetStringTypeA
GetModuleHandleA
SetStdHandle
HeapFree
CreateSemaphoreW
EnterCriticalSection
ReleaseSemaphore
LCMapStringW
SetEnvironmentVariableA
LeaveCriticalSection
LCMapStringA
GetStartupInfoA
SetHandleCount
TerminateThread
InitializeCriticalSection
WaitForSingleObject
FindNextFileW
GetModuleFileNameW
Sleep
GetTickCount
FindFirstFileW
HeapAlloc
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetConsoleMode
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetCommandLineW
GetCurrentProcess
GetModuleHandleW
GetSystemDirectoryW
LoadLibraryW
OpenMutexW
GetProcAddress
GetCurrentProcessId
InterlockedIncrement
InterlockedCompareExchange
FormatMessageW
ExitThread
SetLastError
CreateEventW
GetCurrentThreadId
DuplicateHandle
LocalFree
CreateThread
InitializeCriticalSectionAndSpinCount
OpenEventW
FreeLibrary
CreateProcessW
MoveFileExW
CreateDirectoryW
CopyFileW
GetExitCodeProcess
GetFileAttributesW
GetProcessId
RemoveDirectoryW
InterlockedExchange
CreateMutexW
ReleaseMutex
LocalAlloc
FlushFileBuffers
QueryPerformanceCounter
VirtualAlloc
SetEvent
TlsGetValue
InterlockedDecrement
TlsSetValue
TlsAlloc
TlsFree
GetConsoleCP
SetUnhandledExceptionFilter
TerminateProcess
lstrlenW
GetLocalTime
lstrcatW
IsDebuggerPresent
lstrcpyW
GlobalLock
GlobalUnlock
GlobalHandle
WaitForSingleObjectEx
GetQueuedCompletionStatus
TransactNamedPipe
CreateIoCompletionPort
WaitNamedPipeW
SetNamedPipeHandleState
HeapReAlloc
UnhandledExceptionFilter
GetTimeZoneInformation
GetSystemTimeAsFileTime
GetStartupInfoW
ResumeThread
GetFileType
RtlUnwind
RaiseException
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapCreate
VirtualFree
ExitProcess
GetStdHandle
GetModuleFileNameA
HeapSize
VirtualQuery

user32

SetWindowPos
GetCursorPos
EnableWindow
LoadCursorW
RegisterClassExW
GetSystemMetrics
SetRectEmpty
GetDesktopWindow
IsIconic
wvsprintfW
CallWindowProcW
GetPropW
IsWindowVisible
SystemParametersInfoW
ReleaseDC
GetDC
SetPropW
BeginPaint
IsWindowEnabled
TrackMouseEvent
PostQuitMessage
SetCapture
NotifyWinEvent
SetTimer
SetCursor
ClientToScreen
EndPaint
PtInRect
DrawTextW
UpdateLayeredWindow
GetWindowTextW
GetFocus
GetMonitorInfoW
IntersectRect
SubtractRect
KillTimer
MonitorFromPoint
CreateWindowExW
DefWindowProcW
GetWindowRect
GetClientRect
MoveWindow
RegisterWindowMessageW
DestroyWindow
PostMessageW
GetMessageW
SetForegroundWindow
FindWindowW
TranslateMessage
LoadIconW
ShowWindow
MessageBoxW
SendMessageW
DispatchMessageW
ScreenToClient
SetWindowLongW
GetWindowLongW
GetKeyState
ReleaseCapture

advapi32

RegDeleteKeyW
RegCreateKeyExW
LookupAccountSidW
AddAccessAllowedAceEx
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetNamedSecurityInfoW
GetNamedSecurityInfoW
InitializeAcl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
SetEntriesInAclW
GetSecurityDescriptorSacl
BuildExplicitAccessWithNameW
GetLengthSid
SetSecurityDescriptorSacl
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegDeleteValueW
RegOpenKeyW
RegSetValueExW
OpenProcessToken
GetTokenInformation

ole32

CoInitialize
OleSetContainedObject
OleCreate
CoUninitialize

oleaut32

VariantClear
SysAllocString
VariantInit

imm32

ImmDisableIME

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

psapi

GetProcessMemoryInfo

msimg32

AlphaBlend

oleacc

LresultFromObject
AccessibleObjectFromWindow

gdi32

SelectObject
GetFontData
DeleteDC
SetTextCharacterExtra
CreateCompatibleDC
DeleteObject
SetBkMode
CreateDIBSection
SetTextColor
BitBlt
GetObjectW
CreateFontIndirectW

shell32

SHFileOperationW
ShellExecuteExW
SHChangeNotify
ShellExecuteW
SHGetFolderPathW

Sections

.text
Size: 795KB - Virtual size: 794KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 207KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4b2b63e1fafe22ece83a3b4ef0b93305

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

4a:9b:19:3d:fd:36:39:3e:94:0a:f7:54:51:21:52:9aCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

7d:c7:02:07:5f:cc:db:9e:63:38:5f:f5:13:14:c4:ceCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

3e:ba:94:76:3a:f6:4c:2c:dd:f5:e1:1f:12:98:c0:2c:d2:62:62:6d:5d:12:1f:39:fd:55:f8:6d:00:9e:ee:cfSigner

da:39:ad:ca:88:4f:98:cd:e5:98:49:76:27:a5:13:13:d7:44:c9:ecSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

kernel32

user32

advapi32

ole32

oleaut32

imm32

version

psapi

msimg32

oleacc

gdi32

shell32

Sections

.text Size: 795KB - Virtual size: 794KB

.rdata Size: 207KB - Virtual size: 206KB

.data Size: 25KB - Virtual size: 88KB

.rsrc Size: 164KB - Virtual size: 164KB

.reloc Size: 58KB - Virtual size: 57KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

4a:9b:19:3d:fd:36:39:3e:94:0a:f7:54:51:21:52:9a
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

7d:c7:02:07:5f:cc:db:9e:63:38:5f:f5:13:14:c4:ce
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

3e:ba:94:76:3a:f6:4c:2c:dd:f5:e1:1f:12:98:c0:2c:d2:62:62:6d:5d:12:1f:39:fd:55:f8:6d:00:9e:ee:cf
Signer

da:39:ad:ca:88:4f:98:cd:e5:98:49:76:27:a5:13:13:d7:44:c9:ec
Signer

.text
Size: 795KB - Virtual size: 794KB

.rdata
Size: 207KB - Virtual size: 206KB

.data
Size: 25KB - Virtual size: 88KB

.rsrc
Size: 164KB - Virtual size: 164KB

.reloc
Size: 58KB - Virtual size: 57KB