92622b4fd739e7d2b69d13b4ccd420d6866d757e2b6c3d8c3484e76c4732976d

Sharing

Copy URL Twitter E-mail

General

Target

92622b4fd739e7d2b69d13b4ccd420d6866d757e2b6c3d8c3484e76c4732976d
Size

393KB
MD5

7b6edc288caba21d407bb136a0b333c6
SHA1

fcba14d4f7224a4d09d46c20ca5ec9ea1b9e0a95
SHA256

92622b4fd739e7d2b69d13b4ccd420d6866d757e2b6c3d8c3484e76c4732976d
SHA512

7ffee7dcaaf7a672961c98120033b513f0d56fddf8e3c05a86e6bbc05df08f2c10f40a09b8b78cac33e538f172032e2c6a20bfff320cfc96bb73379a24c32be2
SSDEEP

6144:F/f2BFS4pER/O6Q5641lXjXdViJgwGs4xbVRz2Zwzye55aHR:FH2Pp6DQ564HTdM9MzZGE5I

Score

1^/10

Malware Config

Signatures

Files

92622b4fd739e7d2b69d13b4ccd420d6866d757e2b6c3d8c3484e76c4732976d
.exe windows:4 windows x86 arch:x86

091303e9d4d5194fbfe5b879c888ed76

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:67:fc:75:d5:6e:31:a0:75:37:88:88:40:79:c8:b1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/02/2012, 00:00

Not After

17/04/2015, 23:59

Subject

CN=Tendyron Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=ADS,O=Tendyron Corporation,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b4:30:6b:17:69:64:97:eb:12:77:1d:09:a1:07:c4:e0:3a:75:11:68
Signer

Actual PE Digest

b4:30:6b:17:69:64:97:eb:12:77:1d:09:a1:07:c4:e0:3a:75:11:68

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetOEMCP
GetCPInfo
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetUnhandledExceptionFilter
LCMapStringW
LCMapStringA
IsBadWritePtr
GetSystemTimeAsFileTime
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
GetStartupInfoA
RaiseException
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetModuleFileNameA
GetStdHandle
HeapSize
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapReAlloc
HeapAlloc
TerminateProcess
HeapFree
ExitProcess
RtlUnwind
GetStartupInfoW
GetTickCount
GetFileTime
GetFileAttributesW
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
InterlockedIncrement
GlobalFlags
WritePrivateProfileStringW
InterlockedDecrement
GetCurrentThread
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
GetLocaleInfoW
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
lstrlenA
GetModuleHandleA
LoadLibraryA
lstrcatW
GetModuleHandleW
GetVersionExA
GetModuleFileNameW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
ReadFile
lstrcmpiW
MulDiv
GlobalAlloc
FormatMessageW
lstrcpynW
LocalFree
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrcmpA
CreateThread
lstrcpyA
WideCharToMultiByte
lstrlenW
GetLastError
SetLastError
CreateFileW
WriteFile
lstrcatA
CreateProcessW
CreateProcessA
MultiByteToWideChar
FreeLibrary
LoadLibraryW
GetProcAddress
lstrcmpW
WaitForSingleObject
CreateMutexW
GetCurrentProcessId
ProcessIdToSessionId
ReleaseMutex
CloseHandle
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetPrivateProfileStringW
GetSystemDefaultLangID
lstrcpyW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection

user32

PostThreadMessageW
RegisterClipboardFormatW
MessageBeep
GetNextDlgGroupItem
ReleaseCapture
SetCapture
InvalidateRgn
CopyAcceleratorTableW
IsRectEmpty
CharNextW
GetSysColorBrush
EndPaint
BeginPaint
GetWindowDC
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
GetMessageW
TranslateMessage
ValidateRect
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
WinHelpW
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassInfoExW
GetClassLongW
SetPropW
GetPropW
RemovePropW
SendDlgItemMessageA
IsChild
GetForegroundWindow
GetLastActivePopup
DispatchMessageW
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
TrackPopupMenu
GetKeyState
GetScrollRange
IsWindowVisible
AdjustWindowRectEx
SetScrollInfo
GetClassInfoW
CallWindowProcW
SystemParametersInfoA
GetWindowPlacement
GetFocus
SetWindowPos
ShowWindow
MoveWindow
GetDlgCtrlID
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
SendDlgItemMessageW
CharUpperW
GetWindowTextLengthW
GetWindowTextW
GetScrollPos
SetScrollPos
GetWindow
SetFocus
GetMenuState
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
IsWindowEnabled
GetClassNameW
SetWindowLongW
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
ScreenToClient
IsZoomed
DrawFrameControl
EqualRect
GetScrollInfo
GrayStringW
DrawTextExW
TabbedTextOutW
DrawEdge
LoadBitmapW
SetRectEmpty
PtInRect
LoadCursorW
DrawTextW
DrawTextA
LoadImageW
GetSysColor
TrackPopupMenuEx
SetCursor
DestroyCursor
RegisterClassW
DestroyMenu
GetWindowLongW
WindowFromPoint
GetNextDlgTabItem
GetActiveWindow
ClientToScreen
DrawFocusRect
FrameRect
FillRect
OffsetRect
InflateRect
CopyRect
GetIconInfo
CreateIconIndirect
GetDC
ReleaseDC
DrawStateW
DestroyIcon
RegisterWindowMessageW
wsprintfA
MessageBoxW
GetParent
EndDialog
GetCursorPos
GetSystemMetrics
GetDlgItem
LoadIconW
InvalidateRect
GetClientRect
GetWindowRect
IsIconic
GetSystemMenu
DrawMenuBar
GetMenu
RemoveMenu
ModifyMenuW
GetSubMenu
GetMenuItemID
GetMenuItemCount
AppendMenuW
DeleteMenu
CreatePopupMenu
DrawIcon
SetRect
FindWindowW
UpdateWindow
CreateWindowExW
RegisterClassExW
DefWindowProcW
SetForegroundWindow
PostMessageW
SendMessageW
EnableWindow
UnregisterClassW
wsprintfW
IntersectRect

gdi32

GetRgnBox
GetBkColor
CreateSolidBrush
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
GetWindowExtEx
GetViewportExtEx
MoveToEx
LineTo
DeleteObject
SetMapMode
SetBkMode
CreateRectRgnIndirect
GetClipBox
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetMapMode
CreatePen
GetCurrentPositionEx
GetDeviceCaps
SaveDC
GetTextExtentPoint32W
RestoreDC
CreateFontIndirectW
GetTextColor
CreateDIBSection
GetObjectW
CreateCompatibleBitmap
GetPixel
SetPixel
CreateBitmap
CreateCompatibleDC
SelectObject
SetBkColor
BitBlt
SetTextColor
DeleteDC
GetStockObject

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegSetValueExW
RegOpenKeyW
RegDeleteKeyW
RegEnumKeyW
RegQueryValueW
RegDeleteValueW

shell32

ShellExecuteExW

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_ReplaceIcon
ImageList_Draw
ImageList_AddMasked
ImageList_GetImageCount
_TrackMouseEvent
ImageList_GetImageInfo

shlwapi

PathStripToRootW
PathIsUNCW
PathFindExtensionW
PathCompactPathW
wvnsprintfA
PathFindFileNameW

oledlg

OleUIBusyW

ole32

CLSIDFromString
CLSIDFromProgID
CoGetClassObject
StgOpenStorageOnILockBytes
CoTaskMemAlloc
CoTaskMemFree
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

OleCreateFontIndirect
SysAllocString
SystemTimeToVariantTime
SafeArrayDestroy
SysFreeString
SysStringLen
SysAllocStringLen
VariantClear
VariantChangeType
VariantCopy
VariantInit

winmm

PlaySoundW

crypt32

CertGetCertificateChain
CertFreeCertificateChain
CertOpenSystemStoreW
CertEnumCertificatesInStore
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertDeleteCertificateFromStore
CertCompareCertificateName
CertSetCertificateContextProperty
CertOpenStore
CertAddCertificateContextToStore
CertCloseStore
CertCreateCertificateContext
CertGetNameStringW
CertFreeCertificateContext
CertNameToStrA
CertGetNameStringA

dbtoken_boc

OnKeyT_Login
OnKeyT_ChangePin
OnKeyT_InitToken
OnKeyT_ManTokenParam
OnKeyT_GetDeviceInfo
OnKeyT_GetSlotList
OnKeyT_ContextInit
OnKeyT_WaitForSlotEvent

Sections

.text
Size: 236KB - Virtual size: 232KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

091303e9d4d5194fbfe5b879c888ed76

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

07:67:fc:75:d5:6e:31:a0:75:37:88:88:40:79:c8:b1Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

b4:30:6b:17:69:64:97:eb:12:77:1d:09:a1:07:c4:e0:3a:75:11:68Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

winmm

crypt32

dbtoken_boc

Sections

.text Size: 236KB - Virtual size: 232KB

.rdata Size: 68KB - Virtual size: 66KB

.data Size: 12KB - Virtual size: 23KB

.rsrc Size: 68KB - Virtual size: 67KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

07:67:fc:75:d5:6e:31:a0:75:37:88:88:40:79:c8:b1
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

b4:30:6b:17:69:64:97:eb:12:77:1d:09:a1:07:c4:e0:3a:75:11:68
Signer

.text
Size: 236KB - Virtual size: 232KB

.rdata
Size: 68KB - Virtual size: 66KB

.data
Size: 12KB - Virtual size: 23KB

.rsrc
Size: 68KB - Virtual size: 67KB