e863831a20fb79a45c4c1b3ff9eb22b9596504c16c04d24ea278e93d86990f19

Sharing

Copy URL Twitter E-mail

General

Target

e863831a20fb79a45c4c1b3ff9eb22b9596504c16c04d24ea278e93d86990f19
Size

2.8MB
MD5

8a97a37899cbece8e4c766b0544b17aa
SHA1

ecddf6ebed44c95f8d4cd6c740dfd95d8d9d8a15
SHA256

e863831a20fb79a45c4c1b3ff9eb22b9596504c16c04d24ea278e93d86990f19
SHA512

53d2a40dfcce1d89cf151997b5e21dded235532d013654de73793a3f125e5396d09abcb45299626c9ce2866c9b554a3c94d1cca2a468bbc4b97b4ce71632c0d8
SSDEEP

24576:fgMnE49M1TDAi9i30IcfSDLlRg5oXEhcvfI3T3y0OW08l:vE4C1Tki900yDLlRRC

Score

1^/10

Malware Config

Signatures

Files

e863831a20fb79a45c4c1b3ff9eb22b9596504c16c04d24ea278e93d86990f19
.exe windows:4 windows x86 arch:x86

09459db688957f14ce8bbc8756f4b74f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

36:b2:f9:3e:f0:89:6c:93:c8:56:c9:7b:61:5f:ba:26
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/10/2013, 00:00

Not After

23/10/2014, 23:59

Subject

CN=SmartCrew Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=SmartCrew Co.\,Ltd,L=Guro-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

73:04:fa:d3:28:44:42:d2:a0:65:e7:b7:af:58:73:28:b7:3f:3a:b9
Signer

Actual PE Digest

73:04:fa:d3:28:44:42:d2:a0:65:e7:b7:af:58:73:28:b7:3f:3a:b9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\01_Project\04_withweb\smartfile\__Webhard\src_client\down_client\ReleaseSmartfileDown.pdb

Imports

user32

CharUpperA
SendMessageA
MessageBoxA
PostMessageA
InvalidateRect
BringWindowToTop
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
SetTimer
KillTimer
LoadIconA
ShowWindow
SetForegroundWindow
DestroyMenu
RegisterClipboardFormatA
UnpackDDElParam
ReuseDDElParam
LoadMenuA
LoadAcceleratorsA
InsertMenuItemA
SetRectEmpty
SetMenu
TranslateAcceleratorA
UnregisterClassA
GetMenuItemInfoA
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableA
CharNextA
GetSysColorBrush
LoadCursorA
DrawIcon
IsRectEmpty
EndPaint
BeginPaint
GetWindowDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
MoveWindow
SetWindowTextA
IsDialogMessageA
TrackPopupMenu
GetCursorPos
SetMenuDefaultItem
AppendMenuA
CreatePopupMenu
CloseWindow
PostThreadMessageA
GetSystemMetrics
GetSysColor
ReleaseCapture
DrawIconEx
GetIconInfo
LoadImageA
DestroyIcon
CopyRect
PtInRect
InflateRect
OffsetRect
GetClientRect
ClientToScreen
GetCapture
SetCapture
WindowFromPoint
EnableWindow
SetCursor
DrawFocusRect
UpdateWindow
RedrawWindow
SetRect
ReleaseDC
GetDC
FillRect
CallWindowProcA
SetWindowLongA
IsWindow
GetWindowRect
GetParent
LoadBitmapA
GetActiveWindow
GetWindowLongA
SetWindowRgn
FindWindowA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetClassLongA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextLengthA
GetWindowTextA
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
ScrollWindow
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreateWindowExA
GetClassInfoExA
RegisterClassA
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
GetDlgCtrlID
DefWindowProcA
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
SetWindowContextHelpId
MapDialogRect
GetDesktopWindow
GetFocus
GetClassNameA
EnumChildWindows
MapWindowPoints
SetWindowPos
ReplyMessage
ExitWindowsEx
GetClassInfoA
PostQuitMessage
CheckMenuItem
EnableMenuItem
GetMenuState
ModifyMenuA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
ValidateRect
PeekMessageA
GetKeyState
IsWindowVisible
DispatchMessageA
TranslateMessage
GetMessageA
CallNextHookEx
SetWindowsHookExA
ShowOwnedPopups
IsWindowEnabled
GetLastActivePopup
EndDialog
GetNextDlgTabItem
GetDlgItem
DestroyWindow
CreateDialogIndirectParamA
SetActiveWindow

kernel32

LoadLibraryA
GetModuleHandleA
GetVersionExA
VirtualFreeEx
ReadProcessMemory
VirtualAllocEx
OpenProcess
GetDiskFreeSpaceExA
GetNumberFormatA
GetTickCount
FreeLibrary
CreateRemoteThread
GetExitCodeProcess
DuplicateHandle
GetCurrentProcess
GetCommandLineA
GetSystemDirectoryA
GetSystemWow64DirectoryA
GetProcessHeap
LoadLibraryExA
GetLocaleInfoA
EnumResourceLanguagesA
ConvertDefaultLocale
GetCurrentThread
GlobalDeleteAtom
GlobalAddAtomA
GetCurrentProcessId
lstrcmpW
GlobalFindAtomA
GlobalGetAtomNameA
LocalFree
FormatMessageA
GetModuleFileNameW
GetThreadLocale
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
FindClose
FindFirstFileA
GetFullPathNameA
CreateFileA
FileTimeToSystemTime
FileTimeToLocalFileTime
LocalAlloc
FindNextFileA
WritePrivateProfileStringA
GetCurrentDirectoryA
GlobalFlags
TlsGetValue
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
InterlockedIncrement
GetCPInfo
GetOEMCP
SetErrorMode
GetFileAttributesA
GetFileTime
RtlUnwind
VirtualProtect
VirtualAlloc
VirtualQuery
HeapReAlloc
ExitThread
CreateThread
RaiseException
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
GetStartupInfoA
ExitProcess
HeapSize
SetStdHandle
GetFileType
VirtualFree
GetStdHandle
GetACP
IsValidCodePage
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetDriveTypeA
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GetProcAddress
SetLastError
lstrcpynA
GlobalReAlloc
HeapAlloc
HeapFree
HeapDestroy
HeapCreate
ResetEvent
FreeResource
GlobalAlloc
ResumeThread
GlobalLock
GlobalUnlock
MulDiv
GlobalFree
InterlockedDecrement
GetModuleFileNameA
GetCurrentThreadId
GetVolumeInformationA
lstrcmpA
WaitForSingleObject
GetExitCodeThread
TerminateThread
GetSystemInfo
lstrcpyA
EnterCriticalSection
LeaveCriticalSection
SetEvent
DeleteCriticalSection
CreateEventA
InitializeCriticalSection
LoadResource
LockResource
SizeofResource
FindResourceA
CreateDirectoryA
OutputDebugStringA
CloseHandle
lstrlenA
WideCharToMultiByte
CompareStringA
CompareStringW
MultiByteToWideChar
InterlockedExchange
GetVersion
CreateMutexA
GetLastError
Sleep

gdi32

GetRgnBox
GetTextColor
GetBkColor
Ellipse
LPtoDP
CreateEllipticRgn
CreatePatternBrush
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
SelectClipRgn
SetBkMode
RestoreDC
SaveDC
CreateRectRgnIndirect
SetTextColor
GetClipBox
CreateDCA
GetPixel
CreateFontA
CreateRectRgn
CreatePen
CreateDIBSection
ExtCreateRegion
CombineRgn
StretchBlt
DPtoLP
CreateBitmap
GetMapMode
SetMapMode
SetBkColor
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteDC
GetDeviceCaps
CreateFontIndirectA
DeleteObject
CreateSolidBrush
GetStockObject
GetObjectA
GetTextExtentPoint32A
Rectangle

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

AdjustTokenPrivileges
RegOpenKeyExA
RegEnumKeyA
RegQueryValueA
RegOpenKeyA
OpenProcessToken
LookupPrivilegeValueA
RegEnumValueA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyA
RegCloseKey
RegConnectRegistryA

shell32

SHGetFileInfoA
Shell_NotifyIconA
SHGetSpecialFolderPathA
DragFinish
DragQueryFileA
ShellExecuteA

comctl32

ord17

shlwapi

PathGetArgsA
PathFindFileNameA
PathFindExtensionA
PathStripToRootA
PathIsUNCA
UrlUnescapeA
StrFormatByteSize64A

oledlg

ord8

ole32

CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
CoCreateInstance
CreateStreamOnHGlobal
CoRegisterMessageFilter
OleIsCurrentClipboard
OleFlushClipboard
CreateILockBytesOnHGlobal

oleaut32

OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysStringLen
VariantInit
VariantChangeType
SysAllocString
OleLoadPicture
SysAllocStringLen
VariantClear
SysStringByteLen
SysAllocStringByteLen
SysFreeString

ws2_32

WSAConnect
WSASocketA
WSAGetLastError
select
recv
setsockopt
closesocket
inet_addr
htons
connect
WSACleanup
WSAStartup
WSAWaitForMultipleEvents
WSASend
socket
WSARecv
__WSAFDIsSet

wininet

InternetCanonicalizeUrlA
InternetCrackUrlA
InternetOpenA
InternetOpenUrlA
InternetQueryDataAvailable
InternetReadFile
InternetCloseHandle

nat

ord23
ord21
ord18
ord22
ord17
ord16
ord15
ord14

Sections

.text
Size: 440KB - Virtual size: 439KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

09459db688957f14ce8bbc8756f4b74f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

36:b2:f9:3e:f0:89:6c:93:c8:56:c9:7b:61:5f:ba:26Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

73:04:fa:d3:28:44:42:d2:a0:65:e7:b7:af:58:73:28:b7:3f:3a:b9Signer

Headers

File Characteristics

PDB Paths

Imports

user32

kernel32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

ws2_32

wininet

nat

Sections

.text Size: 440KB - Virtual size: 439KB

.rdata Size: 112KB - Virtual size: 111KB

.data Size: 16KB - Virtual size: 28KB

.rsrc Size: 2.2MB - Virtual size: 2.2MB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

36:b2:f9:3e:f0:89:6c:93:c8:56:c9:7b:61:5f:ba:26
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

73:04:fa:d3:28:44:42:d2:a0:65:e7:b7:af:58:73:28:b7:3f:3a:b9
Signer

.text
Size: 440KB - Virtual size: 439KB

.rdata
Size: 112KB - Virtual size: 111KB

.data
Size: 16KB - Virtual size: 28KB

.rsrc
Size: 2.2MB - Virtual size: 2.2MB