64ab1c1b19682026900d060b969ab3c3ab860988733b7e7bf3ba78a4ea0340b9

Sharing

Copy URL

Twitter E-mail

General

Target

64ab1c1b19682026900d060b969ab3c3ab860988733b7e7bf3ba78a4ea0340b9
Size

427KB
MD5

bb73aa01702047460ff66b953e698a36
SHA1

090ac7ea64241fc772abeefff477c1c1b409e86e
SHA256

64ab1c1b19682026900d060b969ab3c3ab860988733b7e7bf3ba78a4ea0340b9
SHA512

2ac22fea6fa972b9304ca5acf47a26249113c03d3333d40268aacc2e005e4a8e788feda4afc92eadd804fce84dd8211d47f3adde6b696704092640fe0cb9adf3
SSDEEP

12288:Ol5W9oiEmqJYWFRzcR2ywHIA7bTu2PmHdz+:Y5W9oHmqx7zcR2ywHIA7fuhw

Score

1^/10

Malware Config

Signatures

Files

64ab1c1b19682026900d060b969ab3c3ab860988733b7e7bf3ba78a4ea0340b9
.exe windows:5 windows x64 arch:x64

f316a19b468163dd56b1dfe4d6a5f0b0

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01-08-1996 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

4e:eb:08:05:55:f1:ab:f7:09:bb:a9:ca:e3:2f:13:cd
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

19-06-2009 00:00

Not After

19-06-2011 23:59

Subject

CN=MGAME Corp.,OU=Web Dev Team,O=MGAME Corp.,L=Geumcheon-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4f:8f:aa:0c:aa:c7:8f:39:a4:99:29:d4:44:2f:4a:3a:57:c1:9d:e7
Signer

Actual PE Digest

4f:8f:aa:0c:aa:c7:8f:39:a4:99:29:d4:44:2f:4a:3a:57:c1:9d:e7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CreateRemoteThread
OpenProcess
LoadLibraryW
GetProcAddress
ProcessIdToSessionId
CloseHandle
GetCurrentProcessId
VirtualFree
VirtualFreeEx
VirtualAlloc
VirtualProtectEx
VirtualAllocEx
VirtualProtect
WriteProcessMemory
GetModuleHandleW
WriteFile
ReadFile
CreateFileW
DisconnectNamedPipe
FlushFileBuffers
GetLastError
SetNamedPipeHandleState
GetCurrentProcess
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
FindResourceW
LoadResource
SizeofResource
GetVersionExW
LockResource
DeleteFileW
WaitForSingleObject
lstrcatW
GetTempPathW
WaitNamedPipeW
Sleep
SetEndOfFile
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
EncodePointer
DecodePointer
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
HeapFree
GetCPInfo
GetCommandLineW
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
HeapAlloc
LCMapStringW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
GetStdHandle
GetModuleFileNameW
SetHandleCount
GetFileType
GetStartupInfoW
HeapSetInformation
GetVersion
HeapCreate
SetFilePointer
GetConsoleCP
GetConsoleMode
GetACP
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
HeapSize
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
HeapReAlloc
SetStdHandle
WriteConsoleW
GetProcessHeap

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
GetTokenInformation

shlwapi

PathFileExistsW

Sections

.text
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 215KB - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f316a19b468163dd56b1dfe4d6a5f0b0

Code Sign

01Certificate

4e:eb:08:05:55:f1:ab:f7:09:bb:a9:ca:e3:2f:13:cdCertificate

Extended Key Usages

0aCertificate

Extended Key Usages

Key Usages

4f:8f:aa:0c:aa:c7:8f:39:a4:99:29:d4:44:2f:4a:3a:57:c1:9d:e7Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shlwapi

Sections

.text Size: 144KB - Virtual size: 143KB

.rdata Size: 44KB - Virtual size: 44KB

.data Size: 9KB - Virtual size: 19KB

.pdata Size: 8KB - Virtual size: 7KB

.rsrc Size: 215KB - Virtual size: 215KB

.reloc Size: 2KB - Virtual size: 2KB

01
Certificate

4e:eb:08:05:55:f1:ab:f7:09:bb:a9:ca:e3:2f:13:cd
Certificate

0a
Certificate

4f:8f:aa:0c:aa:c7:8f:39:a4:99:29:d4:44:2f:4a:3a:57:c1:9d:e7
Signer

.text
Size: 144KB - Virtual size: 143KB

.rdata
Size: 44KB - Virtual size: 44KB

.data
Size: 9KB - Virtual size: 19KB

.pdata
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 215KB - Virtual size: 215KB

.reloc
Size: 2KB - Virtual size: 2KB