9ec9df23660dd7b058506b93a1a36c6e8a2d5f51b3ff12ac415832b52a6f50ac

Sharing

Copy URL Twitter E-mail

General

Target

9ec9df23660dd7b058506b93a1a36c6e8a2d5f51b3ff12ac415832b52a6f50ac
Size

2.5MB
MD5

8c5b752fc55fe33f878ba5c3b749601b
SHA1

e5c97b99effcc6605ce331aac73f90f0ffa6796d
SHA256

9ec9df23660dd7b058506b93a1a36c6e8a2d5f51b3ff12ac415832b52a6f50ac
SHA512

dd20651c7bcefd23afef8acfc63e0b766497701886d34f8c734e176fded428f4bc88bfc04f015d6abd4f18b9bcb1cc745b29ffc9ccda3de90a297b2f9a9c6940
SSDEEP

49152:67ypmkKT/B4PnhL51PbX+tORIfjkMQyKNQGGAcPD:67ypmXT/2P951PL+YRGaUPD

Score

1^/10

Malware Config

Signatures

Files

9ec9df23660dd7b058506b93a1a36c6e8a2d5f51b3ff12ac415832b52a6f50ac
.exe windows:5 windows x86 arch:x86

e30699a12252b404791467bbcbaf9562

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

72:67:d4:aa:26:52:c4:9d:a6:8e:54:35:37:2a:c1:46:ec:b3:17:04
Signer

Actual PE Digest

72:67:d4:aa:26:52:c4:9d:a6:8e:54:35:37:2a:c1:46:ec:b3:17:04

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\TGC_Build\src\TGP-1.16.19\TGP-1.16.19.2728\client\build\bin\Release\tgp_reporter.pdb

Imports

kernel32

MultiByteToWideChar
SetCurrentDirectoryA
GetCurrentDirectoryA
CreateProcessA
CreatePipe
LocalFileTimeToFileTime
GetProcessHeap
HeapFree
GetSystemTimeAsFileTime
OutputDebugStringA
GetModuleHandleW
LCMapStringA
GetStringTypeExW
GetStringTypeExA
GetProcAddress
WaitForSingleObject
GenerateConsoleCtrlEvent
Process32First
Process32Next
CreateDirectoryA
UnlockFileEx
UnlockFile
LockFileEx
LockFile
GetDateFormatA
GetTimeFormatA
GetDateFormatW
GetTimeFormatW
GetPrivateProfileStringA
Module32First
Module32Next
Process32FirstW
lstrlenW
HeapAlloc
OpenProcess
Process32NextW
GlobalMemoryStatusEx
GetLogicalDriveStringsA
GetDiskFreeSpaceExA
ResetEvent
CreateEventA
CloseHandle
SetEvent
Sleep
FindFirstFileW
DeleteFileW
FindNextFileW
FindClose
RemoveDirectoryW
GetSystemInfo
lstrlenA
DeleteFileA
ResumeThread
SetEnvironmentVariableA
CompareStringW
GetDriveTypeW
WriteConsoleW
LoadLibraryW
SetConsoleCtrlHandler
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetCurrentThreadId
GetLocalTime
WideCharToMultiByte
GetModuleFileNameW
SetProcessWorkingSetSize
GetCurrentProcess
GetTickCount
QueryPerformanceCounter
QueryPerformanceFrequency
OpenEventA
CreateMutexA
ReleaseMutex
GetModuleFileNameA
GetModuleHandleA
FileTimeToSystemTime
FileTimeToDosDateTime
ReadFile
SetFilePointer
GetFileSize
SystemTimeToFileTime
GetSystemTime
GetFileInformationByHandle
GetFileType
MapViewOfFile
CreateFileMappingA
CreateFileA
DuplicateHandle
WriteFile
UnmapViewOfFile
GetLastError
FindNextFileA
FindFirstFileA
InitializeCriticalSection
DeleteCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
InterlockedExchange
SetEndOfFile
GetFileSizeEx
CreateFileW
CreateWaitableTimerA
SetWaitableTimer
SetThreadAffinityMask
GetCurrentThread
CopyFileA
MoveFileA
GetTempFileNameA
GetTempPathA
MapViewOfFileEx
GetCommandLineW
GetLongPathNameW
VirtualQuery
SetErrorMode
GetCurrentProcessId
WriteProcessMemory
SetUnhandledExceptionFilter
Thread32Next
Thread32First
CreateToolhelp32Snapshot
SuspendThread
OpenThread
TerminateProcess
WaitForMultipleObjects
CreateProcessW
SearchPathW
EnterCriticalSection
ReadProcessMemory
VirtualAllocEx
ReadDirectoryChangesW
SwitchToThread
SetLastError
SleepEx
GetVersionExA
PeekNamedPipe
GetStdHandle
FreeLibrary
LoadLibraryA
ExpandEnvironmentStringsA
FormatMessageA
InterlockedIncrement
InterlockedDecrement
EncodePointer
DecodePointer
InterlockedCompareExchange
SetFilePointerEx
DeviceIoControl
GetFullPathNameW
GetFileAttributesW
CreateDirectoryExW
CopyFileW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetFileAttributesExW
GetFileTime
SetFileTime
SetFileAttributesW
MoveFileExW
GetDiskFreeSpaceExW
CreateDirectoryW
GetTempPathW
AreFileApisANSI
LocalFree
GetFileAttributesA
RtlUnwind
RaiseException
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileExA
GetCommandLineA
HeapSetInformation
HeapReAlloc
ExitThread
CreateThread
LCMapStringW
GetCPInfo
UnhandledExceptionFilter
IsDebuggerPresent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
HeapSize
ExitProcess
IsProcessorFeaturePresent
GetACP
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetStartupInfoW
FatalAppExitA
FlushFileBuffers
HeapCreate
HeapDestroy
GetLocaleInfoW
GetFullPathNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetStdHandle
GetUserDefaultLCID
GetLocaleInfoA
GetExitCodeProcess

ole32

CoUninitialize
CoInitializeSecurity
CoCreateInstance
CoSetProxyBlanket
CoLoadLibrary
CoTaskMemFree
CoInitialize

oleaut32

SysFreeString
SysAllocStringLen
VariantClear
SysAllocString
CreateErrorInfo
SetErrorInfo
VariantInit
VariantChangeType
GetErrorInfo

advapi32

RegCloseKey
RegOpenKeyExA
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegDeleteValueW
CryptCreateHash
CryptAcquireContextA
CryptHashData
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
RegQueryValueExA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueA

shlwapi

PathFileExistsW

wldap32

ord46
ord41
ord27
ord301
ord33
ord200
ord22
ord211
ord143
ord60
ord50
ord26
ord30
ord32
ord35
ord79

iphlpapi

GetAdaptersInfo

ws2_32

select
WSACleanup
WSAStartup
WSAGetLastError
WSASetLastError
inet_ntoa
ntohl
htonl
gethostbyname
inet_addr
__WSAFDIsSet
recv
send
WSAIoctl
setsockopt
getsockname
ntohs
bind
htons
getsockopt
gethostname
ioctlsocket
listen
accept
recvfrom
getpeername
closesocket
socket
connect
freeaddrinfo
getaddrinfo
sendto

user32

SendMessageA
PeekMessageA
DispatchMessageA
MsgWaitForMultipleObjects
GetClassNameA
GetParent
IsWindow
LoadStringW
LoadStringA
EnumDisplayDevicesA
TranslateMessage
SetFocus

psapi

GetModuleFileNameExW

winmm

timeKillEvent
timeSetEvent
timeGetDevCaps
timeBeginPeriod

shell32

SHCreateDirectoryExW
SHBrowseForFolderW
ShellExecuteW
SHGetPathFromIDListW
SHGetFolderPathW
SHGetDesktopFolder

comdlg32

GetOpenFileNameW

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 290KB - Virtual size: 290KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 63KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 742KB - Virtual size: 741KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e30699a12252b404791467bbcbaf9562

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0eCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

72:67:d4:aa:26:52:c4:9d:a6:8e:54:35:37:2a:c1:46:ec:b3:17:04Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ole32

oleaut32

advapi32

version

shlwapi

wldap32

iphlpapi

ws2_32

user32

psapi

winmm

shell32

comdlg32

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 290KB - Virtual size: 290KB

.data Size: 63KB - Virtual size: 84KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 742KB - Virtual size: 741KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

72:67:d4:aa:26:52:c4:9d:a6:8e:54:35:37:2a:c1:46:ec:b3:17:04
Signer

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 290KB - Virtual size: 290KB

.data
Size: 63KB - Virtual size: 84KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 742KB - Virtual size: 741KB