4709e8211034b570bc7698f7b6de7943374352feea69ea7e56561e8ad585c9d3

Sharing

Copy URL Twitter E-mail

General

Target

4709e8211034b570bc7698f7b6de7943374352feea69ea7e56561e8ad585c9d3
Size

1.7MB
MD5

fb2be5f1d1010a78d7c12383ccf756c5
SHA1

1cfb622b37c259766bc02742c9ec69099b63bff1
SHA256

4709e8211034b570bc7698f7b6de7943374352feea69ea7e56561e8ad585c9d3
SHA512

9cede35c5be2377e1c02bf02f87844d63ead22f19980c66933956be62ba596466f671a7f926d480cb38cd4dbb81ed7a8bbf038cf96a8ada28f817bb0e6668a21
SSDEEP

49152:EZztDss8Xt4PlKpW47x5v+f6N0O0nGJVg90wdTDCR8:Yzt48KpW47x5v+f6N0Cg90wdx

Score

1^/10

Malware Config

Signatures

Files

4709e8211034b570bc7698f7b6de7943374352feea69ea7e56561e8ad585c9d3
.exe windows:4 windows x86 arch:x86

7b2c21c7431b58bf43c9bc1d989987f5

Code Sign

06:cd:53:28:49:6e:09:da:53:27:ba:46:57:d0:9f:15
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/07/2013, 00:00

Not After

17/09/2016, 23:59

Subject

CN=勇芳软件开发小组��,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=勇芳软件开发小组��,L=Mongkok,ST=Kowloon,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c2:bb:00:03:bb:c9:79:e9:6d:13:f4:15:5e:b4:97:70:bf:b7:8a:42
Signer

Actual PE Digest

c2:bb:00:03:bb:c9:79:e9:6d:13:f4:15:5e:b4:97:70:bf:b7:8a:42

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

sqlite3

sqlite3_backup_finish
sqlite3_backup_init
sqlite3_backup_step
sqlite3_bind_blob
sqlite3_bind_text
sqlite3_changes
sqlite3_close
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_count
sqlite3_column_name
sqlite3_column_text
sqlite3_column_type
sqlite3_errmsg
sqlite3_exec
sqlite3_finalize
sqlite3_free_table
sqlite3_get_table
sqlite3_key
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_open
sqlite3_prepare
sqlite3_rekey
sqlite3_step

mxqfconv

_ConvInit@4

ecco

_EccoInitOpenVar@4

cchess

_CchessBoard2Fen@4
_CchessBoardText@8
_CchessFen2Board@8
_CchessFile2Chin@8
_CchessFlipBoard@4
_CchessGenMoves@8
_CchessInit@4
_CchessMove2File@8
_CchessPromotion@4
_CchessTryMove@12
_CchessUndoMove@4

advapi32

CryptAcquireContextA
CryptGenRandom
CryptReleaseContext

comctl32

InitCommonControlsEx
SetWindowSubclass

gdi32

AddFontMemResourceEx
BeginPath
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
CreateDIBSection
CreateFontIndirectW
CreatePen
CreateRoundRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
Ellipse
EndPath
ExcludeClipRect
GetDIBits
GetDeviceCaps
GetObjectW
GetStockObject
GetTextColor
GetTextExtentPoint32A
GetTextExtentPoint32W
LineTo
MoveToEx
Polyline
Rectangle
RoundRect
SelectObject
SetBkColor
SetBkMode
SetDIBitsToDevice
SetStretchBltMode
SetTextColor
StretchBlt
StrokePath
TextOutW

gdiplus

GdipAddPathArc
GdipAddPathBezier
GdipAddPathLine
GdipAddPathString
GdipBitmapGetPixel
GdipBitmapSetPixel
GdipClosePathFigure
GdipCreateAdjustableArrowCap
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromStream
GdipCreateFontFamilyFromName
GdipCreateFromHDC
GdipCreateHBITMAPFromBitmap
GdipCreateHICONFromBitmap
GdipCreatePath
GdipCreatePen1
GdipCreateSolidFill
GdipDeleteBrush
GdipDeleteCustomLineCap
GdipDeleteFontFamily
GdipDeleteGraphics
GdipDeletePath
GdipDeletePen
GdipDisposeImage
GdipDrawEllipse
GdipDrawImage
GdipDrawImageRect
GdipDrawImageRectRect
GdipDrawLine
GdipDrawPath
GdipDrawPolygon
GdipDrawRectangle
GdipFillEllipse
GdipFillPath
GdipFillPolygon
GdipFillRectangle
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipGetImageHeight
GdipGetImageWidth
GdipGetMatrixElements
GdipGetPathGradientPointCount
GdipGetPenFillType
GdipLoadImageFromFile
GdipSaveImageToFile
GdipSetImageAttributesRemapTable
GdipSetPenCustomEndCap
GdipSetPenCustomStartCap
GdipSetSmoothingMode
GdipWindingModeOutline
GdiplusShutdown
GdiplusStartup

iphlpapi

GetAdaptersInfo

kernel32

AddVectoredExceptionHandler
CloseHandle
CompareStringW
CopyFileA
CreateFileMappingW
CreateFileW
CreatePipe
CreateProcessW
CreateRemoteThread
CreateSemaphoreA
CreateToolhelp32Snapshot
CreateWaitableTimerA
DeleteCriticalSection
DeleteFileW
EnterCriticalSection
FileTimeToSystemTime
FindClose
FindFirstFileW
FindNextFileW
FindResourceA
FindResourceW
FreeLibrary
FreeResource
GetCommandLineW
GetComputerNameW
GetConsoleCP
GetConsoleMode
GetConsoleScreenBufferInfo
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatW
GetExitCodeThread
GetFileAttributesW
GetFileSize
GetFileSizeEx
GetLargestConsoleWindowSize
GetLastError
GetLocaleInfoA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetNativeSystemInfo
GetPrivateProfileStringA
GetPrivateProfileStringW
GetProcAddress
GetProcessHeap
GetProcessTimes
GetStartupInfoA
GetStartupInfoW
GetStdHandle
GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLangID
GetVersionExW
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
HeapAlloc
HeapCreate
HeapFree
InitializeCriticalSection
IsWow64Process
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LoadResource
LocalFree
LockFile
LockResource
Module32FirstW
Module32NextW
MoveFileW
MulDiv
MultiByteToWideChar
OpenProcess
OpenThread
PeekConsoleInputA
Process32FirstW
Process32NextW
QueryPerformanceCounter
QueryPerformanceFrequency
ReadConsoleInputA
ReadFile
ReadProcessMemory
ReleaseSemaphore
SetConsoleCtrlHandler
SetConsoleMode
SetConsoleWindowInfo
SetCurrentDirectoryW
SetErrorMode
SetFileAttributesA
SetUnhandledExceptionFilter
SetWaitableTimer
SizeofResource
Sleep
TerminateProcess
TerminateThread
Thread32First
Thread32Next
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnlockFile
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteConsoleInputA
WriteFile
WritePrivateProfileStringA
WritePrivateProfileStringW
WriteProcessMemory
lstrcmpiW

msvcrt

__doserrno
__getmainargs
__initenv
__lconv_init
__p__acmdln
__p__fmode
__set_app_type
__setusermatherr
_amsg_exit
_beginthreadex
_cexit
_controlfp
_errno
_filelengthi64
_fileno
_fmode
_fpreset
_get_osfhandle
_i64toa
_i64tow
_initterm
_iob
_itoa
_itow
_onexit
_putenv
_sleep
_snprintf
_snwprintf
_strdup
_stricmp
_strnicmp
_ui64toa
_ui64tow
_ultoa
_ultow
_wtoi64
abort
atoi
calloc
exit
fclose
feof
fflush
fgetpos
fgets
fopen
fprintf
fputs
fread
free
freopen
fsetpos
fwrite
getc
getenv
isalpha
islower
isspace
isupper
localtime
iswctype
localeconv
log10
malloc
mbstowcs
memset
memcmp
memcpy
memmove
modf
pow
qsort
rand
realloc
rename
setlocale
setvbuf
signal
sprintf
srand
strcat
strchr
strcpy
strlen
strncmp
strtol
strtoul
time
tolower
toupper
towupper
ungetc
vfprintf
wcscmp
wcscspn
wcslen
wcsncmp
wcsstr
wcstod
wcstombs
wcstoul

ntdll

ZwQueryInformationProcess

ole32

CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CoGetClassObject
CoGetObject
CoInitialize
CoTaskMemFree
CoUninitialize
CreateStreamOnHGlobal
OleInitialize
OleLockRunning
OleRun
OleUninitialize
StringFromIID

oleaut32

OleCreateFontIndirect
SafeArrayAccessData
SafeArrayCreate
SafeArrayDestroy
SafeArrayPutElement
SafeArrayUnaccessData
SysAllocString
SysAllocStringLen
SysFreeString
SysStringLen
VarBstrFromDec
VarCat
VariantClear
VariantCopy

psapi

GetModuleFileNameExW

shell32

CommandLineToArgvW
DragQueryFileW
SHGetFolderPathA
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteA
ShellExecuteW
Shell_NotifyIconW

shlwapi

PathRemoveBackslashW

user32

AdjustWindowRectEx
AppendMenuW
BeginDeferWindowPos
BeginPaint
CallWindowProcW
ClientToScreen
CloseClipboard
CopyAcceleratorTableW
CreateAcceleratorTableW
CreateIconIndirect
CreatePopupMenu
CreateWindowExW
DefWindowProcW
DeferWindowPos
DeleteMenu
DestroyAcceleratorTable
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageW
DrawIconEx
DrawMenuBar
DrawTextW
EmptyClipboard
EnableWindow
EndDeferWindowPos
EndPaint
EnumChildWindows
EnumThreadWindows
EnumWindows
FillRect
FindWindowA
FindWindowExW
FindWindowW
FlashWindowEx
GetActiveWindow
GetAncestor
GetClassInfoExW
GetClassLongW
GetClassNameA
GetClassNameW
GetClientRect
GetCursorPos
GetDC
GetDesktopWindow
GetDlgCtrlID
GetDlgItem
GetFocus
GetForegroundWindow
GetIconInfo
GetKeyState
GetMenu
GetMenuItemCount
GetMenuItemInfoW
GetMessageW
GetParent
GetPropW
GetScrollInfo
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMetrics
GetWindow
GetWindowDC
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowTextLengthW
GetWindowTextW
GetWindowThreadProcessId
IntersectRect
InvalidateRect
IsDialogMessageW
IsIconic
IsWindow
IsWindowEnabled
IsWindowVisible
IsZoomed
KillTimer
LoadCursorW
LoadIconA
LoadIconW
LoadImageA
LoadImageW
MapVirtualKeyA
MapWindowPoints
MessageBoxA
MessageBoxW
ModifyMenuW
MsgWaitForMultipleObjects
OpenClipboard
OpenIcon
PeekMessageW
PostMessageW
PostQuitMessage
PostThreadMessageW
PtInRect
RegisterClassExW
RegisterWindowMessageA
ReleaseCapture
ReleaseDC
RemoveMenu
RemovePropW
ScreenToClient
SendMessageA
SendMessageTimeoutW
SendMessageW
SetCapture
SetClassLongW
SetClipboardData
SetCursor
SetFocus
SetForegroundWindow
SetLayeredWindowAttributes
SetMenuItemBitmaps
SetMenuItemInfoW
SetParent
SetPropW
SetRect
SetScrollInfo
SetTimer
SetWinEventHook
SetWindowLongW
SetWindowPlacement
SetWindowPos
SetWindowRgn
SetWindowTextW
ShowWindow
SystemParametersInfoW
TrackMouseEvent
TrackPopupMenu
TranslateAcceleratorW
TranslateMDISysAccel
TranslateMessage
UnhookWinEvent
UnregisterClassW
UpdateLayeredWindow
UpdateWindow
VkKeyScanA
WindowFromPoint

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wininet

HttpOpenRequestA
HttpSendRequestA
InternetCloseHandle
InternetConnectA
InternetOpenA
InternetReadFile

winmm

PlaySoundW
timeGetTime

ws2_32

WSAGetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
gethostbyname
gethostname
htonl
htons
inet_addr
ioctlsocket
listen
ntohs
recv
recvfrom
select
send
sendto
shutdown
socket

Exports

Exports

BACKCSERVICE@20
CLOSECSERVICE@4
OPENCSERVICE@16

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 103KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 133B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 320KB - Virtual size: 319KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7b2c21c7431b58bf43c9bc1d989987f5

Code Sign

06:cd:53:28:49:6e:09:da:53:27:ba:46:57:d0:9f:15Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

c2:bb:00:03:bb:c9:79:e9:6d:13:f4:15:5e:b4:97:70:bf:b7:8a:42Signer

Headers

File Characteristics

Imports

sqlite3

mxqfconv

ecco

cchess

advapi32

comctl32

gdi32

gdiplus

iphlpapi

kernel32

msvcrt

ntdll

ole32

oleaut32

psapi

shell32

shlwapi

user32

version

wininet

winmm

ws2_32

Exports

Exports

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.data Size: 123KB - Virtual size: 123KB

.rdata Size: 63KB - Virtual size: 62KB

.bss Size: - Virtual size: 103KB

.edata Size: 512B - Virtual size: 133B

.idata Size: 17KB - Virtual size: 17KB

.CRT Size: 512B - Virtual size: 52B

.tls Size: 512B - Virtual size: 8B

.rsrc Size: 320KB - Virtual size: 319KB

.reloc Size: 36KB - Virtual size: 36KB

06:cd:53:28:49:6e:09:da:53:27:ba:46:57:d0:9f:15
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

c2:bb:00:03:bb:c9:79:e9:6d:13:f4:15:5e:b4:97:70:bf:b7:8a:42
Signer

.text
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 123KB - Virtual size: 123KB

.rdata
Size: 63KB - Virtual size: 62KB

.bss
Size: - Virtual size: 103KB

.edata
Size: 512B - Virtual size: 133B

.idata
Size: 17KB - Virtual size: 17KB

.CRT
Size: 512B - Virtual size: 52B

.tls
Size: 512B - Virtual size: 8B

.rsrc
Size: 320KB - Virtual size: 319KB

.reloc
Size: 36KB - Virtual size: 36KB