9272c132d6e082daae840a33ee7d6a0d2f2fad46f098ae6e149698257c23acc0

Sharing

Copy URL Twitter E-mail

General

Target

9272c132d6e082daae840a33ee7d6a0d2f2fad46f098ae6e149698257c23acc0
Size

569KB
MD5

d448e79cfc89e6987540080231509458
SHA1

8f44fabfd00ba80b62757c038ea93e2f77286b4f
SHA256

9272c132d6e082daae840a33ee7d6a0d2f2fad46f098ae6e149698257c23acc0
SHA512

cefc50f196c75a92cd153e24e5f8c19a320a10cbc782e5cd73ddff745def7fc3d9cf5b9b1926b4b97d79e936564ffebefa14e4a44290b39b9273e751ee73e7af
SSDEEP

6144:ss9es4DwsM9LftQM9C6FgUS4r5GymnihrnSj++sHezgyk+xamWHZiUSaz0HgCRBm:sa97tQP6S/QSvET+5sZiLJnmLAwK2

Score

1^/10

Malware Config

Signatures

Files

9272c132d6e082daae840a33ee7d6a0d2f2fad46f098ae6e149698257c23acc0
.exe windows:4 windows x86 arch:x86

4c08963dd46bb91a3d54756765623c85

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

16:53:66:a2:35:03:a9:3c:20:61:c1:6d:31:49:13:ef
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

09/05/2010, 00:00

Not After

07/08/2012, 23:59

Subject

CN=Suining YiLong Software,O=Suining YiLong Software,L=Suining,ST=Sichuan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

fc:2b:e0:e1:bf:37:fa:92:7a:f8:6c:69:2b:f6:f8:e3:0e:67:c2:b6
Signer

Actual PE Digest

fc:2b:e0:e1:bf:37:fa:92:7a:f8:6c:69:2b:f6:f8:e3:0e:67:c2:b6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
FindClose
FindFirstFileA
GetModuleHandleA
lstrcmpA
WaitForSingleObject
SystemTimeToFileTime
GetPrivateProfileStringA
FindNextFileA
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFileAttributesExA
GetEnvironmentStrings
GetFileSize
CreateFileA
GetDriveTypeA
GetLogicalDriveStringsA
DeleteFileA
SetFileAttributesA
GetFileAttributesA
CreateProcessA
SizeofResource
GetProcAddress
FreeLibrary
GetWindowsDirectoryA
SetEndOfFile
ReadFile
FlushFileBuffers
SetStdHandle
LCMapStringW
GetTempPathA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
WriteFile
SetFilePointer
GetFileType
GetStdHandle
SetHandleCount
GetStringTypeW
GetStringTypeA
GetOEMCP
GetACP
GetCPInfo
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
GetVersionExA
GetEnvironmentVariableA
HeapSize
TerminateProcess
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
RaiseException
ExitProcess
GetVersion
GetCommandLineA
GetStartupInfoA
CreateDirectoryA
HeapAlloc
HeapReAlloc
HeapFree
RtlUnwind
LocalFree
InterlockedExchange
GetSystemDirectoryA
GetModuleFileNameA
OutputDebugStringA
DebugBreak
WideCharToMultiByte
MulDiv
GlobalLock
GlobalUnlock
FindResourceA
LoadResource
LockResource
lstrlenW
GlobalAlloc
GlobalHandle
GlobalFree
FreeResource
DeleteCriticalSection
HeapDestroy
InitializeCriticalSection
CreateMutexA
GetLastError
CloseHandle
GetLocalTime
lstrcmpiA
GetTimeZoneInformation
CreateThread
MultiByteToWideChar
InterlockedIncrement
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
lstrcpynA
lstrlenA
InterlockedDecrement
LCMapStringA
Sleep

user32

CopyImage
IsWindowEnabled
EnumWindows
InvalidateRgn
CreateAcceleratorTableA
GetDesktopWindow
DefWindowProcA
DestroyCursor
InvalidateRect
GetClassNameA
GetFocus
IsChild
wvsprintfA
LoadBitmapA
RegisterWindowMessageA
CreateDialogIndirectParamA
GetClassInfoExA
LoadCursorA
SetRectEmpty
PtInRect
UpdateWindow
AdjustWindowRectEx
GetMenu
GetSysColor
LoadImageA
RedrawWindow
IsWindow
GetIconInfo
SendMessageA
ReleaseCapture
WindowFromPoint
ClientToScreen
SetCapture
GetCapture
GetParent
GetActiveWindow
wsprintfA
KillTimer
GetSystemMetrics
MoveWindow
SetForegroundWindow
DestroyWindow
PostQuitMessage
IsDialogMessageA
SetMenuDefaultItem
CharNextA
CharUpperA
CharLowerA
GetMessageA
TranslateMessage
DispatchMessageA
BeginPaint
EndPaint
CreatePopupMenu
AppendMenuA
CallWindowProcA
ScreenToClient
GetCursorPos
PeekMessageA
GetDlgCtrlID
SetCursor
ReleaseDC
GetWindowRect
GetClientRect
GetDC
OffsetRect
CopyRect
DrawStateA
DrawFocusRect
DrawTextA
SetTimer
GetWindowTextA
GetWindowTextLengthA
InflateRect
FrameRect
LoadStringA
SetWindowLongA
GetWindowLongA
FillRect
CreateWindowExA
ShowWindow
RegisterClassExA
IsMenu
TrackPopupMenu
DestroyMenu
CreateDialogParamA
GetWindow
SystemParametersInfoA
MapWindowPoints
SetWindowPos
GetDlgItemInt
SetDlgItemInt
MessageBeep
SetFocus
IsWindowVisible
MessageBoxA
DestroyIcon
EnableWindow
LoadIconA
EndDialog
DialogBoxParamA
SetWindowTextA
EnumChildWindows
GetDlgItem

gdi32

RoundRect
GetObjectA
SetBkMode
CreateSolidBrush
CreatePen
DeleteObject
DeleteDC
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
CreateBrushIndirect
CreateFontIndirectA
GetDeviceCaps
SetStretchBltMode
StretchBlt
ExtTextOutA
MoveToEx
Rectangle
GetStockObject
SetTextColor
SetBkColor
LineTo

comdlg32

GetOpenFileNameA
GetSaveFileNameA

advapi32

RegEnumValueA
RegEnumKeyA
RegQueryInfoKeyA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegDeleteValueA

shell32

SHGetFileInfoA
ShellExecuteExA
Shell_NotifyIconA
ShellExecuteA

ole32

CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoCreateInstance
CoInitialize
CoUninitialize
CoTaskMemAlloc
OleLockRunning
StringFromCLSID

oleaut32

VariantInit
SysAllocStringLen
SysStringLen
VariantChangeType
VariantCopy
OleCreateFontIndirect
LoadRegTypeLi
VariantClear
SysAllocString
GetErrorInfo
CreateErrorInfo
SysFreeString

comctl32

ImageList_Create
ImageList_ReplaceIcon
ImageList_AddMasked
InitCommonControlsEx
_TrackMouseEvent

msimg32

GradientFill

gdiplus

GdipDrawImageRectI
GdipCloneImage
GdipDisposeImage
GdipFree
GdipAlloc
GdipImageSelectActiveFrame
GdipLoadImageFromStream
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipGetImageWidth
GdipGetImageHeight
GdiplusStartup
GdiplusShutdown
GdipCreateFromHDC
GdipLoadImageFromStreamICM
GdipDeleteGraphics

winmm

timeGetTime

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

shlwapi

SHDeleteKeyA

Sections

.text
Size: 328KB - Virtual size: 327KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 176KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4c08963dd46bb91a3d54756765623c85

Code Sign

0aCertificate

Extended Key Usages

Key Usages

16:53:66:a2:35:03:a9:3c:20:61:c1:6d:31:49:13:efCertificate

Extended Key Usages

04:00:00:00:00:01:20:19:c1:90:66Certificate

Key Usages

01:00:00:00:00:01:25:b0:b4:cc:01Certificate

Extended Key Usages

Key Usages

fc:2b:e0:e1:bf:37:fa:92:7a:f8:6c:69:2b:f6:f8:e3:0e:67:c2:b6Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

msimg32

gdiplus

winmm

version

shlwapi

Sections

.text Size: 328KB - Virtual size: 327KB

.rdata Size: 32KB - Virtual size: 30KB

.data Size: 24KB - Virtual size: 26KB

.rsrc Size: 176KB - Virtual size: 175KB

0a
Certificate

16:53:66:a2:35:03:a9:3c:20:61:c1:6d:31:49:13:ef
Certificate

04:00:00:00:00:01:20:19:c1:90:66
Certificate

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

fc:2b:e0:e1:bf:37:fa:92:7a:f8:6c:69:2b:f6:f8:e3:0e:67:c2:b6
Signer

.text
Size: 328KB - Virtual size: 327KB

.rdata
Size: 32KB - Virtual size: 30KB

.data
Size: 24KB - Virtual size: 26KB

.rsrc
Size: 176KB - Virtual size: 175KB