1be48ae6d0bf2c7eaf6103339999effc67d8902cb6dc0daf9569c4fd3a52a2cd

Sharing

Copy URL Twitter E-mail

General

Target

1be48ae6d0bf2c7eaf6103339999effc67d8902cb6dc0daf9569c4fd3a52a2cd
Size

2.6MB
MD5

7b848cf2e1181a859693066eebb62379
SHA1

3ce9c9feeeae191b3667b767891e94a571812f96
SHA256

1be48ae6d0bf2c7eaf6103339999effc67d8902cb6dc0daf9569c4fd3a52a2cd
SHA512

65a0bf9d24000683d021d77c0d9bb931e59b5622f8fd6ff8aac84418a378729920c4cc1441eccaa311f73ed1cf800fc746af20d02f52a148542042b0c1d64e59
SSDEEP

49152:kGZAL/Dpl0RwA8vYVdO6ubh+5bZyOMyRC5pzkTqr:kGMrf0DhdO6ulEZyOA5v

Score

1^/10

Malware Config

Signatures

Files

1be48ae6d0bf2c7eaf6103339999effc67d8902cb6dc0daf9569c4fd3a52a2cd
.dll windows:5 windows x86 arch:x86

2424f4b955986f0886b19b73f9c72b0a

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

56:65:97:19:56:9b:e0:7b:77:5a:1b:22:75:e2:d8:3a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/02/2012, 00:00

Not After

26/02/2015, 23:59

Subject

CN=Beijing baidu Netcom science and technology co.ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing baidu Netcom science and technology co.ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Documents and Settings\qianli\My Documents\Downloads\FreeImage\Release\FreeImage.pdb

Imports

kernel32

FreeLibrary
GetProcAddress
LoadLibraryA
SetCurrentDirectoryA
GetModuleFileNameA
GetCurrentDirectoryA
IsBadReadPtr
OutputDebugStringA
CompareStringW
CompareStringA
GetProcessHeap
SetEndOfFile
GetLocaleInfoW
CloseHandle
CreateFileW
lstrlenA
ExitProcess
QueryPerformanceCounter
QueryPerformanceFrequency
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
Sleep
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
GetLastError
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
HeapAlloc
RtlUnwind
HeapReAlloc
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileA
FindNextFileA
DeleteFileA
MoveFileA
GetCurrentThreadId
GetCommandLineA
ReadFile
GetModuleHandleW
SetFilePointer
LCMapStringA
LCMapStringW
GetCPInfo
HeapSize
GetModuleHandleA
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
WriteFile
GetStdHandle
GetACP
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
FlushFileBuffers
CreateFileA
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
SetStdHandle
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA

ws2_32

htonl
ntohs
htons
ntohl

Exports

Exports

FreeImage_OutputMessageProc
_FreeImage_AcquireMemory@12
_FreeImage_AdjustBrightness@12
_FreeImage_AdjustColors@32
_FreeImage_AdjustContrast@12
_FreeImage_AdjustCurve@12
_FreeImage_AdjustGamma@12
_FreeImage_Allocate@24
_FreeImage_AllocateEx@36
_FreeImage_AllocateExT@40
_FreeImage_AllocateHeader@28
_FreeImage_AllocateHeaderT@32
_FreeImage_AllocateT@28
_FreeImage_AppendPage@8
_FreeImage_ApplyColorMapping@24
_FreeImage_ApplyPaletteIndexMapping@20
_FreeImage_Clone@4
_FreeImage_CloneMetadata@8
_FreeImage_CloneTag@4
_FreeImage_CloseMemory@4
_FreeImage_CloseMultiBitmap@8
_FreeImage_ColorQuantize@8
_FreeImage_ColorQuantizeEx@20
_FreeImage_Composite@16
_FreeImage_ConvertFromRawBits@36
_FreeImage_ConvertLine16To24_555@12
_FreeImage_ConvertLine16To24_565@12
_FreeImage_ConvertLine16To32_555@12
_FreeImage_ConvertLine16To32_565@12
_FreeImage_ConvertLine16To4_555@12
_FreeImage_ConvertLine16To4_565@12
_FreeImage_ConvertLine16To8_555@12
_FreeImage_ConvertLine16To8_565@12
_FreeImage_ConvertLine16_555_To16_565@12
_FreeImage_ConvertLine16_565_To16_555@12
_FreeImage_ConvertLine1To16_555@16
_FreeImage_ConvertLine1To16_565@16
_FreeImage_ConvertLine1To24@16
_FreeImage_ConvertLine1To32@16
_FreeImage_ConvertLine1To4@12
_FreeImage_ConvertLine1To8@12
_FreeImage_ConvertLine24To16_555@12
_FreeImage_ConvertLine24To16_565@12
_FreeImage_ConvertLine24To32@12
_FreeImage_ConvertLine24To4@12
_FreeImage_ConvertLine24To8@12
_FreeImage_ConvertLine32To16_555@12
_FreeImage_ConvertLine32To16_565@12
_FreeImage_ConvertLine32To24@12
_FreeImage_ConvertLine32To4@12
_FreeImage_ConvertLine32To8@12
_FreeImage_ConvertLine4To16_555@16
_FreeImage_ConvertLine4To16_565@16
_FreeImage_ConvertLine4To24@16
_FreeImage_ConvertLine4To32@16
_FreeImage_ConvertLine4To8@12
_FreeImage_ConvertLine8To16_555@16
_FreeImage_ConvertLine8To16_565@16
_FreeImage_ConvertLine8To24@16
_FreeImage_ConvertLine8To32@16
_FreeImage_ConvertLine8To4@16
_FreeImage_ConvertTo16Bits555@4
_FreeImage_ConvertTo16Bits565@4
_FreeImage_ConvertTo24Bits@4
_FreeImage_ConvertTo32Bits@4
_FreeImage_ConvertTo4Bits@4
_FreeImage_ConvertTo8Bits@4
_FreeImage_ConvertToFloat@4
_FreeImage_ConvertToGreyscale@4
_FreeImage_ConvertToRGB16@4
_FreeImage_ConvertToRGBF@4
_FreeImage_ConvertToRawBits@32
_FreeImage_ConvertToStandardType@8
_FreeImage_ConvertToType@12
_FreeImage_ConvertToUINT16@4
_FreeImage_Copy@20
_FreeImage_CreateICCProfile@12
_FreeImage_CreateTag@0
_FreeImage_DeInitialise@0
_FreeImage_DeletePage@8
_FreeImage_DeleteTag@4
_FreeImage_DestroyICCProfile@4
_FreeImage_Dither@8
_FreeImage_EnlargeCanvas@28
_FreeImage_FIFSupportsExportBPP@8
_FreeImage_FIFSupportsExportType@8
_FreeImage_FIFSupportsICCProfiles@4
_FreeImage_FIFSupportsNoPixels@4
_FreeImage_FIFSupportsReading@4
_FreeImage_FIFSupportsWriting@4
_FreeImage_FillBackground@12
_FreeImage_FindCloseMetadata@4
_FreeImage_FindFirstMetadata@12
_FreeImage_FindNextMetadata@8
_FreeImage_FlipHorizontal@4
_FreeImage_FlipVertical@4
_FreeImage_GetAdjustColorsLookupTable@32
_FreeImage_GetBPP@4
_FreeImage_GetBackgroundColor@8
_FreeImage_GetBits@4
_FreeImage_GetBlueMask@4
_FreeImage_GetChannel@8
_FreeImage_GetColorType@4
_FreeImage_GetColorsUsed@4
_FreeImage_GetComplexChannel@8
_FreeImage_GetCopyrightMessage@0
_FreeImage_GetDIBSize@4
_FreeImage_GetDotsPerMeterX@4
_FreeImage_GetDotsPerMeterY@4
_FreeImage_GetFIFCount@0
_FreeImage_GetFIFDescription@4
_FreeImage_GetFIFExtensionList@4
_FreeImage_GetFIFFromFilename@4
_FreeImage_GetFIFFromFilenameU@4
_FreeImage_GetFIFFromFormat@4
_FreeImage_GetFIFFromMime@4
_FreeImage_GetFIFMimeType@4
_FreeImage_GetFIFRegExpr@4
_FreeImage_GetFileType@8
_FreeImage_GetFileTypeFromHandle@12
_FreeImage_GetFileTypeFromMemory@8
_FreeImage_GetFileTypeU@8
_FreeImage_GetFormatFromFIF@4
_FreeImage_GetGreenMask@4
_FreeImage_GetHeight@4
_FreeImage_GetHistogram@12
_FreeImage_GetICCProfile@4
_FreeImage_GetImageType@4
_FreeImage_GetInfo@4
_FreeImage_GetInfoHeader@4
_FreeImage_GetLine@4
_FreeImage_GetLockedPageNumbers@12
_FreeImage_GetMetadata@16
_FreeImage_GetMetadataCount@8
_FreeImage_GetPageCount@4
_FreeImage_GetPalette@4
_FreeImage_GetPitch@4
_FreeImage_GetPixelColor@16
_FreeImage_GetPixelIndex@16
_FreeImage_GetRedMask@4
_FreeImage_GetScanLine@8
_FreeImage_GetTagCount@4
_FreeImage_GetTagDescription@4
_FreeImage_GetTagID@4
_FreeImage_GetTagKey@4
_FreeImage_GetTagLength@4
_FreeImage_GetTagType@4
_FreeImage_GetTagValue@4
_FreeImage_GetThumbnail@4
_FreeImage_GetTransparencyCount@4
_FreeImage_GetTransparencyTable@4
_FreeImage_GetTransparentIndex@4
_FreeImage_GetVersion@0
_FreeImage_GetWidth@4
_FreeImage_HasBackgroundColor@4
_FreeImage_HasPixels@4
_FreeImage_Initialise@4
_FreeImage_InsertPage@12
_FreeImage_Invert@4
_FreeImage_IsLittleEndian@0
_FreeImage_IsPluginEnabled@4
_FreeImage_IsTransparent@4
_FreeImage_JPEGCrop@24
_FreeImage_JPEGCropU@24
_FreeImage_JPEGTransform@16
_FreeImage_JPEGTransformU@16
_FreeImage_Load@12
_FreeImage_LoadFromHandle@16
_FreeImage_LoadFromMemory@12
_FreeImage_LoadMultiBitmapFromMemory@12
_FreeImage_LoadU@12
_FreeImage_LockPage@8
_FreeImage_LookupSVGColor@16
_FreeImage_LookupX11Color@16
_FreeImage_MakeThumbnail@12
_FreeImage_MovePage@12
_FreeImage_MultigridPoissonSolver@8
_FreeImage_OpenMemory@8
_FreeImage_OpenMultiBitmap@24
_FreeImage_OpenMultiBitmapFromHandle@16
_FreeImage_Paste@20
_FreeImage_PreMultiplyWithAlpha@4
_FreeImage_ReadMemory@16
_FreeImage_RegisterExternalPlugin@20
_FreeImage_RegisterLocalPlugin@20
_FreeImage_Rescale@16
_FreeImage_Rotate@16
_FreeImage_RotateClassic@12
_FreeImage_RotateEx@48
_FreeImage_Save@16
_FreeImage_SaveMultiBitmapToHandle@20
_FreeImage_SaveMultiBitmapToMemory@16
_FreeImage_SaveToHandle@20
_FreeImage_SaveToMemory@16
_FreeImage_SaveU@16
_FreeImage_SeekMemory@12
_FreeImage_SetBackgroundColor@8
_FreeImage_SetChannel@12
_FreeImage_SetComplexChannel@12
_FreeImage_SetDotsPerMeterX@8
_FreeImage_SetDotsPerMeterY@8
_FreeImage_SetMetadata@16
_FreeImage_SetOutputMessage@4
_FreeImage_SetOutputMessageStdCall@4
_FreeImage_SetPixelColor@16
_FreeImage_SetPixelIndex@16
_FreeImage_SetPluginEnabled@8
_FreeImage_SetTagCount@8
_FreeImage_SetTagDescription@8
_FreeImage_SetTagID@8
_FreeImage_SetTagKey@8
_FreeImage_SetTagLength@8
_FreeImage_SetTagType@8
_FreeImage_SetTagValue@8
_FreeImage_SetThumbnail@8
_FreeImage_SetTransparencyTable@12
_FreeImage_SetTransparent@8
_FreeImage_SetTransparentIndex@8
_FreeImage_SwapColors@16
_FreeImage_SwapPaletteIndices@12
_FreeImage_TagToString@12
_FreeImage_TellMemory@4
_FreeImage_Threshold@8
_FreeImage_TmoDrago03@20
_FreeImage_TmoFattal02@20
_FreeImage_TmoReinhard05@20
_FreeImage_TmoReinhard05Ex@36
_FreeImage_ToneMapping@24
_FreeImage_Unload@4
_FreeImage_UnlockPage@12
_FreeImage_WriteMemory@16
_FreeImage_ZLibCRC32@12
_FreeImage_ZLibCompress@16
_FreeImage_ZLibGUnzip@16
_FreeImage_ZLibGZip@16
_FreeImage_ZLibUncompress@16

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 861KB - Virtual size: 861KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 307KB - Virtual size: 315KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2424f4b955986f0886b19b73f9c72b0a

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

56:65:97:19:56:9b:e0:7b:77:5a:1b:22:75:e2:d8:3aCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

ws2_32

Exports

Exports

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 861KB - Virtual size: 861KB

.data Size: 307KB - Virtual size: 315KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 61KB - Virtual size: 61KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

56:65:97:19:56:9b:e0:7b:77:5a:1b:22:75:e2:d8:3a
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 861KB - Virtual size: 861KB

.data
Size: 307KB - Virtual size: 315KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 61KB - Virtual size: 61KB