c002767bc469433977f4cf6d02b562606985b948155b36de76f0bf3d8d9f83f6

Sharing

Copy URL Twitter E-mail

General

Target

c002767bc469433977f4cf6d02b562606985b948155b36de76f0bf3d8d9f83f6
Size

1.4MB
MD5

b2dd0648decd1b160c40ceb79b33e584
SHA1

6d1430b5f92872dacc5bf34539428ecdf681ff7c
SHA256

c002767bc469433977f4cf6d02b562606985b948155b36de76f0bf3d8d9f83f6
SHA512

c040b3d751e023e6fd1a11946555ad518c73ad05beba8f7e5b7438f0c32f9cc0266f6b76f70909b693ec108e6097bcc0ef753b29dbf777f498c64fcaec8f11fe
SSDEEP

24576:0cpjL6jO2Bd0z2RmFTr0jhJm/3TXaPR9/Ms3:hp36jrBdUOmFT4jhgXIv

Score

1^/10

Malware Config

Signatures

Files

c002767bc469433977f4cf6d02b562606985b948155b36de76f0bf3d8d9f83f6
.exe windows:5 windows x86 arch:x86

890d9aaccc378503c4af59259e2b6474

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:df:76:75:aa:a0:8d:1b:49:a8:3a:48:0f:14:85:5d:24
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

22/02/2012, 09:18

Not After

22/02/2015, 09:18

Subject

CN=Baidu (China) Co.\, Ltd.,O=Baidu (China) Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\clientci\workspace\browser_bdupdate_2.0.7\bdupdate_browser\output\bdupdate.pdb

Imports

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

ws2_32

WSACleanup
getaddrinfo
gethostname
WSAStartup
freeaddrinfo
getnameinfo

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

wintrust

WTHelperGetProvCertFromChain
WinVerifyTrust
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain

crypt32

CertGetNameStringW

imm32

ImmDisableIME

wtsapi32

WTSQueryUserToken

psapi

EnumProcesses

kernel32

GetModuleFileNameW
FindClose
FindNextFileW
FindFirstFileW
GetTempPathW
HeapAlloc
GetProcessHeap
HeapFree
GetEnvironmentVariableW
Thread32Next
ResumeThread
SuspendThread
OpenThread
GetCurrentProcessId
Thread32First
CreateToolhelp32Snapshot
VirtualQuery
IsBadWritePtr
lstrcpyW
lstrlenW
SetEnvironmentVariableW
SetCurrentDirectoryW
GetFullPathNameW
CreateMutexW
OutputDebugStringW
GetSystemTime
SetUnhandledExceptionFilter
GetCommandLineW
FreeConsole
GetConsoleScreenBufferInfo
GetStdHandle
AllocConsole
WriteConsoleW
SetConsoleTextAttribute
GetPrivateProfileIntW
Sleep
GetModuleHandleW
InterlockedDecrement
TerminateProcess
SetProcessAffinityMask
InterlockedIncrement
lstrcmpiW
LoadLibraryExW
OpenFileMappingW
GetPrivateProfileStringW
WritePrivateProfileStringW
ExitProcess
OpenEventW
OpenMutexW
GetExitCodeProcess
WTSGetActiveConsoleSessionId
CopyFileW
RemoveDirectoryW
GetFileAttributesExW
CompareStringW
MulDiv
CreateProcessW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStringTypeW
RaiseException
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
FlushFileBuffers
GetDateFormatA
GetTimeFormatA
GetTimeZoneInformation
CreateFileA
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetFileType
SetHandleCount
GetModuleHandleA
IsValidCodePage
GetOEMCP
GetACP
GetModuleFileNameA
HeapCreate
GetCPInfo
LCMapStringW
LCMapStringA
GetStartupInfoA
GetCommandLineA
GetSystemTimeAsFileTime
SetEndOfFile
CreateThread
ExitThread
GetConsoleMode
GetConsoleCP
IsDebuggerPresent
UnhandledExceptionFilter
RtlUnwind
InterlockedExchange
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedCompareExchange
HeapSize
HeapReAlloc
HeapDestroy
QueryPerformanceCounter
QueryPerformanceFrequency
lstrcpynW
SetEnvironmentVariableA
CompareStringA
GetLocaleInfoW
GetVersionExW
GetCurrentProcess
SetLastError
InitializeCriticalSectionAndSpinCount
FlushInstructionCache
MoveFileExW
lstrlenA
GetEnvironmentStringsW
SetFilePointer
CreateFileW
CloseHandle
ReadFile
SystemTimeToFileTime
LocalFileTimeToFileTime
MultiByteToWideChar
WideCharToMultiByte
GetCurrentDirectoryW
CreateDirectoryW
GetFileAttributesW
SetFileTime
WriteFile
GetFileSize
MapViewOfFile
CreateFileMappingW
GetLocalTime
UnmapViewOfFile
GetTickCount
TlsAlloc
SizeofResource
LockResource
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CreateEventW
WaitForMultipleObjects
SetThreadPriority
SetEvent
ResetEvent
WaitForSingleObject
TerminateThread
OpenProcess
LoadLibraryA
LocalFree
FormatMessageW
LoadLibraryW
GetProcAddress
DeleteFileW
FreeLibrary
GetLastError
LoadResource
TlsFree
DosDateTimeToFileTime
SetFileAttributesW
TlsSetValue
TlsGetValue
GetCurrentThreadId
DeviceIoControl
GlobalAlloc
GlobalFree
GetVolumeInformationA
FindResourceExW
FindResourceW
GetStringTypeA

user32

MessageBoxW
PostQuitMessage
EnableWindow
ClientToScreen
MoveWindow
IsIconic
ScreenToClient
BringWindowToTop
PeekMessageW
LoadStringW
GetDlgItem
UnregisterClassA
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
IsRectEmpty
GetPropW
GetSystemMetrics
SetParent
SetLayeredWindowAttributes
DialogBoxParamW
LoadIconW
CreateDialogParamW
IsWindowVisible
GetClassNameW
GetSysColor
GetFocus
OffsetRect
GetCapture
ReleaseCapture
ReleaseDC
GetDC
GetCursorPos
SetCursor
DrawFocusRect
FillRect
PtInRect
GetDlgCtrlID
SetFocus
SetCapture
IsWindowEnabled
UpdateWindow
EqualRect
CopyRect
wsprintfW
DispatchMessageW
TranslateMessage
GetMessageW
PostThreadMessageW
PostMessageW
SetWindowLongW
IsWindow
GetClassInfoExW
LoadCursorW
DestroyWindow
DefWindowProcW
RegisterClassExW
CreateWindowExW
GetWindowLongW
CallWindowProcW
KillTimer
SetTimer
DestroyIcon
AllowSetForegroundWindow
ShowWindow
SendMessageW
GetMenu
SetWindowPos
GetClientRect
InvalidateRect
AdjustWindowRectEx
MapWindowPoints
GetMonitorInfoW
MonitorFromWindow
GetWindowRect
GetWindow
GetParent
SetWindowRgn
RedrawWindow
GetWindowTextLengthW
GetWindowTextW
SetRectEmpty
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
SetWindowTextW
SetPropW
CharNextW
LoadImageW
DrawTextW
EndDialog
BeginPaint
EndPaint
RegisterWindowMessageW
SetForegroundWindow

gdi32

GetDeviceCaps
CreateCompatibleBitmap
GetStockObject
CreateBrushIndirect
DeleteDC
BitBlt
SetTextColor
SetBkMode
ExtTextOutW
CreateCompatibleDC
StretchBlt
GetObjectW
DeleteObject
CreatePolygonRgn
DPtoLP
GetCurrentObject
GetTextMetricsW
SetBkColor
SelectObject
CreateFontIndirectW

advapi32

QueryServiceObjectSecurity
GetSecurityDescriptorDacl
BuildExplicitAccessWithNameW
SetServiceObjectSecurity
SetServiceStatus
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
RegCreateKeyW
CreateServiceW
ChangeServiceConfig2W
ControlService
DeleteService
RegCloseKey
RegQueryValueExA
GetNamedSecurityInfoW
SetNamedSecurityInfoW
CryptAcquireContextW
CryptCreateHash
RegOpenKeyExA
RegQueryValueExW
CryptHashData
CryptDeriveKey
CryptDecrypt
CryptReleaseContext
QueryServiceStatusEx
DuplicateTokenEx
CreateProcessAsUserW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
StartServiceW
GetSecurityInfo
SetEntriesInAclW
SetSecurityInfo
GetExplicitEntriesFromAclW
LookupAccountSidW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyW
LookupPrivilegeValueW
AdjustTokenPrivileges
GetUserNameW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
OpenProcessToken
GetTokenInformation
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW

shell32

ord165
CommandLineToArgvW
ShellExecuteExW
ShellExecuteW
Shell_NotifyIconW
SHFileOperationW
SHGetFolderPathW
SHCreateDirectoryExW

ole32

CoCreateGuid
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoInitialize
CoCreateInstance
CoInitializeEx
CoUninitialize
CLSIDFromProgID

oleaut32

SysFreeString
SysAllocStringByteLen
SysStringByteLen
SysAllocStringLen
SysAllocString
VariantInit
VariantClear
VarUI4FromStr
VarBstrCmp

shlwapi

SHGetValueW
PathRemoveFileSpecW
PathFileExistsW

comctl32

_TrackMouseEvent

msimg32

AlphaBlend
GradientFill

gdiplus

GdipDeleteFont
GdipCreateFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipGetImageWidth
GdipDrawImageRectRect
GdipDeleteStringFormat
GdipCreateImageAttributes
GdipDeleteGraphics
GdipCreateFromHDC
GdipLoadImageFromFile
GdipCloneImage
GdipAlloc
GdipDisposeImage
GdipFree
GdipSetImageAttributesColorMatrix
GdipCloneStringFormat
GdipStringFormatGetGenericTypographic
GdiplusShutdown
GdiplusStartup
GdipSetStringFormatTrimming
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipDrawString
GdipCreateSolidFill
GdipDeleteBrush
GdipDisposeImageAttributes
GdipGetImageHeight

iphlpapi

GetAdaptersInfo
GetNetworkParams

rpcrt4

UuidToStringW
RpcStringFreeW

wininet

HttpEndRequestW
InternetQueryOptionW
InternetOpenW
InternetConnectW
InternetReadFileExA
HttpSendRequestW
InternetSetStatusCallbackW
InternetSetOptionW
HttpSendRequestExW
HttpQueryInfoA
HttpQueryInfoW
HttpAddRequestHeadersW
InternetSetCookieW
HttpOpenRequestW
InternetOpenA
InternetSetOptionA
InternetConnectA
HttpAddRequestHeadersA
HttpSendRequestExA
InternetWriteFile
HttpEndRequestA
InternetCloseHandle
HttpOpenRequestA

Sections

.text
Size: 589KB - Virtual size: 588KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 596KB - Virtual size: 596KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 76KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

890d9aaccc378503c4af59259e2b6474

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:2f:4e:e1:35:5cCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

11:21:df:76:75:aa:a0:8d:1b:49:a8:3a:48:0f:14:85:5d:24Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

ws2_32

userenv

wintrust

crypt32

imm32

wtsapi32

psapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

gdiplus

iphlpapi

rpcrt4

wininet

Sections

.text Size: 589KB - Virtual size: 588KB

.rdata Size: 133KB - Virtual size: 132KB

.data Size: 15KB - Virtual size: 23KB

.rsrc Size: 596KB - Virtual size: 596KB

.reloc Size: 76KB - Virtual size: 83KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

11:21:df:76:75:aa:a0:8d:1b:49:a8:3a:48:0f:14:85:5d:24
Certificate

.text
Size: 589KB - Virtual size: 588KB

.rdata
Size: 133KB - Virtual size: 132KB

.data
Size: 15KB - Virtual size: 23KB

.rsrc
Size: 596KB - Virtual size: 596KB

.reloc
Size: 76KB - Virtual size: 83KB