43491b4ca643b98513b4a62ec71fe9c8c958e13000f8118192554508bf5e38f7

Sharing

Copy URL

Twitter E-mail

General

Target

43491b4ca643b98513b4a62ec71fe9c8c958e13000f8118192554508bf5e38f7
Size

1.4MB
MD5

3601021b327e6cae310f132d1d9244a2
SHA1

57eac100273e35a90cea9de53b4598958a6c79b6
SHA256

43491b4ca643b98513b4a62ec71fe9c8c958e13000f8118192554508bf5e38f7
SHA512

94bc0bfc36394a4c3d523818cc8c8170e4d07e5f594f8889f34721b27c23e1c1814592b6ee88ba4eef13de222c0dafac3a1a28458685bc387c9446db0c114536
SSDEEP

24576:aApJ9IlsM/OZrBMWh6d5Dz3lmemaKMUa78QiNS:TpJ9IlBmBM267zVmeJKM08

Score

1^/10

Malware Config

Signatures

Files

43491b4ca643b98513b4a62ec71fe9c8c958e13000f8118192554508bf5e38f7
.exe windows:4 windows x86 arch:x86

4b2dd5ecc08e192cb72f0796084d1340

Code Sign

04:7a:55
Certificate

Issuer

CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL

Not Before

03-03-2009 12:58

Not After

03-03-2024 12:58

Subject

CN=Certum Time-Stamping Authority,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

19:9d:f8:8e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08-08-2009 01:00

Not After

08-08-2024 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0f:bf:32:48:90:db:f5
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

20-12-2011 11:02

Not After

21-12-2012 22:39

Subject

CN=北京金闻朗科技有限公司,O=北京金闻朗科技有限公司,L=北京,ST=北京,C=CN,1.2.840.113549.1.9.1=#0c1468656c7040766f786c6561726e696e672e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

3d
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01-03-2011 01:00

Not After

01-03-2016 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17-09-2006 19:46

Not After

17-09-2036 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

5b:e8:49:34:c5:1a:bf:dc:7c:6c:a8:a6:ff:bb:13:2e:83:db:65:85
Signer

Actual PE Digest

5b:e8:49:34:c5:1a:bf:dc:7c:6c:a8:a6:ff:bb:13:2e:83:db:65:85

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Langkoo\我的程序\InstallActiveX\release\InstallLangKooActiveX.pdb

Imports

kernel32

FileTimeToLocalFileTime
GetFileTime
SetErrorMode
HeapAlloc
HeapReAlloc
VirtualAlloc
HeapFree
GetCommandLineA
GetProcessHeap
GetStartupInfoA
RtlUnwind
RaiseException
ExitProcess
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetACP
IsValidCodePage
Sleep
GetConsoleCP
GetConsoleMode
HeapDestroy
HeapCreate
VirtualFree
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetTimeZoneInformation
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
SetEnvironmentVariableA
GetOEMCP
GetCPInfo
GlobalFlags
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
InterlockedIncrement
FileTimeToSystemTime
CreateFileA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
WritePrivateProfileStringA
CloseHandle
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
LoadLibraryExA
lstrcmpA
GetCurrentProcessId
GetModuleFileNameA
InterlockedDecrement
GetModuleFileNameW
FreeResource
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
GetModuleHandleA
GetVersionExA
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
MulDiv
InterlockedExchange
MultiByteToWideChar
GetVersion
GetLastError
CompareStringW
CompareStringA
LoadLibraryA
GetProcAddress
DeleteFileA
GetSystemDirectoryA
GetFileAttributesA
FreeLibrary
WinExec
lstrcatA
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
lstrcpyA
lstrlenA

user32

DestroyMenu
GetSysColorBrush
GetDesktopWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
GetMessageA
TranslateMessage
GetActiveWindow
ValidateRect
PostQuitMessage
GetWindowThreadProcessId
ShowWindow
SetWindowTextA
IsDialogMessageA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetCursorPos
WindowFromPoint
IsWindowEnabled
RegisterWindowMessageA
SendDlgItemMessageA
GetCapture
SetWindowsHookExA
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetFocus
IsWindow
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageA
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
GetKeyState
SetForegroundWindow
IsWindowVisible
UpdateWindow
GetMenu
PostMessageA
MessageBoxA
LoadCursorA
InvalidateRect
SendMessageA
GetWindowRect
GetParent
GetDC
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
ScreenToClient
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
WinHelpA
UnregisterClassA
ReleaseDC
EnableWindow
InflateRect
MessageBeep
SetCursor
SetWindowLongA
GetSystemMetrics
GetClientRect
DrawIcon
LoadIconA
GetWindowLongA
AdjustWindowRect
GetWindow
IsIconic
CopyRect
CharUpperA
SetWindowPos
SystemParametersInfoA
GetWindowPlacement
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
CallNextHookEx

gdi32

ScaleWindowExtEx
DeleteDC
CreateBitmap
SetWindowExtEx
GetMapMode
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetTextExtentPoint32A
GetWindowExtEx
GetViewportExtEx
DeleteObject
SetMapMode
SetBkMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
GetStockObject
CreateFontIndirectA
GetObjectA

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegEnumKeyA
RegQueryValueExA
RegOpenKeyA
RegDeleteKeyA
RegQueryValueA
RegCloseKey
RegEnumKeyExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA

shell32

ShellExecuteA

comctl32

InitCommonControlsEx

shlwapi

PathFindExtensionA
PathStripToRootA
PathFindFileNameA
PathIsUNCA

ole32

CoUninitialize
CoInitialize

oleaut32

OleLoadPicture
VariantClear
VariantChangeType
VariantInit

Sections

.text
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4b2dd5ecc08e192cb72f0796084d1340

Code Sign

04:7a:55Certificate

Extended Key Usages

19:9d:f8:8eCertificate

Key Usages

0f:bf:32:48:90:db:f5Certificate

Extended Key Usages

Key Usages

3dCertificate

Key Usages

01Certificate

Key Usages

5b:e8:49:34:c5:1a:bf:dc:7c:6c:a8:a6:ff:bb:13:2e:83:db:65:85Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

Sections

.text Size: 164KB - Virtual size: 163KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 12KB - Virtual size: 23KB

.rsrc Size: 1.1MB - Virtual size: 1.2MB

04:7a:55
Certificate

19:9d:f8:8e
Certificate

0f:bf:32:48:90:db:f5
Certificate

3d
Certificate

01
Certificate

5b:e8:49:34:c5:1a:bf:dc:7c:6c:a8:a6:ff:bb:13:2e:83:db:65:85
Signer

.text
Size: 164KB - Virtual size: 163KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 12KB - Virtual size: 23KB

.rsrc
Size: 1.1MB - Virtual size: 1.2MB