2ca806444d92cf21cc2ec64b66d8987bffe54c871b54706c3a88f82a084794d3

Sharing

Copy URL Twitter E-mail

General

Target

2ca806444d92cf21cc2ec64b66d8987bffe54c871b54706c3a88f82a084794d3
Size

29KB
MD5

1c8532417e40a700247157207fc44e2e
SHA1

a0e297adf5e2440c6264c75b4066f4e7afc0d9a3
SHA256

2ca806444d92cf21cc2ec64b66d8987bffe54c871b54706c3a88f82a084794d3
SHA512

99c9ad9f20ef0668eb8458ee1fec4495658057ece0bac24b7124388f110b0be0eced2834da793ead3a26c7d1066acfa81b44c676db33165c528b7c997d7a844c
SSDEEP

384:9oYXZrrV6/y4P7JIYJSFwDLw/wPOB5hPV2vVC8KLUA54mGdeItIutxQCT2UHeMtc:Vrg/N7JKeDLw/GOBrdurtzjTA

Score

1^/10

Malware Config

Signatures

Files

2ca806444d92cf21cc2ec64b66d8987bffe54c871b54706c3a88f82a084794d3
.dll windows:5 windows x86 arch:x86

958b89fd53a3b5431b7f9af2023b3d6d

Code Sign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

3e:77:14:95:8e:26:ba:b7:fe:1c:43:27:9b:26:8a:27
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

22/08/2014, 00:00

Not After

22/08/2015, 23:59

Subject

CN=深圳市星辰帷幄信息技术有限公司,OU=研发中心,O=深圳市星辰帷幄信息技术有限公司,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:e5:c5:74:5a:b4:8e:af:a1:ce:b2:a1:fa:8b:dd:78:7b:ca:ff:9e
Signer

Actual PE Digest

76:e5:c5:74:5a:b4:8e:af:a1:ce:b2:a1:fa:8b:dd:78:7b:ca:ff:9e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

boost_system-vc100-mt-1_54

?system_category@system@boost@@YAABVerror_category@12@XZ

msvcp100

?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z

msvcr100

?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_initterm_e
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_initterm
_encoded_null
free
_errno
clock
__CxxFrameHandler3
_CxxThrowException
??2@YAPAXI@Z
_purecall
??0exception@std@@QAE@ABV01@@Z
??3@YAXPAX@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
memmove
memcpy
__CppXcptFilter
_malloc_crt
_amsg_exit
_crt_debugger_hook

kernel32

GetCurrentProcessId
GetTickCount
DisableThreadLibraryCalls
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
DecodePointer
EncodePointer
GetCurrentProcess
GetProcessTimes
GetCurrentThread
GetThreadTimes
GetLastError
QueryPerformanceCounter
GetSystemTimeAsFileTime
QueryPerformanceFrequency
GetCurrentThreadId

Exports

Exports

??4process_cpu_clock@chrono@boost@@QAEAAV012@ABV012@@Z
??4process_real_cpu_clock@chrono@boost@@QAEAAV012@ABV012@@Z
??4process_system_cpu_clock@chrono@boost@@QAEAAV012@ABV012@@Z
??4process_user_cpu_clock@chrono@boost@@QAEAAV012@ABV012@@Z
??4steady_clock@chrono@boost@@QAEAAV012@ABV012@@Z
??4system_clock@chrono@boost@@QAEAAV012@ABV012@@Z
??4thread_clock@chrono@boost@@QAEAAV012@ABV012@@Z
?from_time_t@system_clock@chrono@boost@@SA?AV?$time_point@Vsystem_clock@chrono@boost@@V?$duration@_JV?$ratio@$00$0JIJGIA@@boost@@@23@@23@_J@Z
?is_steady@process_cpu_clock@chrono@boost@@2_NB
?is_steady@process_real_cpu_clock@chrono@boost@@2_NB
?is_steady@process_system_cpu_clock@chrono@boost@@2_NB
?is_steady@process_user_cpu_clock@chrono@boost@@2_NB
?is_steady@steady_clock@chrono@boost@@2_NB
?is_steady@system_clock@chrono@boost@@2_NB
?is_steady@thread_clock@chrono@boost@@2_NB
?now@process_cpu_clock@chrono@boost@@SA?AV?$time_point@Vprocess_cpu_clock@chrono@boost@@V?$duration@U?$process_times@_J@chrono@boost@@V?$ratio@$00$0DLJKMKAA@@3@@23@@23@AAVerror_code@system@3@@Z
?now@process_cpu_clock@chrono@boost@@SA?AV?$time_point@Vprocess_cpu_clock@chrono@boost@@V?$duration@U?$process_times@_J@chrono@boost@@V?$ratio@$00$0DLJKMKAA@@3@@23@@23@XZ
?now@process_real_cpu_clock@chrono@boost@@SA?AV?$time_point@Vprocess_real_cpu_clock@chrono@boost@@V?$duration@_JV?$ratio@$00$0DLJKMKAA@@boost@@@23@@23@AAVerror_code@system@3@@Z
?now@process_real_cpu_clock@chrono@boost@@SA?AV?$time_point@Vprocess_real_cpu_clock@chrono@boost@@V?$duration@_JV?$ratio@$00$0DLJKMKAA@@boost@@@23@@23@XZ
?now@process_system_cpu_clock@chrono@boost@@SA?AV?$time_point@Vprocess_system_cpu_clock@chrono@boost@@V?$duration@_JV?$ratio@$00$0DLJKMKAA@@boost@@@23@@23@AAVerror_code@system@3@@Z
?now@process_system_cpu_clock@chrono@boost@@SA?AV?$time_point@Vprocess_system_cpu_clock@chrono@boost@@V?$duration@_JV?$ratio@$00$0DLJKMKAA@@boost@@@23@@23@XZ
?now@process_user_cpu_clock@chrono@boost@@SA?AV?$time_point@Vprocess_user_cpu_clock@chrono@boost@@V?$duration@_JV?$ratio@$00$0DLJKMKAA@@boost@@@23@@23@AAVerror_code@system@3@@Z
?now@process_user_cpu_clock@chrono@boost@@SA?AV?$time_point@Vprocess_user_cpu_clock@chrono@boost@@V?$duration@_JV?$ratio@$00$0DLJKMKAA@@boost@@@23@@23@XZ
?now@steady_clock@chrono@boost@@SA?AV?$time_point@Vsteady_clock@chrono@boost@@V?$duration@_JV?$ratio@$00$0DLJKMKAA@@boost@@@23@@23@AAVerror_code@system@3@@Z
?now@steady_clock@chrono@boost@@SA?AV?$time_point@Vsteady_clock@chrono@boost@@V?$duration@_JV?$ratio@$00$0DLJKMKAA@@boost@@@23@@23@XZ
?now@system_clock@chrono@boost@@SA?AV?$time_point@Vsystem_clock@chrono@boost@@V?$duration@_JV?$ratio@$00$0JIJGIA@@boost@@@23@@23@AAVerror_code@system@3@@Z
?now@system_clock@chrono@boost@@SA?AV?$time_point@Vsystem_clock@chrono@boost@@V?$duration@_JV?$ratio@$00$0JIJGIA@@boost@@@23@@23@XZ
?now@thread_clock@chrono@boost@@SA?AV?$time_point@Vthread_clock@chrono@boost@@V?$duration@_JV?$ratio@$00$0DLJKMKAA@@boost@@@23@@23@AAVerror_code@system@3@@Z
?now@thread_clock@chrono@boost@@SA?AV?$time_point@Vthread_clock@chrono@boost@@V?$duration@_JV?$ratio@$00$0DLJKMKAA@@boost@@@23@@23@XZ
?to_time_t@system_clock@chrono@boost@@SA_JABV?$time_point@Vsystem_clock@chrono@boost@@V?$duration@_JV?$ratio@$00$0JIJGIA@@boost@@@23@@23@@Z

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

958b89fd53a3b5431b7f9af2023b3d6d

Code Sign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

3e:77:14:95:8e:26:ba:b7:fe:1c:43:27:9b:26:8a:27Certificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

76:e5:c5:74:5a:b4:8e:af:a1:ce:b2:a1:fa:8b:dd:78:7b:ca:ff:9eSigner

Headers

DLL Characteristics

File Characteristics

Imports

boost_system-vc100-mt-1_54

msvcp100

msvcr100

kernel32

Exports

Exports

Sections

.text Size: 11KB - Virtual size: 11KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 1KB - Virtual size: 1KB

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

3e:77:14:95:8e:26:ba:b7:fe:1c:43:27:9b:26:8a:27
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

76:e5:c5:74:5a:b4:8e:af:a1:ce:b2:a1:fa:8b:dd:78:7b:ca:ff:9e
Signer

.text
Size: 11KB - Virtual size: 11KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 1KB - Virtual size: 1KB