756840147af0dd375b4ad801264f59adfefe08f9719867eb5e80f61011b4bb4e

Sharing

Copy URL

Twitter E-mail

General

Target

756840147af0dd375b4ad801264f59adfefe08f9719867eb5e80f61011b4bb4e
Size

1.7MB
MD5

39ac1d22a2161610bd34beaee43c69ce
SHA1

8bd73aa8f39f39667bd5032ead01b823631f7cf1
SHA256

756840147af0dd375b4ad801264f59adfefe08f9719867eb5e80f61011b4bb4e
SHA512

13c32a955f4a5f538004443e300a0f70c64149a19dd61fa675c5b5cbc0be03d689132351f524fb962ed47ca8288b5c7ce422099493849c90f26359b2f908dbae
SSDEEP

24576:XQl7fNiW+ZvMNpOoXMQjvMw7EbHTOIT+FTntNnJTiIHMlJWNA5h:X8j+EQGoTTOIT+7NJThsl4N+h

Score

1^/10

Malware Config

Signatures

Files

756840147af0dd375b4ad801264f59adfefe08f9719867eb5e80f61011b4bb4e
.exe windows:4 windows x86 arch:x86

a6fb01dd8152ced83b6f53d2595fe65b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16-03-2010 00:00

Not After

15-03-2013 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

urlmon

CoInternetCombineUrl
CoGetClassObjectFromURL
CoInternetGetSession
RegisterBindStatusCallback
RevokeBindStatusCallback
ObtainUserAgentString

psapi

GetModuleInformation
GetModuleFileNameExW
GetProcessMemoryInfo

kernel32

CancelWaitableTimer
SetWaitableTimer
CreateWaitableTimerW
SystemTimeToFileTime
SetEndOfFile
SetFilePointer
GetDiskFreeSpaceExW
SetFileTime
WriteFile
GetVersionExW
SetErrorMode
LeaveCriticalSection
EnterCriticalSection
VirtualQuery
SetUnhandledExceptionFilter
CopyFileW
FindClose
FindNextFileW
FindFirstFileW
lstrcatW
lstrcpyW
OpenEventW
GlobalFree
GetShortPathNameW
CreateDirectoryW
TlsGetValue
GetSystemTime
FreeResource
LockResource
GlobalLock
GlobalAlloc
SizeofResource
LoadResource
FindResourceW
DeleteCriticalSection
MoveFileW
GetLocalTime
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileTime
lstrcmpA
GetSystemInfo
CreateThread
LoadLibraryA
LoadLibraryExA
LoadLibraryExW
lstrcmpiA
GetCurrentThread
HeapFree
HeapAlloc
HeapCreate
lstrcmpiW
VirtualProtect
GlobalUnlock
GlobalSize
lstrcmpW
EnumResourceLanguagesW
GetVersion
LocalAlloc
SetPriorityClass
GetPrivateProfileIntW
SetProcessWorkingSetSize
ExitProcess
GetWindowsDirectoryW
GetProcessHeap
GetProcessTimes
GetSystemTimeAsFileTime
GlobalDeleteAtom
GlobalAddAtomW
GetFileAttributesExW
CompareFileTime
FlushInstructionCache
IsBadReadPtr
DosDateTimeToFileTime
CreateFileA
InterlockedCompareExchange
ReadFile
OutputDebugStringW
DebugBreak
MultiByteToWideChar
TerminateThread
SetLastError
DuplicateHandle
ReadProcessMemory
GetExitCodeProcess
WriteProcessMemory
VirtualFree
VirtualAlloc
VirtualAllocEx
VirtualFreeEx
GetStartupInfoA
GetModuleHandleA
GetModuleFileNameW
LoadLibraryW
GetProcAddress
LocalFree
GetModuleHandleW
TerminateProcess
GetCurrentProcess
SetEvent
GetCommandLineW
CloseHandle
OpenProcess
Sleep
GetLastError
CreateMutexW
WaitForMultipleObjects
MoveFileExW
GetTempFileNameW
GetTickCount
TlsAlloc
CreateEventW
SetFileAttributesW
GetFileAttributesW
ExpandEnvironmentStringsW
WaitForSingleObject
InitializeCriticalSection
CreateProcessW
GetCurrentProcessId
FreeLibrary
OpenThread
GetCurrentThreadId
RemoveDirectoryW
GetTempPathW
WideCharToMultiByte
DeleteFileW
WritePrivateProfileSectionW
GetLongPathNameW
WritePrivateProfileStringW
WritePrivateProfileStructW
GetPrivateProfileStringW
GetPrivateProfileSectionW
GetLocaleInfoW
ResetEvent
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileSize
CreateFileW
OpenFileMappingW
lstrlenA
TlsSetValue
lstrlenW
InterlockedIncrement
InterlockedDecrement
ResumeThread
GetThreadContext
SetThreadContext
SuspendThread
IsBadWritePtr
GetSystemDirectoryW
LocalFileTimeToFileTime
DeviceIoControl

user32

SetCapture
GetWindowTextLengthW
GetKeyNameTextW
GetClipboardData
GetMonitorInfoW
MonitorFromWindow
MonitorFromPoint
FindWindowW
DialogBoxParamW
RemovePropW
SetPropW
GetPropW
SubtractRect
SetDlgItemTextW
SetFocus
EndPaint
FillRect
GetClientRect
MapWindowPoints
GetDesktopWindow
GetWindowRect
GetDlgItem
BeginPaint
CopyRect
DestroyIcon
IsClipboardFormatAvailable
EnableMenuItem
GetSubMenu
LoadMenuW
InflateRect
SetWindowPos
SetWindowLongW
GetWindowLongW
CreateWindowExW
IsWindow
SendMessageW
SetWindowTextW
GetWindowTextW
CallWindowProcW
EnumChildWindows
GetMenuStringW
ReleaseCapture
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
IsIconic
GetDlgItemTextW
CallNextHookEx
RegisterHotKey
UnregisterHotKey
RegisterClassExW
MonitorFromRect
AdjustWindowRectEx
LoadImageW
WaitForInputIdle
MoveWindow
GetWindowModuleFileNameW
GetActiveWindow
IntersectRect
EnumThreadWindows
GetMenuItemID
GetMenuState
SetLayeredWindowAttributes
SetActiveWindow
GetMessageW
SetWindowPlacement
GetGUIThreadInfo
GetSysColor
InsertMenuItemW
SetRectEmpty
SetMenuInfo
MenuItemFromPoint
GetMessageExtraInfo
GetDoubleClickTime
CheckMenuRadioItem
LoadBitmapW
GetSystemMenu
SetMessageExtraInfo
EndDialog
KillTimer
GetMenu
GetFocus
DestroyMenu
InvalidateRect
SetTimer
SetRect
GetWindow
GetAncestor
GetSystemMetrics
DrawIconEx
LoadIconW
GetMessagePos
DrawTextW
RegisterWindowMessageW
LoadStringW
GetWindowThreadProcessId
FindWindowExW
AllowSetForegroundWindow
GetKeyboardLayout
EnumWindows
GetClassNameW
IsWindowVisible
MessageBoxW
IsDlgButtonChecked
DrawIcon
CheckDlgButton
ShowWindow
DestroyWindow
GetForegroundWindow
EnableWindow
SetParent
PostQuitMessage
keybd_event
MapVirtualKeyW
InSendMessageEx
SetWindowRgn
EndMenu
SetForegroundWindow
AttachThreadInput
IsWindowEnabled
SendMessageTimeoutW
EqualRect
PostThreadMessageW
SendMessageCallbackW
ReplyMessage
IsHungAppWindow
wvsprintfW
CharNextW
CreateAcceleratorTableW
PostMessageW
DefWindowProcW
ReleaseDC
GetDC
PtInRect
GetCursorPos
ScreenToClient
ClientToScreen
SetCursor
LoadCursorW
GetKeyState
SetWindowsHookExW
UnhookWindowsHookEx
RegisterClipboardFormatW
CreatePopupMenu
InsertMenuW
SetMenuItemInfoW
TrackMouseEvent
UpdateWindow
IsChild
CreateDialogIndirectParamW
TrackPopupMenu
TrackPopupMenuEx
LoadStringA
GetWindowDC
WindowFromPoint
GetWindowPlacement
SystemParametersInfoW
ActivateKeyboardLayout
SetClassLongW
IsZoomed
GetParent
DeleteMenu
RemoveMenu
CheckMenuItem
PeekMessageW
TranslateMessage
DispatchMessageW
MsgWaitForMultipleObjects
OffsetRect
CharNextA
CopyAcceleratorTableW
IsMenu
GetMenuItemCount
GetMenuItemInfoW
DestroyAcceleratorTable
TranslateAcceleratorW
LoadAcceleratorsW

gdi32

FillRgn
CreateRectRgn
RoundRect
SetPixel
CreatePolygonRgn
CreateRoundRectRgn
CombineRgn
GetTextExtentPoint32W
GetTextMetricsW
EnumFontsW
GetDIBits
GetStockObject
SetBkMode
DeleteDC
DeleteObject
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
MoveToEx
CreateSolidBrush
SetTextColor
CreateDIBSection
CreateRectRgnIndirect
SetBitmapBits
StretchBlt
SetStretchBltMode
Rectangle
CreatePen
CreateFontIndirectW
GetObjectW
GetBitmapBits
LineTo
GetDeviceCaps

comdlg32

ChooseColorW
GetSaveFileNameW
GetOpenFileNameW

advapi32

RegCreateKeyW
RegDeleteKeyW
RegSetValueExW
RegOpenKeyW
RegQueryValueExW
RegCloseKey
LookupPrivilegeValueW
OpenProcessToken
RegOpenKeyExW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegEnumKeyExW
GetTokenInformation
CopySid
RegSetKeySecurity
RegQueryInfoKeyW
RegEnumKeyW
GetLengthSid
InitializeAcl
AddAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegGetKeySecurity
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
AdjustTokenPrivileges

shell32

ShellExecuteW
SHChangeNotify
ShellExecuteExW
SHGetSpecialFolderPathW
SHGetFolderPathW
ord680
SHGetSpecialFolderLocation
SHGetFileInfoW
SHAppBarMessage
SHGetPathFromIDListW
SHBrowseForFolderW
ExtractIconExW
SHGetDesktopFolder
SHGetMalloc
Shell_NotifyIconW
DragQueryFileW
SHFileOperationW

ole32

OleRun
CLSIDFromProgID
PropVariantClear
CLSIDFromString
OleSetContainedObject
ReleaseStgMedium
CoMarshalInterface
GetHGlobalFromStream
OleDraw
OleCreate
OleInitialize
OleUninitialize
CreateStreamOnHGlobal
CoUnmarshalInterface
CoCreateGuid
StringFromCLSID
CoTaskMemFree
CoGetMalloc
CoUninitialize
CoRegisterClassObject
CoRevokeClassObject
CoInitialize
CoCreateInstance
RevokeDragDrop
OleDuplicateData
DoDragDrop
RegisterDragDrop

oleaut32

SysStringLen
SafeArrayDestroy
SafeArrayUnaccessData
SysAllocStringLen
SafeArrayCreateVector
VariantClear
SysAllocString
SafeArrayAccessData
SysFreeString

shlwapi

PathFindExtensionW
PathGetDriveNumberW
SHSetValueW
SHDeleteKeyW
StrStrIA
UrlGetPartW
PathFindFileNameW
PathMatchSpecA
UrlIsOpaqueW
PathAppendW
PathFileExistsW
PathIsDirectoryW
SHGetValueW
SHDeleteValueW
PathCombineW
StrStrIW
UrlCombineA
PathFindFileNameA
StrCmpIW
PathRemoveFileSpecW
UrlEscapeW
PathIsRootW
StrStrW
PathMatchSpecW
StrRStrIW
StrCatW
SHGetValueA
PathIsUNCW
StrRetToBufW
SHEnumKeyExW
StrStrA
UrlUnescapeW
SHStrDupW
PathIsURLW

wininet

UnlockUrlCacheEntryFileW
FindNextUrlCacheEntryW
FindFirstUrlCacheEntryA
DeleteUrlCacheEntryA
UnlockUrlCacheEntryFileA
FindNextUrlCacheEntryA
FindCloseUrlCache
InternetGetConnectedState
InternetCanonicalizeUrlW
InternetQueryOptionA
InternetSetStatusCallbackA
InternetOpenA
CommitUrlCacheEntryA
CreateUrlCacheEntryA
RetrieveUrlCacheEntryStreamA
UnlockUrlCacheEntryStream
InternetSetCookieW
InternetSetCookieExW
InternetSetCookieA
InternetSetCookieExA
InternetGetCookieExA
HttpAddRequestHeadersA
DeleteUrlCacheEntryW
GetUrlCacheEntryInfoW
CreateUrlCacheEntryW
CommitUrlCacheEntryW
FtpGetFileSize
HttpQueryInfoW
HttpOpenRequestW
HttpSendRequestExW
InternetOpenW
InternetConnectW
InternetSetOptionA
InternetSetStatusCallbackW
InternetCloseHandle
InternetReadFileExA
InternetReadFile
HttpEndRequestW
FtpOpenFileW
InternetWriteFile
InternetGetLastResponseInfoW
FtpCommandW
InternetSetOptionW
InternetCrackUrlW
InternetCrackUrlA
FindFirstUrlCacheEntryW
InternetTimeToSystemTimeA
HttpQueryInfoA
InternetQueryOptionW

wintrust

WinVerifyTrust
CryptCATAdminAcquireContext
CryptCATAdminEnumCatalogFromHash
CryptCATAdminReleaseCatalogContext
CryptCATAdminReleaseContext
CryptCATAdminCalcHashFromFileHandle

winmm

midiStreamClose
midiStreamOut
waveOutWrite

msvcp60

??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ

msvcrt

fclose
_stricmp
_wtoi64
_ui64tow
_wtol
tolower
isspace
isprint
_snprintf
toupper
malloc
free
isalnum
sprintf
iswalpha
wcspbrk
strchr
memmove
_ltow
_ftol
_wtoi
_local_unwind2
fread
wcsncat
_beginthreadex
time
wcsrchr
wcsncpy
??2@YAPAXI@Z
iswdigit
wcstok
_wcsicmp
wcschr
_itow
isalpha
_wcsnicmp
wcscpy
wcscat
wcsncmp
wcscmp
wcslen
wcsstr
_purecall
_snwprintf
__CxxFrameHandler
ftell
_except_handler3
fseek
fopen
_wfopen
fwrite
strstr
_vsnwprintf
mktime
_waccess
localtime
fflush
qsort
strncpy
strncmp
wcstod
iswspace
strrchr
fputs
_strlwr
strncat
_vsnprintf
swscanf
swprintf
fwprintf
_CIpow
towlower
_ismbslead
fprintf
_strnicmp
fgets
rewind
_atoi64
realloc
exit
scanf
printf
memset
memcpy
_CxxThrowException
__dllonexit
_onexit
?terminate@@YAXXZ
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
??1type_info@@UAE@XZ
_controlfp
fputws
__set_app_type

gdiplus

GdipSetImageAttributesGamma
GdipSaveImageToFile
GdipGetImageEncodersSize
GdiplusStartup
GdipSetImageAttributesColorMatrix
GdipCreateImageAttributes
GdipAlloc
GdipFree
GdipDisposeImageAttributes
GdipGetImageHeight
GdipGetImageWidth
GdipLoadImageFromStream
GdipSetInterpolationMode
GdipDrawImageRectRectI
GdipDeleteGraphics
GdipCreateFromHDC
GdipDisposeImage
GdipCloneImage
GdipGetImageEncoders

ws2_32

inet_addr

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

netapi32

Netbios

comctl32

ImageList_Destroy
ImageList_ReplaceIcon
ImageList_Remove
ImageList_Draw
ImageList_DrawEx
ImageList_GetIcon
ImageList_GetImageCount
ImageList_AddMasked
InitCommonControlsEx
ImageList_Duplicate
ImageList_SetBkColor
ImageList_GetIconSize
ImageList_Create

Sections

.text
Size: 868KB - Virtual size: 868KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 120KB - Virtual size: 1000KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taihang
Size: 188KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 480KB - Virtual size: 480KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a6fb01dd8152ced83b6f53d2595fe65b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

urlmon

psapi

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

wininet

wintrust

winmm

msvcp60

msvcrt

gdiplus

ws2_32

version

netapi32

comctl32

Sections

.text Size: 868KB - Virtual size: 868KB

.rdata Size: 80KB - Virtual size: 80KB

.data Size: 120KB - Virtual size: 1000KB

.taihang Size: 188KB - Virtual size: 188KB

.rsrc Size: 480KB - Virtual size: 480KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

.text
Size: 868KB - Virtual size: 868KB

.rdata
Size: 80KB - Virtual size: 80KB

.data
Size: 120KB - Virtual size: 1000KB

.taihang
Size: 188KB - Virtual size: 188KB

.rsrc
Size: 480KB - Virtual size: 480KB