0aea4b951e5bea77919a228f14501055c5cb8c2b9b55bd12d5955f7985082aeb

Sharing

Copy URL Twitter E-mail

General

Target

0aea4b951e5bea77919a228f14501055c5cb8c2b9b55bd12d5955f7985082aeb
Size

1.7MB
MD5

c4e44fe21e130d3cf2f38f1e4882f05c
SHA1

9e146ca76c500e1af6a81efa4bd80b758cc0b222
SHA256

0aea4b951e5bea77919a228f14501055c5cb8c2b9b55bd12d5955f7985082aeb
SHA512

bfa9a21f5f8d7a5a45deb4f59f9ace2ba8863b80433311d57ab078b26f06355655facc259421f5801bd24e75fc99e3ef91fa6990ab77231f2f00847291100183
SSDEEP

49152:3n+GI8YRiyPTtsHzWmeC/PyaxFI5UDORIN:X+x8PWmecl

Score

1^/10

Malware Config

Signatures

Files

0aea4b951e5bea77919a228f14501055c5cb8c2b9b55bd12d5955f7985082aeb
.exe windows:5 windows x86 arch:x86

11f82115d48a67aa1b7730e20c1f4397

Code Sign

12:60:2f:67:6c:11:fc:d5:82:b5:09:9a:45:c6:86:67
Certificate

Issuer

CN=WoSign Class 2 Code Signing CA G2,O=WoSign CA Limited,C=CN

Not Before

25/08/2015, 09:09

Not After

25/08/2016, 09:09

Subject

CN=Guo Fusen,L=Shanghe,ST=Shandong,C=CN,1.2.840.113549.1.9.1=#0c11626f6c756f406a6864617368692e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

4e:9a:d8:05:bb:29:ad:45:5a:98:8c:2a:55:d9:42:2d
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/11/2014, 00:58

Not After

08/11/2029, 00:58

Subject

CN=WoSign Class 2 Code Signing CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:39:65:c4:72:e0:dc:2b:d9:65:00:00:00:00:00:39
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

29/04/2015, 17:12

Not After

29/04/2025, 17:12

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9c:6c:ab:56:84:18:26:90:fc:2a:2c:c1:36:a5:55:c4:ee:29:60:de
Signer

Actual PE Digest

9c:6c:ab:56:84:18:26:90:fc:2a:2c:c1:36:a5:55:c4:ee:29:60:de

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Project\adfree\src\build\Release\adfree_app\adfree_app.pdb

Imports

kernel32

MoveFileExW
WaitForMultipleObjects
TerminateThread
ReleaseMutex
CreateMutexW
GetPrivateProfileIntW
OpenProcess
GetPrivateProfileStringW
CreateEventW
SetEvent
SetLastError
GetLastError
LoadLibraryA
GlobalFree
GlobalUnlock
WaitForSingleObject
GlobalLock
GetCurrentProcessId
GetProcAddress
WritePrivateProfileStringW
LoadLibraryW
GetModuleHandleW
FreeLibrary
DeleteCriticalSection
CreateRemoteThread
GetCurrentProcess
DeleteFileW
GetTempPathW
CloseHandle
MultiByteToWideChar
CreateFileW
ReadFile
GetFileAttributesW
WideCharToMultiByte
GetTickCount
GetModuleFileNameA
GetDiskFreeSpaceExW
CreateWaitableTimerW
ResetEvent
IsBadWritePtr
InterlockedExchangeAdd
EnterCriticalSection
LeaveCriticalSection
IsBadReadPtr
CancelWaitableTimer
SetWaitableTimer
GetVolumeInformationW
GetSystemDirectoryW
GetComputerNameW
LocalFree
GetCommandLineW
CreateToolhelp32Snapshot
Process32NextW
ReplaceFileW
VerifyVersionInfoW
VerSetConditionMask
GetTempFileNameW
SetFileAttributesW
FindNextFileW
RemoveDirectoryW
FindFirstFileW
GetEnvironmentVariableW
GetLocalTime
DuplicateHandle
SetFileTime
CreateDirectoryW
SystemTimeToFileTime
SetFilePointer
DosDateTimeToFileTime
GetFileSize
MulDiv
LockResource
SizeofResource
LoadResource
FindResourceW
FreeResource
SetEnvironmentVariableA
SetEndOfFile
GetCurrentDirectoryW
GetFullPathNameW
PeekNamedPipe
GetFileInformationByHandle
FileTimeToLocalFileTime
SetStdHandle
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetStringTypeW
FlushFileBuffers
GetConsoleCP
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
RaiseException
HeapSize
SetFilePointerEx
ReadConsoleW
GetConsoleMode
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
FindFirstFileExW
CreateProcessW
Process32FirstW
FindClose
TlsFree
TlsSetValue
Sleep
InitializeCriticalSection
GetCurrentThreadId
HeapFree
GetStdHandle
GetFileType
GetModuleFileNameW
GetModuleHandleExW
WriteConsoleW
GetSystemTimeAsFileTime
IsDebuggerPresent
IsProcessorFeaturePresent
HeapReAlloc
HeapAlloc
CreateThread
ExitThread
ResumeThread
EncodePointer
DecodePointer
ExitProcess
AreFileApisANSI
GetCommandLineA
GetProcessHeap
OutputDebugStringW
LoadLibraryExW
WriteFile
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetTimeZoneInformation
GetStartupInfoW
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TerminateProcess
TlsAlloc
TlsGetValue

user32

CreateWindowExA
GetWindowLongW
LoadMenuW
LoadIconW
RegisterClassExW
SendMessageA
GetWindowTextLengthA
EnableMenuItem
GetSubMenu
GetKeyState
TrackPopupMenu
PostQuitMessage
RegisterClassExA
DestroyWindow
RegisterClassA
SetWindowLongW
CreateWindowExW
SendMessageW
UpdateWindow
DestroyMenu
CallWindowProcW
DefWindowProcW
CheckMenuItem
IsZoomed
ClientToScreen
SetTimer
PostMessageW
KillTimer
SetForegroundWindow
FindWindowW
MessageBoxW
SetWindowPos
ShowWindow
GetClientRect
GetCursorPos
RegisterWindowMessageA
DispatchMessageW
IsWindowVisible
GetWindow
GetMonitorInfoW
GetPropW
EnableWindow
GetSystemMetrics
RegisterClassW
MonitorFromWindow
SetPropW
GetClassInfoExW
SetFocus
LoadCursorW
GetParent
LoadImageW
GetWindowRect
OffsetRect
InflateRect
SetCursor
IsIconic
ScreenToClient
SetWindowRgn
IsRectEmpty
MapWindowPoints
ReleaseCapture
ReleaseDC
InvalidateRect
GetDC
GetUpdateRect
PtInRect
BeginPaint
GetFocus
SetCapture
EndPaint
CharNextW
SetCaretPos
CreateCaret
GetCaretPos
GetSysColor
IntersectRect
ShowCaret
HideCaret
SetRect
CharPrevW
DrawTextW
FillRect
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
MoveWindow
CreateAcceleratorTableW
InvalidateRgn
CharLowerBuffW
GetMessageW
PeekMessageW
PostThreadMessageW
MessageBoxA
IsWindow
MsgWaitForMultipleObjects
TranslateMessage

gdi32

DeleteDC
GetTextMetricsW
BitBlt
SetWindowOrgEx
GetDeviceCaps
CreateSolidBrush
TextOutW
ExtSelectClipRgn
RoundRect
GetClipBox
CreateFontIndirectW
GetCharABCWidthsW
ExtTextOutW
CombineRgn
CreateRectRgnIndirect
CreatePenIndirect
SelectClipRgn
SetBkMode
SetBkColor
StretchBlt
CreateDIBSection
SetTextColor
LineTo
GetTextExtentPoint32W
MoveToEx
GetObjectA
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
Rectangle
GetStockObject
DeleteObject
SaveDC
GetObjectW
CreatePen
RestoreDC
CreateRoundRectRgn
SetStretchBltMode

shell32

Shell_NotifyIconW
CommandLineToArgvW
SHPathPrepareForWriteW
SHFileOperationW
Shell_NotifyIconA
ShellExecuteW
ShellExecuteExW
ShellExecuteA

ole32

CLSIDFromString
CoUninitialize
CLSIDFromProgID
CoInitialize
OleLockRunning
CoCreateInstance
OleUninitialize
OleInitialize

comctl32

ord17
_TrackMouseEvent

shlwapi

UrlGetPartA
PathRemoveFileSpecA
PathAppendA
StrStrIA
PathFileExistsW
PathCombineW
PathAppendW
PathRemoveFileSpecW
StrCmpIW
StrStrA
PathIsDirectoryW
PathFindFileNameW
StrStrIW
PathGetDriveNumberW
SHGetValueW
StrRStrIA

wininet

InternetCrackUrlA
InternetOpenW
InternetQueryOptionW
HttpSendRequestExW
InternetReadFileExA
InternetCrackUrlW
FtpOpenFileW
InternetReadFile
FtpCommandW
InternetConnectW
InternetSetOptionA
InternetWriteFile
InternetSetOptionW
InternetSetStatusCallbackW
HttpQueryInfoW
HttpOpenRequestW
FtpGetFileSize
HttpEndRequestW
InternetCloseHandle
InternetGetLastResponseInfoW

ws2_32

__WSAFDIsSet
select
WSAStartup
htonl
accept
listen
send
gethostbyname
gethostbyaddr
closesocket
socket
bind
recv
setsockopt
getsockname
ntohs
htons
inet_addr
WSAGetLastError
recvfrom
WSACleanup
getpeername
ntohl
inet_ntoa
connect

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

dnsapi

DnsFree
DnsQuery_A

advapi32

FreeSid
RegQueryValueExW
RegOpenKeyW
RegDeleteValueW
AllocateAndInitializeSid
CheckTokenMembership
RegCloseKey
RegSetValueExW
LookupAccountNameW
ConvertSidToStringSidW
RegOpenKeyExW
GetUserNameW

oleaut32

SysFreeString
VarBstrCmp
VariantInit
VariantClear
SysStringLen
SysAllocString

gdiplus

GdipAlloc
GdiplusStartup
GdipCreateFontFromDC
GdipDeleteStringFormat
GdiplusShutdown
GdipDeleteBrush
GdipFree
GdipCloneBrush
GdipCreateFontFromLogfontA
GdipSetStringFormatLineAlign
GdipSetTextRenderingHint
GdipDeleteFont
GdipDeleteGraphics
GdipSetStringFormatAlign
GdipCreateStringFormat
GdipDrawString
GdipCreateFromHDC
GdipCreateLineBrushI

Sections

.text
Size: 778KB - Virtual size: 778KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 211KB - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 713KB - Virtual size: 712KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

11f82115d48a67aa1b7730e20c1f4397

Code Sign

12:60:2f:67:6c:11:fc:d5:82:b5:09:9a:45:c6:86:67Certificate

Extended Key Usages

Key Usages

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

4e:9a:d8:05:bb:29:ad:45:5a:98:8c:2a:55:d9:42:2dCertificate

Extended Key Usages

Key Usages

33:00:00:00:39:65:c4:72:e0:dc:2b:d9:65:00:00:00:00:00:39Certificate

Extended Key Usages

Key Usages

9c:6c:ab:56:84:18:26:90:fc:2a:2c:c1:36:a5:55:c4:ee:29:60:deSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

shell32

ole32

comctl32

shlwapi

wininet

ws2_32

imm32

version

dnsapi

advapi32

oleaut32

gdiplus

Sections

.text Size: 778KB - Virtual size: 778KB

.rdata Size: 211KB - Virtual size: 211KB

.data Size: 13KB - Virtual size: 29KB

.rsrc Size: 713KB - Virtual size: 712KB

.reloc Size: 41KB - Virtual size: 40KB

12:60:2f:67:6c:11:fc:d5:82:b5:09:9a:45:c6:86:67
Certificate

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

4e:9a:d8:05:bb:29:ad:45:5a:98:8c:2a:55:d9:42:2d
Certificate

33:00:00:00:39:65:c4:72:e0:dc:2b:d9:65:00:00:00:00:00:39
Certificate

9c:6c:ab:56:84:18:26:90:fc:2a:2c:c1:36:a5:55:c4:ee:29:60:de
Signer

.text
Size: 778KB - Virtual size: 778KB

.rdata
Size: 211KB - Virtual size: 211KB

.data
Size: 13KB - Virtual size: 29KB

.rsrc
Size: 713KB - Virtual size: 712KB

.reloc
Size: 41KB - Virtual size: 40KB