750c5db59ef76abccf19d1870402d11ea33364a441522d9f00c06ff8b1de8dc0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

750c5db59ef76abccf19d1870402d11ea33364a441522d9f00c06ff8b1de8dc0.exe
Size

1.5MB
MD5

ab963be8b641c4efb1143cb1baf224e3
SHA1

ec3f3b8843ee4bf4f1c629228b5d4fcf986667fc
SHA256

750c5db59ef76abccf19d1870402d11ea33364a441522d9f00c06ff8b1de8dc0
SHA512

baf13e387a2de2b05faaa210f633dfce6808e8b1aa7776b253fd2688f4d98d3a094951ce5186f94286e83b33d4b19abea8a0aa64c4981603ae5105bf07b87d82
SSDEEP

24576:OhqrH3zOYYAkWPkCgLoy8Wq+DxKaoX+MQ134HI2pN:OKH3S5AkghCx8BQKI2pN

Score

1^/10

Malware Config

Signatures

Files

750c5db59ef76abccf19d1870402d11ea33364a441522d9f00c06ff8b1de8dc0.exe
.exe windows:5 windows x86 arch:x86

b826f043b249aea362c5cac3bad16659

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:fe:b5:55:70:f8:da:94:bb:c4:04:3b:09:44:6f:fe
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29/11/2017, 00:00

Not After

29/11/2019, 23:59

Subject

SERIALNUMBER=91310114MA1GT9FP6N,CN=Shanghai Changzhi Network Technology Co.\, Ltd.,OU=IT,O=Shanghai Changzhi Network Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13074a696164696e67,1.3.6.1.4.1.311.60.2.1.2=#13085368616e67686169,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:fe:b5:55:70:f8:da:94:bb:c4:04:3b:09:44:6f:fe
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29/11/2017, 00:00

Not After

29/11/2019, 23:59

Subject

SERIALNUMBER=91310114MA1GT9FP6N,CN=Shanghai Changzhi Network Technology Co.\, Ltd.,OU=IT,O=Shanghai Changzhi Network Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13074a696164696e67,1.3.6.1.4.1.311.60.2.1.2=#13085368616e67686169,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

72:70:b7:4c:3e:91:0e:10:9d:e4:a3:d8:84:b5:44:cd:57:f3:11:06:67:dd:35:44:47:7a:50:cf:f0:d8:34:66
Signer

Actual PE Digest

72:70:b7:4c:3e:91:0e:10:9d:e4:a3:d8:84:b5:44:cd:57:f3:11:06:67:dd:35:44:47:7a:50:cf:f0:d8:34:66

Digest Algorithm

sha256

PE Digest Matches

true

f0:44:de:45:a6:20:01:e1:45:73:59:72:b8:df:7d:c7:f4:94:c2:35
Signer

Actual PE Digest

f0:44:de:45:a6:20:01:e1:45:73:59:72:b8:df:7d:c7:f4:94:c2:35

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\work\trunk2\downloader\bin\ldplayerinst.pdb

Imports

kernel32

HeapSize
SetLastError
GetLogicalDriveStringsW
GetDriveTypeW
DeviceIoControl
GetDiskFreeSpaceExW
GetVolumeInformationW
GetCurrentProcess
DuplicateHandle
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
ReleaseSemaphore
VirtualProtect
VirtualFree
VirtualAlloc
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
HeapReAlloc
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SwitchToThread
SignalObjectAndWait
WaitForSingleObjectEx
CreateTimerQueue
CreateDirectoryW
HeapDestroy
DecodePointer
FindResourceExW
InitializeCriticalSectionAndSpinCount
RaiseException
LockResource
SizeofResource
FreeResource
LoadResource
FindResourceW
GetTickCount
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
HeapFree
HeapAlloc
GetProcessHeap
GlobalUnlock
GlobalLock
GlobalAlloc
GetLocalTime
CreateMutexW
GetVersionExW
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryW
GetFileAttributesExW
FindFirstFileExW
GetStartupInfoW
GetProcAddress
GetModuleHandleW
TerminateProcess
CreateProcessW
GetStdHandle
GetExitCodeProcess
SetFilePointer
WriteFile
ReadFile
GetModuleFileNameW
FindClose
DeleteFileW
FindNextFileW
FindFirstFileW
MoveFileExW
GetFileSize
GetFileSizeEx
CreateFileW
SetEndOfFile
WriteConsoleW
SetStdHandle
OutputDebugStringW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
FreeLibrary
Sleep
SetEvent
CloseHandle
TerminateThread
WaitForSingleObject
CreateEventW
CreateTimerQueueTimer
GetLastError
GetACP
ExitProcess
MulDiv
GetCurrentProcessId
EncodePointer
CreateThread
ExitThread
LoadLibraryExW
RtlUnwind
IsDebuggerPresent
IsProcessorFeaturePresent
GetCommandLineW
GetSystemTimeAsFileTime
GetCPInfo
GetModuleHandleExW
GetCurrentThread
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateSemaphoreW
IsValidCodePage
GetOEMCP
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetFileType
GetConsoleCP
GetStringTypeW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers

user32

GetClassInfoExW
IsWindow
SetFocus
GetClientRect
GetParent
GetWindow
LoadImageW
IsWindowVisible
CharNextW
GetActiveWindow
GetFocus
GetKeyState
SetCapture
ReleaseCapture
BeginPaint
EndPaint
GetUpdateRect
InvalidateRect
GetCursorPos
ScreenToClient
MapWindowPoints
IntersectRect
IsRectEmpty
PtInRect
IsZoomed
SetWindowRgn
GetWindowTextW
GetWindowTextLengthW
RegisterClassExW
GetCaretPos
CharPrevW
DrawTextW
FillRect
SetRect
CreateCaret
HideCaret
ShowCaret
SetCaretPos
ClientToScreen
GetSysColor
CreateAcceleratorTableW
InvalidateRgn
GetGUIThreadInfo
wsprintfW
GetMonitorInfoW
MonitorFromWindow
MoveWindow
GetWindowRect
SetTimer
KillTimer
GetSystemMetrics
IsIconic
SendMessageW
GetWindowLongW
ShowWindow
SetForegroundWindow
BringWindowToTop
SetWindowPos
CallWindowProcW
DispatchMessageW
TranslateMessage
GetCaretBlinkTime
GetMessageW
GetDC
LoadCursorW
OffsetRect
UnionRect
SetCursor
wvsprintfW
EnableWindow
ReleaseDC
DefWindowProcW
PostMessageW
GetPropW
SetPropW
FindWindowExW
CreateWindowExW
SetWindowLongW
DestroyWindow
MessageBoxW
SetWindowTextW
PostQuitMessage
RegisterClassW

gdi32

LineTo
RoundRect
SelectClipRgn
ExtSelectClipRgn
GetTextExtentPoint32W
StretchBlt
SetStretchBltMode
CreateDIBSection
MoveToEx
TextOutW
ExtTextOutW
GetClipBox
GetCharABCWidthsW
CreateRectRgnIndirect
CreatePenIndirect
CombineRgn
SetTextColor
SetBkMode
CreateSolidBrush
CreatePatternBrush
GetObjectA
CreateRoundRectRgn
SetWindowOrgEx
GetTextMetricsW
SaveDC
RestoreDC
Rectangle
CreatePen
CreateFontIndirectW
GetObjectW
DeleteDC
GetDeviceCaps
SetBkColor
GdiFlush
DeleteObject
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetStockObject

advapi32

RegCloseKey
RegCreateKeyW
RegQueryValueExW

shell32

SHBrowseForFolderW
ShellExecuteW
SHGetFolderPathW
ord165
SHGetPathFromIDListW
SHGetMalloc
ShellExecuteExW

ole32

CoUninitialize
CoInitialize
CoCreateInstance
CLSIDFromProgID
OleLockRunning
CreateStreamOnHGlobal
CLSIDFromString

shlwapi

PathFileExistsW
PathIsRootW
StrStrIW
StrStrIA

ws2_32

socket
gethostbyname
inet_addr
ntohs
WSAStartup
connect
send
recv
shutdown
closesocket
setsockopt

wininet

HttpSendRequestW
InternetReadFile
HttpQueryInfoW
HttpEndRequestW
HttpOpenRequestW
HttpSendRequestExW
InternetCloseHandle
InternetOpenW
InternetConnectW

comctl32

_TrackMouseEvent
ord17

imm32

ImmReleaseContext
ImmSetCompositionFontW
ImmGetContext
ImmSetCompositionWindow

oleaut32

SysFreeString
VariantClear
VariantInit
SysAllocString

gdiplus

GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipSetPixelOffsetMode
GdipSetSmoothingMode
GdipSetCompositingQuality
GdipGetImageHeight
GdipCreateFromHDC
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdipCreateLineBrushI
GdipDeleteBrush
GdipCloneBrush
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc
GdipGetImageWidth
GdipLoadImageFromStream
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDrawString
GdipGetFamily
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDeleteFontFamily
GdipDrawImageRectI
GdipDrawImage
GdipDeleteGraphics
GdipGraphicsClear

Sections

.text
Size: 755KB - Virtual size: 755KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 185KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 529KB - Virtual size: 528KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b826f043b249aea362c5cac3bad16659

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78Certificate

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49Certificate

Extended Key Usages

Key Usages

1f:fe:b5:55:70:f8:da:94:bb:c4:04:3b:09:44:6f:feCertificate

Extended Key Usages

Key Usages

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78Certificate

Key Usages

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49Certificate

Extended Key Usages

Key Usages

1f:fe:b5:55:70:f8:da:94:bb:c4:04:3b:09:44:6f:feCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6Certificate

Extended Key Usages

Key Usages

72:70:b7:4c:3e:91:0e:10:9d:e4:a3:d8:84:b5:44:cd:57:f3:11:06:67:dd:35:44:47:7a:50:cf:f0:d8:34:66Signer

f0:44:de:45:a6:20:01:e1:45:73:59:72:b8:df:7d:c7:f4:94:c2:35Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

ws2_32

wininet

comctl32

imm32

oleaut32

gdiplus

Sections

.text Size: 755KB - Virtual size: 755KB

.rdata Size: 185KB - Virtual size: 185KB

.data Size: 19KB - Virtual size: 55KB

.rsrc Size: 529KB - Virtual size: 528KB

.reloc Size: 43KB - Virtual size: 42KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

1f:fe:b5:55:70:f8:da:94:bb:c4:04:3b:09:44:6f:fe
Certificate

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

1f:fe:b5:55:70:f8:da:94:bb:c4:04:3b:09:44:6f:fe
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

72:70:b7:4c:3e:91:0e:10:9d:e4:a3:d8:84:b5:44:cd:57:f3:11:06:67:dd:35:44:47:7a:50:cf:f0:d8:34:66
Signer

f0:44:de:45:a6:20:01:e1:45:73:59:72:b8:df:7d:c7:f4:94:c2:35
Signer

.text
Size: 755KB - Virtual size: 755KB

.rdata
Size: 185KB - Virtual size: 185KB

.data
Size: 19KB - Virtual size: 55KB

.rsrc
Size: 529KB - Virtual size: 528KB

.reloc
Size: 43KB - Virtual size: 42KB