16a7c2b3b40b3c847f2f3dc5d631a3b540bf2be11f8a4923d70dc8c7f350c4b6

Sharing

Copy URL

Twitter E-mail

General

Target

16a7c2b3b40b3c847f2f3dc5d631a3b540bf2be11f8a4923d70dc8c7f350c4b6
Size

1.5MB
MD5

884b60f03220ee29a196cc567ec9feb7
SHA1

3fbeedede350e79734287356321535a795f2f35a
SHA256

16a7c2b3b40b3c847f2f3dc5d631a3b540bf2be11f8a4923d70dc8c7f350c4b6
SHA512

83e0e06a451579d94b13a826fb8de5680c461eb8b508f459975a76756dc1927a4e122c3a4337c837931d73d9d2c36d341bde935459a8afa31e9105fe2d4f649c
SSDEEP

24576:a6tHYTouD/jn5C/AYTYIT9fAYsxuHGHPTLe4ovSkPJTvXTml:amHYTopoYTYIT9JsgmHPTLe4mS0jTml

Score

1^/10

Malware Config

Signatures

Files

16a7c2b3b40b3c847f2f3dc5d631a3b540bf2be11f8a4923d70dc8c7f350c4b6
.exe windows:4 windows x86 arch:x86

0a415976dd2c8c933f9da98de4a292ea

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

7f:43:34:d8:ea:88:95:32:91:21:c9:7d:8f:df:3a:d3
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

06/07/2009, 00:00

Not After

06/07/2011, 23:59

Subject

CN=Beijing ShengjingWanwei Technology Co.\,Ltd.,OU=Class 3 - for Microsoft Authenticode Signing,O=Beijing ShengjingWanwei Technology Co.\,Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

urlmon

CoInternetGetSession
CoGetClassObjectFromURL
CoInternetCombineUrl
RevokeBindStatusCallback
ObtainUserAgentString
RegisterBindStatusCallback

psapi

GetProcessMemoryInfo
GetModuleInformation

kernel32

GetShortPathNameW
GetFileSize
CreateDirectoryW
FreeResource
LockResource
GlobalLock
GlobalAlloc
SizeofResource
LoadResource
FindResourceW
MoveFileW
GetLocalTime
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileTime
lstrcmpA
CreateThread
GetSystemTime
TlsGetValue
GetCurrentThread
HeapFree
HeapAlloc
HeapCreate
HeapDestroy
VirtualProtect
DeviceIoControl
GlobalUnlock
GlobalSize
GlobalFree
EnumResourceLanguagesW
GetVersion
LocalAlloc
GetSystemInfo
SetProcessWorkingSetSize
ExitProcess
GetWindowsDirectoryW
GetProcessHeap
GetProcessTimes
GetSystemTimeAsFileTime
GlobalDeleteAtom
FindFirstFileW
ResetEvent
FlushInstructionCache
LocalFileTimeToFileTime
DosDateTimeToFileTime
CreateFileA
SetThreadPriority
PostQueuedCompletionStatus
CreateIoCompletionPort
GetExitCodeThread
SwitchToThread
lstrcmpiA
ExitThread
lstrcmpiW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetStartupInfoA
GetModuleHandleA
SuspendThread
SetThreadContext
GetThreadContext
ResumeThread
InterlockedCompareExchange
GetLocaleInfoW
GetPrivateProfileStringW
DeleteFileW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetTempPathW
RemoveDirectoryW
GetCurrentThreadId
OpenThread
WaitForSingleObject
InitializeCriticalSection
Sleep
ExpandEnvironmentStringsW
GetFileAttributesW
SetFileAttributesW
GetCurrentProcessId
OpenProcess
GetTempFileNameW
FindNextFileW
FindClose
CopyFileW
FreeLibrary
VirtualAlloc
VirtualFree
SetErrorMode
SetUnhandledExceptionFilter
VirtualQuery
GetVersionExW
WriteFile
SetFileTime
GetDiskFreeSpaceExW
SetFilePointer
SetEndOfFile
GetTickCount
SystemTimeToFileTime
CreateWaitableTimerW
SetWaitableTimer
WaitForMultipleObjects
CancelWaitableTimer
IsBadReadPtr
IsBadWritePtr
GetSystemDirectoryW
CreateFileW
ReadFile
LocalFree
CreateProcessW
WideCharToMultiByte
TerminateThread
SetLastError
SetEvent
lstrlenA
MultiByteToWideChar
VirtualFreeEx
ReadProcessMemory
GetExitCodeProcess
VirtualAllocEx
WriteProcessMemory
DuplicateHandle
TlsSetValue
GlobalAddAtomW
CreateEventW
GetQueuedCompletionStatus
ReadDirectoryChangesW
GetThreadPriority
InterlockedDecrement
InterlockedIncrement
lstrlenW
LoadLibraryW
GetProcAddress
GetModuleHandleW
GetLongPathNameW
GetModuleFileNameW
TerminateProcess
GetCurrentProcess
TlsFree
GetCommandLineW
CloseHandle
GetLastError
CreateMutexW
MoveFileExW
TlsAlloc
CompareFileTime

user32

GetPropW
EndDialog
SetDlgItemTextW
SetFocus
EndPaint
FillRect
GetClientRect
MapWindowPoints
GetDesktopWindow
GetWindowRect
SetPropW
RemovePropW
DialogBoxParamW
RedrawWindow
ShowCursor
RegisterClassW
MessageBeep
EnumThreadWindows
MoveWindow
GetMenuItemID
GetMenuState
SetLayeredWindowAttributes
SetActiveWindow
SetWindowPlacement
GetGUIThreadInfo
GetWindow
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetSysColor
InsertMenuItemW
SetRectEmpty
TrackPopupMenu
TrackPopupMenuEx
SetMenuInfo
GetMenuInfo
MenuItemFromPoint
CheckMenuRadioItem
LoadBitmapW
GetDoubleClickTime
GetSystemMenu
DestroyMenu
FindWindowW
ClientToScreen
ScreenToClient
GetCursorPos
PtInRect
GetDC
ReleaseDC
DefWindowProcW
PostMessageW
CallWindowProcW
GetWindowTextW
SetWindowTextW
SendMessageW
IsWindow
CreateWindowExW
GetWindowLongW
SetWindowLongW
SetWindowPos
CopyRect
DestroyIcon
BeginPaint
GetDlgItem
IsClipboardFormatAvailable
EnableMenuItem
GetSubMenu
LoadMenuW
KillTimer
GetMenu
GetFocus
InvalidateRect
SetTimer
LoadStringW
RegisterWindowMessageW
AllowSetForegroundWindow
GetWindowThreadProcessId
GetKeyboardLayout
EnumWindows
GetClassNameW
IsWindowVisible
IsDlgButtonChecked
DrawIcon
GetKeyState
LoadIconW
DrawTextW
CheckDlgButton
ShowWindow
DestroyWindow
MessageBoxW
GetForegroundWindow
IntersectRect
GetWindowRgn
EnableWindow
GetAncestor
SetForegroundWindow
TranslateMessage
DispatchMessageW
PeekMessageW
SetWindowRgn
GetActiveWindow
GetWindowModuleFileNameW
LoadImageW
IsHungAppWindow
AdjustWindowRectEx
MonitorFromRect
RegisterClassExW
UnregisterHotKey
RegisterHotKey
SubtractRect
SetParent
MonitorFromPoint
MonitorFromWindow
GetMonitorInfoW
GetClipboardData
GetKeyNameTextW
GetWindowTextLengthW
CheckMenuItem
EnumChildWindows
SetCursorPos
GetMenuStringW
ReleaseCapture
SetCapture
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
IsIconic
GetDlgItemTextW
MapVirtualKeyW
keybd_event
GetMessagePos
RegisterClipboardFormatW
CreatePopupMenu
InsertMenuW
SetMenuItemInfoW
FindWindowExW
LoadCursorW
SetCursor
TrackMouseEvent
UpdateWindow
IsChild
CharNextW
GetWindowDC
WindowFromPoint
GetWindowPlacement
SystemParametersInfoW
GetMessageW
ActivateKeyboardLayout
SetClassLongW
GetParent
GetSystemMetrics
DeleteMenu
RemoveMenu
IsZoomed
MsgWaitForMultipleObjects
OffsetRect
InflateRect
DrawIconEx
CopyAcceleratorTableW
IsMenu
GetMenuItemCount
GetMenuItemInfoW
DestroyAcceleratorTable
TranslateAcceleratorW
LoadAcceleratorsW
CreateAcceleratorTableW
InSendMessageEx
ReplyMessage
PostThreadMessageW
EqualRect
WaitForInputIdle
SendMessageTimeoutW
EndMenu
AttachThreadInput
PostQuitMessage

gdi32

CreateFontIndirectW
CreateRectRgnIndirect
FillRgn
TextOutW
GetStockObject
SetBkMode
DeleteDC
DeleteObject
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
SetBitmapBits
CreateDIBSection
SetTextColor
CreateSolidBrush
StretchBlt
SetStretchBltMode
Rectangle
CreatePen
GetObjectW
GetBitmapBits
LineTo
MoveToEx
GetDeviceCaps
GetDIBits
EnumFontsW
GetTextMetricsW
CombineRgn
CreateRectRgn
CreateRoundRectRgn
CreatePolygonRgn
SetPixel
RoundRect
SetBkColor

comdlg32

GetSaveFileNameW
ChooseColorW
GetOpenFileNameW

advapi32

RegOpenKeyW
RegQueryValueExW
RegSetValueExW
RegCreateKeyW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetTokenInformation
GetLengthSid
ConvertStringSidToSidW
DuplicateTokenEx
RegOpenKeyExW
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
RegGetKeySecurity
FreeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAce
InitializeAcl
AllocateAndInitializeSid
RegEnumKeyW
RegQueryInfoKeyW
RegSetKeySecurity
CopySid
GetTokenInformation
RegCloseKey

shell32

SHGetFileInfoW
DragQueryFileW
Shell_NotifyIconW
SHBrowseForFolderW
SHGetPathFromIDListW
SHAppBarMessage
SHChangeNotify
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHGetMalloc
SHGetFolderPathW
ShellExecuteW
ShellExecuteExW
SHGetSpecialFolderPathW
ord680
SHFileOperationW
ExtractIconExW

ole32

RegisterDragDrop
DoDragDrop
OleDuplicateData
PropVariantClear
CLSIDFromProgID
OleRun
CLSIDFromString
OleSetContainedObject
ReleaseStgMedium
CoMarshalInterface
GetHGlobalFromStream
OleDraw
OleCreate
OleInitialize
OleUninitialize
RevokeDragDrop
CoCreateInstance
CoRevokeClassObject
CoRegisterClassObject
CoGetClassObject
CreateStreamOnHGlobal
CoUnmarshalInterface
CoCreateGuid
CoUninitialize
StringFromCLSID
CoTaskMemFree
CoGetMalloc
CoInitialize

oleaut32

SysAllocString
SysAllocStringLen
SysStringLen
VariantClear
SafeArrayCreateVector
SystemTimeToVariantTime
SafeArrayDestroy
SafeArrayAccessData
SysFreeString

shlwapi

PathFindFileNameW
PathFindExtensionW
StrStrIW
PathFileExistsW
PathIsURLW
PathCombineW
PathIsDirectoryW
UrlIsOpaqueW
SHGetValueW
UrlGetPartW
StrStrIA
StrCmpW
PathFindFileNameA
StrCmpIW
PathRemoveFileSpecW
UrlEscapeW
PathIsRootW
UrlCanonicalizeW
StrStrW
PathMatchSpecW
PathIsUNCW
StrRetToBufW
SHEnumKeyExW
SHDeleteKeyW
SHSetValueW
SHDeleteValueW
UrlUnescapeW
SHStrDupW
PathGetDriveNumberW

wininet

InternetSetCookieExW
InternetCrackUrlW
InternetSetOptionW
InternetQueryOptionW
FtpCommandW
InternetGetLastResponseInfoW
InternetWriteFile
FtpOpenFileW
InternetTimeToSystemTimeW
FindFirstUrlCacheEntryW
UnlockUrlCacheEntryFileW
FindNextUrlCacheEntryW
FindFirstUrlCacheEntryA
DeleteUrlCacheEntryA
UnlockUrlCacheEntryFileA
FindNextUrlCacheEntryA
FindCloseUrlCache
InternetGetConnectedState
InternetCanonicalizeUrlW
CreateUrlCacheEntryW
CommitUrlCacheEntryW
InternetSetStatusCallbackA
HttpOpenRequestA
InternetOpenA
CommitUrlCacheEntryA
InternetSetCookieW
DeleteUrlCacheEntryW
InternetGetCookieW
InternetGetCookieExW
HttpAddRequestHeadersA
GetUrlCacheEntryInfoW
HttpQueryInfoW
FtpGetFileSize
HttpOpenRequestW
HttpSendRequestExW
InternetOpenW
InternetConnectW
InternetSetOptionA
InternetSetStatusCallbackW
InternetCloseHandle
InternetReadFileExA
InternetReadFile
HttpEndRequestW

winmm

waveOutWrite
midiStreamClose
midiStreamOut

dsound

ord1

wintrust

CryptCATAdminCalcHashFromFileHandle
CryptCATAdminReleaseContext
CryptCATAdminReleaseCatalogContext
CryptCATAdminEnumCatalogFromHash
CryptCATAdminAcquireContext
WinVerifyTrust

msvcp60

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHABV12@@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIPBDI@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB

msvcrt

_wcsicmp
time
_wtoi
_beginthreadex
wcsrchr
wcsncpy
??2@YAPAXI@Z
wcschr
_itow
_ftol
_wcsnicmp
wcscpy
wcscat
wcsncmp
wcscmp
wcsstr
wcslen
_purecall
_snwprintf
__CxxFrameHandler
_ltow
wcspbrk
iswalpha
sprintf
isalnum
toupper
_snprintf
_ui64tow
_wtol
wcsncat
isalpha
_wtoi64
_stricmp
fclose
fread
ftell
fseek
fopen
_wfopen
fwrite
memmove
free
malloc
strstr
strchr
_except_handler3
mktime
_wmakepath
_wsplitpath
atoi
strtok
localtime
fflush
wcstok
vswprintf
swprintf
iswdigit
strrchr
strncpy
strncmp
wcstod
iswspace
fputs
swscanf
fputws
fwprintf
_strlwr
strncat
_CIpow
towlower
_ismbslead
fprintf
_strnicmp
fgets
rewind
_atoi64
realloc
exit
scanf
printf
memset
memcpy
_CxxThrowException
_onexit
?terminate@@YAXXZ
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
??1type_info@@UAE@XZ
_controlfp
_wcsdup
qsort
__dllonexit

gdiplus

GdipSetImageAttributesGamma
GdipSetImageAttributesColorMatrix
GdipSaveImageToFile
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipCloneImage
GdipDisposeImage
GdipCreateFromHDC
GdipDeleteGraphics
GdipDrawImageRectRectI
GdipSetInterpolationMode
GdipLoadImageFromStream
GdipGetImageWidth
GdipGetImageHeight
GdipAlloc
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipFree
GdiplusStartup
GdiplusShutdown

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

netapi32

Netbios

comctl32

ImageList_Create
ImageList_DragMove
ImageList_Destroy
ImageList_ReplaceIcon
ImageList_Remove
ImageList_Draw
ImageList_GetIcon
ImageList_GetImageCount
ImageList_AddMasked
InitCommonControlsEx
ImageList_Duplicate
ImageList_SetBkColor
ImageList_DrawEx
ImageList_GetIconSize
ImageList_DragShowNolock
ImageList_DragEnter
ImageList_BeginDrag
ImageList_EndDrag

Sections

.text
Size: 860KB - Virtual size: 858KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taihang
Size: 168KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 397KB - Virtual size: 397KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0a415976dd2c8c933f9da98de4a292ea

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04Certificate

Extended Key Usages

Key Usages

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0dCertificate

Extended Key Usages

Key Usages

7f:43:34:d8:ea:88:95:32:91:21:c9:7d:8f:df:3a:d3Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

urlmon

psapi

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

wininet

winmm

dsound

wintrust

msvcp60

msvcrt

gdiplus

version

netapi32

comctl32

Sections

.text Size: 860KB - Virtual size: 858KB

.rdata Size: 68KB - Virtual size: 64KB

.data Size: 76KB - Virtual size: 1.7MB

.taihang Size: 168KB - Virtual size: 165KB

.rsrc Size: 397KB - Virtual size: 397KB

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

7f:43:34:d8:ea:88:95:32:91:21:c9:7d:8f:df:3a:d3
Certificate

.text
Size: 860KB - Virtual size: 858KB

.rdata
Size: 68KB - Virtual size: 64KB

.data
Size: 76KB - Virtual size: 1.7MB

.taihang
Size: 168KB - Virtual size: 165KB

.rsrc
Size: 397KB - Virtual size: 397KB