facbcb4ed45be7f4978c39e53de5eeb97cc0915b8b16dff6097c19bf4c5469d9

Sharing

Copy URL

Twitter E-mail

General

Target

facbcb4ed45be7f4978c39e53de5eeb97cc0915b8b16dff6097c19bf4c5469d9
Size

69KB
MD5

eba7fa4013dcb38e75a1ab249b3db3c6
SHA1

e2287830d19395fc45a2ed8c19557d2ade556e45
SHA256

facbcb4ed45be7f4978c39e53de5eeb97cc0915b8b16dff6097c19bf4c5469d9
SHA512

80546491e89449ab832b5ad9ef092e3057d040d79343e71bad2ff62597be2ebf52189f74051248de7bcb90fd1c7a8d472956f84090a0b864bb89a912b3cfeb20
SSDEEP

1536:nmXDKvU1DIF5nNP/WxUVgOAfNLPnToIfSRgBpZTDljEVu:aO5nNnWygOAfNLfTBfS2LjEVu

Score

1^/10

Malware Config

Signatures

Files

facbcb4ed45be7f4978c39e53de5eeb97cc0915b8b16dff6097c19bf4c5469d9
.exe windows:5 windows x86 arch:x86

b427139e9c5667cfaca561dbb3078dca

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4f:9e:d9:31:be:e8:ee:dd:8b:fc:72:c7:0c:43:f1:fd
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29-12-2014 00:00

Not After

28-12-2017 23:59

Subject

CN=GuangZhou KuGou Computer Technology Co.\,Ltd.,OU=PC Development Dept.,O=GuangZhou KuGou Computer Technology Co.\,Ltd.,L=Guangzhou,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

fc:c5:49:3e:8e:4c:9e:cd:90:f5:b9:fc:7d:e9:6d:2c:9b:bf:34:ac
Signer

Actual PE Digest

fc:c5:49:3e:8e:4c:9e:cd:90:f5:b9:fc:7d:e9:6d:2c:9b:bf:34:ac

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
CloseHandle
GetModuleHandleW
CreateFileW
DeleteFileW
DecodePointer
GetFileSize
ReadFile
DeleteCriticalSection
WritePrivateProfileStringW
GetTickCount
CreateEventW
WaitForSingleObject
SetEvent
GetWindowsDirectoryW
InitializeCriticalSectionAndSpinCount
GetLastError
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
EncodePointer
GetModuleFileNameW
IsDebuggerPresent
OutputDebugStringW
GetSystemDirectoryW

infra

?BaseName@FilePath@base@@QBE?AV12@XZ
?Append@FilePath@base@@QBE?AV12@V?$BasicStringPiece@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@Z
??4FilePath@base@@QAEAAV01@ABV01@@Z
??1FilePath@base@@QAE@XZ
??0FilePath@base@@QAE@XZ
??0FilePath@base@@QAE@V?$BasicStringPiece@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@1@@Z
?DeleteFileW@base@@YA_NABVFilePath@1@_N@Z
?SplitString@base@@YAXABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_WPAV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@3@@Z
?StringPrintf@base@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PB_WZZ
?empty@FilePath@base@@QBE_NXZ
?ReferencesParent@FilePath@base@@QBE_NXZ
??1LogMessage@logging@@QAE@XZ
?MakeAbsoluteFilePath@base@@YA?AVFilePath@1@ABV21@@Z
?GetCurrentDirectoryW@base@@YA_NPAVFilePath@1@@Z
??0LockImpl@internal@base@@QAE@XZ
??1LockImpl@internal@base@@QAE@XZ
?Lock@LockImpl@internal@base@@QAEXXZ
?Unlock@LockImpl@internal@base@@QAEXXZ
??0CallbackBase@internal@base@@QAE@ABV012@@Z
??0CallbackBase@internal@base@@IAE@PAVBindStateBase@12@@Z
??1CallbackBase@internal@base@@IAE@XZ
?DirName@FilePath@base@@QBE?AV12@XZ
?GetTempDir@base@@YA_NPAVFilePath@1@@Z
?GetHomeDir@base@@YA?AVFilePath@1@XZ
?Create@Environment@base@@SAPAV12@XZ
?AppendASCII@FilePath@base@@QBE?AV12@V?$BasicStringPiece@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@Z
?UTF8ToWide@base@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV?$BasicStringPiece@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@1@@Z
?GetInstance@OSInfo@win@base@@SAPAV123@XZ
?YieldCurrentThread@PlatformThread@base@@SAXXZ
?SysWideToMultiByte@base@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@3@I@Z
?UninitializeInfra@infra@@YAXXZ
?InitializeInfra@infra@@YAXXZ
?HexStringToBytes@base@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PAV?$vector@EV?$allocator@E@std@@@3@@Z
?SysWideToUTF8@base@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@3@@Z
?PathExists@base@@YA_NABVFilePath@1@@Z

msvcp120

?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAPBDH@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ
??0_Container_base12@std@@QAE@XZ
??1_Container_base12@std@@QAE@XZ
?_Orphan_all@_Container_base12@std@@QAEXXZ
?id@?$ctype@_W@std@@2V0locale@2@A
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?is@?$ctype@_W@std@@QBE_NF_W@Z
??Bid@locale@std@@QAEIXZ
?_Xbad_function_call@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ

shlwapi

PathFileExistsW

wininet

InternetGetConnectedState
InternetOpenW
InternetSetStatusCallbackW
InternetCrackUrlW
InternetConnectW
HttpOpenRequestW
HttpSendRequestW
InternetReadFile
HttpQueryInfoW
InternetCloseHandle

msvcr120

_CxxThrowException
_controlfp_s
_invoke_watson
__crtSetUnhandledExceptionFilter
_except_handler4_common
_commode
??3@YAXPAX@Z
free
memcpy_s
??_V@YAXPAX@Z
_wcsicmp
??2@YAPAXI@Z
_wfopen_s
fseek
ftell
fread_s
memmove
__argc
__wargv
atoi
?terminate@@YAXXZ
_purecall
_vsnwprintf
fclose
fwrite
memcpy
malloc
fopen
fread
ferror
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@PBD@Z
??0bad_cast@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABV01@@Z
memset
??1type_info@@UAE@XZ
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
_XcptFilter
__crtGetShowWindowMode
_amsg_exit
__wgetmainargs
__set_app_type
exit
_exit
_cexit
_configthreadlocale
__setusermatherr
_initterm_e
_initterm
_wcmdln
_fmode
__CxxFrameHandler3

shell32

SHGetFolderPathW

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b427139e9c5667cfaca561dbb3078dca

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

4f:9e:d9:31:be:e8:ee:dd:8b:fc:72:c7:0c:43:f1:fdCertificate

Extended Key Usages

Key Usages

fc:c5:49:3e:8e:4c:9e:cd:90:f5:b9:fc:7d:e9:6d:2c:9b:bf:34:acSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

infra

msvcp120

shlwapi

wininet

msvcr120

shell32

Sections

.text Size: 38KB - Virtual size: 38KB

.rdata Size: 21KB - Virtual size: 20KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 1KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

4f:9e:d9:31:be:e8:ee:dd:8b:fc:72:c7:0c:43:f1:fd
Certificate

fc:c5:49:3e:8e:4c:9e:cd:90:f5:b9:fc:7d:e9:6d:2c:9b:bf:34:ac
Signer

.text
Size: 38KB - Virtual size: 38KB

.rdata
Size: 21KB - Virtual size: 20KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 1KB