e9688d0d938b7669652088f5f123b0b2e883f92647b91073d91c30c3f756bbcb

Sharing

Copy URL Twitter E-mail

General

Target

e9688d0d938b7669652088f5f123b0b2e883f92647b91073d91c30c3f756bbcb
Size

626KB
MD5

c08eb431e97b66a5f5c3ee9e8515eb90
SHA1

79ad4ffe979c3a42ed6e16c0c4733cacf0f00559
SHA256

e9688d0d938b7669652088f5f123b0b2e883f92647b91073d91c30c3f756bbcb
SHA512

52cd75dd151c3a72669a23f9a274667eb8ec14ad6640c07bf71f7ef906ef63731e0c32d03cc411a57d4f9839ffb64ea71901e8477f131dfccae83e7f9c3317d8
SSDEEP

12288:HiVju1sSowb6aeI/ZRnEu1CyNH7tjX1W3CM9KUqY2m1JqPNNpH9QO5+1hcEi8/3+:HiVS1sSowb6aeINDW3CM9/ZUNpH9QO55

Score

1^/10

Malware Config

Signatures

Files

e9688d0d938b7669652088f5f123b0b2e883f92647b91073d91c30c3f756bbcb
.exe windows:4 windows x86 arch:x86

64deb49648fd536d229e9e7df25f7fb3

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

67:e4:ea:b2:92:bd:40:26:35:97:a1:dd:42:c4:ab:aa
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

14/03/2012, 00:00

Not After

25/03/2013, 23:59

Subject

CN=NanJing BengLv Information Technology Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=NanJing BengLv Information Technology Ltd.,L=NanJing,ST=JiangSu,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:7a:13:50:a1:56:3c:aa:2a:ef:66:a2:b6:e6:1b:8b:37:7e:2c:7f
Signer

Actual PE Digest

0b:7a:13:50:a1:56:3c:aa:2a:ef:66:a2:b6:e6:1b:8b:37:7e:2c:7f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

CloseServiceHandle
ControlService
OpenSCManagerA
OpenServiceA
QueryServiceStatus
StartServiceA

kernel32

AddAtomA
CloseHandle
CreateEventA
CreateProcessA
CreateSemaphoreA
DeleteCriticalSection
EnterCriticalSection
ExitProcess
FindAtomA
GetAtomNameA
GetCommandLineA
GetFileAttributesA
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStartupInfoA
InitializeCriticalSection
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
ReleaseSemaphore
SetErrorMode
SetLastError
SetUnhandledExceptionFilter
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
WaitForSingleObject
WideCharToMultiByte

msvcrt

_fdopen
_ftime
_mkdir
_read
_strdup
_stricmp
_strnicmp
_write
__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_access
_assert
_cexit
_ctype
_errno
_filelengthi64
_findclose
_findfirst
_findnext
_fstati64
_ftime
_iob
_isctype
_lseeki64
_onexit
_pctype
_setmaxstdio
_setmode
abort
atexit
atof
atoi
ctime
fclose
fflush
fgetpos
fgets
fopen
fprintf
fread
free
fsetpos
fwrite
getc
getenv
localtime
malloc
memchr
memcpy
memmove
memset
putc
setlocale
setvbuf
signal
sprintf
strcat
strchr
strcmp
strcoll
strcpy
strftime
strlen
strncmp
strncpy
strrchr
strspn
strstr
strtod
strtok
strxfrm
time
tolower
toupper
ungetc
vfprintf
vsprintf

shell32

ShellExecuteA

user32

MessageBoxA

ws2_32

WSAStartup
__WSAFDIsSet
closesocket
connect
htonl
htons
inet_addr
inet_ntoa
ntohl
recv
select
send
shutdown
socket

Sections

.text
Size: 343KB - Virtual size: 342KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

64deb49648fd536d229e9e7df25f7fb3

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

67:e4:ea:b2:92:bd:40:26:35:97:a1:dd:42:c4:ab:aaCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

0b:7a:13:50:a1:56:3c:aa:2a:ef:66:a2:b6:e6:1b:8b:37:7e:2c:7fSigner

Headers

File Characteristics

Imports

advapi32

kernel32

msvcrt

shell32

user32

ws2_32

Sections

.text Size: 343KB - Virtual size: 342KB

.data Size: 512B - Virtual size: 512B

.rdata Size: 13KB - Virtual size: 13KB

.bss Size: - Virtual size: 28KB

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 17KB - Virtual size: 16KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

67:e4:ea:b2:92:bd:40:26:35:97:a1:dd:42:c4:ab:aa
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

0b:7a:13:50:a1:56:3c:aa:2a:ef:66:a2:b6:e6:1b:8b:37:7e:2c:7f
Signer

.text
Size: 343KB - Virtual size: 342KB

.data
Size: 512B - Virtual size: 512B

.rdata
Size: 13KB - Virtual size: 13KB

.bss
Size: - Virtual size: 28KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 17KB - Virtual size: 16KB