888ee2b0cb5a4cd4df762561626db37374608f15ca534cda63fcdb6899ba5a67

Sharing

Copy URL Twitter E-mail

General

Target

888ee2b0cb5a4cd4df762561626db37374608f15ca534cda63fcdb6899ba5a67
Size

1.9MB
MD5

3abac47b276c1ef6b660def1a7513cab
SHA1

3e40acae41ce2dca2c37e28b70f69fd069af105c
SHA256

888ee2b0cb5a4cd4df762561626db37374608f15ca534cda63fcdb6899ba5a67
SHA512

aac2649f088c23f63d1ae727fada4230c1a04d781dbb3e7c515698d30444518a65297d7e2e80c32ee5ebdd4f798f89255d1630f8891688f6c4044400a54dc4ad
SSDEEP

24576:HjjUQ+9g7wS9Ou6nMuEhWi1N7kTLlptktzseOp0rlsxw6/WRw6Tz3wilIah23UEy:8poVt0Nw6/WR5f3wlaoHahyarIYL

Score

1^/10

Malware Config

Signatures

Files

888ee2b0cb5a4cd4df762561626db37374608f15ca534cda63fcdb6899ba5a67
.dll windows:4 windows x86 arch:x86

fd74e0fe5ab6e6d7b62aa5e07d4c57a3

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

63:b4:d4:81:05:76:53:2e:1b:10:b9:9d:39:89:4c:78
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/05/2013, 00:00

Not After

22/05/2016, 23:59

Subject

CN=2345.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=总办,O=2345.com,L=上海,ST=上海,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

80:6f:d9:89:24:f9:9d:f2:83:c2:19:a1:a5:ca:6a:09:03:ee:f8:be
Signer

Actual PE Digest

80:6f:d9:89:24:f9:9d:f2:83:c2:19:a1:a5:ca:6a:09:03:ee:f8:be

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\WorkSpace\trunk_v\v3.2_video_dev\public\Bin\Win32\Release\pdb\Coral.pdb

Imports

kernel32

OpenThread
GetExitCodeThread
SuspendThread
TerminateThread
CopyFileW
CreateDirectoryW
RemoveDirectoryW
ReleaseMutex
CreateMutexW
WriteFile
ReadFile
CreateFileW
GetFileSize
FindFirstFileW
FindClose
FindNextFileW
GetTempFileNameW
MoveFileExW
GetWindowsDirectoryW
GetLongPathNameW
SetFileAttributesW
MoveFileW
GetFullPathNameW
GetTempPathW
FormatMessageW
LocalFree
ReadProcessMemory
WriteProcessMemory
VirtualAllocEx
VirtualFreeEx
HeapFree
HeapAlloc
GetProcessHeap
FileTimeToSystemTime
GlobalMemoryStatusEx
GetFileAttributesExW
SystemTimeToTzSpecificLocalTime
GetFileAttributesW
SetProcessPriorityBoost
SetPriorityClass
ConnectNamedPipe
CreateNamedPipeW
DisconnectNamedPipe
SetUnhandledExceptionFilter
GetCurrentThread
CreateDirectoryA
CancelIo
GetOverlappedResult
PeekNamedPipe
GetUserDefaultLangID
ExpandEnvironmentStringsW
GlobalLock
GlobalUnlock
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
SetLastError
GetComputerNameW
VirtualFree
VirtualAlloc
GetThreadLocale
GetLocaleInfoA
IsProcessorFeaturePresent
LoadLibraryA
GetVersionExA
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
InterlockedExchange
LoadLibraryExA
InterlockedCompareExchange
VirtualQuery
SetThreadContext
GetThreadContext
VirtualProtect
ResetEvent
GetACP
ResumeThread
WideCharToMultiByte
InterlockedExchangeAdd
MultiByteToWideChar
SizeofResource
GetModuleHandleW
DisableThreadLibraryCalls
LoadResource
FindResourceW
lstrcmpiW
GetModuleFileNameW
LoadLibraryExW
GetLastError
DeleteFileW
OpenProcess
InterlockedDecrement
InterlockedIncrement
lstrlenW
GlobalAddAtomW
FlushInstructionCache
GetVersionExW
GetCurrentProcess
GlobalDeleteAtom
RaiseException
CreateEventW
SetEvent
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
GetCurrentThreadId
LoadLibraryW
GetProcAddress
FreeLibrary
Sleep
GetCurrentProcessId
CloseHandle
WaitForSingleObject
CreateProcessW
GetPrivateProfileStringW
GetTickCount
LocalAlloc
WaitForMultipleObjects

user32

GetWindowThreadProcessId
AllowSetForegroundWindow
IsWindowVisible
GetWindowRect
InvalidateRect
PostMessageW
GetClipboardData
OpenClipboard
GetActiveWindow
IsWindow
SetForegroundWindow
MessageBoxW
GetSystemMetrics
ScreenToClient
RegisterClassW
FindWindowW
GetCursorPos
FindWindowExW
EnumWindows
GetClassNameW
GetPropW
UnregisterClassW
SystemParametersInfoW
SetPropW
CharNextW
SendMessageTimeoutW
CloseClipboard
SetTimer
KillTimer
GetClientRect
GetMonitorInfoW
DestroyMenu
CallWindowProcW
LoadMenuW
TranslateMessage
DefWindowProcW
LoadCursorW
MessageBeep
SetWindowLongW
LoadAcceleratorsW
LoadImageW
SetFocus
RemoveMenu
DispatchMessageW
DestroyWindow
MapWindowPoints
GetMessageW
PeekMessageW
UnregisterClassA
ShowWindowAsync
IsWindowEnabled
SendMessageW
RegisterClassExW
CreatePopupMenu
AppendMenuW
GetWindowLongW
CreateWindowExW
UnregisterHotKey
GetMenuItemCount
PostQuitMessage
PostThreadMessageW
TrackPopupMenuEx
GetClassInfoExW
PtInRect
RegisterHotKey
LoadStringW
MonitorFromPoint
LoadStringA
ShowWindow
GetMenuItemInfoW
SetWindowPos

advapi32

RegQueryValueExW
AddAce
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
RegCreateKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegCloseKey
EqualSid
GetLengthSid
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
GetTokenInformation
InitializeSecurityDescriptor
FreeSid
RegSetKeySecurity
AllocateAndInitializeSid
CopySid
OpenProcessToken
RegCreateKeyW
RegGetKeySecurity
RegEnumKeyW

shell32

SHFileOperationW
ShellExecuteW
SHChangeNotify
SHGetFolderPathW
ShellExecuteExW

ole32

CreateStreamOnHGlobal
CoRevokeClassObject
CoRegisterClassObject
CoUnmarshalInterface
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
StringFromGUID2
CoCreateGuid
CoUninitialize
CoInitializeEx
OleInitialize
OleUninitialize

oleaut32

SysFreeString
VarUI4FromStr
SysAllocString

msvcr80

swprintf_s
_localtime64
_mktime64
_wrename
srand
rand
memmove
_beginthreadex
wcsstr
_errno
towlower
_vsnwprintf_s
towupper
wcschr
malloc
_recalloc
_wcsnicmp
swscanf
_wtof
_stricmp
toupper
_wtoi
isdigit
_time64
_localtime64_s
memchr
strchr
tolower
__RTDynamicCast
wcsncpy
_vswprintf_c_l
strncpy
_wcsicmp
wcsrchr
swscanf_s
memcpy
_CxxThrowException
__CxxFrameHandler3
memset
?terminate@@YAXXZ
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__clean_type_info_names_internal
_wcsdup
free
vswprintf_s
strncpy_s
wcsncpy_s
isalnum
??_V@YAXPAX@Z
_invalid_parameter_noinfo
_purecall
memmove_s
??0exception@std@@QAE@ABV01@@Z
memcpy_s
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??2@YAPAXI@Z
??3@YAXPAX@Z

shlwapi

PathFileExistsW

gdiplus

GdiplusStartup
GdiplusShutdown

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Exports

Exports

CoralCreateObject

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 265KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 45KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fd74e0fe5ab6e6d7b62aa5e07d4c57a3

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78Certificate

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

63:b4:d4:81:05:76:53:2e:1b:10:b9:9d:39:89:4c:78Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

80:6f:d9:89:24:f9:9d:f2:83:c2:19:a1:a5:ca:6a:09:03:ee:f8:beSigner

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

msvcr80

shlwapi

gdiplus

version

Exports

Exports

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 265KB - Virtual size: 265KB

.data Size: 45KB - Virtual size: 50KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 116KB - Virtual size: 115KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

63:b4:d4:81:05:76:53:2e:1b:10:b9:9d:39:89:4c:78
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

80:6f:d9:89:24:f9:9d:f2:83:c2:19:a1:a5:ca:6a:09:03:ee:f8:be
Signer

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 265KB - Virtual size: 265KB

.data
Size: 45KB - Virtual size: 50KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 116KB - Virtual size: 115KB