b6e399bc0a1419c1e14e404a7fcc425542dfabf9c10b76fcb251742436f19913

Sharing

Copy URL Twitter E-mail

General

Target

b6e399bc0a1419c1e14e404a7fcc425542dfabf9c10b76fcb251742436f19913
Size

389KB
MD5

7e335cb086a0f9e536e38243f73ca848
SHA1

5f6a946adc22551cef814236bcc4554f440f1a84
SHA256

b6e399bc0a1419c1e14e404a7fcc425542dfabf9c10b76fcb251742436f19913
SHA512

20adfa1f0fc1a8d774c2c592aa5b1400e8dcf1119f6f44125e57e54b4000c2997ed18d334c9294f9e2a6d32f7bb91e553451cf22b2161e59ad210427f4f9289c
SSDEEP

6144:ilkW1xSAivJ7GDoM10yXMtsJCv0MNG8kUIP2JWahnaFy9vdN:iCrd+mylJCcgG52JW3Fq1N

Score

1^/10

Malware Config

Signatures

Files

b6e399bc0a1419c1e14e404a7fcc425542dfabf9c10b76fcb251742436f19913
.exe windows:4 windows x86 arch:x86

6310dd2713f2090c9e6f0cb4f4321243

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

16:53:66:a2:35:03:a9:3c:20:61:c1:6d:31:49:13:ef
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

09/05/2010, 00:00

Not After

07/08/2012, 23:59

Subject

CN=Suining YiLong Software,O=Suining YiLong Software,L=Suining,ST=Sichuan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

da:1b:fb:b7:53:6e:05:d0:50:e3:80:4c:b2:74:f0:c8:46:46:f5:15
Signer

Actual PE Digest

da:1b:fb:b7:53:6e:05:d0:50:e3:80:4c:b2:74:f0:c8:46:46:f5:15

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemDirectoryA
GetTempPathA
GetWindowsDirectoryA
FreeLibrary
GetProcAddress
LoadLibraryA
GetEnvironmentStrings
GetPrivateProfileStringA
GetVersionExA
GetModuleFileNameA
OutputDebugStringA
DebugBreak
LCMapStringW
LCMapStringA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
WriteFile
GetFileType
GetStdHandle
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
GetEnvironmentVariableA
HeapSize
TerminateProcess
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
RaiseException
ExitProcess
GetVersion
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
HeapAlloc
HeapReAlloc
HeapFree
RtlUnwind
LocalFree
InterlockedExchange
lstrcmpA
FindResourceA
LoadResource
LockResource
lstrlenW
GlobalHandle
GlobalFree
FreeResource
GlobalAlloc
GlobalLock
GlobalUnlock
MulDiv
DeleteCriticalSection
HeapDestroy
InitializeCriticalSection
CreateMutexA
GetLastError
CloseHandle
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
InterlockedIncrement
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
lstrlenA
InterlockedDecrement
SetHandleCount
Sleep

user32

PtInRect
CopyImage
IsWindowEnabled
CharLowerA
CharNextA
wvsprintfA
UpdateWindow
CreateAcceleratorTableA
GetDesktopWindow
GetClassNameA
GetFocus
IsChild
SetFocus
BeginPaint
IsWindowVisible
InvalidateRgn
DefWindowProcA
DestroyCursor
InvalidateRect
GetSysColor
LoadImageA
RedrawWindow
IsWindow
GetIconInfo
SendMessageA
ReleaseCapture
WindowFromPoint
ClientToScreen
SetCapture
EndPaint
CreateDialogIndirectParamA
wsprintfA
GetMessageA
TranslateMessage
DispatchMessageA
MessageBoxA
RegisterWindowMessageA
GetClassInfoExA
LoadCursorA
RegisterClassExA
GetWindow
SystemParametersInfoA
MapWindowPoints
SetWindowPos
GetSystemMetrics
CreateDialogParamA
GetCapture
GetParent
GetActiveWindow
CallWindowProcA
MoveWindow
SetForegroundWindow
DestroyWindow
PostQuitMessage
IsDialogMessageA
TrackPopupMenu
CreatePopupMenu
AppendMenuA
GetMenuItemCount
SetMenuDefaultItem
SetWindowTextA
EnumChildWindows
IsMenu
DestroyIcon
LoadIconA
GetDlgItem
DestroyMenu
ShowWindow
CreateWindowExA
FillRect
GetWindowLongA
SetWindowLongA
LoadStringA
FrameRect
InflateRect
GetWindowTextLengthA
GetWindowTextA
DrawTextA
DrawFocusRect
DrawStateA
CopyRect
OffsetRect
GetDC
GetClientRect
GetWindowRect
ReleaseDC
SetCursor
GetDlgCtrlID
PeekMessageA
GetCursorPos
ScreenToClient
EnumWindows

gdi32

RoundRect
StretchBlt
SetStretchBltMode
SelectClipRgn
CreateRoundRectRgn
SetBkMode
CreateBrushIndirect
CreatePen
MoveToEx
LineTo
DeleteObject
DeleteDC
SelectObject
CreateCompatibleBitmap
GetDeviceCaps
CreateFontIndirectA
ExtTextOutA
CreateSolidBrush
SetBkColor
CreateCompatibleDC
BitBlt
GetObjectA
Rectangle
GetStockObject
SetTextColor

shell32

ShellExecuteA
ShellExecuteExA

ole32

OleLockRunning
CoTaskMemAlloc
StringFromCLSID
CoTaskMemFree
CLSIDFromProgID
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoInitialize
CoUninitialize
CoCreateInstance
CLSIDFromString

oleaut32

SysStringLen
VariantClear
VariantChangeType
SysAllocStringLen
LoadRegTypeLi
OleCreateFontIndirect
SysFreeString
SysAllocString
GetErrorInfo
CreateErrorInfo
VariantInit

comctl32

InitCommonControlsEx
ImageList_ReplaceIcon
ImageList_Create
_TrackMouseEvent

msimg32

GradientFill

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 200KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6310dd2713f2090c9e6f0cb4f4321243

Code Sign

0aCertificate

Extended Key Usages

Key Usages

16:53:66:a2:35:03:a9:3c:20:61:c1:6d:31:49:13:efCertificate

Extended Key Usages

04:00:00:00:00:01:20:19:c1:90:66Certificate

Key Usages

01:00:00:00:00:01:25:b0:b4:cc:01Certificate

Extended Key Usages

Key Usages

da:1b:fb:b7:53:6e:05:d0:50:e3:80:4c:b2:74:f0:c8:46:46:f5:15Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

oleaut32

comctl32

msimg32

version

Sections

.text Size: 148KB - Virtual size: 147KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 16KB - Virtual size: 15KB

.rsrc Size: 200KB - Virtual size: 196KB

0a
Certificate

16:53:66:a2:35:03:a9:3c:20:61:c1:6d:31:49:13:ef
Certificate

04:00:00:00:00:01:20:19:c1:90:66
Certificate

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

da:1b:fb:b7:53:6e:05:d0:50:e3:80:4c:b2:74:f0:c8:46:46:f5:15
Signer

.text
Size: 148KB - Virtual size: 147KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 16KB - Virtual size: 15KB

.rsrc
Size: 200KB - Virtual size: 196KB