11b98de028f7424355953c3150df74b7cc0eef9f957d671cb41ac58b8a6d6ed4

Sharing

Copy URL

Twitter E-mail

General

Target

11b98de028f7424355953c3150df74b7cc0eef9f957d671cb41ac58b8a6d6ed4
Size

7.0MB
MD5

b604ba3f5ed75ddf9104b752e10fb2e0
SHA1

39c851b18f997e612b5747b1195fe096dd6c7218
SHA256

11b98de028f7424355953c3150df74b7cc0eef9f957d671cb41ac58b8a6d6ed4
SHA512

45006f3b68b998962dc23e8de5d402869bbf57c7a1a0802189c22c6f96d600e261d3b7c82df0c7eee9f772c065cac0635843e21bab8695c2a807117e5e099c78
SSDEEP

98304:nZTWT4utHl9K1z65MZxy92RCeozXOYi1vcr9omgNvv4Nyish9U2s3Lt:ZTaF92z6iZM92Zg9Ev4Nyish9U2WJ

Score

1^/10

Malware Config

Signatures

Files

11b98de028f7424355953c3150df74b7cc0eef9f957d671cb41ac58b8a6d6ed4
.exe windows:5 windows x86 arch:x86

7096ed506728d13f85472d10a259244a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1e:2e:72:ef:a5:cc:0d:52:89:df:f5:3d:a8:7a:35:eb
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

13-08-2012 00:00

Not After

13-08-2015 23:59

Subject

CN=VNG Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=VNG Corporation,L=Ho Chi Minh,ST=Vietnam,C=VN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ac:69:f6:9e:a9:e9:40:97:d0:69:e5:d8:77:1d:2a:74:f8:72:90:d9
Signer

Actual PE Digest

ac:69:f6:9e:a9:e9:40:97:d0:69:e5:d8:77:1d:2a:74:f8:72:90:d9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\vng\TSU\launcher\LAIO\branches\UI_LISTGAME\Public\paio.public.pdb

Imports

kernel32

IsDebuggerPresent
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
RtlUnwind
RaiseException
ExitProcess
ExitThread
SetStdHandle
GetFileType
HeapSize
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapCreate
VirtualFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetTimeZoneInformation
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetCurrentDirectoryA
GlobalFlags
GetDriveTypeA
GetFullPathNameA
CreateFileA
SetEnvironmentVariableA
SetUnhandledExceptionFilter
SetConsoleMode
ReadConsoleInputA
FlushConsoleInputBuffer
GetFileTime
GetFileSizeEx
SetFileTime
GetFileAttributesExW
GetVolumeInformationW
GetCurrentProcess
DuplicateHandle
GetFileSize
CreateWaitableTimerA
SetWaitableTimer
ResetEvent
CreateMutexA
ReleaseMutex
FormatMessageA
FindFirstFileA
GetFileInformationByHandle
GlobalMemoryStatus
GetVersion
CreateSemaphoreA
ReleaseSemaphore
CreateIoCompletionPort
PostQueuedCompletionStatus
InterlockedExchangeAdd
QueueUserAPC
SleepEx
InterlockedCompareExchange
GetQueuedCompletionStatus
SetFilePointerEx
CreateEventA
CreateToolhelp32Snapshot
VirtualAllocEx
ReadProcessMemory
VirtualFreeEx
WaitForMultipleObjects
RemoveDirectoryW
lstrcpynW
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
SetErrorMode
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
SetEndOfFile
UnlockFile
LockFile
SetFilePointer
ReadFile
GetThreadLocale
MoveFileW
CreateEventW
SetEvent
ResumeThread
DeleteCriticalSection
LocalReAlloc
TlsSetValue
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
TlsGetValue
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
GetLocaleInfoW
LoadLibraryExW
CompareStringA
FindFirstFileW
FindNextFileW
FindClose
InterlockedIncrement
GetModuleHandleA
lstrlenA
lstrcmpA
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetVersionExW
LoadLibraryA
GetVersionExA
CopyFileW
FormatMessageW
MulDiv
GetSystemTime
GetComputerNameW
SetFileAttributesW
GlobalMemoryStatusEx
GetDiskFreeSpaceW
GetLogicalDrives
GetDriveTypeW
FileTimeToLocalFileTime
QueryDosDeviceW
GetProcessTimes
GetCurrentProcessId
QueryPerformanceFrequency
SetLastError
QueryPerformanceCounter
GetLocalTime
GetProcessHeap
HeapFree
HeapAlloc
MoveFileExW
GetDiskFreeSpaceExW
GetFileAttributesW
GetSystemTimeAsFileTime
CreateDirectoryW
CreateMutexW
CompareStringW
LocalFree
LocalAlloc
GetCurrentDirectoryW
FlushFileBuffers
WriteFile
CreateProcessW
SetCurrentDirectoryW
GetTickCount
WaitForSingleObject
DeviceIoControl
CreateFileW
GetSystemDirectoryW
InterlockedDecrement
CreateThread
TerminateThread
DeleteFileW
lstrcmpiW
GetModuleFileNameW
GetFullPathNameW
FileTimeToSystemTime
SystemTimeToFileTime
FreeResource
WinExec
FindResourceW
lstrcatW
TlsFree
TlsAlloc
GlobalFree
EnterCriticalSection
InterlockedExchange
GlobalUnlock
LeaveCriticalSection
Sleep
GlobalAlloc
GetModuleHandleW
GlobalLock
SetSystemTime
GetProcAddress
LoadLibraryW
FreeLibrary
lstrcpyW
CloseHandle
LockResource
GetLastError
lstrlenW
MultiByteToWideChar
lstrcmpW
SizeofResource
WideCharToMultiByte
OpenProcess
LoadResource
PeekNamedPipe

user32

TrackPopupMenu
GetKeyState
SetMenu
GetScrollRange
SetScrollPos
GetScrollPos
IsWindowVisible
MessageBoxW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
SetScrollInfo
CallWindowProcW
GetMenu
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetMenuState
ScrollWindow
GetMenuItemCount
EnableMenuItem
ModifyMenuW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
DrawFocusRect
GetWindowDC
FindWindowW
DefWindowProcW
EnableWindow
SendMessageW
GetForegroundWindow
SetRect
GetSysColorBrush
CopyRect
GetShellWindow
GetScrollInfo
SystemParametersInfoW
DrawTextW
TabbedTextOutW
DrawTextExW
GrayStringW
EnumWindows
GetWindowThreadProcessId
MapWindowPoints
PeekMessageW
GetMessageTime
UnhookWindowsHookEx
GetTopWindow
SetActiveWindow
GetLastActivePopup
GetWindowTextW
GetWindowTextLengthW
GetFocus
DestroyWindow
SetFocus
RemovePropW
GetPropW
SetPropW
GetClassNameW
GetClassLongW
CallNextHookEx
SetWindowsHookExW
GetCapture
IsChild
GetMenuItemID
SendDlgItemMessageA
WinHelpW
GetSystemMetrics
ReleaseCapture
LoadBitmapW
ShowWindow
SetWindowPos
GetDlgItem
ReleaseDC
OffsetRect
RegisterClassExW
GetDC
PtInRect
GetClientRect
MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW
EnumChildWindows
LoadCursorW
SetForegroundWindow
PostMessageW
PostQuitMessage
GetWindowRect
UpdateLayeredWindow
GetMessagePos
IsWindow
GetSysColor
SetWindowLongW
InvalidateRect
InflateRect
TrackMouseEvent
GetParent
KillTimer
LoadImageW
ScreenToClient
SetTimer
SetCursor
BeginPaint
EndPaint
SetDlgItemTextW
SetWindowTextW
MoveWindow
EndDialog
GetNextDlgTabItem
CreateDialogIndirectParamW
GetActiveWindow
CopyAcceleratorTableW
IsRectEmpty
InvalidateRgn
SetCapture
DestroyMenu
GetNextDlgGroupItem
MessageBeep
MapDialogRect
SetWindowContextHelpId
ValidateRect
CharUpperW
CharNextW
UnregisterClassW
RegisterClipboardFormatW
PostThreadMessageW
GetWindow
GetDlgCtrlID
SetWindowRgn
UpdateWindow
FrameRect
GetWindowLongW
BringWindowToTop
CreatePopupMenu
GetCursorPos
AppendMenuW
LoadIconW
CreateMenu
GetSubMenu
ClientToScreen
wsprintfW
ShowScrollBar
GetDesktopWindow
WindowFromPoint
SendDlgItemMessageW
RegisterWindowMessageW
IsWindowEnabled
GetDlgItemTextW
CheckMenuItem
RedrawWindow
FillRect
DispatchMessageW
FindWindowExW
IsDialogMessageW
TranslateMessage
GetMessageW
SetLayeredWindowAttributes

gdi32

RectVisible
PtVisible
ExtTextOutW
CreateBrushIndirect
GetDIBits
GetCurrentObject
GetClipBox
SetTextColor
SetBkColor
CreateBitmap
SaveDC
RestoreDC
SetBkMode
SetMapMode
LineTo
MoveToEx
SetTextAlign
SelectClipRgn
GetClipRgn
SelectClipPath
GetViewportExtEx
TextOutW
GetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
EndPath
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePen
CreateRectRgnIndirect
GetMapMode
DPtoLP
GetRgnBox
GetBkColor
GetTextColor
GetWindowExtEx
BeginPath
SetViewportOrgEx
Rectangle
CreateSolidBrush
CombineRgn
CreateRectRgn
BitBlt
GetTextExtentPoint32W
CreateFontIndirectW
GetStockObject
GetBitmapBits
SetBitmapBits
DeleteDC
CreateDIBSection
SetWindowOrgEx
RoundRect
GetDeviceCaps
StretchBlt
SetDIBColorTable
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
GetDIBColorTable
Escape
GetObjectW

msimg32

GradientFill
TransparentBlt
AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegisterEventSourceA
DeregisterEventSource
RegOpenKeyW
RegEnumKeyW
RegDeleteValueW
RegDeleteKeyW
RegSetValueExW
RegOpenKeyExW
RegQueryValueW
RegCloseKey
RegQueryValueExW
RegCreateKeyExW
ReportEventA

shell32

SHGetFolderPathW
Shell_NotifyIconW
SHChangeNotify
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteW

comctl32

_TrackMouseEvent

shlwapi

PathFileExistsW
PathRemoveFileSpecW
PathAppendW
StrFormatByteSizeW
PathFindFileNameW
PathFindExtensionW
PathStripToRootW
PathIsUNCW
StrChrW

oledlg

OleUIBusyW

ole32

OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CLSIDFromString
CLSIDFromProgID
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoTaskMemAlloc
CoTaskMemFree
CoSetProxyBlanket
CoInitialize
CoUninitialize
CoCreateInstance
CreateStreamOnHGlobal
CoRegisterMessageFilter
OleFlushClipboard

oleaut32

VariantCopy
OleCreateFontIndirect
SafeArrayDestroy
VariantChangeType
SysAllocStringLen
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantInit
SysFreeString
VariantClear
SysAllocString

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

snmpapi

SnmpUtilOidFree
SnmpUtilOidNCmp
SnmpUtilOidCpy

wininet

HttpSendRequestExW
HttpEndRequestW
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetOpenW
InternetOpenUrlW
HttpQueryInfoW
InternetCloseHandle
InternetQueryOptionW
InternetCrackUrlW
InternetConnectW
HttpSendRequestW
InternetSetOptionW
HttpAddRequestHeadersW
HttpOpenRequestW
DeleteUrlCacheEntryW
InternetQueryDataAvailable
InternetGetLastResponseInfoW
InternetReadFile

gdiplus

GdipReleaseDC
GdipGetImageWidth
GdipCreateStringFormat
GdipCloneImage
GdipBitmapLockBits
GdipCreateFromHDC
GdipCreateFontFamilyFromName
GdipGetImagePaletteSize
GdipDrawString
GdipGetGenericFontFamilySansSerif
GdipCreateBitmapFromHBITMAP
GdipCreateFont
GdipDisposeImage
GdipAlloc
GdipDrawImageI
GdipCreateSolidFill
GdipBitmapUnlockBits
GdipDeleteFontFamily
GdipSetStringFormatAlign
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipCreateBitmapFromScan0
GdipDeleteFont
GdipGetImagePixelFormat
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImageHeight
GdipCreateBitmapFromStreamICM
GdiplusStartup
GdipSetSmoothingMode
GdipDrawImagePointRectI
GdipCloneBrush
GdipFree
GdipDeleteBrush
GdiplusShutdown
GdipSaveImageToFile
GdipGetImageEncoders
GdipDeleteStringFormat
GdipGetImageEncodersSize

ws2_32

send
recv
WSACleanup
WSAStartup
socket
WSAGetLastError
gethostbyaddr
inet_addr
gethostbyname
closesocket
bind
setsockopt
htons
select
WSASocketW
inet_ntoa
gethostname
ntohs
htonl
ntohl
WSAAddressToStringA
getsockopt
WSASetLastError
getsockname
getpeername
getservbyname
WSASend
WSAStringToAddressA
accept
listen
__WSAFDIsSet
WSARecv
connect
ioctlsocket
WSASendTo
WSARecvFrom
WSAIoctl
shutdown

mswsock

GetAcceptExSockaddrs
AcceptEx

iphlpapi

GetAdaptersInfo
SendARP
IcmpSendEcho2
IcmpCreateFile
IcmpCloseHandle

psapi

GetModuleBaseNameW
EnumProcesses
GetProcessImageFileNameW
EnumProcessModules

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 539KB - Virtual size: 538KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 118KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7096ed506728d13f85472d10a259244a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

1e:2e:72:ef:a5:cc:0d:52:89:df:f5:3d:a8:7a:35:ebCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

ac:69:f6:9e:a9:e9:40:97:d0:69:e5:d8:77:1d:2a:74:f8:72:90:d9Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

version

snmpapi

wininet

gdiplus

ws2_32

mswsock

iphlpapi

psapi

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 539KB - Virtual size: 538KB

.data Size: 118KB - Virtual size: 147KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 4.0MB - Virtual size: 4.0MB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

1e:2e:72:ef:a5:cc:0d:52:89:df:f5:3d:a8:7a:35:eb
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

ac:69:f6:9e:a9:e9:40:97:d0:69:e5:d8:77:1d:2a:74:f8:72:90:d9
Signer

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 539KB - Virtual size: 538KB

.data
Size: 118KB - Virtual size: 147KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 4.0MB - Virtual size: 4.0MB