c52c70d5d5845900e33c012526ca2d4e9943f559e470efcd893ca344781be11b

Sharing

Copy URL Twitter E-mail

General

Target

c52c70d5d5845900e33c012526ca2d4e9943f559e470efcd893ca344781be11b
Size

2.1MB
MD5

7de6cd0211c5a225e715ffdfac3ffd16
SHA1

143ebc1224a3c60e7d7aa739e4939767a0564a78
SHA256

c52c70d5d5845900e33c012526ca2d4e9943f559e470efcd893ca344781be11b
SHA512

535da152a638ce33987325d81c463f1e04cc2dd4993ec623155c372f55c0f9c30efd3b4d9789ad83dc161832898be35382d65dd580453b3177e00e475c9e8577
SSDEEP

49152:j8Wx53Zc1S/PZg9EAxACdxYShg/JeIO+R8wG6C:jr53ZaS/0ZYSi/JeIOSC6C

Score

1^/10

Malware Config

Signatures

Files

c52c70d5d5845900e33c012526ca2d4e9943f559e470efcd893ca344781be11b
.exe windows:5 windows x86 arch:x86

dfa5652a4f818d338b1968e6bc692c2b

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9f:63:00:01:00:02:1f:a8:dc:56:b5:ea:e7:2c
Certificate

Issuer

CN=TC TrustCenter Class 2-II L1 CA IV,OU=TC TrustCenter Class 2-II L1 CA,O=TC TrustCenter GmbH,C=DE

Not Before

17/06/2009, 15:22

Not After

31/12/2025, 19:59

Subject

CN=TC TrustCenter Authenticode Timestamp II,OU=Timestamp,O=TC TrustCenter,L=Hamburg,ST=Hamburg,C=DE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

59:b9:5d:55:8c:2d:cc:52:35:72:e3:f8:f9:a5:f7:9d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/06/2012, 00:00

Not After

24/08/2015, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Desktop,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Sources\2.2.0\PhoneAssistant_2008\Bin\Release\SogouApkTool4SogouMarket.pdb

Imports

wininet

InternetSetOptionA
InternetQueryDataAvailable
InternetGetCookieA
InternetCrackUrlA
InternetQueryOptionA
HttpOpenRequestA
InternetConnectA
HttpQueryInfoA
InternetReadFile
InternetConnectW
HttpSendRequestW
InternetSetOptionW
HttpQueryInfoW
HttpOpenRequestW
HttpSendRequestA
InternetOpenA
InternetCloseHandle
InternetOpenUrlA
InternetOpenW

shlwapi

SHGetValueA
PathFileExistsW
PathRemoveFileSpecW
SHGetValueW
PathFindFileNameW
PathFindExtensionW
PathCombineW
SHQueryInfoKeyW

urlmon

URLDownloadToFileW

kernel32

CreateProcessW
WaitForSingleObject
GetTickCount
QueueUserWorkItem
SetFileAttributesW
GetFileAttributesW
WriteFile
SetUnhandledExceptionFilter
ExpandEnvironmentStringsW
CreateFileW
GetModuleFileNameW
GetFileSize
CloseHandle
DeleteCriticalSection
EnterCriticalSection
GetLastError
LeaveCriticalSection
WritePrivateProfileStringW
GetPrivateProfileIntW
lstrlenW
WideCharToMultiByte
PeekNamedPipe
CreateDirectoryW
GetTempFileNameW
DeleteFileW
MoveFileW
FindResourceExW
lstrlenA
FindNextFileW
GetModuleFileNameA
LockResource
FindClose
SizeofResource
CopyFileW
Sleep
LoadLibraryW
LoadResource
FindResourceW
FindFirstFileW
CreatePipe
GetTempPathW
FileTimeToSystemTime
InterlockedExchangeAdd
GetDiskFreeSpaceW
GetDiskFreeSpaceA
OutputDebugStringA
GetPrivateProfileStringW
GetFullPathNameW
GetFullPathNameA
FormatMessageW
FormatMessageA
GetTempPathA
GetFileAttributesExW
DeleteFileA
GetFileAttributesA
UnlockFileEx
LockFileEx
LockFile
UnlockFile
AreFileApisANSI
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
GetStartupInfoW
MultiByteToWideChar
ReadFile
TerminateProcess
OutputDebugStringW
WriteConsoleA
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetTimeZoneInformation
GetModuleHandleA
QueryPerformanceCounter
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
VirtualAlloc
VirtualFree
HeapCreate
GetStdHandle
ExitProcess
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStringTypeW
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
GetSystemTimeAsFileTime
IsDebuggerPresent
UnhandledExceptionFilter
CreateThread
ExitThread
HeapSize
HeapDestroy
QueryDosDeviceW
GetSystemInfo
IsWow64Process
GetFileTime
InitializeCriticalSection
GetModuleHandleW
Process32NextW
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
SetEndOfFile
GetSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
GetVersion
lstrcmpW
GetExitCodeThread
SetEvent
CreateEventW
GlobalFree
GetVersionExA
HeapFree
FreeLibrary
LocalFree
LocalAlloc
GetProcAddress
LoadLibraryA
HeapAlloc
GetProcessHeap
DeviceIoControl
CopyFileA
lstrcatA
GetSystemDirectoryA
CreateFileA
lstrcpyA
HeapReAlloc
SetLastError
GlobalAlloc
IsBadReadPtr
lstrcpynW
GetACP
FreeResource
ResetEvent
ResumeThread
MulDiv
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
InterlockedCompareExchange
GetLocalTime
SetFilePointer
LoadLibraryExW
GetCurrentProcessId
ReleaseMutex
CreateMutexW
GetCurrentThreadId
VirtualQuery
Process32FirstW
CreateToolhelp32Snapshot
OpenProcess
GetVersionExW
Module32NextW
Module32FirstW
GetCurrentProcess
WaitForMultipleObjects
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetSystemDefaultLangID
RaiseException
TerminateThread
DuplicateHandle

user32

TranslateMessage
FindWindowW
GetMessageW
MessageBoxW
GetMonitorInfoW
SendMessageW
ShowWindow
DispatchMessageW
wsprintfW
ClientToScreen
MonitorFromWindow
GetParent
wsprintfA
RemovePropW
GetWindowRect
PostQuitMessage
LoadImageW
LoadIconW
GetWindowLongW
SetWindowLongW
SetWindowPos
DestroyWindow
UnregisterClassW
PostMessageW
SetPropW
RegisterClassExW
IsWindow
CreateWindowExW
GetPropW
PostThreadMessageW
IsCharAlphaNumericA
CharNextW
SetFocus
EnableWindow
DefWindowProcW
SystemParametersInfoW
GetSystemMetrics
CallWindowProcW
GetClientRect
RegisterClassW
LoadCursorW
GetClassInfoExW
IsIconic
ScreenToClient
SetWindowRgn
GetKeyState
InvalidateRect
SetTimer
KillTimer
SetCapture
ReleaseCapture
PtInRect
GetDC
ReleaseDC
GetFocus
IsWindowVisible
MapWindowPoints
IsRectEmpty
EndPaint
BeginPaint
GetUpdateRect
GetCursorPos
UpdateLayeredWindow
CopyRect
IsZoomed
MoveWindow
SetForegroundWindow
OffsetRect
InflateRect
SetCursor
wvsprintfW
IntersectRect
DrawTextW
CharPrevW
SetRect
CreateCaret
HideCaret
ShowCaret
SetCaretPos
GetSysColor
DrawIconEx
DestroyIcon
FindWindowExW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
FillRect
InvalidateRgn
CreateAcceleratorTableW
PeekMessageW
GetWindow

advapi32

RegCloseKey
RegEnumKeyExW
RegDeleteKeyA
RegOpenKeyExA
RegEnumKeyExA
RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyW
RegEnumValueW
CryptEncrypt
CryptDestroyKey
CryptImportKey
CryptSetKeyParam
CryptGetHashParam
CryptHashData
CryptAcquireContextW
CryptCreateHash
CryptDestroyHash
CryptReleaseContext
AllocateAndInitializeSid
CheckTokenMembership
OpenSCManagerW
OpenServiceW
RegSetValueExW
CloseServiceHandle
RegOpenKeyExW
RegDeleteKeyW
RegQueryValueExW
RegSetValueW
RegCreateKeyW
RegCreateKeyExW
QueryServiceStatus
FreeSid

shell32

ShellExecuteW
ShellExecuteExW
SHChangeNotify
ord165
SHCreateDirectoryExW
SHGetFolderPathW

ole32

CreateStreamOnHGlobal
CoCreateInstance
CoUninitialize
CoInitialize
OleLockRunning
CLSIDFromString
CLSIDFromProgID

oleaut32

VariantInit
VariantClear
SysAllocString
OleLoadPicture

ws2_32

ntohs
WSAStartup
inet_addr
inet_ntoa
WSAGetLastError
connect
gethostbyname
shutdown
send
recv
__WSAFDIsSet
select
closesocket
WSACleanup
socket
htons
bind
getsockname
listen
accept
ioctlsocket
sendto

winhttp

WinHttpQueryDataAvailable
WinHttpReadData
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpQueryHeaders
WinHttpCloseHandle
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpOpenRequest
WinHttpConnect
WinHttpCrackUrl
WinHttpAddRequestHeaders
WinHttpSetOption
WinHttpSetTimeouts
WinHttpOpen

iphlpapi

GetIpForwardTable

setupapi

SetupDiGetDeviceRegistryPropertyW
SetupDiGetDeviceInstanceIdW
SetupDiEnumDeviceInfo
SetupDiGetDeviceInfoListDetailW
SetupDiGetClassDevsW
CMP_WaitNoPendingInstallEvents
CM_Reenumerate_DevNode
CM_Locate_DevNodeW
SetupDiDestroyDeviceInfoList

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

psapi

GetModuleFileNameExW
GetProcessImageFileNameW

crypt32

CryptBinaryToStringA

gdiplus

GdipBitmapUnlockBits
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromScan0
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdipCreateFromHDC
GdiplusStartup
GdipCloneImage
GdipDrawImageRectRectI
GdipGraphicsClear
GdipSetInterpolationMode
GdipFree
GdipAlloc
GdipBitmapLockBits
GdipGetImageGraphicsContext

comctl32

_TrackMouseEvent
ord17

msimg32

TransparentBlt
GradientFill
AlphaBlend

gdi32

SelectObject
CreateFontIndirectW
GetObjectW
CreatePen
DeleteDC
SetWindowOrgEx
Rectangle
RestoreDC
BitBlt
SaveDC
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
SelectClipRgn
GetTextMetricsW
CreateRectRgnIndirect
GetClipBox
CombineRgn
StretchBlt
SetStretchBltMode
ExtTextOutW
SetBkColor
LineTo
MoveToEx
RoundRect
GetTextExtentPoint32W
SetTextColor
SetBkMode
TextOutW
GetCharABCWidthsW
GetDeviceCaps
CreateSolidBrush
CreateRoundRectRgn
DeleteObject
ExtSelectClipRgn
CreateDCW
GetDIBits
SetDIBitsToDevice
GetStockObject

Exports

Exports

StartWorkFlow
UIEvent2Module

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 244KB - Virtual size: 243KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 706KB - Virtual size: 706KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dfa5652a4f818d338b1968e6bc692c2b

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

9f:63:00:01:00:02:1f:a8:dc:56:b5:ea:e7:2cCertificate

Extended Key Usages

Key Usages

59:b9:5d:55:8c:2d:cc:52:35:72:e3:f8:f9:a5:f7:9dCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

shlwapi

urlmon

kernel32

user32

advapi32

shell32

ole32

oleaut32

ws2_32

winhttp

iphlpapi

setupapi

version

psapi

crypt32

gdiplus

comctl32

msimg32

gdi32

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 244KB - Virtual size: 243KB

.data Size: 33KB - Virtual size: 46KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 706KB - Virtual size: 706KB

.reloc Size: 75KB - Virtual size: 75KB

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

9f:63:00:01:00:02:1f:a8:dc:56:b5:ea:e7:2c
Certificate

59:b9:5d:55:8c:2d:cc:52:35:72:e3:f8:f9:a5:f7:9d
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 244KB - Virtual size: 243KB

.data
Size: 33KB - Virtual size: 46KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 706KB - Virtual size: 706KB

.reloc
Size: 75KB - Virtual size: 75KB