e8aa50b1942edf68c6fa2e4f04b52470e7ac8bd36482b340b7bedc8f49e66110

Sharing

Copy URL

Twitter E-mail

General

Target

e8aa50b1942edf68c6fa2e4f04b52470e7ac8bd36482b340b7bedc8f49e66110
Size

134KB
MD5

ae09865382d190026deb4be9c887cb2b
SHA1

ac644493f93b17edafa5889f77ff1da0b2c3d6e9
SHA256

e8aa50b1942edf68c6fa2e4f04b52470e7ac8bd36482b340b7bedc8f49e66110
SHA512

ce813a16fc6a23644daad736337f5297e2e3db8b873abbf6b9fdf4404f20812364eba577f9665641990a54d5a4356942e3a564651cfc0d52cf7a97fe84567cd8
SSDEEP

3072:G8YAq81QAHA6osRcQVSnnVpMhKsl7YitAd5qS33GiGlI9I:G8YAtQqfofKovixXtq3Gie

Score

1^/10

Malware Config

Signatures

Files

e8aa50b1942edf68c6fa2e4f04b52470e7ac8bd36482b340b7bedc8f49e66110
.dll windows:4 windows x86 arch:x86

635a063536b8d2d0f7d2898440851ba6

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

19:9d:f8:8e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08-08-2009 01:00

Not After

08-08-2024 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

15:c7:30:4b:e6:f0:98
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

26-06-2012 11:21

Not After

29-06-2014 23:30

Subject

CN=Shanghai Damo Network Technology Co. Ltd.,O=Shanghai Damo Network Technology Co. Ltd.,L=Shanghai,ST=Shanghai,C=CN,1.2.840.113549.1.9.1=#0c0d6d616e6963403236332e6e6574

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

3d
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01-03-2011 01:00

Not After

01-03-2016 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c8:2a:e6:18:6a:88:23:62:a8:d3:f3:94:8e:c7:7c:f6:d1:b1:56:6b
Signer

Actual PE Digest

c8:2a:e6:18:6a:88:23:62:a8:d3:f3:94:8e:c7:7c:f6:d1:b1:56:6b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
SetSecurityDescriptorDacl
OpenProcessToken
LookupPrivilegeValueA
InitializeSecurityDescriptor
AdjustTokenPrivileges

user32

GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
TranslateMessage
SetParent
PeekMessageA
MsgWaitForMultipleObjects
MessageBoxA
LoadStringA
GetSystemMetrics
DispatchMessageA
CharNextA
CharToOemA
GetAncestor
InternalGetWindowText
LoadStringW
GetWindow
GetWindowThreadProcessId
GetClassNameA
FindWindowA
EnumChildWindows
GetParent
GetDesktopWindow
SetWindowLongA
GetWindowLongA
GetWindowRect
IsWindowVisible
SetWindowPos
ShowWindowAsync
SetLayeredWindowAttributes
PostMessageA
SendNotifyMessageA

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
ExitThread
CreateThread
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
WriteFile
WaitForSingleObject
VirtualQuery
UnmapViewOfFile
SetFilePointer
SetEvent
SetEndOfFile
ResumeThread
ResetEvent
ReadFile
MapViewOfFile
LeaveCriticalSection
InitializeCriticalSection
GetVersionExA
GetThreadLocale
GetStdHandle
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetExitCodeThread
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetCPInfo
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
FreeLibrary
FormatMessageA
EnumCalendarInfoA
EnterCriticalSection
DeleteCriticalSection
CreateFileMappingA
CreateFileA
CreateEventA
CompareStringA
CloseHandle
Sleep
QueryDosDeviceA
GetModuleHandleA
GetModuleFileNameA
CloseHandle
OpenProcess

adscore

adsRegisterModule
adsDispatchMessage
adsGetMessage
adsPostMessage

psapi

GetProcessImageFileNameA

Exports

Exports

CreateModule
FreeModule

Sections

.text
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 19KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 95B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

635a063536b8d2d0f7d2898440851ba6

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

19:9d:f8:8eCertificate

Key Usages

15:c7:30:4b:e6:f0:98Certificate

Extended Key Usages

Key Usages

3dCertificate

Key Usages

c8:2a:e6:18:6a:88:23:62:a8:d3:f3:94:8e:c7:7c:f6:d1:b1:56:6bSigner

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

adscore

psapi

Exports

Exports

Sections

.text Size: 102KB - Virtual size: 101KB

.itext Size: 1024B - Virtual size: 888B

.data Size: 3KB - Virtual size: 3KB

.bss Size: - Virtual size: 19KB

.idata Size: 4KB - Virtual size: 4KB

.edata Size: 512B - Virtual size: 95B

.reloc Size: 7KB - Virtual size: 7KB

.rsrc Size: 6KB - Virtual size: 6KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

19:9d:f8:8e
Certificate

15:c7:30:4b:e6:f0:98
Certificate

3d
Certificate

c8:2a:e6:18:6a:88:23:62:a8:d3:f3:94:8e:c7:7c:f6:d1:b1:56:6b
Signer

.text
Size: 102KB - Virtual size: 101KB

.itext
Size: 1024B - Virtual size: 888B

.data
Size: 3KB - Virtual size: 3KB

.bss
Size: - Virtual size: 19KB

.idata
Size: 4KB - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 95B

.reloc
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 6KB - Virtual size: 6KB