efb25721c159c349ff7c82bff32c6f9e23ddf76eefb53d612cb8acf84e4db56b

Sharing

Copy URL Twitter E-mail

General

Target

efb25721c159c349ff7c82bff32c6f9e23ddf76eefb53d612cb8acf84e4db56b
Size

750KB
MD5

f111d38f758baefa38a3e5da4c32c1af
SHA1

5812c9d41c766da0366d93c4086e25e547da3ff0
SHA256

efb25721c159c349ff7c82bff32c6f9e23ddf76eefb53d612cb8acf84e4db56b
SHA512

b51ba0c93a7a9cbd4b566bb1f5413517484e247c1e396bbfc574cda0d482878fb323e26553cafbe46ae6d94a7edbe4cde4fb82cc98c16ea26f21fab4a291018d
SSDEEP

12288:vTmh2IwLFLM4jcab2iR4oDCdc6yigU6xmPcZ3MxAL5Kq:v6cHLdjcab26rCTyy64SHKq

Score

1^/10

Malware Config

Signatures

Files

efb25721c159c349ff7c82bff32c6f9e23ddf76eefb53d612cb8acf84e4db56b
.exe windows:4 windows x86 arch:x86

bdd6ac94400eb134deab6100ac4477cf

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:4e:2e:0e:ce:ca:0c:14:10:ec:75:53:24:f4:d4:46
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

07/04/2014, 00:00

Not After

06/04/2017, 23:59

Subject

CN=SHANGHAI FENGHAN NETWORK INFORMATION TECHNOLOGY STUDIO,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IT,O=SHANGHAI FENGHAN NETWORK INFORMATION TECHNOLOGY STUDIO,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d7:5f:dd:73:33:63:c2:49:2d:ab:fb:bb:e2:dd:bf:c0:8e:3b:a3:87
Signer

Actual PE Digest

d7:5f:dd:73:33:63:c2:49:2d:ab:fb:bb:e2:dd:bf:c0:8e:3b:a3:87

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\项目\日历最新版\Branch(newest)\Temp\Release\Clock.pdb

Imports

kernel32

GetFileAttributesW
GetFileTime
SetErrorMode
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
RtlUnwind
ExitProcess
RaiseException
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
HeapSize
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
SetEnvironmentVariableA
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrlenA
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GlobalFlags
GetModuleHandleA
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
GetThreadLocale
MulDiv
GlobalGetAtomNameW
GlobalFindAtomW
CompareStringW
LoadLibraryA
GetVersionExA
lstrlenW
FreeResource
InterlockedDecrement
SetLastError
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
lstrcmpW
GetModuleHandleW
GlobalAddAtomW
ReleaseMutex
CreateMutexW
LocalFree
FormatMessageW
GetLastError
GetPrivateProfileStringW
GlobalUnlock
GlobalLock
GetTickCount
GlobalFree
GlobalAlloc
ReadFile
GetFileSize
MultiByteToWideChar
WideCharToMultiByte
SetUnhandledExceptionFilter
VirtualProtect
FreeLibrary
CloseHandle
GetCurrentProcess
GetCurrentProcessId
CreateFileW
SizeofResource
LockResource
LoadResource
FindResourceW
GetProcAddress
Sleep
WritePrivateProfileStringW
GetPrivateProfileIntW
GetModuleFileNameW
LoadLibraryW
GetCommandLineW
GetCurrentThreadId

user32

GetNextDlgGroupItem
GetNextDlgTabItem
MessageBeep
EndDialog
CreateDialogIndirectParamW
RegisterClipboardFormatW
PostThreadMessageW
GetDC
ReleaseDC
GetSysColorBrush
CharUpperW
GetMenuItemInfoW
InflateRect
MoveWindow
SetWindowTextW
IsDialogMessageW
UnpackDDElParam
ReuseDDElParam
DestroyMenu
ReleaseCapture
LoadAcceleratorsW
InvalidateRect
InsertMenuItemW
SetRectEmpty
SetMenu
ShowWindow
TranslateAcceleratorW
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
IsWindow
SetFocus
GetWindowTextW
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
InvalidateRgn
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
TrackPopupMenu
UpdateWindow
GetClientRect
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
SetWindowLongW
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
EnableMenuItem
CheckMenuItem
GetParent
GetWindowLongW
GetLastActivePopup
SetRect
IsRectEmpty
CopyAcceleratorTableW
SetCapture
UnregisterClassW
EndPaint
BeginPaint
IsWindowEnabled
EnableWindow
GetWindowDC
ClientToScreen
GrayStringW
DrawTextExW
TabbedTextOutW
GetTopWindow
LoadCursorW
MessageBoxW
UnhookWindowsHookEx
PostQuitMessage
ShowOwnedPopups
SetCursor
SendMessageW
GetWindowRect
GetDesktopWindow
SystemParametersInfoW
DrawTextW
DeleteMenu
DrawIconEx
GetSubMenu
FillRect
GetMenuState
GetMenuItemID
GetMenuItemCount
CharNextW
LoadIconW
CreateMenu
LoadMenuW
ModifyMenuW
SetMenuInfo
InsertMenuW
CreatePopupMenu
PostMessageW
FindWindowW
BringWindowToTop
SetForegroundWindow
AttachThreadInput
GetForegroundWindow
GetWindowThreadProcessId
GetMenu
UnregisterClassA

gdi32

ExtSelectClipRgn
CreatePatternBrush
GetStockObject
GetTextColor
CreateRectRgnIndirect
GetRgnBox
GetMapMode
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
TextOutW
RectVisible
PtVisible
GetPixel
GetWindowExtEx
GetViewportExtEx
GetBkColor
DeleteObject
SetMapMode
RestoreDC
SaveDC
GetDeviceCaps
ExtTextOutW
CreateFontIndirectW
SetBkColor
GetClipBox
CreateBitmap
CreateSolidBrush
GetTextExtentPoint32W
SelectObject
BitBlt
CreateICW
SetTextColor
SetBkMode
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
GetObjectW
CreateFontW

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

DragFinish
DragQueryFileW

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameW
PathFindExtensionW
PathStripToRootW
PathIsUNCW

oledlg

OleUIBusyW

ole32

CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoTaskMemAlloc
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CoTaskMemFree
CreateStreamOnHGlobal
CLSIDFromProgID
CLSIDFromString

oleaut32

VariantCopy
SysAllocString
SafeArrayDestroy
SystemTimeToVariantTime
VariantTimeToSystemTime
OleCreateFontIndirect
SysStringLen
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SysFreeString

ws2_32

WSACleanup
WSAStartup
WSASetLastError

gdiplus

GdipDeleteGraphics
GdipCreateFromHDC
GdipDisposeImage
GdipCloneImage
GdipLoadImageFromStream
GdipGetImageHeight
GdipGetImageWidth
GdipAlloc
GdipFree
GdiplusStartup
GdipDrawImageRectRect

Sections

.text
Size: 308KB - Virtual size: 304KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 344KB - Virtual size: 341KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bdd6ac94400eb134deab6100ac4477cf

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

69:4e:2e:0e:ce:ca:0c:14:10:ec:75:53:24:f4:d4:46Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

d7:5f:dd:73:33:63:c2:49:2d:ab:fb:bb:e2:dd:bf:c0:8e:3b:a3:87Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

ws2_32

gdiplus

Sections

.text Size: 308KB - Virtual size: 304KB

.rdata Size: 72KB - Virtual size: 69KB

.data Size: 16KB - Virtual size: 29KB

.rsrc Size: 344KB - Virtual size: 341KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

69:4e:2e:0e:ce:ca:0c:14:10:ec:75:53:24:f4:d4:46
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

d7:5f:dd:73:33:63:c2:49:2d:ab:fb:bb:e2:dd:bf:c0:8e:3b:a3:87
Signer

.text
Size: 308KB - Virtual size: 304KB

.rdata
Size: 72KB - Virtual size: 69KB

.data
Size: 16KB - Virtual size: 29KB

.rsrc
Size: 344KB - Virtual size: 341KB