6a07fe8bf136401231c2a6938ade868c25a99899ae56fcd54e13826b7f0ce0aa

Sharing

Copy URL Twitter E-mail

General

Target

6a07fe8bf136401231c2a6938ade868c25a99899ae56fcd54e13826b7f0ce0aa
Size

2.9MB
MD5

11b2b17c9231dbd1c9701df7fcaea6ab
SHA1

40a34d1b594b4e8f607ec1a3200f8522f36fd455
SHA256

6a07fe8bf136401231c2a6938ade868c25a99899ae56fcd54e13826b7f0ce0aa
SHA512

e3f1d31f030f723df36cef278da57a483445f0f1b954478fe5b6dd6455b7c31999134a5e78219ee8416ff3544f1b7b45fbf5a7ef5e043e3215209a4a2ce58925
SSDEEP

49152:sAU+a3jN1y7NOtb9dRNstyKC/VZu+DY3eAlSJSVW7/EQlmRGpLpRSsYi77LdGM4:fUT7EwRLRNsAVhDY3ezn75mo5+i7XdGh

Score

1^/10

Malware Config

Signatures

Files

6a07fe8bf136401231c2a6938ade868c25a99899ae56fcd54e13826b7f0ce0aa
.exe windows:4 windows x86 arch:x86

a6211f742050d45ed3718426fc174837

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:4f:e0:e1:61:25:41:5e:05:dc:14:3d:b5:f9:a3:7f
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

21/01/2015, 00:00

Not After

21/03/2016, 23:59

Subject

CN=AWIND INCORPORATED,O=AWIND INCORPORATED,L=ZHONGHE DIST,ST=NEW TAIPEI CITY,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

fc:2d:b5:4d:d3:4d:78:69:31:da:55:f4:b0:05:11:1b:71:a9:aa:c2
Signer

Actual PE Digest

fc:2d:b5:4d:d3:4d:78:69:31:da:55:f4:b0:05:11:1b:71:a9:aa:c2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCPInfo
GetOEMCP
SetErrorMode
FileTimeToLocalFileTime
GetFileAttributesA
GetFileTime
GetTickCount
HeapAlloc
HeapFree
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
RtlUnwind
SetEnvironmentVariableA
SetCurrentDirectoryA
GetCommandLineA
GetProcessHeap
GetStartupInfoA
RaiseException
ExitProcess
HeapSize
VirtualFree
HeapDestroy
HeapCreate
GlobalFlags
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetACP
IsValidCodePage
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetHandleCount
GetFileType
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTimeZoneInformation
LCMapStringA
LCMapStringW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
WritePrivateProfileStringA
FileTimeToSystemTime
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
CreateFileA
GetFullPathNameA
GetVolumeInformationA
FindClose
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
GlobalGetAtomNameA
GlobalFindAtomA
LoadLibraryA
lstrcmpW
GetVersionExA
InterlockedDecrement
GetModuleFileNameW
FreeResource
GetCurrentProcessId
GlobalAddAtomA
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
LoadLibraryExA
lstrcmpA
FreeLibrary
GetModuleHandleA
GetProcAddress
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
MulDiv
SetLastError
GetModuleFileNameA
CreateDirectoryA
GetCurrentDirectoryA
GetTempPathA
Sleep
CreateProcessA
FindFirstFileA
FindResourceA
LoadResource
LockResource
SizeofResource
lstrlenA
CompareStringW
CompareStringA
Process32First
GetPriorityClass
Process32Next
CreateToolhelp32Snapshot
Module32First
lstrcmpiA
Module32Next
TerminateProcess
OpenProcess
GetCurrentProcess
DuplicateHandle
CloseHandle
LocalFree
GetVersion
GetLastError
WideCharToMultiByte
MultiByteToWideChar
GetStdHandle
InterlockedExchange

user32

RegisterClipboardFormatA
PostThreadMessageA
ReleaseCapture
SetCapture
LoadCursorA
GetSysColorBrush
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
ShowWindow
MoveWindow
IsDialogMessageA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
UpdateWindow
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
UnhookWindowsHookEx
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
CharUpperA
SetWindowTextA
SendMessageA
GetNextDlgTabItem
EndDialog
GetWindowThreadProcessId
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
MessageBoxA
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
DestroyMenu
UnregisterClassA
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
SetRect
IsRectEmpty
CopyAcceleratorTableA
CharNextA
DrawIcon
IsIconic
GetClientRect
EnableWindow
LoadIconA
GetSystemMetrics
DispatchMessageA
TranslateMessage
PeekMessageA
FindWindowA
InvalidateRect
RedrawWindow
IsWindow
GetSysColor
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
PostQuitMessage
PostMessageA
CheckMenuItem
EnableMenuItem
ModifyMenuA
GetParent
GetFocus
LoadBitmapA
GetForegroundWindow

gdi32

ExtSelectClipRgn
DeleteDC
GetStockObject
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
GetWindowExtEx
GetViewportExtEx
CreateRectRgnIndirect
CreateCompatibleBitmap
SelectClipRgn
DeleteObject
SetMapMode
SetBkMode
RestoreDC
SaveDC
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
GetDeviceCaps
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
BitBlt
CreateCompatibleDC
CreateRectRgn

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegCloseKey
OpenProcessToken
GetTokenInformation
SetEntriesInAclA
SetSecurityInfo
LookupPrivilegeValueA
AdjustTokenPrivileges

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
SHGetPathFromIDListA

shlwapi

PathFindExtensionA
PathStripToRootA
PathFindFileNameA
PathIsUNCA

oledlg

ord8

ole32

OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CoRevokeClassObject
CoTaskMemAlloc
CoTaskMemFree
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CLSIDFromProgID

oleaut32

SysStringLen
SysFreeString
SysAllocStringByteLen
SysAllocStringLen
VariantClear
VariantChangeType
VariantInit
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
SysAllocString

Sections

.text
Size: 240KB - Virtual size: 239KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a6211f742050d45ed3718426fc174837

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4aCertificate

Key Usages

48:4f:e0:e1:61:25:41:5e:05:dc:14:3d:b5:f9:a3:7fCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

fc:2d:b5:4d:d3:4d:78:69:31:da:55:f4:b0:05:11:1b:71:a9:aa:c2Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

oledlg

ole32

oleaut32

Sections

.text Size: 240KB - Virtual size: 239KB

.rdata Size: 64KB - Virtual size: 63KB

.data Size: 16KB - Virtual size: 29KB

.rsrc Size: 20KB - Virtual size: 17KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

48:4f:e0:e1:61:25:41:5e:05:dc:14:3d:b5:f9:a3:7f
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

fc:2d:b5:4d:d3:4d:78:69:31:da:55:f4:b0:05:11:1b:71:a9:aa:c2
Signer

.text
Size: 240KB - Virtual size: 239KB

.rdata
Size: 64KB - Virtual size: 63KB

.data
Size: 16KB - Virtual size: 29KB

.rsrc
Size: 20KB - Virtual size: 17KB