ef5165b72a6482117e0b0398e9561a70N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

ef5165b72a6482117e0b0398e9561a70N.exe
Size

325KB
MD5

ef5165b72a6482117e0b0398e9561a70
SHA1

7b677c3f659e831b06ceb9ea3a7cb91a8893c8d3
SHA256

bdf7ab2e476bf4c1380d1279f5b9cfa1a09fa86f19dc5b182eb153ac6d5bba64
SHA512

89f1bcfe5b7025626c485f826571aa023ead9eacc93271284e9221ead17e169964438ad9493c5d94a81d75cf766ff0fffa34d31c3ff5f186520775c40a2f3ee0
SSDEEP

3072:WOcvm2rO/ua8iKsC3dklbBe2Eq+HcKmB02UoGtabqrViv/5qBrbY/tQWfUJSA4Mw:2lOzCNc5Sm37HxvOqqDLuie3

Score

1^/10

Malware Config

Signatures

Files

ef5165b72a6482117e0b0398e9561a70N.exe
.dll windows:4 windows x86 arch:x86

1f24d8e0965ae66108d90c4c84550ab4

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:e9:f9:b8:a7:cd:ae:f9:96:2a:cb:1c:b3:08:cf:18
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/05/2009, 00:00

Not After

25/05/2012, 23:59

Subject

CN=Mydrivers Information Technology Co.\, Ltd (ZhengZhou),OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Mydrivers Information Technology Co.\, Ltd (ZhengZhou),L=Zhengzhou,ST=Henan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:ae:b6:82:86:63:fe:d9:75:55:f8:fe:24:f3:3b:1a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority - G2+OU=(c) 1998 VeriSign\, Inc. - For authorized use only+OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US

Not Before

01/04/2009, 00:00

Not After

31/03/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

26:ea:f2:0d:46:18:cc:ae:63:f1:45:08:13:b0:89:0c:ff:d5:e8:1e
Signer

Actual PE Digest

26:ea:f2:0d:46:18:cc:ae:63:f1:45:08:13:b0:89:0c:ff:d5:e8:1e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

setupapi

SetupFindNextLine
SetupOpenInfFileA
SetupCloseInfFile
SetupDiGetDeviceInstallParamsA
SetupGetLineByIndexA
SetupGetLineTextA
SetupFindFirstLineA
SetupGetStringFieldA
SetupGetFieldCount
SetupDiGetClassImageList
SetupGetLineCountA
SetupDiGetClassImageIndex
CM_Get_Child_Ex
CM_Get_DevNode_Registry_Property_ExA
SetupDiDestroyClassImageList
CM_Locate_DevNodeA
CM_Get_DevNode_Status
CM_Get_DevNode_Status_Ex
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList
CM_Connect_MachineA
CM_Locate_DevNode_ExA
CM_Reenumerate_DevNode_Ex
CM_Disconnect_Machine
SetupDiGetDeviceInfoListDetailA
CM_Get_Device_ID_ExA
SetupDiSetClassInstallParamsA
SetupDiCallClassInstaller
CM_Get_Sibling_Ex

newdev

UpdateDriverForPlugAndPlayDevicesA

cabinet

ord20
ord23
ord21
ord22
ord13
ord11
ord14
ord10

kernel32

LocalAlloc
InterlockedIncrement
DuplicateHandle
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetVolumeInformationA
lstrcpynA
lstrcmpiA
SetEvent
ResumeThread
SetThreadPriority
GetCurrentThreadId
SuspendThread
CreateEventA
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
lstrcmpA
IsBadWritePtr
GetACP
GetFileTime
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
lstrcatA
GetVersion
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
SetErrorMode
GetProcessVersion
GlobalFlags
GetCPInfo
GetOEMCP
RtlUnwind
HeapFree
HeapAlloc
RaiseException
GetFileType
GetDriveTypeA
GetCommandLineA
ExitThread
SetStdHandle
HeapSize
HeapReAlloc
ExitProcess
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetProcessHeap
SetHandleCount
GetStdHandle
GetStartupInfoA
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
VirtualProtect
GetSystemInfo
VirtualQuery
IsBadCodePtr
CompareStringA
CompareStringW
SetEnvironmentVariableA
InterlockedExchange
GetCurrentDirectoryA
WaitForSingleObject
FindNextFileA
FindFirstFileA
FindClose
FileTimeToSystemTime
LocalFree
DeleteFileA
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
SetFileAttributesA
GetFileInformationByHandle
FileTimeToLocalFileTime
FileTimeToDosDateTime
GetFileAttributesA
DeviceIoControl
WideCharToMultiByte
GetLocaleInfoA
GlobalLock
GlobalUnlock
GetFullPathNameA
GetModuleFileNameA
MultiByteToWideChar
CreateDirectoryA
MoveFileA
GetSystemDefaultLCID
TerminateThread
SetLastError
InterlockedDecrement
OutputDebugStringA
GetTempPathA
SetCurrentDirectoryA
FreeLibrary
GetPrivateProfileStringA
GetWindowsDirectoryA
GetVersionExA
GetModuleHandleA
GetComputerNameA
lstrlenA
CreateFileA
GetFileSize
GlobalAlloc
ReadFile
GlobalFree
GetLastError
Sleep
CreateThread
GetCurrentProcess
CloseHandle
LoadLibraryA
GetProcAddress
lstrcpyA
IsBadReadPtr

user32

PtInRect
GetClassNameA
GetSysColorBrush
LoadCursorA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
UnregisterClassA
GetNextDlgTabItem
LoadIconA
MapWindowPoints
GetSysColor
GetFocus
AdjustWindowRectEx
GetClientRect
CopyRect
PostQuitMessage
GetTopWindow
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenuItemCount
GetSubMenu
GetMenuItemID
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
DefWindowProcA
GetMessageTime
GetMessagePos
GetForegroundWindow
GetWindow
RegisterWindowMessageA
ExitWindowsEx
DestroyMenu
SendMessageA
FindWindowA
FindWindowExA
PostMessageA
wsprintfA
IsIconic
GetWindowPlacement
GetWindowRect
SetFocus
SetWindowPos
SetWindowLongA
GetDlgCtrlID
SetWindowTextA
GetDlgItem
UnhookWindowsHookEx
GetWindowTextA
LoadStringA
GetMenu
GrayStringA
MessageBoxA
RemovePropA
DispatchMessageA
TranslateMessage
PeekMessageA
ShowWindow
SetForegroundWindow
SystemParametersInfoA
GetKeyState
EnableWindow
GetWindowLongA
DrawTextA
TabbedTextOutA
ReleaseDC
GetDC
ClientToScreen
GetMessageA
GetActiveWindow
CallNextHookEx
ValidateRect
IsWindowVisible
GetCursorPos
SetWindowsHookExA
GetSystemMetrics
CharUpperA
GetParent
GetLastActivePopup
IsWindowEnabled

gdi32

GetClipBox
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetBkColor
GetStockObject
SelectObject
ScaleWindowExtEx
SetWindowExtEx
RestoreDC
SaveDC
DeleteDC
GetObjectA
CreateBitmap
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetDeviceCaps
DeleteObject

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegOpenKeyA
LookupPrivilegeValueA
OpenProcessToken
RegEnumKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
OpenSCManagerA
OpenServiceA
QueryServiceStatus
CloseServiceHandle
RegEnumValueA
AdjustTokenPrivileges

comctl32

ord17

ole32

CoInitialize
CoCreateInstance
CoUninitialize
CreateStreamOnHGlobal

oleaut32

VariantInit
VariantClear
SysAllocString
SafeArrayCreateVector
VariantCopy
GetErrorInfo
SysFreeString

wininet

InternetReadFile
InternetCloseHandle
InternetOpenUrlA
InternetOpenA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

patchcore

ord205
ord206
ord8
ord208

mydriversc

ord1

rpcrt4

UuidFromStringA

Exports

Exports

AddFile2Cab_
Compress_
CreateCabinet_
CreateDriver
CreateSoft
Decompress_
DestroyCabinet_
DestroyDriver
DestroySoft
DevError
FindTarget
FlushCab_
GetDevicePropertyByDeviceID
GetDeviceStatus
GetDriverXMLLength
GetDriverXMLOutput
GetHardDriveSerialNumber
GetMyDriversDecryptLength
GetMyDriversEncryptLength
GetMyDriversInfo
GetMydriversInfo
GetMydriversInfoLen
GetPrimeDeviceList
GetPrimeDeviceListStatus
GetServerRet
GetServerRetLen
GetSoft
GetSoftLen
IsDeviceExist
MyDriversDecrypt
MyDriversEncrypt
PostDriverToServer
ReadXMLFile
ShowDeviceProperties
cmdDisable
cmdEnable
cmdReboot
cmdRemove
cmdRescan
cmdStatus
cmdUpdate

Sections

.text
Size: 204KB - Virtual size: 202KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1f24d8e0965ae66108d90c4c84550ab4

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

1f:e9:f9:b8:a7:cd:ae:f9:96:2a:cb:1c:b3:08:cf:18Certificate

Extended Key Usages

Key Usages

2e:ae:b6:82:86:63:fe:d9:75:55:f8:fe:24:f3:3b:1aCertificate

Extended Key Usages

Key Usages

26:ea:f2:0d:46:18:cc:ae:63:f1:45:08:13:b0:89:0c:ff:d5:e8:1eSigner

Headers

File Characteristics

Imports

setupapi

newdev

cabinet

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

comctl32

ole32

oleaut32

wininet

version

patchcore

mydriversc

rpcrt4

Exports

Exports

Sections

.text Size: 204KB - Virtual size: 202KB

.rdata Size: 40KB - Virtual size: 37KB

.data Size: 32KB - Virtual size: 2.0MB

.reloc Size: 40KB - Virtual size: 39KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

1f:e9:f9:b8:a7:cd:ae:f9:96:2a:cb:1c:b3:08:cf:18
Certificate

2e:ae:b6:82:86:63:fe:d9:75:55:f8:fe:24:f3:3b:1a
Certificate

26:ea:f2:0d:46:18:cc:ae:63:f1:45:08:13:b0:89:0c:ff:d5:e8:1e
Signer

.text
Size: 204KB - Virtual size: 202KB

.rdata
Size: 40KB - Virtual size: 37KB

.data
Size: 32KB - Virtual size: 2.0MB

.reloc
Size: 40KB - Virtual size: 39KB