d531b2814d517e4f2e14f272c7a36f7b6db6a16354b85da322b0fbeed112d296

Sharing

Copy URL Twitter E-mail

General

Target

d531b2814d517e4f2e14f272c7a36f7b6db6a16354b85da322b0fbeed112d296
Size

217KB
MD5

2109377d3f3dcbbbab5438c97ef91952
SHA1

d9d730c143ad919288449d4672f868b512d0d098
SHA256

d531b2814d517e4f2e14f272c7a36f7b6db6a16354b85da322b0fbeed112d296
SHA512

dcbc3b471a5ef07711cc2800341464f0b66f9847915ef078f8bcee452da0de137a2381eb324688fabc26405a4dcca3ecf1f9bd7e8840966e6e083945ce0f09d9
SSDEEP

6144:vdrheWtP2yRByjD1XqAuVtqU4VzKuqIcrv:vhGyzy9XqAtO7

Score

1^/10

Malware Config

Signatures

Files

d531b2814d517e4f2e14f272c7a36f7b6db6a16354b85da322b0fbeed112d296
.exe windows:4 windows x86 arch:x86

7e3202390527c4760fda4da26284da0f

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

7f:43:34:d8:ea:88:95:32:91:21:c9:7d:8f:df:3a:d3
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

06/07/2009, 00:00

Not After

06/07/2011, 23:59

Subject

CN=Beijing ShengjingWanwei Technology Co.\,Ltd.,OU=Class 3 - for Microsoft Authenticode Signing,O=Beijing ShengjingWanwei Technology Co.\,Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

FindFirstUrlCacheEntryA
InternetCrackUrlW
InternetSetOptionW
InternetQueryOptionW
FtpCommandW
InternetGetLastResponseInfoW
InternetWriteFile
FtpOpenFileW
DeleteUrlCacheEntryA
InternetReadFile
InternetReadFileExA
InternetCloseHandle
InternetSetStatusCallbackW
InternetSetOptionA
InternetConnectW
InternetOpenW
HttpSendRequestExW
UnlockUrlCacheEntryFileA
FindNextUrlCacheEntryA
HttpEndRequestW
HttpQueryInfoW
HttpOpenRequestW
FtpGetFileSize
FindCloseUrlCache
CommitUrlCacheEntryA
HttpOpenRequestA
CommitUrlCacheEntryW
CreateUrlCacheEntryW
GetUrlCacheEntryInfoW

urlmon

CoInternetCombineUrl
ObtainUserAgentString

wintrust

CryptCATAdminEnumCatalogFromHash
WinVerifyTrust
CryptCATAdminAcquireContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminReleaseContext
CryptCATAdminReleaseCatalogContext

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

shlwapi

UrlEscapeW
SHDeleteValueW
PathFindExtensionW
SHGetValueW
PathIsRootW
PathCombineW
PathFindFileNameA
PathFindFileNameW
PathGetDriveNumberW
UrlIsOpaqueW
StrCmpIW
UrlGetPartW
SHSetValueW
StrStrIW
PathFileExistsW

kernel32

GetThreadContext
SetThreadContext
SuspendThread
SetLastError
GetStartupInfoW
ResumeThread
InterlockedCompareExchange
FlushInstructionCache
VirtualProtect
GetCurrentProcess
LoadLibraryW
GetLongPathNameW
GetModuleFileNameW
GetLastError
TerminateProcess
CloseHandle
GetCommandLineW
OpenProcess
GetCurrentProcessId
GetCurrentThreadId
Sleep
WaitForSingleObject
OpenThread
SetEvent
CopyFileW
FindClose
FindNextFileW
FindFirstFileW
GetTickCount
CreateProcessW
DeleteFileW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedIncrement
InterlockedDecrement
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
ReadFile
CreateFileW
CreateEventW
TlsSetValue
IsBadWritePtr
IsBadReadPtr
CancelWaitableTimer
WaitForMultipleObjects
ResetEvent
GetTempFileNameW
GetTempPathW
SetWaitableTimer
CreateWaitableTimerW
SystemTimeToFileTime
SetEndOfFile
SetFilePointer
GetDiskFreeSpaceExW
SetFileTime
WriteFile
TlsFree
TlsAlloc
GetVersionExW
VirtualQuery
SetUnhandledExceptionFilter
SetErrorMode
VirtualFree
VirtualAlloc
FreeLibrary
GetProcAddress
GetShortPathNameW
RemoveDirectoryW
SetFileAttributesW
GetFileAttributesW
CreateDirectoryW
CreateThread
ExpandEnvironmentStringsW
HeapFree
HeapAlloc
HeapCreate
GetModuleHandleW
GetCurrentThread
GetSystemTime
GlobalFree
GlobalUnlock
FreeResource
LockResource
GlobalLock
GlobalAlloc
SizeofResource
LoadResource
FindResourceW
LocalAlloc
LocalFree
MoveFileW
MoveFileExW
GetProcessHeap
GetVersion

user32

KillTimer
SetTimer
CreateWindowExW
EnumChildWindows
InsertMenuW
CreatePopupMenu
RegisterClassExW
CloseClipboard
CheckDlgButton
IsDlgButtonChecked
FindWindowW
SetParent
GetWindowPlacement
SystemParametersInfoW
SetWindowPlacement
LoadStringW
RemovePropW
GetCursorPos
PtInRect
LoadCursorW
SetCursor
TrackMouseEvent
GetWindowTextW
ClientToScreen
ScreenToClient
GetDC
DrawTextW
ReleaseDC
SetWindowLongW
UpdateWindow
GetWindowLongW
GetParent
GetSystemMetrics
LoadImageW
EnableWindow
ShowWindow
LoadIconW
DestroyIcon
SetDlgItemTextW
BeginPaint
GetMessagePos
FillRect
EndPaint
EndDialog
GetDlgItem
GetDesktopWindow
DialogBoxParamW
GetMenuItemCount
DestroyAcceleratorTable
TranslateAcceleratorW
LoadAcceleratorsW
SetWindowPos
InvalidateRect
EqualRect
WindowFromPoint
ReleaseCapture
SetCapture
GetMenu
MenuItemFromPoint
UnhookWindowsHookEx
SetWindowsHookExW
CallNextHookEx
GetWindowDC
DefWindowProcW
GetClientRect
SetFocus
SetWindowTextW
GetPropW
FindWindowExW
IsWindow
IsChild
PostMessageW
CopyRect
PeekMessageW
SetPropW
GetAncestor
SendMessageW
MessageBoxW
PostQuitMessage
GetWindowRect
IsZoomed
InflateRect
IsIconic
OffsetRect
IsWindowVisible
GetWindowThreadProcessId
EnumWindows
GetMessageW
TranslateMessage
DispatchMessageW
GetClassNameW
GetKeyState
CallWindowProcW
SetMenuInfo
SetMenuItemInfoW
TrackPopupMenuEx
TrackPopupMenu
SetRectEmpty
DestroyMenu
GetSysColor
DrawIconEx
RegisterClipboardFormatW
EmptyClipboard
SetClipboardData
MapWindowPoints
OpenClipboard
GetMenuItemInfoW

gdi32

Rectangle
CreatePen
FillRgn
CombineRgn
CreateRectRgnIndirect
GetTextMetricsW
MoveToEx
DeleteDC
CreateSolidBrush
SetTextColor
GetObjectW
CreateFontIndirectW
LineTo
EnumFontsW
BitBlt
CreateCompatibleBitmap
CreateDIBSection
CreateCompatibleDC
SelectObject
DeleteObject
GetStockObject
SetBkMode

comdlg32

GetSaveFileNameW

advapi32

OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges

shell32

ShellExecuteW
SHGetSpecialFolderPathW
ExtractIconExW
SHFileOperationW
DragQueryFileW
SHGetFolderPathW

ole32

RegisterDragDrop
DoDragDrop
OleInitialize
CoCreateInstance
OleSetContainedObject
OleCreate
RevokeDragDrop
CoUninitialize
CoInitialize
CreateStreamOnHGlobal
CoTaskMemAlloc
ReleaseStgMedium
OleDuplicateData

oleaut32

SysAllocString
SysFreeString
SysAllocStringLen
SysStringLen
VariantClear
VariantChangeType

msvcrt

wcscpy
wcsrchr
wcsncpy
_wcsicmp
wcslen
_except_handler3
_controlfp
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_wtoi64
fclose
fread
ftell
fseek
fopen
_snprintf
_wcsnicmp
wcscat
fwrite
_wfopen
memmove
fwprintf
iswspace
_snwprintf
??2@YAPAXI@Z
wcsncmp
__CxxFrameHandler
_beginthreadex
wcscmp
wcsncat
wcspbrk
_initterm
wcschr
_wtoi
_wtol
swscanf
wcsstr
free
malloc
wcstok
swprintf
realloc
_purecall
_ismbslead
memset
memcpy
_CxxThrowException
__dllonexit
_ui64tow
time
_onexit
?terminate@@YAXXZ
_exit
_XcptFilter
exit
_wcmdln
__wgetmainargs
_ftol

gdiplus

GdipCreateFromHDC
GdiplusStartup
GdipFree
GdipAlloc
GdipGetImageHeight
GdipGetImageWidth
GdipLoadImageFromStream
GdipSetInterpolationMode
GdipDrawImageRectRectI
GdipDeleteGraphics
GdipDisposeImage
GdipCloneImage

comctl32

ImageList_Draw
InitCommonControlsEx

Sections

.text
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 444KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7e3202390527c4760fda4da26284da0f

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04Certificate

Extended Key Usages

Key Usages

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0dCertificate

Extended Key Usages

Key Usages

7f:43:34:d8:ea:88:95:32:91:21:c9:7d:8f:df:3a:d3Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

wininet

urlmon

wintrust

version

shlwapi

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

msvcrt

gdiplus

comctl32

Sections

.text Size: 136KB - Virtual size: 136KB

.rdata Size: 20KB - Virtual size: 20KB

.data Size: 12KB - Virtual size: 444KB

.rsrc Size: 40KB - Virtual size: 40KB

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

7f:43:34:d8:ea:88:95:32:91:21:c9:7d:8f:df:3a:d3
Certificate

.text
Size: 136KB - Virtual size: 136KB

.rdata
Size: 20KB - Virtual size: 20KB

.data
Size: 12KB - Virtual size: 444KB

.rsrc
Size: 40KB - Virtual size: 40KB