52fb9e384531c81904ecf58cf8c00480N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

52fb9e384531c81904ecf58cf8c00480N.exe
Size

908KB
MD5

52fb9e384531c81904ecf58cf8c00480
SHA1

3f7d8dce76f26d0bc6078a1043250e3728ec382b
SHA256

225ea1e5d6e549bba2387d19e68e0c12057ca95cebfba9a21a440eee1b696b8f
SHA512

5dfe23af264a2be163d4e537279e60f463129285b1fdffcaeb4a00f9985e7943d0bfa2746ed14df041a788f1ff5840c780011582571da835cec71bb6c40c7e9b
SSDEEP

24576:gy4mLBoJfuPtKOVgCvJeqDAzYANdZDKFSCME:pLBA2E8Zeq0z/dZD8b

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
52fb9e384531c81904ecf58cf8c00480N.exe

Files

52fb9e384531c81904ecf58cf8c00480N.exe
.exe windows:5 windows x86 arch:x86

32f3282581436269b3a75b6675fe3e08

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 2.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 338KB - Virtual size: 338KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallHelper.dll
.dll windows:4 windows x86 arch:x86

b860d6663f3c6c53b49ab257fd363846

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

56:65:97:19:56:9b:e0:7b:77:5a:1b:22:75:e2:d8:3a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/02/2012, 00:00

Not After

26/02/2015, 23:59

Subject

CN=Beijing baidu Netcom science and technology co.ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing baidu Netcom science and technology co.ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\workspace\bdm_v4.0_fix\basic\Tools\NSIS\Plugins\InstallHelper.pdb

Imports

kernel32

Process32FirstW
CreateToolhelp32Snapshot
GetDiskFreeSpaceW
lstrcpynW
DeviceIoControl
GetDriveTypeW
GetPrivateProfileStringW
GetLogicalDriveStringsW
GlobalFree
lstrcpyW
GlobalAlloc
GetSystemDirectoryW
Thread32Next
CompareFileTime
GetThreadTimes
OpenThread
Thread32First
SetFileAttributesW
lstrlenW
CreateThread
Sleep
GetTickCount
GetWindowsDirectoryW
SetDllDirectoryW
WriteProfileStringW
OutputDebugStringW
MoveFileExW
GetExitCodeThread
CreateRemoteThread
IsBadReadPtr
LoadLibraryA
MoveFileW
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
LocalFree
CreateMutexW
OpenMutexW
MapViewOfFileEx
CreateFileMappingW
GetFileSize
FindResourceW
UnmapViewOfFile
IsDBCSLeadByte
lstrcmpiW
WriteFile
ReadFile
GetCurrentThread
GetEnvironmentVariableW
SetEnvironmentVariableW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
ExitThread
LoadResource
LockResource
SizeofResource
lstrlenA
MultiByteToWideChar
GetCommandLineW
GetSystemTimeAsFileTime
ExitProcess
FormatMessageA
CreateWaitableTimerA
SetWaitableTimer
ResumeThread
ResetEvent
CreateEventA
OpenEventA
GetSystemInfo
ReleaseSemaphore
SetEvent
GetThreadLocale
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetTimeZoneInformation
Process32NextW
OpenProcess
GetCPInfo
FindResourceExW
GetModuleFileNameW
HeapAlloc
SetErrorMode
VirtualAllocEx
SetUnhandledExceptionFilter
RaiseException
GetCurrentThreadId
CreateEventW
SearchPathW
DuplicateHandle
GetCurrentProcessId
CreateProcessW
WaitForMultipleObjects
TerminateProcess
TlsAlloc
GlobalMemoryStatusEx
GetCurrentProcess
GetProcessTimes
GetSystemTime
SystemTimeToFileTime
TlsSetValue
GetProcAddress
TlsGetValue
GetProcessHeap
HeapFree
LoadLibraryW
FreeLibrary
RemoveDirectoryW
DeleteFileW
GetLastError
FindFirstFileW
GetFileAttributesW
CreateDirectoryW
CopyFileW
FindNextFileW
FindClose
ExpandEnvironmentStringsW
WaitForSingleObject
CreateFileW
CloseHandle
GetVersionExW
GetModuleHandleW
OpenFileMappingW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
SetConsoleCtrlHandler
VirtualAlloc
FatalAppExitA
VirtualFree
HeapCreate
HeapDestroy
HeapSize
GetModuleFileNameA
GetStdHandle
SetLastError
TlsFree
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetVersionExA
GetCommandLineA
HeapReAlloc
GetModuleHandleA
IsDebuggerPresent
UnhandledExceptionFilter
RtlUnwind
InterlockedExchange
InterlockedCompareExchange
ReleaseMutex
CreateFileA
MapViewOfFile
LocalAlloc
SetFilePointer
GetFileTime
lstrcpynA
GetExitCodeProcess
GlobalUnlock
GetCurrentDirectoryW
GlobalLock
VirtualQuery

user32

SetTimer
LoadImageW
SetForegroundWindow
wsprintfW
FindWindowW
SendMessageW
PostMessageW
FindWindowExW
MessageBoxW
UnregisterClassA
DestroyIcon
CloseClipboard
OpenClipboard
SetClipboardData
EmptyClipboard
GetWindowTextW
SetWindowLongW
AttachThreadInput
GetWindowThreadProcessId
BringWindowToTop
GetForegroundWindow
ExitWindowsEx
wsprintfA
GetWindowRect
SetWindowPos
ShowWindow
CallWindowProcW
GetDC
PostThreadMessageW
SetDlgItemTextW
GetDlgItem
GetSystemMenu
EnableMenuItem
GetDlgItemTextW
KillTimer
PostQuitMessage
SetWindowTextW
IsWindow
EnableWindow
GetWindowLongW

gdi32

RemoveFontResourceW
AddFontResourceW
EnumFontsW

advapi32

ChangeServiceConfig2W
OpenThreadToken
GetTokenInformation
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
IsTextUnicode
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
GetSecurityInfo
BuildExplicitAccessWithNameW
SetEntriesInAclW
SetSecurityInfo
RegDeleteValueW
QueryServiceStatusEx
ControlService
RegCreateKeyExW
CreateServiceW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
DeleteService
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
InitializeSecurityDescriptor
InitializeAcl
GetLengthSid
SetFileSecurityW
SetSecurityDescriptorDacl
AddAccessAllowedAce
LookupAccountSidW
IsValidSid

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListW
ShellExecuteW
Shell_NotifyIconW
SHCreateDirectoryExW
SHGetSpecialFolderPathW
SHGetDesktopFolder
SHAppBarMessage
ShellExecuteExW
SHGetFolderPathW
DuplicateIcon
SHBrowseForFolderW

ole32

StgIsStorageFile
StgOpenStorage
StgCreateDocfile
CoInitializeEx
CoInitialize
CreateStreamOnHGlobal
CoUninitialize
CoCreateInstance

oleaut32

OleCreatePictureIndirect
SysStringLen
SysAllocString
SysFreeString

shlwapi

PathIsDirectoryW
PathRemoveFileSpecW
PathFileExistsW
PathStripToRootW
StrRChrW
PathFindFileNameW
PathAddBackslashW
PathAppendW
wnsprintfW
PathFindExtensionW

psapi

EnumProcessModules
GetModuleBaseNameW
EnumProcesses
GetModuleFileNameExW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA
VerQueryValueW

ws2_32

htonl
ntohl

imagehlp

MapAndLoad
UnMapAndLoad

Exports

Exports

?GetBDCrashCatcher@BDLogicUtils@@YAPAVIBDCrashCatcher@1@XZ
AddAppshortCut
BDMMessageBoxNSIS
CombineString
CompatibilityCheck
CopyHelp
CopyNewFile
CreateInstallWndEx
CreateUnInstallWndEx
DeleteDirectory
DeleteForderButThis
EndUIEngine
ExitRunningProcess
FileExist
FindYhFont
FireWallAddApp
FireWallDelApp
FolderExist
GetAllUserAppDataDir
GetAllUserProfileDir
GetFileErrorString
GetSkinPicture
GetSpendTime
GetSupplyIdFromFileName
GetSysTempDir
GetSystemServicePackType
GetSystemType
GetTempDir
GetUserAppDataDir
GetWndHandle
GetWriteRegValueResult
GetXmlPathEx
GoNextEx
GoUninstallPage
HideNsisWnd
InitSetupLog
InitUIEngine
InitUIRDB
InstBDDownloader
InstBaiduProtect
InstallDrivers
InstallKaperskyDriver
InstallSvc
IsNeedCRT
IsProcessRunning
IsRunAsAdmin
IsSystemCompatible
IsWin8System
IsWow64
IsXPSystem
KillRunningProcess
KillUsingTools
NewInstallDrivers
NewUninstallDrivers
NotifyHostSetupStatus
RecordBeginTime
RecordEndTime
RecordStartTime
RegisterNumberFont
RenameAndDeleteFile
ReportInstallData
ReportUninstallData
RollbackDrivers
SendComplete
SendDestoryMiNi
SetSilent
ShowDetailEx
StopSvc
UnRegisterNumberFont
UninstBP
UninstallDrivers
UninstallSvc
UpdateDrivers
ValidateInstDirEx
WriteConfigFile
WriteRegValue
WriteRegValueSessionTips
WriteSetupLog
YouQianSupplyIDRemovePrefix

Sections

.text
Size: 556KB - Virtual size: 552KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/res/install_res.rdb

Sharing

General

Malware Config

Signatures

Files

32f3282581436269b3a75b6675fe3e08

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 415KB

.ndata Size: - Virtual size: 2.0MB

.rsrc Size: 338KB - Virtual size: 338KB

.reloc Size: 4KB - Virtual size: 3KB

b860d6663f3c6c53b49ab257fd363846

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

56:65:97:19:56:9b:e0:7b:77:5a:1b:22:75:e2:d8:3aCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

psapi

version

ws2_32

imagehlp

Exports

Exports

Sections

.text Size: 556KB - Virtual size: 552KB

.rdata Size: 100KB - Virtual size: 98KB

.data Size: 16KB - Virtual size: 26KB

.tls Size: 4KB - Virtual size: 2B

.rsrc Size: 52KB - Virtual size: 48KB

.reloc Size: 28KB - Virtual size: 27KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 415KB

.ndata
Size: - Virtual size: 2.0MB

.rsrc
Size: 338KB - Virtual size: 338KB

.reloc
Size: 4KB - Virtual size: 3KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

56:65:97:19:56:9b:e0:7b:77:5a:1b:22:75:e2:d8:3a
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

.text
Size: 556KB - Virtual size: 552KB

.rdata
Size: 100KB - Virtual size: 98KB

.data
Size: 16KB - Virtual size: 26KB

.tls
Size: 4KB - Virtual size: 2B

.rsrc
Size: 52KB - Virtual size: 48KB

.reloc
Size: 28KB - Virtual size: 27KB