283ab6cffd8a765ea7ee81953b328d2319812d2cb639721339cfa8a210ad89c5

Sharing

Copy URL Twitter E-mail

General

Target

283ab6cffd8a765ea7ee81953b328d2319812d2cb639721339cfa8a210ad89c5
Size

3.4MB
MD5

a6bb443e9eebb9ff580edddf721ae74a
SHA1

42a2ff4ec7818b877780d19c42b4e2b91465f64d
SHA256

283ab6cffd8a765ea7ee81953b328d2319812d2cb639721339cfa8a210ad89c5
SHA512

f47d1311d6a12854d7aef6a0fa340f1edd6d705d24b41762709c7e6d29c877f3e917724058cd1dbd7d9034fba5b7306b7a8ecbdfdbfeab57dc0ba58fb8ffe367
SSDEEP

49152:oG9Fb9aLNRb2SbbpNmUGkTTCdAgk775K/SeWTqqjZ/9jy:59aLNhCUNl7M

Score

1^/10

Malware Config

Signatures

Files

283ab6cffd8a765ea7ee81953b328d2319812d2cb639721339cfa8a210ad89c5
.exe windows:5 windows x86 arch:x86

f9f0b78694d0e0e515e45af5973153db

Code Sign

06:cd:53:28:49:6e:09:da:53:27:ba:46:57:d0:9f:15
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/07/2013, 00:00

Not After

17/09/2016, 23:59

Subject

CN=量产部落��,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=量产部落��,L=Mongkok,ST=Kowloon,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ca:65:49:c1:3d:55:e9:3d:e1:8d:ab:5f:bf:af:16:4a:50:17:46:85
Signer

Actual PE Digest

ca:65:49:c1:3d:55:e9:3d:e1:8d:ab:5f:bf:af:16:4a:50:17:46:85

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\WORK\mptools\YS9082HP_MPToolV8.00.00.17.622_NEW_MEMORY_MAP\obj\MainUI1\MPTools.pdb

Imports

mfc100

ord3404
ord12090
ord868
ord1266
ord10915
ord13348
ord2538
ord11318
ord8234
ord2841
ord2939
ord3758
ord13095
ord337
ord2187
ord3475
ord5875
ord3746
ord7863
ord5163
ord2219
ord8554
ord12430
ord7206
ord7194
ord5141
ord266
ord12096
ord4782
ord1004
ord457
ord6369
ord1267
ord869
ord6352
ord4464
ord1317
ord7178
ord4143
ord4144
ord11744
ord13137
ord13131
ord7875
ord11781
ord7487
ord11878
ord12857
ord11875
ord12847
ord7994
ord12850
ord12473
ord12124
ord11949
ord11728
ord11812
ord11455
ord11437
ord12552
ord12099
ord5801
ord11940
ord796
ord7491
ord7927
ord6054
ord11941
ord12790
ord7322
ord1727
ord4341
ord4131
ord3695
ord1278
ord878
ord12861
ord11924
ord2183
ord4589
ord5774
ord943
ord374
ord3839
ord13048
ord7889
ord5175
ord5007
ord4340
ord6216
ord12440
ord7211
ord4971
ord1012
ord5858
ord5302
ord8228
ord3744
ord995
ord5841
ord8226
ord2763
ord2916
ord3742
ord1437
ord6213
ord12344
ord2759
ord6332
ord12128
ord1210
ord788
ord1929
ord11420
ord11421
ord13301
ord7073
ord13299
ord8486
ord3676
ord3618
ord11806
ord7091
ord1732
ord14075
ord10922
ord13181
ord11413
ord5805
ord13483
ord13480
ord13485
ord13482
ord13484
ord13481
ord3409
ord5238
ord11172
ord11180
ord4078
ord7355
ord9449
ord11184
ord11153
ord11787
ord5098
ord9281
ord6112
ord12672
ord849
ord1890
ord7141
ord5432
ord1288
ord888
ord6835
ord9399
ord4344
ord2406
ord3488
ord6836
ord5786
ord5280
ord11107
ord10006
ord8136
ord3619
ord344
ord6090
ord8231
ord2838
ord3755
ord1263
ord10852
ord2611
ord2138
ord1483
ord1479
ord2184
ord12962
ord5830
ord2063
ord1900
ord2067
ord13219
ord5204
ord3354
ord265
ord7837
ord12865
ord13574
ord13524
ord2151
ord6969
ord6838
ord12795
ord940
ord5799
ord2751
ord6694
ord4785
ord3373
ord6207
ord1316
ord310
ord385
ord4499
ord6010
ord11067
ord8137
ord10007
ord10360
ord3620
ord2974
ord2973
ord2752
ord5532
ord12531
ord2416
ord11108
ord8330
ord8305
ord2818
ord11274
ord2056
ord13310
ord2061
ord4317
ord11297
ord13329
ord305
ord5242
ord2626
ord300
ord5207
ord1313
ord7871
ord6970
ord5627
ord3621
ord978
ord422
ord7933
ord11882
ord4345
ord3970
ord12868
ord12326
ord9475
ord6680
ord3390
ord3254
ord948
ord5776
ord5837
ord3439
ord316
ord901
ord4283
ord1982
ord1448
ord946
ord915
ord5777
ord8222
ord2742
ord3738
ord5784
ord1480
ord8506
ord10030
ord1172
ord721
ord7876
ord7584
ord7510
ord11726
ord13767
ord4724
ord7144
ord8224
ord2744
ord14116
ord3741
ord7861
ord2613
ord3429
ord919
ord493
ord1036
ord968
ord895
ord5821
ord8304
ord9286
ord7357
ord4772
ord6888
ord6898
ord6897
ord5444
ord4606
ord4774
ord4625
ord5123
ord4881
ord8439
ord5095
ord4903
ord4622
ord11103
ord2846
ord2944
ord2945
ord3484
ord11060
ord2338
ord5253
ord12482
ord10672
ord6128
ord13300
ord7074
ord13302
ord2661
ord3984
ord13980
ord3991
ord4401
ord4368
ord4364
ord4398
ord4419
ord4377
ord4406
ord4415
ord4385
ord4389
ord4393
ord4381
ord4410
ord4373
ord1514
ord1507
ord1509
ord1503
ord1496
ord11188
ord11190
ord12644
ord2847
ord8351
ord9994
ord6217
ord11154
ord8070
ord13294
ord10883
ord3395
ord11025
ord8235
ord13973
ord13972
ord14045
ord7214
ord1271
ord14062
ord6098
ord2163
ord2088
ord14058
ord14060
ord14061
ord14059
ord2417
ord7349
ord2878
ord2881
ord12535
ord5534
ord387
ord6316
ord1294
ord1296

msvcr100

_CxxThrowException
__CxxFrameHandler3
memset
memmove_s
_atoi64
strtol
_mbsdec
_mktime64
_makepath_s
_splitpath_s
_fullpath
sprintf_s
_purecall
_wassert
tolower
_vscprintf
_mbsstr
rand
srand
_mbscmp
fscanf
sprintf
sscanf
fgets
fopen
strtok
strncmp
_setmbcp
_CIexp
_CIpow
_CIsqrt
_CIlog
memcpy
_controlfp_s
_invoke_watson
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
_access
atof
vsprintf_s
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@PBD@Z
fclose
fflush
setvbuf
fsetpos
fgetpos
_fseeki64
fwrite
_unlock_file
_lock_file
_strtoui64
clock
strftime
ungetc
fputc
fgetc
__iob_func
freopen_s
printf
toupper
sscanf_s
ceil
free
_resetstkoflw
malloc
strtod
_beginthreadex
_localtime64_s
_time64
atoi
strcpy_s
strtoul
memchr
memcpy_s
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABV01@@Z
memmove
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z

kernel32

CreateEventA
SetEvent
DeviceIoControl
SetLastError
FindNextFileA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFileSize
SetEndOfFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetPrivateProfileSectionA
GetPrivateProfileSectionNamesA
WritePrivateProfileSectionA
DeleteFileA
RemoveDirectoryA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetTempPathA
CopyFileA
CreateDirectoryA
GetFileAttributesA
FindFirstFileA
FindClose
FindResourceExW
FindResourceW
LockResource
SizeofResource
lstrlenA
MultiByteToWideChar
GlobalAlloc
GlobalLock
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateMutexA
CloseHandle
WaitForSingleObject
ReleaseMutex
GetModuleFileNameA
LoadLibraryA
OpenProcess
TerminateProcess
CreateToolhelp32Snapshot
Process32First
Process32Next
GetLastError
AllocConsole
FreeLibrary
CreateFileA
lstrlenW
WideCharToMultiByte
Sleep
GetSystemTime
EncodePointer
DecodePointer
InterlockedExchange
LoadResource
InterlockedCompareExchange
HeapSetInformation
GetStartupInfoW
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GlobalFree
OutputDebugStringA
HeapReAlloc
GetSystemDefaultLangID
IsDBCSLeadByte
RaiseException
InitializeCriticalSectionAndSpinCount
HeapDestroy
HeapAlloc
HeapSize
HeapFree
GetProcessHeap
WaitForMultipleObjects
GetProcAddress
LoadLibraryExA
GlobalUnlock
IsProcessorFeaturePresent

user32

EnumWindows
GetWindowThreadProcessId
IsWindowVisible
PostMessageA
KillTimer
ReleaseDC
MessageBoxExA
GetSubMenu
LoadIconW
IsWindow
GetWindowLongA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
SetMenuInfo
GetMenuItemID
EnableMenuItem
AppendMenuA
CreatePopupMenu
GetCursorPos
GetSysColor
GetDC
OffsetRect
GrayStringA
DrawTextExA
TabbedTextOutA
DrawTextA
SetTimer
InflateRect
GetClientRect
SetClassLongA
GetClassLongA
SetWindowLongA
GetWindowTextA
GetFocus
FillRect
InvalidateRect
GetParent
GetWindow
GetWindowRect
SendMessageA
EnableWindow
LoadMenuW

gdi32

GetStockObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetTextColor
CreatePen
SelectObject
GetTextExtentPoint32A
GetObjectA
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontIndirectA
CreateSolidBrush
CreateFontA
GetTextMetricsA

comctl32

InitCommonControlsEx
_TrackMouseEvent

shlwapi

StrToIntA
StrToInt64ExA

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
VarDateFromStr

gdiplus

GdipDrawImageRectI
GdipDisposeImage
GdipCloneImage
GdipAlloc
GdipFree
GdipLoadImageFromFile
GdipDeleteGraphics
GdipCreateFromHDC
GdiplusStartup
GdiplusShutdown

ssdmirrordatamgr

?GetUdp@C4KAlgMirrorDataMgr@@QAE?AW4e_Bool@@AAUUNIVERSAL_DISK_PARAM_T@OfficialAlgDef@@@Z
??1C4KAlgMirrorDataMgr@@QAE@XZ
??0C4KAlgMirrorDataMgr@@QAE@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PAVCBasicCMD@@ABU_STR_CHANNEL_MODEL@@ABU_STR_CE_MODEL@@0@Z

msvcp100

?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?id@?$codecvt@DDH@std@@2V0locale@2@A
?uncaught_exception@std@@YA_NXZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
?_BADOFF@std@@3_JB
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Decref@facet@locale@std@@QAEPAV123@XZ
?_Incref@facet@locale@std@@QAEXXZ
??Bid@locale@std@@QAEIXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??_7ios_base@std@@6B@
?_Ios_base_dtor@ios_base@std@@CAXPAV12@@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z

ws2_32

WSACleanup
gethostname
WSAStartup

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 219KB - Virtual size: 218KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 131KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f9f0b78694d0e0e515e45af5973153db

Code Sign

06:cd:53:28:49:6e:09:da:53:27:ba:46:57:d0:9f:15Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

ca:65:49:c1:3d:55:e9:3d:e1:8d:ab:5f:bf:af:16:4a:50:17:46:85Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc100

msvcr100

kernel32

user32

gdi32

comctl32

shlwapi

oleaut32

gdiplus

ssdmirrordatamgr

msvcp100

ws2_32

iphlpapi

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 219KB - Virtual size: 218KB

.data Size: 1.6MB - Virtual size: 1.6MB

.rsrc Size: 264KB - Virtual size: 263KB

.reloc Size: 131KB - Virtual size: 130KB

06:cd:53:28:49:6e:09:da:53:27:ba:46:57:d0:9f:15
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

ca:65:49:c1:3d:55:e9:3d:e1:8d:ab:5f:bf:af:16:4a:50:17:46:85
Signer

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 219KB - Virtual size: 218KB

.data
Size: 1.6MB - Virtual size: 1.6MB

.rsrc
Size: 264KB - Virtual size: 263KB

.reloc
Size: 131KB - Virtual size: 130KB