dfe405fd8b160146764daff636c7c1f0002db3af86f9eb959056dc97fbfae885

Sharing

Copy URL Twitter E-mail

General

Target

dfe405fd8b160146764daff636c7c1f0002db3af86f9eb959056dc97fbfae885
Size

110KB
MD5

49bd4f3eb0879967909c1b685827b720
SHA1

d8689b8f7c5608302174f6a31e70288bf9d98e25
SHA256

dfe405fd8b160146764daff636c7c1f0002db3af86f9eb959056dc97fbfae885
SHA512

606e08e2fee5869edfeae1dae7eb4ea8fa63bd9d974d5925ec8aff1acc939c9edd6418455f7c3cf41829378a0b23a57b5d395c1e6f8fbcd23d9d93d171d865a1
SSDEEP

1536:AODJVeUz+9g8JvNEj6FviW8hChPJPZdMwN2unVG1kgukjl7ANIljlvU+f39:lVVeUIblN1QdQDh+WDkuIlNU+f39

Score

1^/10

Malware Config

Signatures

Files

dfe405fd8b160146764daff636c7c1f0002db3af86f9eb959056dc97fbfae885
.exe windows:5 windows x86 arch:x86

6d7c360bcb82a102b75b3d8c2a113dd9

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

08:aa:09:e0:44:43:e9:46:33:1f:d1:cf:e0:85:f1:2d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

18/08/2014, 00:00

Not After

16/09/2016, 23:59

Subject

CN=RISINTECH INC.,O=RISINTECH INC.,L=Taoyuan,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

fe:08:8f:3e:16:5d:01:4b:5c:3d:cf:eb:8d:36:15:88:1f:03:01:9e
Signer

Actual PE Digest

fe:08:8f:3e:16:5d:01:4b:5c:3d:cf:eb:8d:36:15:88:1f:03:01:9e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

CMP_WaitNoPendingInstallEvents

touchapi

InitialTouchApi
?SetCloneImageReg@@YGHK@Z
ScanSerialDevice
_SetPenSoundDataReg@8
?GetHidModeReg@@YGHXZ
ReenumDevice
GetTouchPanels
?EnableResDevice@@YGXXZ
?FilterDriverInstallNumber@@YGHXZ
SetPendownEventHandle
SetPenupEventHandle
GetScreens
?SetScanStatus@@YGHK@Z
?AutoSetTouchMode@@YGXXZ
_GetHIDTouchPanels@0
?GetDevNum@@YGHPAD@Z
OpenController
?ChkSerDevExist@@YGHPAX@Z
_GetPenSoundDataReg@8
?GetPenSoundData@@YGHHPAH@Z
GetPendownSound
GetPenupSound
GetSoundType
GetSoundFrequency
GetSoundDuration

ptouchapi

_GetCurrAllParamasReg@4
_SetBeepOn@8
_SetPlayMethod@8
_SetFrequency@8
_SetDuration@8
_InitialPCTTouchApi@8
_GetPCTTouchPanels@0
_GetUSBNumbers@0
_EnablePCTDevice@0
_GetCurrUSBStatus@4
_CheckPCTDeviceDesc@0
_CheckPCTDevice@0
_GetPCTScreens@0
_GetPCTDevNum@4
_SendPOSConfig@4
_GetBeepOn@4
_GetPlayMethod@4
_GetFrequency@4
_GetDuration@4
_GetDigitizer@4
_SetDigitizer@8
_SendCmdSwitch@8
_ReenumPCTDevice@4

winmm

waveOutPrepareHeader
waveOutRestart
waveOutUnprepareHeader
waveOutClose
waveOutOpen
waveOutReset
waveOutWrite

hid

HidD_GetHidGuid

inpout32

ord2
ord1
ord3

kernel32

RaiseException
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetFilePointer
GetFileType
SetHandleCount
RtlUnwind
GetConsoleMode
GetConsoleCP
HeapSize
GetStdHandle
ExitProcess
LCMapStringW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringA
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
VirtualFree
HeapCreate
GetCurrentThreadId
TlsFree
TlsSetValue
GetSystemTimeAsFileTime
TlsAlloc
TlsGetValue
GetModuleHandleW
IsValidCodePage
CloseHandle
WriteFile
CreateFileA
CreateProcessA
GetModuleFileNameA
GetCurrentProcess
GetProcAddress
GetModuleHandleA
GetVersionExA
Sleep
lstrcatA
Beep
GetLastError
SetLastError
SetEvent
OpenEventA
ResetEvent
WaitForMultipleObjects
CreateThread
CreateEventA
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
HeapFree
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoA
GetCommandLineA
HeapReAlloc
HeapAlloc

user32

LoadStringA
LoadAcceleratorsA
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
LoadIconA
LoadCursorA
RegisterClassExA
BeginPaint
GetClientRect
EndPaint
PostQuitMessage
GetRawInputData
DestroyWindow
DefWindowProcA
CreateWindowExA
GetRawInputDeviceList
GetRawInputDeviceInfoA
RegisterRawInputDevices
FindWindowExA
FindWindowA
RegisterDeviceNotificationA

advapi32

RegCloseKey
RegSetValueExA
RegOpenKeyExA
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
RegQueryValueExA

Sections

.text
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6d7c360bcb82a102b75b3d8c2a113dd9

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

08:aa:09:e0:44:43:e9:46:33:1f:d1:cf:e0:85:f1:2dCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

fe:08:8f:3e:16:5d:01:4b:5c:3d:cf:eb:8d:36:15:88:1f:03:01:9eSigner

Headers

DLL Characteristics

File Characteristics

Imports

setupapi

touchapi

ptouchapi

winmm

hid

inpout32

kernel32

user32

advapi32

Sections

.text Size: 71KB - Virtual size: 71KB

.rdata Size: 21KB - Virtual size: 21KB

.data Size: 6KB - Virtual size: 21KB

.rsrc Size: 4KB - Virtual size: 3KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

08:aa:09:e0:44:43:e9:46:33:1f:d1:cf:e0:85:f1:2d
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

fe:08:8f:3e:16:5d:01:4b:5c:3d:cf:eb:8d:36:15:88:1f:03:01:9e
Signer

.text
Size: 71KB - Virtual size: 71KB

.rdata
Size: 21KB - Virtual size: 21KB

.data
Size: 6KB - Virtual size: 21KB

.rsrc
Size: 4KB - Virtual size: 3KB