95cee4993fcee3193d7ad49063b976ec10ae5f25c4d0e845df50ae443f26b7c2N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

95cee4993fcee3193d7ad49063b976ec10ae5f25c4d0e845df50ae443f26b7c2N.exe
Size

645KB
MD5

2680c6b41e91e436135cc5fc1fcc9b70
SHA1

ea2a43b9f393842a7b20d0ac8241e3b80ee55e4d
SHA256

95cee4993fcee3193d7ad49063b976ec10ae5f25c4d0e845df50ae443f26b7c2
SHA512

e36e4d6b397706a67a17def643628e7e8544ad9b7633cd95a88201fdefeb928692596ff2dbc5bb2ff061d4f4842d7caf204ffb8dc2b12366474d4868b5e08f11
SSDEEP

12288:HyO2ir3sXnlxWIcj6h0a/MPR4LTWhobNZrRS2DV:HyOjzs3la6h0ELpNZrA2DV

Score

1^/10

Malware Config

Signatures

Files

95cee4993fcee3193d7ad49063b976ec10ae5f25c4d0e845df50ae443f26b7c2N.exe
.dll windows:4 windows x86 arch:x86

464b33c5e7a57fc84db738af5db4262d

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

7c:bb:32:a2:42:b1:43:ca:8c:97:dc:2f:58:e9:df:eb
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

08/04/2014, 00:00

Not After

07/04/2017, 23:59

Subject

CN=SHANGHAI SONGHENG NETWORK TECHNOLOGY CO.\,LTD,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IT,O=SHANGHAI SONGHENG NETWORK TECHNOLOGY CO.\,LTD,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2c:86:94:a8:ad:6f:ea:77:8e:da:e8:c4:41:fd:32:36:f9:66:ee:db
Signer

Actual PE Digest

2c:86:94:a8:ad:6f:ea:77:8e:da:e8:c4:41:fd:32:36:f9:66:ee:db

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

g:\Company\PCProject\GuangSu\Trunk.GSInput.3.0.1.0512.003\Temp\pdb\WdjEngine.pdb

Imports

gdiplus

GdipAlloc
GdipLoadImageFromStream
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipCloneImage
GdipFree
GdipCreateFromHDC
GdipDrawImageRectRect
GdipLoadImageFromFile
GdipDrawImageRectI
GdiplusStartup
GdipDeleteGraphics

kernel32

GetTempFileNameW
GetLongPathNameW
SetEnvironmentVariableA
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetStringTypeW
GlobalReAlloc
GlobalLock
GlobalUnlock
WaitForMultipleObjects
CreateEventW
CreateThread
ReleaseMutex
CreateMutexW
FormatMessageW
LocalFree
GetTempPathW
GlobalAlloc
GlobalFree
WaitForSingleObject
GetTickCount
WideCharToMultiByte
MultiByteToWideChar
GetCurrentProcessId
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetVersionExW
FreeLibrary
LoadLibraryW
CreateDirectoryW
GetModuleFileNameW
GetPrivateProfileIntW
WritePrivateProfileStringW
GetLastError
Sleep
GetPrivateProfileStringW
LoadLibraryExW
GetProcAddress
CreateFileW
GetFileSize
ReadFile
CloseHandle
DeleteFileW
FindResourceW
LoadResource
LockResource
SizeofResource
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetStringTypeA
IsValidCodePage
IsValidLocale
GetLocaleInfoA
GetUserDefaultLCID
GetTimeZoneInformation
SetLastError
lstrlenW
GetModuleHandleW
GlobalDeleteAtom
lstrcmpW
InterlockedExchange
CompareStringA
GetLocaleInfoW
lstrcmpA
EnumResourceLanguagesW
GetVersion
ConvertDefaultLocale
GetCurrentThreadId
GetCurrentThread
GlobalAddAtomW
InterlockedDecrement
MoveFileW
GetThreadLocale
EnumSystemLocalesA
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetCurrentProcess
FindClose
FindFirstFileW
GetVolumeInformationW
GetFullPathNameW
FileTimeToSystemTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFileTime
SetFileAttributesW
GetFileAttributesW
GetFileTime
GetModuleHandleA
GetVersionExA
LoadLibraryA
CompareStringW
GlobalFindAtomW
GlobalGetAtomNameW
LocalAlloc
TlsGetValue
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
SetErrorMode
InterlockedIncrement
lstrlenA
GlobalFlags
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
GetSystemTimeAsFileTime
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
HeapReAlloc
ExitProcess
ExitThread
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapSize
GetStdHandle
GetModuleFileNameA
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
LCMapStringW

user32

SetWindowsHookExW
ShowOwnedPopups
MessageBoxW
IsWindowEnabled
GetLastActivePopup
GetWindowThreadProcessId
UnhookWindowsHookEx
GetWindow
GetDlgItem
SetWindowTextW
GetDlgCtrlID
SetFocus
GetWindowTextW
WaitMessage
GetSystemMetrics
CharUpperW
TabbedTextOutW
DrawTextExW
GrayStringW
ScreenToClient
GetWindowDC
GetSysColor
GetWindowPlacement
IsIconic
SystemParametersInfoA
IntersectRect
OffsetRect
CallWindowProcW
CopyRect
EqualRect
AdjustWindowRectEx
RegisterClassW
GetClassInfoW
GetClassInfoExW
GetMenu
UpdateWindow
SetForegroundWindow
TrackPopupMenu
MapWindowPoints
GetMessagePos
GetMessageTime
GetTopWindow
SetActiveWindow
RemovePropW
GetPropW
SetPropW
GetClassNameW
GetClassLongW
GetCapture
WinHelpW
TranslateAcceleratorW
ValidateRect
CallNextHookEx
SetRectEmpty
CreatePopupMenu
InsertMenuItemW
LoadAcceleratorsW
ReleaseCapture
DestroyMenu
LoadMenuW
ReuseDDElParam
UnpackDDElParam
UnregisterClassW
GetSysColorBrush
InflateRect
GetMenuItemInfoW
UnregisterClassA
EnableMenuItem
CheckMenuItem
PostQuitMessage
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetForegroundWindow
IsWindowVisible
EnableWindow
LoadCursorW
SetCursor
ClientToScreen
PtInRect
DrawTextW
InvalidateRect
SetTimer
PeekMessageW
SystemParametersInfoW
FindWindowW
GetDesktopWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
DeferWindowPos
BeginDeferWindowPos
RegisterClassExW
DefWindowProcW
LoadIconW
FillRect
DestroyWindow
CreateWindowExW
GetWindowRect
PostMessageW
MoveWindow
ReleaseDC
GetDC
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
GetKeyState
BringWindowToTop
GetCursorPos
RegisterWindowMessageW
KillTimer
GetParent
SendMessageW
SetMenu
ModifyMenuW
GetWindowLongW
SetWindowLongW
IsWindow
SetWindowPos
ShowWindow
BeginPaint
GetClientRect
FrameRect
EndPaint
EndDeferWindowPos

gdi32

PtVisible
RectVisible
ExtTextOutW
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
GetDeviceCaps
SetWindowExtEx
ScaleWindowExtEx
CreatePatternBrush
GetClipBox
SetMapMode
GetStockObject
CreateICW
GetTextExtentPoint32W
CreateCompatibleBitmap
TextOutW
SetBkMode
SetTextColor
CreateSolidBrush
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
GetPixel
GetObjectW
DeleteObject
CreateFontW
CreateFontIndirectW
SetBkColor
RestoreDC
SaveDC
CreateBitmap

advapi32

RegOpenKeyW
RegDeleteKeyW
RegEnumKeyW
RegQueryValueW
RegCreateKeyExW
RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW

shell32

SHGetSpecialFolderPathW
DragFinish
DragQueryFileW

ole32

CreateStreamOnHGlobal

comctl32

_TrackMouseEvent

shlwapi

PathFileExistsW
PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathFindExtensionW

wininet

InternetSetOptionW
InternetOpenW
HttpQueryInfoW
InternetReadFile
InternetOpenUrlW
InternetCloseHandle

ws2_32

recv
send
WSAAsyncSelect
WSASetLastError
WSAGetLastError
sendto
connect
bind
select
socket
accept
inet_addr
htons
htonl
closesocket
gethostbyname
WSACleanup
WSAStartup
recvfrom

oleacc

LresultFromObject
CreateStdAccessibleObject

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

comdlg32

GetFileTitleW

oleaut32

VariantInit
VariantChangeType
VariantClear

Exports

Exports

CleanUpWdjEngineManager
NewInstanceWdjEngineManager

Sections

.text
Size: 420KB - Virtual size: 416KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

464b33c5e7a57fc84db738af5db4262d

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

7c:bb:32:a2:42:b1:43:ca:8c:97:dc:2f:58:e9:df:ebCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

2c:86:94:a8:ad:6f:ea:77:8e:da:e8:c4:41:fd:32:36:f9:66:ee:dbSigner

Headers

File Characteristics

PDB Paths

Imports

gdiplus

kernel32

user32

gdi32

advapi32

shell32

ole32

comctl32

shlwapi

wininet

ws2_32

oleacc

winspool.drv

comdlg32

oleaut32

Exports

Exports

Sections

.text Size: 420KB - Virtual size: 416KB

.rdata Size: 88KB - Virtual size: 84KB

.data Size: 16KB - Virtual size: 29KB

.rsrc Size: 68KB - Virtual size: 65KB

.reloc Size: 44KB - Virtual size: 41KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

7c:bb:32:a2:42:b1:43:ca:8c:97:dc:2f:58:e9:df:eb
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

2c:86:94:a8:ad:6f:ea:77:8e:da:e8:c4:41:fd:32:36:f9:66:ee:db
Signer

.text
Size: 420KB - Virtual size: 416KB

.rdata
Size: 88KB - Virtual size: 84KB

.data
Size: 16KB - Virtual size: 29KB

.rsrc
Size: 68KB - Virtual size: 65KB

.reloc
Size: 44KB - Virtual size: 41KB