7c84d3da99dca27bf9447b58ec100c97a3307e966bbafbcbf3964c8c8ef05edbN

Sharing

Copy URL Twitter E-mail

General

Target

7c84d3da99dca27bf9447b58ec100c97a3307e966bbafbcbf3964c8c8ef05edbN
Size

799KB
MD5

fd24abb7c6a5082350e02cf86732b160
SHA1

b3bc39c0c6aa896a5ecc473af69229429e2c668e
SHA256

7c84d3da99dca27bf9447b58ec100c97a3307e966bbafbcbf3964c8c8ef05edb
SHA512

99acff2958466d629aafc6705629254b20b63bbdc861b7ecc677519a6cb9a7371a6b2201b13d49469f919e90052887d0c8b926d8ad5d8ff7e20bc20dc4cfc6da
SSDEEP

12288:jMSfRUJUrV4MiXmQePLoyOYKfZxnbLWGulX2v70F3qWcS:7UWODZYKB0870QWcS

Score

1^/10

Malware Config

Signatures

Files

7c84d3da99dca27bf9447b58ec100c97a3307e966bbafbcbf3964c8c8ef05edbN
.exe windows:5 windows x86 arch:x86

30b3a59d67a9bd1a163dd4b28382b982

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:88:d4:e4:b8:4a:5a:d0:d8:7a:8c:fa:d1:84:1e:1d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/07/2015, 00:00

Not After

02/09/2018, 23:59

Subject

CN=Magic Control Technology Corp.,O=Magic Control Technology Corp.,L=Tucheng Dist.,ST=New Taipei City,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:7b:b3:c1:02:96:09:89:0d:cb:45:ce:d6:36:1c:c7:fe:e6:0c:61
Signer

Actual PE Digest

09:7b:b3:c1:02:96:09:89:0d:cb:45:ce:d6:36:1c:c7:fe:e6:0c:61

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

lz32

LZCopy
LZOpenFileW
LZClose

msi

ord88
ord141
ord169
ord8
ord137

kernel32

RaiseException
InitializeCriticalSection
DeleteCriticalSection
WriteFile
SetFilePointer
CompareStringA
LoadLibraryW
FindResourceExW
GetFileAttributesW
ReleaseMutex
FindClose
FreeLibrary
UnmapViewOfFile
CompareStringW
lstrcmpiW
CreateEventW
QueryPerformanceFrequency
MapViewOfFile
GetSystemInfo
VirtualQuery
IsBadReadPtr
CreateFileMappingW
CreateMutexW
GetDiskFreeSpaceW
lstrcatW
LoadLibraryExW
CreateDirectoryW
GetFileSize
GetPrivateProfileIntW
GetDriveTypeW
GetSystemDefaultLangID
GetUserDefaultLangID
GetSystemTimeAsFileTime
lstrcpynW
FindFirstFileW
SetErrorMode
SetFileAttributesW
FileTimeToLocalFileTime
GetFileTime
HeapFree
lstrlenA
HeapAlloc
GetProcessHeap
GetCurrentDirectoryW
ExpandEnvironmentStringsW
CopyFileW
UnhandledExceptionFilter
GetCurrentThread
lstrcmpW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
lstrcpyW
lstrlenW
Sleep
CloseHandle
CreateProcessW
SetLastError
GetLastError
MultiByteToWideChar
ResumeThread
SetThreadContext
FlushInstructionCache
WriteProcessMemory
FreeResource
lstrcmpiA
GetPrivateProfileSectionNamesA
MulDiv
GetPrivateProfileIntA
lstrcatA
GetPrivateProfileStringA
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetConsoleMode
GetConsoleCP
LCMapStringA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleHandleA
HeapCreate
VerLanguageNameW
GetExitCodeProcess
CreateThread
ReadFile
GetCommandLineW
lstrcpyA
ExitThread
GetTickCount
WideCharToMultiByte
GetLocaleInfoW
IsValidLocale
GetTempPathW
GetVersionExW
CreateFileW
InterlockedIncrement
GetWindowsDirectoryW
InterlockedDecrement
LocalFree
FormatMessageW
GlobalFree
GlobalLock
GlobalUnlock
FindResourceW
LoadResource
SizeofResource
GlobalAlloc
LockResource
GetSystemDirectoryW
SetCurrentDirectoryW
WaitForSingleObject
DeleteFileW
RemoveDirectoryW
ExitProcess
GetCurrentProcess
DuplicateHandle
TerminateProcess
MoveFileExW
GetThreadContext
VirtualProtectEx
HeapReAlloc
VirtualAlloc
VirtualFree
GetModuleFileNameA
GetStdHandle
HeapSize
LCMapStringW
GetCurrentThreadId
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
FindNextFileW
lstrcmpA
SearchPathW
VirtualProtect
SystemTimeToFileTime
QueryPerformanceCounter
SetEvent
ResetEvent
GetCurrentProcessId
GetVersion
GetACP
GetCPInfo
GetStartupInfoW
RtlUnwind
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
GetProcessTimes
OpenProcess
SetFileTime
GetTimeFormatW
GetDateFormatW
GetTempFileNameW
GetLocalTime
CompareFileTime
SetUnhandledExceptionFilter

user32

DialogBoxIndirectParamW
WaitForInputIdle
wsprintfW
MessageBoxW
SetActiveWindow
SetForegroundWindow
SetWindowLongW
InflateRect
GetMessageW
DefWindowProcW
LoadStringW
FillRect
GetSysColor
GetPropW
EnableMenuItem
SetPropW
RemovePropW
SetFocus
EndPaint
BeginPaint
GetWindow
SystemParametersInfoW
GetSystemMetrics
MapWindowPoints
LoadImageW
CreateDialogParamW
GetDC
ReleaseDC
GetParent
GetWindowTextW
CharNextW
GetDesktopWindow
GetClientRect
IsWindowEnabled
IsWindowVisible
CreateDialogIndirectParamW
PostMessageW
ShowWindow
EnableWindow
ScreenToClient
SetWindowPos
FindWindowExW
IsDialogMessageW
MsgWaitForMultipleObjects
ExitWindowsEx
SetWindowTextW
CallWindowProcW
DrawFocusRect
CharUpperW
DrawTextW
GetWindowDC
CopyRect
GetClassNameW
CreateWindowExW
wsprintfA
EnumChildWindows
UpdateWindow
InvalidateRect
DrawIcon
MapDialogRect
IntersectRect
RegisterClassExW
GetDlgItemTextW
TranslateMessage
DispatchMessageW
PeekMessageW
IsWindow
DestroyWindow
SendDlgItemMessageW
GetWindowLongW
SetDlgItemTextW
GetWindowRect
MoveWindow
EndDialog
LoadIconW
GetDlgItem
SendMessageW

gdi32

DeleteMetaFile
CreateDCW
GetStockObject
CreateCompatibleBitmap
CreatePatternBrush
GetTextExtentPoint32W
CreateDIBitmap
SetMetaFileBitsEx
SetStretchBltMode
CreateRectRgn
SetPixel
PatBlt
PlayMetaFile
StretchBlt
CreateBitmap
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
SetMapMode
SelectClipRgn
SetBkColor
SetBkMode
SetTextColor
TextOutW
CreateSolidBrush
RestoreDC
SaveDC
GetDeviceCaps
GetDIBColorTable
GetSystemPaletteEntries
CreatePalette
CreateHalftonePalette
CreateCompatibleDC
UnrealizeObject
SelectPalette
RealizePalette
SelectObject
BitBlt
DeleteDC
DeleteObject
GetObjectW
CreateFontIndirectW
TranslateCharsetInfo

advapi32

RegCloseKey
RegEnumValueW
OpenThreadToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
RegEnumKeyW
RegOpenKeyW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegDeleteKeyW
RegDeleteValueW
RegQueryInfoKeyW
RegEnumKeyExW
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
RegQueryValueExW

shell32

SHGetMalloc
ShellExecuteExW
SHGetPathFromIDListW
SHGetSpecialFolderLocation

ole32

CoInitializeEx
CoUninitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
CoInitializeSecurity

oleaut32

VariantClear
VariantInit
VarBstrCat
GetErrorInfo
SysAllocStringByteLen
SysAllocStringLen
SysAllocString
SysFreeString
SysStringLen
SysStringByteLen
VarUI4FromStr
VariantChangeType
SysReAllocStringLen
VarBstrCmp

rpcrt4

UuidCreate
UuidToStringW
RpcStringFreeW

Sections

.text
Size: 412KB - Virtual size: 411KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 290KB - Virtual size: 290KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

30b3a59d67a9bd1a163dd4b28382b982

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

18:88:d4:e4:b8:4a:5a:d0:d8:7a:8c:fa:d1:84:1e:1dCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

09:7b:b3:c1:02:96:09:89:0d:cb:45:ce:d6:36:1c:c7:fe:e6:0c:61Signer

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

version

lz32

msi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

rpcrt4

Sections

.text Size: 412KB - Virtual size: 411KB

.rdata Size: 81KB - Virtual size: 80KB

.data Size: 9KB - Virtual size: 17KB

.rsrc Size: 290KB - Virtual size: 290KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

18:88:d4:e4:b8:4a:5a:d0:d8:7a:8c:fa:d1:84:1e:1d
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

09:7b:b3:c1:02:96:09:89:0d:cb:45:ce:d6:36:1c:c7:fe:e6:0c:61
Signer

.text
Size: 412KB - Virtual size: 411KB

.rdata
Size: 81KB - Virtual size: 80KB

.data
Size: 9KB - Virtual size: 17KB

.rsrc
Size: 290KB - Virtual size: 290KB