97bcc2fc0a5d2b093846b75b9ceb4af19a06f1beb638fd4cd43f1938a7a9a16eN

Sharing

Copy URL

Twitter E-mail

General

Target

97bcc2fc0a5d2b093846b75b9ceb4af19a06f1beb638fd4cd43f1938a7a9a16eN
Size

1022KB
MD5

fecd29c5930d1d7c9ed12f74c0f301c0
SHA1

2c8d2d0a1302d36cd26434ad6af101d7b26b1757
SHA256

97bcc2fc0a5d2b093846b75b9ceb4af19a06f1beb638fd4cd43f1938a7a9a16e
SHA512

fa7dd3579efeb1d0a345ba014ba6a25029a0e9aabe96adbe21dd7d6c759eddbdf21adf30a9632330182635293b43fdb7d3b3e2bdf35284613e6241196b518ffc
SSDEEP

24576:S9INUOL+wEGGDxM9Be+KeGTWg2yU2UFvv+d+c:S92UOL+wETFM9wZIghUNmkc

Score

1^/10

Malware Config

Signatures

Files

97bcc2fc0a5d2b093846b75b9ceb4af19a06f1beb638fd4cd43f1938a7a9a16eN
.exe windows:5 windows x86 arch:x86

7f124e24ff6ce2bb9b6480dc414fd8ee

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:01

Not After

23-05-2016 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1f:86:63:31:32:22:ff:99:57:a7:d5:ed:d2:7a:33:46
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

16-02-2016 00:00

Not After

17-03-2017 23:59

Subject

CN=Wondershare software CO.\, LIMITED,OU=IT,O=Wondershare software CO.\, LIMITED,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

55:35:f2:b2:9e:c7:94:4f:53:7f:ed:94:e1:55:e8:19
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

16-02-2016 00:00

Not After

17-03-2017 23:59

Subject

CN=Wondershare software CO.\, LIMITED,OU=IT,O=Wondershare software CO.\, LIMITED,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:01

Not After

23-05-2016 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for Advanced - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02-08-2011 10:00

Not After

29-03-2029 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

67:10:e1:5c:e8:74:03:3d:59:24:6e:58:a4:03:4d:af:aa:90:ea:aa:88:8b:fd:65:e7:4b:62:6f:23:63:3d:90
Signer

Actual PE Digest

67:10:e1:5c:e8:74:03:3d:59:24:6e:58:a4:03:4d:af:aa:90:ea:aa:88:8b:fd:65:e7:4b:62:6f:23:63:3d:90

Digest Algorithm

sha256

PE Digest Matches

true

3c:66:f2:89:fe:95:1b:83:1e:48:b6:8b:e7:5b:83:f7:4e:ea:55:9c
Signer

Actual PE Digest

3c:66:f2:89:fe:95:1b:83:1e:48:b6:8b:e7:5b:83:f7:4e:ea:55:9c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\svn_code\CommonUI\WAF_Download\Trunk\Src\WAE\bin\WAE_EN.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

comctl32

ord17
_TrackMouseEvent

kernel32

VirtualQuery
GetModuleFileNameW
SetUnhandledExceptionFilter
lstrcmpW
GetEnvironmentVariableW
CreateProcessW
TerminateProcess
SetErrorMode
CreateSemaphoreW
GetFileAttributesW
lstrcatW
InterlockedIncrement
InterlockedDecrement
GetCurrentDirectoryW
ExitProcess
FreeResource
GetACP
GetFileType
DuplicateHandle
SystemTimeToFileTime
DosDateTimeToFileTime
CreateDirectoryW
SetFileTime
GetFileSize
MulDiv
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CreateFileA
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetModuleHandleA
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetSystemDirectoryA
GetModuleHandleW
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
SetHandleCount
GetConsoleMode
GetConsoleCP
LCMapStringA
GetModuleFileNameA
GetStdHandle
HeapCreate
VirtualAlloc
VirtualFree
LCMapStringW
IsValidCodePage
GetOEMCP
GetCPInfo
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
RtlUnwind
GetStartupInfoA
GetCommandLineA
GetCurrentThreadId
ExitThread
MoveFileW
GetSystemTimeAsFileTime
IsDebuggerPresent
UnhandledExceptionFilter
RaiseException
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
FreeEnvironmentStringsA
GetVolumeInformationA
GetTimeZoneInformation
lstrlenA
TerminateThread
GetFileAttributesExW
GetSystemDefaultLCID
GetProcAddress
LoadLibraryW
FreeLibrary
GetTempPathW
WaitForMultipleObjects
SetEndOfFile
ReadFile
SetFilePointerEx
SetFileAttributesW
GetFileSizeEx
Sleep
DeleteFileW
GetTickCount
SetFilePointer
WriteFile
CreateThread
SetEvent
CreateEventW
GetVersionExW
GetCurrentProcess
SetPriorityClass
GetLastError
SetEnvironmentVariableA
DeviceIoControl
CloseHandle
GetExitCodeProcess
WaitForSingleObject
CreateFileW
MultiByteToWideChar
lstrlenW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FlushFileBuffers
CompareStringA
CompareStringW
GetEnvironmentStrings

user32

CharNextW
wvsprintfW
SetCursor
InflateRect
OffsetRect
SetWindowRgn
IsZoomed
IntersectRect
FillRect
DrawTextW
CharPrevW
SetRect
CreateCaret
HideCaret
ShowCaret
SetCaretPos
ClientToScreen
GetSysColor
SetFocus
GetFocus
MapWindowPoints
GetWindowRect
GetSystemMetrics
SetWindowPos
wsprintfW
PostMessageW
InvalidateRgn
MoveWindow
CreateAcceleratorTableW
GetWindowTextW
GetWindowTextLengthW
SetWindowTextW
MessageBoxW
FindWindowW
IsIconic
ShowWindow
SetForegroundWindow
GetLastActivePopup
PostQuitMessage
CreatePopupMenu
AppendMenuW
TrackPopupMenu
ScreenToClient
PtInRect
LoadIconW
FindWindowExW
SendMessageW
GetCursorPos
BringWindowToTop
SetActiveWindow
RegisterClassW
DefWindowProcW
CreateWindowExW
GetKeyState
GetDC
GetClientRect
IsRectEmpty
SetWindowLongW
GetWindowLongW
InvalidateRect
SetTimer
KillTimer
IsWindow
SetCapture
ReleaseCapture
ReleaseDC
GetClassInfoExW
RegisterClassExW
LoadCursorW
GetMenu
AdjustWindowRectEx
SetPropW
GetPropW
CallWindowProcW
LoadImageW
MonitorFromWindow
GetMonitorInfoW
EnableWindow
GetMessageW
TranslateMessage
DispatchMessageW
GetParent
GetWindow
GetUpdateRect
BeginPaint
EndPaint
DestroyWindow

gdi32

CreateCompatibleBitmap
SaveDC
BitBlt
RestoreDC
Rectangle
SetWindowOrgEx
DeleteDC
CreatePen
GetStockObject
GetObjectW
DeleteObject
SelectObject
ExtSelectClipRgn
SetBkColor
CreateSolidBrush
CreateCompatibleDC
MoveToEx
CreatePenIndirect
RoundRect
SetTextColor
SetBkMode
TextOutW
GetTextExtentPoint32W
GetCharABCWidthsW
GetDeviceCaps
GetObjectA
CreateRectRgnIndirect
GetClipBox
CombineRgn
CreateRoundRectRgn
LineTo
SelectClipRgn
StretchBlt
CreateDIBSection
SetStretchBltMode
GetTextMetricsW
CreateFontIndirectW
ExtTextOutW

advapi32

RegEnumKeyExW
RegOpenKeyExW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegSetValueExW
RegCloseKey
RegQueryValueExW
RegCreateKeyExW
RegDeleteValueW

shell32

ShellExecuteExW
SHBrowseForFolderW
Shell_NotifyIconW
SHFileOperationW
SHGetSpecialFolderLocation
SHGetMalloc
ShellExecuteW
ord165
SHGetFolderPathW
SHGetPathFromIDListW

ole32

OleLockRunning
CLSIDFromString
CLSIDFromProgID
CoCreateInstance
CoUninitialize
CoInitialize
CoCreateGuid

oleaut32

VariantInit
SysFreeString
VariantClear
SysAllocString

shlwapi

PathFileExistsW

gdiplus

GdipCloneBrush
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawString
GdipSetTextRenderingHint
GdipCreateFromHDC
GdipSetStringFormatAlign
GdipCreateLineBrushI
GdiplusStartup
GdipDeleteFont
GdipDeleteGraphics
GdipDeleteStringFormat
GdipCreateStringFormat
GdipAlloc
GdipFree
GdipDeleteBrush
GdiplusShutdown
GdipSetStringFormatLineAlign

ws2_32

inet_addr
gethostbyname
send
recv
select
connect
htons
ioctlsocket
closesocket
WSAGetLastError
socket
WSAStartup
WSACleanup
inet_ntoa

iphlpapi

GetAdaptersAddresses

Sections

.text
Size: 461KB - Virtual size: 461KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 404KB - Virtual size: 404KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7f124e24ff6ce2bb9b6480dc414fd8ee

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

1f:86:63:31:32:22:ff:99:57:a7:d5:ed:d2:7a:33:46Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

55:35:f2:b2:9e:c7:94:4f:53:7f:ed:94:e1:55:e8:19Certificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

67:10:e1:5c:e8:74:03:3d:59:24:6e:58:a4:03:4d:af:aa:90:ea:aa:88:8b:fd:65:e7:4b:62:6f:23:63:3d:90Signer

3c:66:f2:89:fe:95:1b:83:1e:48:b6:8b:e7:5b:83:f7:4e:ea:55:9cSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

comctl32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

gdiplus

ws2_32

iphlpapi

Sections

.text Size: 461KB - Virtual size: 461KB

.rdata Size: 93KB - Virtual size: 93KB

.data Size: 11KB - Virtual size: 24KB

.rsrc Size: 404KB - Virtual size: 404KB

.reloc Size: 32KB - Virtual size: 32KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

1f:86:63:31:32:22:ff:99:57:a7:d5:ed:d2:7a:33:46
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

55:35:f2:b2:9e:c7:94:4f:53:7f:ed:94:e1:55:e8:19
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

67:10:e1:5c:e8:74:03:3d:59:24:6e:58:a4:03:4d:af:aa:90:ea:aa:88:8b:fd:65:e7:4b:62:6f:23:63:3d:90
Signer

3c:66:f2:89:fe:95:1b:83:1e:48:b6:8b:e7:5b:83:f7:4e:ea:55:9c
Signer

.text
Size: 461KB - Virtual size: 461KB

.rdata
Size: 93KB - Virtual size: 93KB

.data
Size: 11KB - Virtual size: 24KB

.rsrc
Size: 404KB - Virtual size: 404KB

.reloc
Size: 32KB - Virtual size: 32KB