3a7f8137e00054364203eda02ff91ce1d70a46433f5ec72491df5754ae2198c4N

Sharing

Copy URL Twitter E-mail

General

Target

3a7f8137e00054364203eda02ff91ce1d70a46433f5ec72491df5754ae2198c4N
Size

491KB
MD5

3192e2385193e1bcc51e80567a0eb370
SHA1

6fd3f4f81cbea4a1924f765266a49cce8c944dc1
SHA256

3a7f8137e00054364203eda02ff91ce1d70a46433f5ec72491df5754ae2198c4
SHA512

c043a5901d2320979b2e35dfcba1b25a960862e36b082a7757f1ebf07caf65819212edaabc46e88029faa7f5334d354a21d3bf2a24270b7e0a8068a78d28c6c8
SSDEEP

6144:9DqFz/LUj8m5Yir0n/0IpXotPnoNtiINDffWNgSyHrX8bZA+IQgbgd3U5wOOYUn0:BqdLUx1qodo33HjB+ZgbgdrnXWN

Score

1^/10

Malware Config

Signatures

Files

3a7f8137e00054364203eda02ff91ce1d70a46433f5ec72491df5754ae2198c4N
.dll windows:4 windows x86 arch:x86

ae7d4b71c7679da9ae2daaad79cc67bc

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/01/2010, 00:00

Not After

25/01/2013, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

9c:48:24:1e:65:b1:7d:f6:de:22:35:da:80:fe:84:a2:93:b7:86:87
Signer

Actual PE Digest

9c:48:24:1e:65:b1:7d:f6:de:22:35:da:80:fe:84:a2:93:b7:86:87

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord815
ord561
ord823
ord3953
ord1134
ord2567
ord2859
ord755
ord470
ord5981
ord2754
ord3693
ord800
ord537
ord4133
ord4297
ord1641
ord2152
ord6442
ord2642
ord4299
ord3571
ord640
ord2405
ord2753
ord5785
ord1640
ord323
ord3619
ord2243
ord2818
ord2135
ord1949
ord4034
ord2725
ord2688
ord2764
ord4202
ord2820
ord269
ord826
ord600
ord1578
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1168
ord1575
ord1176
ord1116
ord2971
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord6021
ord6172
ord5873
ord5789
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord3596
ord2713
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord2379
ord2078
ord609
ord3574
ord3402
ord4396
ord2575
ord3663
ord283
ord2414
ord6055
ord3626
ord6467
ord2864
ord1233
ord4275
ord825
ord567
ord818
ord3742
ord4424
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5290
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1776
ord4078

msvcrt

__CxxFrameHandler
_purecall
_vsnprintf
_mbsnbcpy
strlen
_mbsnbcat
memset
memcpy
abs
strncpy
_mbclen
_ftol
fclose
fwrite
fopen
strcpy
??1type_info@@UAE@XZ
_adjust_fdiv
malloc
_initterm
free
_mbschr
_snprintf
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
_mbsstr
_mbsicmp
log10
_mbscmp
_mbsnbcmp
_mbsinc
sprintf
localtime
_itoa
wcslen
_mbstok
atoi
strcat
_mbslen
_mbsrchr

kernel32

CloseHandle
lstrcpyA
lstrcatA
WinExec
GetCurrentThreadId
ReadFile
lstrlenW
WideCharToMultiByte
LoadLibraryA
GetProcAddress
lstrlenA
MultiByteToWideChar
GetModuleHandleA
GetModuleFileNameA
GetPrivateProfileStringA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
OutputDebugStringA
lstrcpynA
GetPrivateProfileIntA
Process32First
CreateToolhelp32Snapshot
LocalFree
LocalAlloc
Process32Next
CreateFileA

user32

EnableWindow
GetClientRect
FillRect
SetRect
OffsetRect
GrayStringA
GetDC
InvalidateRect
ScreenToClient
GetCursorPos
ShowWindow
IsRectEmpty
PtInRect
LoadCursorA
ReleaseDC
TabbedTextOutA
SetCursor
IsWindow
DestroyWindow
MoveWindow
GetWindowRect
DrawTextA
PostQuitMessage
GetMessagePos
SetCapture
ReleaseCapture
ClientToScreen
SetRectEmpty
CopyRect
IntersectRect
InflateRect
SetFocus
SetWindowPos
SetParent
SetWindowRgn
SetTimer
IsWindowVisible
KillTimer
GetParent
GetFocus
GetWindowThreadProcessId
AttachThreadInput
GetForegroundWindow
SetForegroundWindow
SetActiveWindow
GetDesktopWindow
LoadImageA
GetWindowLongA
SetWindowLongA

gdi32

CreateCompatibleDC
CreateBitmap
TextOutA
CreateFontIndirectA
DPtoLP
GetDeviceCaps
ExtTextOutA
CreatePen
GetObjectA
StretchBlt
CreateCompatibleBitmap
SetBkColor
CreateRoundRectRgn
CreateDIBSection
CombineRgn
CreateRectRgnIndirect
PtInRegion
GetPixel
CreateRectRgn
OffsetRgn
DeleteDC
BitBlt
SelectObject
SetBkMode
SetTextColor
DeleteObject
GetTextColor
GetClipBox
PtVisible
RectVisible
Escape

advapi32

RegQueryValueA
RegOpenKeyExA
RegCloseKey

shell32

ShellExecuteA

comctl32

_TrackMouseEvent
ImageList_Draw

ole32

CreateStreamOnHGlobal

gdiplus

GdipCreateTexture
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipFillRectangle
GdipDrawPath
GdipSetLinePresetBlend
GdipCreateTextureIA
GdipCreateTexture2
GdipCreateSolidFill
GdipCloneBrush
GdipBitmapSetPixel
GdipDrawLineI
GdipCreateLineBrushFromRect
GdipFillRectangleI
GdipDrawRectangleI
GdipSetSmoothingMode
GdipCreatePen1
GdipDeletePen
GdipAddPathArcI
GdipMeasureString
GdipSetStringFormatAlign
GdipDrawString
GdipCreateStringFormat
GdipDeleteStringFormat
GdipDeleteFont
GdipFillPath
GdipSetTextureWrapMode
GdipTranslateTextureTransform
GdipDeleteBrush
GdipDrawImagePointRectI
GdipDrawImageI
GdipGraphicsClear
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromGdiDib
GdipSetImageAttributesColorKeys
GdipDrawImageRectRect
GdipIsVisibleRegionPointI
GdipCreatePath
GdipStartPathFigure
GdipAddPathLine2I
GdipClosePathFigure
GdipCreateRegionPath
GdipDeletePath
GdipDeleteRegion
GdipDrawImageRectI
GdipLoadImageFromStream
GdipDrawImageRectRectI
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipLoadImageFromFile
GdipCreateFromHDC
GdipDrawImagePointsRectI
GdipDeleteGraphics
GdipDisposeImage
GdipCloneImage
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipFree
GdipAlloc
GdipGetImageHeight
GdipGetImageWidth
GdipBitmapGetPixel
GdipStringFormatGetGenericTypographic
GdipCloneStringFormat

msvcp60

?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z
?setprecision@std@@YA?AU?$_Smanip@H@1@H@Z
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
?str@?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIID@Z
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?setw@std@@YA?AU?$_Smanip@H@1@H@Z

shfolder

SHGetFolderPathA

Exports

Exports

CreateObject

Sections

.text
Size: 347KB - Virtual size: 346KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ae7d4b71c7679da9ae2daaad79cc67bc

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0Certificate

Extended Key Usages

Key Usages

9c:48:24:1e:65:b1:7d:f6:de:22:35:da:80:fe:84:a2:93:b7:86:87Signer

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

gdiplus

msvcp60

shfolder

Exports

Exports

Sections

.text Size: 347KB - Virtual size: 346KB

.rdata Size: 78KB - Virtual size: 78KB

.data Size: 13KB - Virtual size: 22KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 44KB - Virtual size: 44KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

9c:48:24:1e:65:b1:7d:f6:de:22:35:da:80:fe:84:a2:93:b7:86:87
Signer

.text
Size: 347KB - Virtual size: 346KB

.rdata
Size: 78KB - Virtual size: 78KB

.data
Size: 13KB - Virtual size: 22KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 44KB - Virtual size: 44KB