ebe4f6f140480120e473cf9f5cd1241a1e3ab928babc0ecfe117a25664a4844a

Sharing

Copy URL

Twitter E-mail

General

Target

ebe4f6f140480120e473cf9f5cd1241a1e3ab928babc0ecfe117a25664a4844a
Size

661KB
MD5

e8e852e01791fbbf0b226862dee39133
SHA1

e2a76c4c2b4f3fd423d01c2d5044501d33f959ff
SHA256

ebe4f6f140480120e473cf9f5cd1241a1e3ab928babc0ecfe117a25664a4844a
SHA512

b8780728628071125b2360ae6735e0efbda970594151df9b2f4cc632e638e29b4060692a1949b5eda57aee4c3660f6ef35ebcf2e91bb19c2444963448a7f7665
SSDEEP

12288:eVeeVlnvBtmdHU2gCwLB8R46GhX0eMy0zQOwNnYcMheUJmexF4:WMdiG46GhpMy2heUXxq

Score

1^/10

Malware Config

Signatures

Files

ebe4f6f140480120e473cf9f5cd1241a1e3ab928babc0ecfe117a25664a4844a
.exe windows:5 windows x86 arch:x86

9a3d8ebe3ae04c9f43dbe2edb51c8768

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4f:9e:d9:31:be:e8:ee:dd:8b:fc:72:c7:0c:43:f1:fd
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29/12/2014, 00:00

Not After

28/12/2017, 23:59

Subject

CN=GuangZhou KuGou Computer Technology Co.\,Ltd.,OU=PC Development Dept.,O=GuangZhou KuGou Computer Technology Co.\,Ltd.,L=Guangzhou,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

fe:a0:a8:a9:67:71:1d:70:94:4c:a4:99:29:c1:e0:ce:f7:5c:56:33
Signer

Actual PE Digest

fe:a0:a8:a9:67:71:1d:70:94:4c:a4:99:29:c1:e0:ce:f7:5c:56:33

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\code\adb\bin\Release\adb.pdb

Imports

ws2_32

connect
WSAStartup
htonl
WSAGetLastError
WSAEnumNetworkEvents
htons
WSAEventSelect
shutdown
WSACleanup
recv
bind
socket
WSACreateEvent
closesocket
send
listen
accept
gethostbyname
setsockopt

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW

winusb

WinUsb_QueryPipe
WinUsb_GetDescriptor
WinUsb_QueryInterfaceSettings
WinUsb_WritePipe
WinUsb_ReadPipe
WinUsb_SetPipePolicy
WinUsb_Initialize
WinUsb_GetCurrentAlternateSetting
WinUsb_Free
WinUsb_GetOverlappedResult

kernel32

IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
HeapSetInformation
InterlockedExchange
DecodePointer
EncodePointer
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
FlushConsoleInputBuffer
GetVersionExA
LoadLibraryA
GetProcAddress
FreeLibrary
GlobalMemoryStatus
GetCurrentProcessId
QueryPerformanceCounter
GetTickCount
SetHandleInformation
WriteFile
Sleep
LeaveCriticalSection
CreateProcessA
ReadFile
GetStdHandle
GetLastError
EnterCriticalSection
SetConsoleCtrlHandler
CreatePipe
GetModuleFileNameA
CloseHandle
GetTempPathA
WideCharToMultiByte
MultiByteToWideChar
GetLocalTime
CreateFileA
GetFileSize
SetFilePointer
WaitForSingleObject
InterlockedCompareExchange
SetEvent
InitializeCriticalSection
GetFileSizeEx
ResetEvent
CreateEventW
WaitForMultipleObjects
DeleteCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
CreateFileW
DeviceIoControl
GetOverlappedResult
InterlockedIncrement
InterlockedDecrement
GetCurrentThreadId
GetVersion
GetFileType

user32

GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA

advapi32

RegisterEventSourceA
ReportEventA
DeregisterEventSource

shell32

SHGetFolderPathA

msvcr100

_invoke_watson
_controlfp_s
_except_handler4_common
_crt_debugger_hook
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
__set_app_type
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_getpid
_umask
_strnicmp
_chmod
_access
_read
_unlink
_getcwd
_stricmp
_fileno
_getch
__CxxFrameHandler3
setvbuf
_initterm
__initenv
sscanf
strncmp
free
calloc
malloc
strerror
__iob_func
strchr
fflush
atoi
_snprintf
_errno
strtol
strncpy
printf
fopen
_CxxThrowException
fprintf
_strdup
vfprintf
getenv
strpbrk
exit
_mkdir
fclose
_stat64i32
sprintf
strtoul
strncat
perror
_beginthread
isalpha
isdigit
fwrite
strrchr
abort
_mktime64
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
memmove
??_U@YAPAXI@Z
_findnext64i32
_findclose
_chdir
??_V@YAXPAX@Z
??3@YAXPAX@Z
_findfirst64i32
??2@YAPAXI@Z
_vsnprintf
ftell
fseek
_endthreadex
_beginthreadex
realloc
fgets
_wcsnicmp
_vswprintf
_purecall
tolower
memset
memcpy
ferror
fread
_setmode
feof
memchr
wcsstr
qsort
isspace
strcmp
_time64
isxdigit
fputs
signal
isupper
strstr
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter

msvcp100

?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z

Exports

Exports

??0AdbEndpointObject@@QAE@ABV0@@Z
??0AdbEndpointObject@@QAE@PAVAdbInterfaceObject@@EE@Z
??0AdbIOCompletion@@QAE@ABV0@@Z
??0AdbIOCompletion@@QAE@PAVAdbEndpointObject@@KPAX@Z
??0AdbInterfaceObject@@QAE@ABV0@@Z
??0AdbInterfaceObject@@QAE@PB_W@Z
??0AdbObjectHandle@@QAE@ABV0@@Z
??0AdbObjectHandle@@QAE@W4AdbObjectType@@@Z
??1AdbEndpointObject@@MAE@XZ
??1AdbIOCompletion@@MAE@XZ
??1AdbInterfaceObject@@MAE@XZ
??1AdbObjectHandle@@MAE@XZ
??4AdbEndpointObject@@QAEAAV0@ABV0@@Z
??4AdbIOCompletion@@QAEAAV0@ABV0@@Z
??4AdbInterfaceObject@@QAEAAV0@ABV0@@Z
??4AdbObjectHandle@@QAEAAV0@ABV0@@Z
??_7AdbEndpointObject@@6B@
??_7AdbIOCompletion@@6B@
??_7AdbInterfaceObject@@6B@
??_7AdbObjectHandle@@6B@
?AddRef@AdbObjectHandle@@UAEJXZ
?AsyncRead@AdbEndpointObject@@UAEPAXPAXKPAK0K@Z
?AsyncWrite@AdbEndpointObject@@UAEPAXPAXKPAK0K@Z
?CloseHandle@AdbObjectHandle@@UAE_NXZ
?CreateHandle@AdbObjectHandle@@UAEPAXXZ
?GetEndpointInformation@AdbEndpointObject@@UAE_NPAU_AdbEndpointInformation@@@Z
?GetInterfaceName@AdbInterfaceObject@@UAE_NPAXPAK_N@Z
?GetParentInterfaceHandle@AdbEndpointObject@@QBEPAXXZ
?GetParentObjectHandle@AdbIOCompletion@@QBEPAXXZ
?GetUsbConfigurationDescriptor@AdbInterfaceObject@@UAE_NPAU_USB_CONFIGURATION_DESCRIPTOR@@@Z
?GetUsbDeviceDescriptor@AdbInterfaceObject@@UAE_NPAU_USB_DEVICE_DESCRIPTOR@@@Z
?GetUsbInterfaceDescriptor@AdbInterfaceObject@@UAE_NPAU_USB_INTERFACE_DESCRIPTOR@@@Z
?IsCompleted@AdbIOCompletion@@UAE_NXZ
?IsObjectOfType@AdbObjectHandle@@UBE_NW4AdbObjectType@@@Z
?IsOpened@AdbObjectHandle@@QBE_NXZ
?LastReferenceReleased@AdbObjectHandle@@MAEXXZ
?Lookup@AdbObjectHandle@@SAPAV1@PAX@Z
?Release@AdbObjectHandle@@UAEJXZ
?SyncRead@AdbEndpointObject@@UAE_NPAXKPAKK@Z
?SyncWrite@AdbEndpointObject@@UAE_NPAXKPAKK@Z
?Type@AdbEndpointObject@@SA?AW4AdbObjectType@@XZ
?Type@AdbIOCompletion@@SA?AW4AdbObjectType@@XZ
?Type@AdbInterfaceObject@@SA?AW4AdbObjectType@@XZ
?adb_handle@AdbObjectHandle@@QBEPAXXZ
?endpoint_id@AdbEndpointObject@@QBEEXZ
?endpoint_index@AdbEndpointObject@@QBEEXZ
?interface_name@AdbInterfaceObject@@QBEABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?object_type@AdbObjectHandle@@QBE?AW4AdbObjectType@@XZ
?overlapped@AdbIOCompletion@@QAEPAU_OVERLAPPED@@XZ
?parent_interface@AdbEndpointObject@@QBEPAVAdbInterfaceObject@@XZ
?parent_io_object@AdbIOCompletion@@QBEPAVAdbEndpointObject@@XZ
?usb_config_descriptor@AdbInterfaceObject@@QBEPBU_USB_CONFIGURATION_DESCRIPTOR@@XZ
?usb_device_descriptor@AdbInterfaceObject@@QBEPBU_USB_DEVICE_DESCRIPTOR@@XZ
?usb_interface_descriptor@AdbInterfaceObject@@QBEPBU_USB_INTERFACE_DESCRIPTOR@@XZ
AdbCloseHandle
AdbCreateInterface
AdbCreateInterfaceByName
AdbEnumInterfaces
AdbGetDefaultBulkReadEndpointInformation
AdbGetDefaultBulkWriteEndpointInformation
AdbGetEndpointInformation
AdbGetEndpointInterface
AdbGetInterfaceName
AdbGetOvelappedIoResult
AdbGetSerialNumber
AdbGetUsbConfigurationDescriptor
AdbGetUsbDeviceDescriptor
AdbGetUsbInterfaceDescriptor
AdbHasOvelappedIoComplated
AdbNextInterface
AdbOpenDefaultBulkReadEndpoint
AdbOpenDefaultBulkWriteEndpoint
AdbOpenEndpoint
AdbQueryInformationEndpoint
AdbReadEndpointAsync
AdbReadEndpointSync
AdbResetInterfaceEnum
AdbWriteEndpointAsync
AdbWriteEndpointSync

Sections

.text
Size: 360KB - Virtual size: 359KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 67KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9a3d8ebe3ae04c9f43dbe2edb51c8768

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

4f:9e:d9:31:be:e8:ee:dd:8b:fc:72:c7:0c:43:f1:fdCertificate

Extended Key Usages

Key Usages

fe:a0:a8:a9:67:71:1d:70:94:4c:a4:99:29:c1:e0:ce:f7:5c:56:33Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

setupapi

winusb

kernel32

user32

advapi32

shell32

msvcr100

msvcp100

Exports

Exports

Sections

.text Size: 360KB - Virtual size: 359KB

.rdata Size: 104KB - Virtual size: 104KB

.data Size: 38KB - Virtual size: 114KB

.rsrc Size: 90KB - Virtual size: 89KB

.reloc Size: 67KB - Virtual size: 82KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

4f:9e:d9:31:be:e8:ee:dd:8b:fc:72:c7:0c:43:f1:fd
Certificate

fe:a0:a8:a9:67:71:1d:70:94:4c:a4:99:29:c1:e0:ce:f7:5c:56:33
Signer

.text
Size: 360KB - Virtual size: 359KB

.rdata
Size: 104KB - Virtual size: 104KB

.data
Size: 38KB - Virtual size: 114KB

.rsrc
Size: 90KB - Virtual size: 89KB

.reloc
Size: 67KB - Virtual size: 82KB