022f3efacacb54a3b877bcf85dd16a5c38491a59c0e6c8b71c17b126a4187342N

Sharing

Copy URL Twitter E-mail

General

Target

022f3efacacb54a3b877bcf85dd16a5c38491a59c0e6c8b71c17b126a4187342N
Size

620KB
MD5

52d4c7c667c8d344586d725eeb6cdc60
SHA1

291a81a2736d8dd9d188ed311c859b1e23096756
SHA256

022f3efacacb54a3b877bcf85dd16a5c38491a59c0e6c8b71c17b126a4187342
SHA512

3d9075901be2dd50ce4848ff1e739cdb081d94ceb0bd1d0ee79d9d001799987424a1820d447d97c90fa6e2928797cb9d99e4da66dbef9e1c6199dfd8affd37ef
SSDEEP

12288:Qt8KGq+NA1O00ljlwXIuzseF2vQIYAgBYrV01idsw+YHSk:M8KGq++O0Mw46q1gqh01XsHN

Score

1^/10

Malware Config

Signatures

Files

022f3efacacb54a3b877bcf85dd16a5c38491a59c0e6c8b71c17b126a4187342N
.exe windows:5 windows x86 arch:x86

fd5d02181a65eea47eecf0a6b3ae189d

Code Sign

31:d8:93:ab:c8:84:26:e7:b3:82:e0:3e:50:08:10:33
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Not Before

11/06/2015, 07:44

Not After

11/06/2016, 08:14

Subject

CN=合肥玺智电子商务有限公司,O=合肥玺智电子商务有限公司,L=合肥市,ST=安徽省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

55:33:97:92:c7:54:53:cc:f6:5b:65:d3:f2:bb:00:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

19:c2:85:30:e9:3b:36
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 22:46

Not After

31/12/2019, 23:59

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b1:cb:e8:77:9a:c6:f6:36:98:b1:10:e6:d0:f1:f0:56:ae:6b:40:ff
Signer

Actual PE Digest

b1:cb:e8:77:9a:c6:f6:36:98:b1:10:e6:d0:f1:f0:56:ae:6b:40:ff

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CopyFileW
MoveFileExW
InterlockedDecrement
GetSystemTime
DeleteFileW
CreateEventW
SetEvent
GetModuleFileNameW
GetCurrentProcessId
GetCurrentProcess
SetUnhandledExceptionFilter
FindResourceA
SizeofResource
LoadResource
FreeResource
GetLocalTime
LoadLibraryA
InitializeCriticalSection
DeleteCriticalSection
CreateFileW
SetFilePointer
ReadFile
lstrcmpA
lstrlenA
SystemTimeToFileTime
GetCurrentDirectoryW
LocalFileTimeToFileTime
GetFileAttributesW
WriteFile
SetFileTime
InterlockedIncrement
lstrcmpW
FlushFileBuffers
WriteConsoleW
SetStdHandle
LCMapStringW
HeapReAlloc
OutputDebugStringW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetFileType
GetStringTypeW
HeapSize
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
InitializeCriticalSectionAndSpinCount
UnhandledExceptionFilter
SetLastError
GetStdHandle
GetModuleHandleExW
ExitProcess
RtlUnwind
RaiseException
GetCommandLineW
IsProcessorFeaturePresent
IsDebuggerPresent
ResumeThread
lstrcmpiW
GetTempFileNameW
MultiByteToWideChar
WideCharToMultiByte
Sleep
GetTickCount
lstrlenW
CloseHandle
WaitForSingleObject
CreateProcessW
GetPrivateProfileIntW
GetModuleHandleW
HeapFree
GetProcessHeap
HeapAlloc
WritePrivateProfileStringW
GetCurrentThreadId
GetLastError
CreateMutexW
GetPrivateProfileStringW
LeaveCriticalSection
EnterCriticalSection
FreeLibrary
lstrcpyW
GetProcAddress
LoadLibraryW
GetTempPathW
CreateDirectoryW
GetSystemTimeAsFileTime
LoadLibraryExW
ExitThread
CreateThread
DecodePointer
EncodePointer
GetFileAttributesExW
LocalFree
lstrcatW

user32

RegisterClassExW
GetDesktopWindow
PeekMessageW
FindWindowW
IsWindow
GetWindowLongW
SetForegroundWindow
CreateWindowExW
BringWindowToTop
GetForegroundWindow
GetWindowThreadProcessId
UpdateWindow
SetWindowTextW
SendMessageW
GetWindowPlacement
SetRectEmpty
ClientToScreen
InvalidateRect
IsWindowVisible
GetCursorPos
MessageBoxW
GetMessageW
GetWindowRect
AttachThreadInput
SetWindowPos
SetWindowLongW
SetParent
GetClassNameW
GetSystemMetrics
LoadCursorW
LoadIconW
KillTimer
SetTimer
GetFocus
DefWindowProcW
DispatchMessageW
TranslateMessage
ShowWindow
wsprintfW
UnregisterHotKey
PostMessageW
PostQuitMessage
GetShellWindow
WindowFromPoint
GetParent

advapi32

AllocateAndInitializeSid
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegDeleteValueW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegCreateKeyExW
AddAccessAllowedAce
SetFileSecurityW
GetSecurityDescriptorControl
SetSecurityDescriptorDacl
AddAce
EqualSid
GetAce
InitializeAcl
GetLengthSid
GetAclInformation
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetFileSecurityW
LookupAccountNameW
FreeSid
CheckTokenMembership

shell32

ShellExecuteW
SHGetSpecialFolderPathW
Shell_NotifyIconW

ole32

OleUninitialize
OleInitialize
OleRun
CoCreateInstance
CoInitialize

oleaut32

VariantClear
SysAllocString
SysFreeString
VariantCopy
GetErrorInfo
VariantInit

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

shlwapi

PathFileExistsW
StrStrIA
StrChrIW
StrRChrIW
StrStrIW

wininet

InternetOpenW
InternetReadFile
InternetCloseHandle
InternetOpenUrlW

iphlpapi

GetAdaptersInfo

zbgui

Plugin_Delete
DUI_Init
SetFocusPlugin
LoadStyleZipMemory
Plugin_TrackPopupMenu
MatchString
WindowManager_Attach
Plugin_IsValid
DUI_UnLoad
Plugin_TrackPopupMenu2
Plugin_Redraw
Plugin_SetVisible
GetPluginByName
Plugin_Clone

ysmu

DllGetClassObject

ws2_32

gethostbyname
inet_addr
closesocket
send
htons
socket
connect
recv

dbghelp

MiniDumpWriteDump

setupapi

SetupDiGetClassDevsW
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList

urlmon

URLDownloadToFileW

d3d9

Direct3DCreate9

Sections

.text
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 389KB - Virtual size: 389KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fd5d02181a65eea47eecf0a6b3ae189d

Code Sign

31:d8:93:ab:c8:84:26:e7:b3:82:e0:3e:50:08:10:33Certificate

Extended Key Usages

Key Usages

55:33:97:92:c7:54:53:cc:f6:5b:65:d3:f2:bb:00:79Certificate

Extended Key Usages

Key Usages

19:c2:85:30:e9:3b:36Certificate

Key Usages

b1:cb:e8:77:9a:c6:f6:36:98:b1:10:e6:d0:f1:f0:56:ae:6b:40:ffSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

version

shlwapi

wininet

iphlpapi

zbgui

ysmu

ws2_32

dbghelp

setupapi

urlmon

d3d9

Sections

.text Size: 156KB - Virtual size: 155KB

.rdata Size: 49KB - Virtual size: 49KB

.data Size: 8KB - Virtual size: 64KB

.rsrc Size: 389KB - Virtual size: 389KB

.reloc Size: 11KB - Virtual size: 11KB

31:d8:93:ab:c8:84:26:e7:b3:82:e0:3e:50:08:10:33
Certificate

55:33:97:92:c7:54:53:cc:f6:5b:65:d3:f2:bb:00:79
Certificate

19:c2:85:30:e9:3b:36
Certificate

b1:cb:e8:77:9a:c6:f6:36:98:b1:10:e6:d0:f1:f0:56:ae:6b:40:ff
Signer

.text
Size: 156KB - Virtual size: 155KB

.rdata
Size: 49KB - Virtual size: 49KB

.data
Size: 8KB - Virtual size: 64KB

.rsrc
Size: 389KB - Virtual size: 389KB

.reloc
Size: 11KB - Virtual size: 11KB