da2481397f18695c0b9251e607e589a274252dc30ae04e56d13d35f14f227952

Sharing

Copy URL

Twitter E-mail

General

Target

da2481397f18695c0b9251e607e589a274252dc30ae04e56d13d35f14f227952
Size

3.1MB
MD5

95e1ad618b5b364bf4b125a77f4c397d
SHA1

5812ea66e1ca2131d585704c9f1b9b256af997b2
SHA256

da2481397f18695c0b9251e607e589a274252dc30ae04e56d13d35f14f227952
SHA512

a895fd6090694a3298f964e6ff204dc92de6b898b0534ebbccb7083119631ec2d4a18505a5261199bd9f006c3100a9eca2e1ec098299a8a2fd86d4338775bc26
SSDEEP

49152:85BTq9iiUEnz3l3iHlIRQXhLVDXEjTWNANwss3U1qOr:uB29V3lE6R8hLVD0YzUUI

Score

1^/10

Malware Config

Signatures

Files

da2481397f18695c0b9251e607e589a274252dc30ae04e56d13d35f14f227952
.exe windows:5 windows x86 arch:x86

b5c10a07969d6336f7c89a2facfe214d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7d:c7:02:07:5f:cc:db:9e:63:38:5f:f5:13:14:c4:ce
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

30-09-2015 00:00

Not After

28-09-2018 23:59

Subject

CN=Sogou.com,OU=Desktop,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9b:f9:c7:4a:84:78:a7:af:a3:eb:fd:10:99:5e:d4:df:bb:df:45:fc
Signer

Actual PE Digest

9b:f9:c7:4a:84:78:a7:af:a3:eb:fd:10:99:5e:d4:df:bb:df:45:fc

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\project\ime_comp\branch\PinyinDev_R_8_1_NK_C3.0\Bin\SogouPdb\Component\SkinBox\Skinboxexe.pdb

Imports

kernel32

GetQueuedCompletionStatus
TransactNamedPipe
CreateIoCompletionPort
WaitNamedPipeW
SetNamedPipeHandleState
SleepEx
GetSystemDirectoryA
PeekNamedPipe
WaitForMultipleObjects
ExpandEnvironmentStringsA
FormatMessageA
WaitForSingleObjectEx
TerminateThread
OutputDebugStringW
GlobalUnlock
GlobalAlloc
GlobalLock
WaitForSingleObject
GetTickCount
FindNextFileW
FindClose
GetFileSizeEx
CreateFileW
FindFirstFileW
GetCurrentThreadId
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CloseHandle
GetLastError
GetModuleFileNameW
Sleep
CreateMutexW
GetProcAddress
MultiByteToWideChar
GetVersionExW
LoadLibraryW
WideCharToMultiByte
GetModuleHandleW
FreeLibrary
SetEnvironmentVariableA
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
TlsGetValue
TlsSetValue
SetFilePointer
VirtualQuery
CreateProcessW
SetUnhandledExceptionFilter
GetCurrentProcess
WriteFile
FormatMessageW
TerminateProcess
lstrlenW
GetLocalTime
lstrcatW
IsDebuggerPresent
GetCurrentProcessId
lstrcpyW
CreateDirectoryW
OpenMutexW
ReleaseMutex
InitializeCriticalSectionAndSpinCount
SetLastError
ExitThread
GlobalFree
CreateEventW
DuplicateHandle
LocalFree
CreateThread
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
FindResourceW
LoadResource
SizeofResource
LockResource
GetCommandLineW
GetSystemDirectoryW
GetTempPathW
InterlockedIncrement
InterlockedCompareExchange
GetTempFileNameW
SystemTimeToFileTime
MoveFileExW
SetFileTime
CopyFileW
GetExitCodeProcess
GetFileAttributesW
FileTimeToSystemTime
GetProcessId
GetFileTime
DeleteFileW
SetFileAttributesW
GetFileSize
ReadFile
FlushFileBuffers
InterlockedExchange
RemoveDirectoryW
TlsAlloc
TlsFree
LocalAlloc
QueryPerformanceCounter
QueryPerformanceFrequency
VirtualAlloc
SetEvent
InterlockedDecrement
GlobalHandle
lstrlenA
DebugBreak
OpenEventW
CompareStringW
GlobalReAlloc
GetWindowsDirectoryA
GetACP
CreateFileA
CreateFileMappingA
OpenFileMappingA
GetModuleHandleA
SwitchToThread
HeapFree
HeapAlloc
HeapReAlloc
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetStartupInfoW
FileTimeToLocalFileTime
GetDriveTypeW
ResumeThread
GetFileType
RtlUnwind
RaiseException
ExitProcess
GetDriveTypeA
FindFirstFileA
HeapCreate
HeapDestroy
VirtualFree
GetStdHandle
GetModuleFileNameA
HeapSize
GetCPInfo
GetOEMCP
IsValidCodePage
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTimeZoneInformation
GetFullPathNameW
GetCurrentDirectoryA
LCMapStringA
LCMapStringW
GetTimeFormatA
GetDateFormatA
GetConsoleCP
GetConsoleMode
SetStdHandle
SetEndOfFile
GetProcessHeap
LoadLibraryA
GetFullPathNameA
GetFileInformationByHandle

user32

MsgWaitForMultipleObjectsEx
PeekMessageW
DrawTextW
UpdateLayeredWindow
IsWindowEnabled
TrackMouseEvent
GetKeyState
SetCursor
mouse_event
SetClassLongW
GetAsyncKeyState
GetClassLongW
MoveWindow
SubtractRect
GetFocus
LoadStringW
CharNextW
LoadImageW
FillRect
OffsetRect
InflateRect
SetRect
GetCursor
SetWindowRgn
CopyRect
SetCursorPos
SetScrollInfo
PostThreadMessageW
SendInput
wsprintfW
IsRectEmpty
GetClassNameW
GetWindowTextW
ShowWindow
FindWindowW
SetForegroundWindow
PostMessageW
IsIconic
ReleaseCapture
IsWindow
GetCursorPos
GetForegroundWindow
GetWindowThreadProcessId
SetRectEmpty
GetSystemMetrics
MessageBoxW
wvsprintfW
GetKeyboardLayoutList
ActivateKeyboardLayout
GetWindowTextLengthW
GetParent
GetWindowLongW
SetWindowLongW
SetWindowPos
IsWindowVisible
EnableWindow
SetWindowTextW
CallWindowProcW
ClientToScreen
CloseClipboard
GetWindowRect
GetMessageW
PostQuitMessage
TranslateMessage
EmptyClipboard
OpenClipboard
SetClipboardData
DestroyIcon
DispatchMessageW
NotifyWinEvent
WindowFromPoint
EnumThreadWindows
SendMessageW
MonitorFromPoint
GetDC
SetFocus
GetDesktopWindow
GetMonitorInfoW
EndPaint
DestroyWindow
LoadCursorW
BeginPaint
SetPropW
RegisterClassExW
LoadIconW
IntersectRect
CreateWindowExW
GetPropW
DefWindowProcW
SetTimer
ScreenToClient
SetCapture
KillTimer
PtInRect
RedrawWindow
ReleaseDC

gdi32

Rectangle
CreateCompatibleBitmap
GetDeviceCaps
GetClipRgn
CombineRgn
GetCharABCWidthsFloatW
GetTextMetricsW
GetStockObject
SetTextColor
ExtCreateRegion
MoveToEx
LineTo
GetTextExtentExPointW
CreatePen
GetPixel
CreateRectRgn
CreateSolidBrush
StretchDIBits
GetFontData
GetObjectW
CreateDCW
CreateFontIndirectW
SetTextCharacterExtra
BitBlt
DeleteDC
CreateDIBSection
StretchBlt
SetBkMode
GetFontUnicodeRanges
DeleteObject
SelectObject
CreateCompatibleDC
SelectClipRgn
CreatePolygonRgn
PtInRegion
SetMapMode
OffsetRgn
GetTextExtentPoint32W

comdlg32

GetSaveFileNameW

shell32

SHGetSpecialFolderPathW
ShellExecuteExW
SHGetFolderPathW
SHFileOperationW
ShellExecuteW

ole32

CoUninitialize
CoCreateInstance
CoInitialize

psapi

GetProcessMemoryInfo
GetModuleInformation

imm32

ImmDisableIME

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

wininet

InternetOpenUrlW
InternetCloseHandle
InternetSetOptionW
InternetOpenW

msimg32

TransparentBlt
GradientFill
AlphaBlend

oleacc

LresultFromObject
AccessibleObjectFromWindow

advapi32

RegOpenKeyW
RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegQueryInfoKeyW
RegEnumValueW
RegOpenKeyExW
OpenProcessToken
GetTokenInformation
LookupAccountSidW
AddAccessAllowedAceEx
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetNamedSecurityInfoW
GetNamedSecurityInfoW
InitializeAcl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
SetEntriesInAclW
GetSecurityDescriptorSacl
BuildExplicitAccessWithNameW
GetLengthSid
SetSecurityDescriptorSacl
RegQueryValueExW

oleaut32

SysAllocString

ws2_32

gethostbyname
inet_ntoa
htonl
getservbyname
gethostbyaddr
getservbyport
WSASetLastError
gethostname
sendto
socket
connect
setsockopt
getpeername
getsockopt
htons
bind
ntohs
getsockname
send
recv
WSAGetLastError
closesocket
WSAStartup
WSACleanup
inet_addr
accept
listen
__WSAFDIsSet
select
ioctlsocket
recvfrom

wldap32

ord211
ord143
ord60
ord50
ord26
ord30
ord32
ord35
ord79
ord200
ord33
ord301
ord27
ord41
ord46
ord22

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 467KB - Virtual size: 466KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b5c10a07969d6336f7c89a2facfe214d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

7d:c7:02:07:5f:cc:db:9e:63:38:5f:f5:13:14:c4:ceCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

9b:f9:c7:4a:84:78:a7:af:a3:eb:fd:10:99:5e:d4:df:bb:df:45:fcSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

shell32

ole32

psapi

imm32

version

wininet

msimg32

oleacc

advapi32

oleaut32

ws2_32

wldap32

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 467KB - Virtual size: 466KB

.data Size: 112KB - Virtual size: 193KB

.rsrc Size: 104KB - Virtual size: 104KB

.reloc Size: 144KB - Virtual size: 144KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

7d:c7:02:07:5f:cc:db:9e:63:38:5f:f5:13:14:c4:ce
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

9b:f9:c7:4a:84:78:a7:af:a3:eb:fd:10:99:5e:d4:df:bb:df:45:fc
Signer

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 467KB - Virtual size: 466KB

.data
Size: 112KB - Virtual size: 193KB

.rsrc
Size: 104KB - Virtual size: 104KB

.reloc
Size: 144KB - Virtual size: 144KB