646a98deb1d839ecf4dc776adffc194766320d0ca8681323b336dddd5516a1cd

Sharing

Copy URL

Twitter E-mail

General

Target

646a98deb1d839ecf4dc776adffc194766320d0ca8681323b336dddd5516a1cd
Size

390KB
MD5

b6d68bb26c79d8a17814534f4a907234
SHA1

b886cb21d32fab469943401094690042d9ddec29
SHA256

646a98deb1d839ecf4dc776adffc194766320d0ca8681323b336dddd5516a1cd
SHA512

789f9534eee58253bec0cd787fb6cae88d9f0f78cf374bf54a2510c144bc7410587e7894be9846f81c7cc29546565a17ca2836842ab7d8232bba2bffc223de20
SSDEEP

6144:WvoNVqllp4iQI1xD75N+izpm9bkxhwLVpzoeaLzBV+UdvrEFp7hKB:WvoNVYL4G1l7f+it2oQoeozBjvrEH7e

Score

1^/10

Malware Config

Signatures

Files

646a98deb1d839ecf4dc776adffc194766320d0ca8681323b336dddd5516a1cd
.dll windows:4 windows x86 arch:x86

5f266de31de9a4149f4e68267a7c0ab0

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:b5:a4:0b:c3:e8:55:2b:45:58:8d:0e:b9:b5:f3:30
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

24-07-2007 00:00

Not After

14-08-2010 23:59

Subject

CN=ArcSoft\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ArcSoft\, Inc.,L=Fremont,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:01

Not After

23-05-2016 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c4:97:c4:ce:db:21:10:94:90:ac:37:e6:fb:ef:35:bb:02:a0:f7:96
Signer

Actual PE Digest

c4:97:c4:ce:db:21:10:94:90:ac:37:e6:fb:ef:35:bb:02:a0:f7:96

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

StrRStrIW
PathAppendW
PathFileExistsW

kernel32

GetCurrentProcessId
GetCurrentThreadId
WaitForMultipleObjects
WaitNamedPipeW
SetEnvironmentVariableW
GetCurrentProcess
ExpandEnvironmentStringsW
lstrcpyW
lstrcatW
SetLastError
HeapFree
HeapAlloc
GetProcessHeap
WideCharToMultiByte
lstrlenA
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
FreeLibrary
GetModuleHandleW
GetLongPathNameW
GetModuleFileNameW
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
OpenEventW
GetPrivateProfileStringW
GetLocalTime
GetFileSize
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
MulDiv
CreateProcessW
GlobalUnlock
GlobalLock
GlobalAlloc
GetLocaleInfoW
GetSystemTime
OutputDebugStringW
GetSystemDefaultLangID
CompareStringW
CompareStringA
LCMapStringW
LCMapStringA
SetEndOfFile
LoadLibraryA
GetOEMCP
GetACP
GetCPInfo
CreateFileA
GetStringTypeW
GetStringTypeA
FlushFileBuffers
SetStdHandle
IsBadCodePtr
IsBadReadPtr
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetVersionExW
LoadLibraryW
CreateDirectoryW
GetProcAddress
SetFilePointer
FindFirstFileW
FindNextFileW
FindClose
lstrlenW
InterlockedIncrement
InterlockedDecrement
WritePrivateProfileStringW
SetFileAttributesW
LocalFree
GetTempPathW
GetTempFileNameW
GetEnvironmentVariableW
CreateMutexW
DeleteFileW
MoveFileW
ReleaseMutex
GetFileAttributesW
CreateEventW
SetEvent
Sleep
MultiByteToWideChar
SetNamedPipeHandleState
CreateFileW
WriteFile
WaitForSingleObject
GetExitCodeThread
TerminateThread
CreateNamedPipeW
ConnectNamedPipe
GetLastError
ReadFile
CreateThread
OpenProcess
CloseHandle
SetEnvironmentVariableA
InterlockedExchange
RtlUnwind
GlobalFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapSize
TerminateProcess
ExitProcess
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
GetFileAttributesA
SetFileAttributesA
GetTempPathA
GetTempFileNameA
MoveFileA
DeleteFileA
RaiseException
ResumeThread
TlsSetValue
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetModuleFileNameA
GetModuleHandleA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TlsFree
TlsAlloc
GetVersion
GetCommandLineA
ExitThread
TlsGetValue
GetTimeZoneInformation

user32

GetWindowLongW
SendMessageW
PostMessageW
SendMessageTimeoutW
CharNextW
DestroyWindow
DispatchMessageW
TranslateMessage
EnumWindows
GetForegroundWindow
GetWindowThreadProcessId
GetMessageW
CreateWindowExW
RegisterClassExW
DefWindowProcW
EnableWindow
PostThreadMessageW
SetForegroundWindow
LoadStringW
IsWindow
FindWindowW
GetSystemMetrics
wsprintfW
IsWindowVisible
GetClassNameW

gdi32

GetDeviceCaps
DeleteDC
CreateDCW

advapi32

RegDeleteKeyW
RegCreateKeyExA
RegQueryValueExA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetServiceObjectSecurity
ControlService
QueryServiceStatus
StartServiceW
RegEnumKeyW
RegOpenKeyW
GetTokenInformation
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
LookupPrivilegeValueW
AdjustTokenPrivileges
RegLoadKeyW
RegUnLoadKeyW
CreateProcessAsUserW
OpenProcessToken
OpenSCManagerW
OpenServiceW
CreateServiceW
CloseServiceHandle
LockServiceDatabase
ChangeServiceConfigW
UnlockServiceDatabase
RegDeleteValueW
RegSetValueExW
AllocateAndInitializeSid
FreeSid
GetSecurityInfo
SetEntriesInAclW
SetSecurityInfo
RegOpenKeyExW
RegCloseKey
RegQueryValueExW

shell32

ShellExecuteExW
SHGetSpecialFolderPathW
SHGetFolderPathW

ole32

CLSIDFromProgID
CoCreateInstance
OleRun
CoInitialize
CoUninitialize
CLSIDFromString

oleaut32

SysStringByteLen
SysAllocStringByteLen
VariantCopy
SysStringLen
VariantChangeType
SysFreeString
SysAllocString
VariantClear
VariantInit
GetErrorInfo

wininet

HttpOpenRequestW
InternetQueryOptionW
InternetConnectW
InternetOpenW
HttpQueryInfoW
InternetReadFile
HttpSendRequestW
InternetSetOptionW
HttpAddRequestHeadersW
InternetCloseHandle

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

psapi

EnumProcesses
EnumProcessModules
GetModuleBaseNameW

Exports

Exports

?ARCCON_AdjustProduct@@YA?AW4ARCCON_ERRCODE@@PBG@Z
ARCCON_AccountTask
ARCCON_Clt_GetCancelState
ARCCON_Clt_InitInstallInfoPipe
ARCCON_Clt_SetAbortState
ARCCON_Clt_SetCurFile
ARCCON_Clt_SetEndState
ARCCON_Clt_SetTotalSize
ARCCON_Clt_UnInitInstallInfoPipe
ARCCON_DIRGetADSystemFolder
ARCCON_DIRGetAllUserFolder
ARCCON_DIRGetArcConFolder
ARCCON_DIRGetCUTempFolder
ARCCON_DIRGetUserFolder
ARCCON_GetForConnGmidChangeLog
ARCCON_GetForGmidChangeLog
ARCCON_GetIsNeedAutoRegister
ARCCON_GetMRAResolution
ARCCON_GetMUILanguage
ARCCON_GetRegisteredEmail
ARCCON_GetSystemLangID
ARCCON_GetUserID
ARCCON_HandlePatchWithUI
ARCCON_HttpGetFileByHostUrl
ARCCON_HttpGetFileInit
ARCCON_HttpGetFilePause
ARCCON_HttpGetFileQuery
ARCCON_HttpGetFileRemove
ARCCON_HttpGetFileResume
ARCCON_HttpGetFileUninit
ARCCON_InstallCancel
ARCCON_InstallFinalize
ARCCON_InstallGrantStartStopOfService
ARCCON_InstallGrantStartStopOfServiceA
ARCCON_InstallInit
ARCCON_InstallInter
ARCCON_InstallInterA
ARCCON_LaunchTask
ARCCON_NotifyAppStart
ARCCON_NotifyAppStop
ARCCON_PersonalizeDialog
ARCCON_ProdEnumGUID
ARCCON_ProdEnumGUIDCreate
ARCCON_ProdEnumGUIDRelease
ARCCON_ProdQuery
ARCCON_ProdQueryBySN
ARCCON_Proxy_ApplyCurrentConfigOnTo
ARCCON_Proxy_GetPassword
ARCCON_Proxy_GetServerName
ARCCON_Proxy_GetServerPort
ARCCON_Proxy_GetUserName
ARCCON_RegEnumSN
ARCCON_RegEnumSNCreate
ARCCON_RegEnumSNRelease
ARCCON_RegQuery
ARCCON_RegSet
ARCCON_RequestCheckUpdate
ARCCON_SetIsNeedAutoRegister
ARCCON_Srv_CreateInstallInfoPipe
ARCCON_Srv_SetCancelState
ARCCON_TranslateSystemLocal
ArcAppStore_GetFirstApp
ArcAppStore_GetNextApp
ArcAppStore_InitCheck
ArcAppStore_UninitCheck
ArcAppStore_UpdateInfoXML
GetInstallTempDescFileName
GetInstallTempFolder

Sections

.text
Size: 240KB - Virtual size: 238KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5f266de31de9a4149f4e68267a7c0ab0

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

38:b5:a4:0b:c3:e8:55:2b:45:58:8d:0e:b9:b5:f3:30Certificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

c4:97:c4:ce:db:21:10:94:90:ac:37:e6:fb:ef:35:bb:02:a0:f7:96Signer

Headers

File Characteristics

Imports

shlwapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

wininet

version

psapi

Exports

Exports

Sections

.text Size: 240KB - Virtual size: 238KB

.rdata Size: 24KB - Virtual size: 21KB

.data Size: 20KB - Virtual size: 25KB

.rsrc Size: 4KB - Virtual size: 968B

.reloc Size: 16KB - Virtual size: 14KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

38:b5:a4:0b:c3:e8:55:2b:45:58:8d:0e:b9:b5:f3:30
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

c4:97:c4:ce:db:21:10:94:90:ac:37:e6:fb:ef:35:bb:02:a0:f7:96
Signer

.text
Size: 240KB - Virtual size: 238KB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 20KB - Virtual size: 25KB

.rsrc
Size: 4KB - Virtual size: 968B

.reloc
Size: 16KB - Virtual size: 14KB