c56d68f546e7824ac543a4f53bfe3f155ce38b911fb5add769c927b27d0973ad

Sharing

Copy URL Twitter E-mail

General

Target

c56d68f546e7824ac543a4f53bfe3f155ce38b911fb5add769c927b27d0973ad
Size

755KB
MD5

7763517fd390bf4dbde3d907363674a0
SHA1

5e6f4ed1606fe86c3c4436fde03bc65aea226dde
SHA256

c56d68f546e7824ac543a4f53bfe3f155ce38b911fb5add769c927b27d0973ad
SHA512

77557a68d9492766e2f79f2b91f4ad1c1ba9fef5ab34573675918eb786a4083ecf0afa063688231e5667698b77c3312a891ddd74d3305aafafc3e6e1338c823a
SSDEEP

12288:kojQwiu0j96cGsF2qrtNFF0HVXWnkyPaUiHv:Hfi396cG62qrxF0HlWn+Ugv

Score

N/A

Malware Config

Signatures

Files

c56d68f546e7824ac543a4f53bfe3f155ce38b911fb5add769c927b27d0973ad
.dll windows x86

8fac0e151795f885f7345c53aae85fb5

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

56:f5:1b:61:d9:7d:b2:8c:df:fd:e6:ba:2d:15:90:4a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

13/08/2010, 00:00

Not After

12/08/2013, 23:59

Subject

CN=T.E.C Solutions (G.Z.)Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=T.E.C Solutions (G.Z.)Limited,L=Guangzhou,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

00:51:a5:a7:c9:81:93:d6:6b:d2:58:ac:62:a1:ec:5c:f6:40:de:5d
Signer

Actual PE Digest

00:51:a5:a7:c9:81:93:d6:6b:d2:58:ac:62:a1:ec:5c:f6:40:de:5d

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=T.E.C Solutions (G.Z.)Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=T.E.C Solutions (G.Z.)Limited,L=Guangzhou,ST=Guangdong,C=CN

01/07/2013, 12:15
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenProcess
GetProfileStringA
GetPrivateProfileStringA
WriteFile
SetFilePointer
OutputDebugStringW
FreeConsole
FindFirstFileW
GetStdHandle
AllocConsole
GetLastError
GetSystemTime
MultiByteToWideChar
GetCommandLineA
VirtualProtectEx
FindNextFileW
FindFirstFileA
FindNextFileA
FindClose
CreateThread
GetFileAttributesExW
GetFileInformationByHandle
GetCurrentThreadId
WideCharToMultiByte
WriteConsoleA
IsBadReadPtr
QueryPerformanceCounter
IsBadWritePtr
GetFileAttributesW
CreateFileW
CreateFileMappingW
GetFileAttributesA
CreateFileA
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GetModuleHandleW
GetModuleHandleA
LoadLibraryW
GetCurrentProcess
WaitForSingleObject
ReleaseMutex
InterlockedDecrement
lstrlenA
InterlockedIncrement
LocalFree
FormatMessageA
LoadResource
FindResourceExA
GetACP
lstrlenW
FormatMessageW
GetVersionExA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
Sleep
SleepEx
InterlockedExchange
CreateSemaphoreA
ReleaseSemaphore
CreateEventA
SetEvent
PulseEvent
ResetEvent
WaitForMultipleObjects
GetSystemInfo
SetLastError
RaiseException
GetVersion
ExitProcess
FatalAppExitA
GetCPInfo
GetOEMCP
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
GetCurrentThread
TerminateProcess
HeapReAlloc
HeapAlloc
HeapSize
HeapFree
SetUnhandledExceptionFilter
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadCodePtr
UnhandledExceptionFilter
VirtualAlloc
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
SetConsoleCtrlHandler
SetStdHandle
FlushFileBuffers
ReadFile
GetTimeZoneInformation
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
ResumeThread
GetExitCodeThread
FlushInstructionCache
SetThreadContext
GetThreadContext
WriteProcessMemory
ReadProcessMemory
VirtualFreeEx
VirtualAllocEx
SuspendThread
VirtualQueryEx
VirtualProtect
VirtualQuery
CreateProcessA
CreateProcessW
TerminateThread
SetPriorityClass
GetPriorityClass
SetThreadPriority
GetThreadPriority
MoveFileA
MoveFileW
OutputDebugStringA
lstrcmpA
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
GetTempPathA
GetTempPathW
GetEnvironmentVariableW
SetFileAttributesA
DeleteFileA
SetFileAttributesW
DeleteFileW
CreateDirectoryA
CopyFileA
RemoveDirectoryA
CreateDirectoryW
CopyFileW
RemoveDirectoryW
MoveFileExA
MoveFileExW
OpenFileMappingA
OpenMutexA
GetDriveTypeA
GetDriveTypeW
GetLogicalDrives
QueryDosDeviceA
QueryDosDeviceW
GetVolumeInformationA
SetVolumeLabelA
GetDiskFreeSpaceExA
DefineDosDeviceA
CloseHandle
CreateMutexA
GetTickCount
GetLocalTime
GetCurrentProcessId
LoadLibraryA
GetProcAddress
FreeLibrary
GetWindowsDirectoryW
GetWindowsDirectoryA
GetCurrentDirectoryW
GetModuleFileNameW
GetSystemDirectoryW
GetCurrentDirectoryA
GetModuleFileNameA
RtlUnwind
GetSystemDirectoryA
SetEndOfFile

user32

MsgWaitForMultipleObjects
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
CloseDesktop
GetUserObjectInformationW
GetDesktopWindow
MessageBoxW
MessageBoxA
OpenWindowStationA
SetProcessWindowStation
CloseWindowStation
GetProcessWindowStation
GetUserObjectInformationA
OpenInputDesktop
OpenDesktopA
GetThreadDesktop
SetThreadDesktop
GetSystemMetrics

advapi32

GetAce
LookupAccountNameW
RegSetKeySecurity
SetFileSecurityA
GetUserNameA
RegDeleteValueA
RegDeleteKeyA
RegEnumValueA
RegQueryInfoKeyA
RegEnumKeyA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegConnectRegistryA
AddAccessAllowedAce
InitializeAcl
SetSecurityDescriptorDacl
GetLengthSid
InitializeSecurityDescriptor
LookupAccountSidW
RegCreateKeyExW
RegOpenKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyA
RegQueryValueExA
RegQueryValueExW
RegCreateKeyW
RegOpenKeyW
RegSetValueExW
RegCloseKey
DeregisterEventSource
ReportEventA
RegisterEventSourceA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

gdi32

DeleteDC
GetBitmapBits
BitBlt
GetObjectA
SelectObject
CreateCompatibleBitmap
GetDeviceCaps
CreateCompatibleDC
CreateDCA
DeleteObject

Exports

Exports

HAFInitShareSeg
HAFStart
HAFStop
InstallDetours
UninstallDetours

Sections

.text
Size: 552KB - Virtual size: 551KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Desktop
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8fac0e151795f885f7345c53aae85fb5

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

56:f5:1b:61:d9:7d:b2:8c:df:fd:e6:ba:2d:15:90:4aCertificate

Extended Key Usages

Key Usages

00:51:a5:a7:c9:81:93:d6:6b:d2:58:ac:62:a1:ec:5c:f6:40:de:5dSigner

Signature Validations

Verification

01/07/2013, 12:15 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

advapi32

version

gdi32

Exports

Exports

Sections

.text Size: 552KB - Virtual size: 551KB

.rdata Size: 68KB - Virtual size: 64KB

.data Size: 68KB - Virtual size: 95KB

.Desktop Size: 8KB - Virtual size: 5KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 40KB - Virtual size: 38KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

56:f5:1b:61:d9:7d:b2:8c:df:fd:e6:ba:2d:15:90:4a
Certificate

00:51:a5:a7:c9:81:93:d6:6b:d2:58:ac:62:a1:ec:5c:f6:40:de:5d
Signer

01/07/2013, 12:15
Valid: false

.text
Size: 552KB - Virtual size: 551KB

.rdata
Size: 68KB - Virtual size: 64KB

.data
Size: 68KB - Virtual size: 95KB

.Desktop
Size: 8KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 40KB - Virtual size: 38KB