d002df16e0a18c8586b35062a6b3ab117046b7c8165ea7675aecc7876db96678

Sharing

Copy URL Twitter E-mail

General

Target

d002df16e0a18c8586b35062a6b3ab117046b7c8165ea7675aecc7876db96678
Size

1.4MB
MD5

7568b5089444816da0dbb4ee8488c4ed
SHA1

9e2097e177ab0bd9fbfee0f183c2734f0b3be086
SHA256

d002df16e0a18c8586b35062a6b3ab117046b7c8165ea7675aecc7876db96678
SHA512

2b63391c1582193e6b0ca72c835a4c4dcfabfe7b553ca02914210e00f83bb8a59a5791671d959ea98903dee5308cd40b2b79a4636ec423a1ba3b568aebf7aec7
SSDEEP

12288:tm37eJCyFou5ipKoWORp6LnqBaR9IL4PJHL/p9pBJXu6IyXfa77trzu47uw8DlP8:tlqG15B0J7zQDTLf975D4

Score

N/A

Malware Config

Signatures

Files

d002df16e0a18c8586b35062a6b3ab117046b7c8165ea7675aecc7876db96678
.dll windows x86

be25ba90898d74fce10a19150edbac89

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

56:f5:1b:61:d9:7d:b2:8c:df:fd:e6:ba:2d:15:90:4a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

13/08/2010, 00:00

Not After

12/08/2013, 23:59

Subject

CN=T.E.C Solutions (G.Z.)Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=T.E.C Solutions (G.Z.)Limited,L=Guangzhou,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:9a:3d:f7:01:95:60:99:cf:c8:1f:d5:fa:ae:0d:63:16:ea:d3:97
Signer

Actual PE Digest

0d:9a:3d:f7:01:95:60:99:cf:c8:1f:d5:fa:ae:0d:63:16:ea:d3:97

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=T.E.C Solutions (G.Z.)Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=T.E.C Solutions (G.Z.)Limited,L=Guangzhou,ST=Guangdong,C=CN

22/02/2011, 11:53
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mpr

WNetGetConnectionW

kernel32

SizeofResource
FindResourceExA
EnumResourceLanguagesA
LoadLibraryExA
LoadLibraryExW
CreateEventA
WaitForSingleObject
SetEvent
CreateMutexA
CreateSemaphoreA
OpenEventA
OpenMutexA
OpenSemaphoreA
ReleaseMutex
ResetEvent
WaitForMultipleObjects
GetOverlappedResult
CancelIo
SetNamedPipeHandleState
WaitNamedPipeA
ConnectNamedPipe
CreateNamedPipeA
TerminateThread
CreateEventW
OpenEventW
lstrlenA
lstrlenW
LocalFree
FormatMessageA
GetACP
FormatMessageW
GetProfileStringA
GetPrivateProfileStringA
WriteConsoleA
GetStdHandle
OutputDebugStringA
OutputDebugStringW
LoadResource
AllocConsole
ReleaseSemaphore
PulseEvent
lstrcmpiA
VirtualQueryEx
SuspendThread
VirtualAllocEx
VirtualFreeEx
GetThreadContext
SetThreadContext
GetExitCodeThread
ReadProcessMemory
WriteProcessMemory
GetSystemInfo
VirtualProtectEx
CreateFileMappingW
VirtualQuery
FlushInstructionCache
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
SetStdHandle
GetLocaleInfoW
GetConsoleMode
GetConsoleCP
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
InterlockedExchange
SetConsoleCtrlHandler
LockResource
FreeResource
VirtualProtect
OpenProcess
FindFirstFileW
FindNextFileW
HeapSize
FindFirstFileA
FindNextFileA
FindClose
CreateThread
GetModuleHandleW
GetFileInformationByHandle
GetModuleHandleA
WideCharToMultiByte
IsBadReadPtr
IsBadWritePtr
GetTimeZoneInformation
SystemTimeToFileTime
FileTimeToLocalFileTime
GetWindowsDirectoryW
GetWindowsDirectoryA
MultiByteToWideChar
GetCurrentDirectoryW
GetCurrentDirectoryA
OpenFileMappingA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
CopyFileW
GetTempPathW
GetTempFileNameW
SetFileAttributesW
DeleteFileW
MoveFileExW
QueryDosDeviceW
GetFileAttributesW
GetFileTime
GetFileSize
GetFileAttributesExW
Sleep
EnterCriticalSection
LeaveCriticalSection
GetComputerNameW
LoadLibraryW
FreeLibrary
MulDiv
ResumeThread
SetLastError
GetDriveTypeW
TlsGetValue
SetFilePointer
WriteFile
CreateFileW
ReadFile
TlsAlloc
TlsSetValue
GetCommandLineW
TlsFree
GetCurrentThread
GetCurrentProcess
DuplicateHandle
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
LoadLibraryA
GetProcAddress
GetTickCount
GetLocalTime
GetCurrentProcessId
GetFileAttributesA
SetEndOfFile
CreateFileA
InitializeCriticalSection
CloseHandle
DeleteCriticalSection
GetModuleFileNameW
GetSystemDirectoryW
GetSystemDirectoryA
GetLastError
GetVersionExA
ExitProcess
FreeConsole
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetModuleFileNameA
HeapReAlloc
VirtualAlloc
FatalAppExitA
VirtualFree
HeapCreate
HeapDestroy
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
RtlUnwind
RaiseException
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
GetTimeFormatA
GetDateFormatA
GetCommandLineA
GetProcessHeap
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo

user32

FindWindowExA
GetWindowTextA
GetClassNameA
FillRect
ReleaseDC
GetDC
GetWindowLongA
GetWindowRect
ClientToScreen
GetClientRect
SetCursor
LoadCursorA
WindowFromPoint
SetWindowsHookExA
IsRectEmpty
SetProcessWindowStation
MsgWaitForMultipleObjects
MessageBoxW
GetClassNameW
GetParent
MessageBoxA
OpenWindowStationA
GetSystemMetrics
CloseWindowStation
GetProcessWindowStation
GetUserObjectInformationA
OpenInputDesktop
OpenDesktopA
GetThreadDesktop
SetThreadDesktop
CloseDesktop
GetCursorPos

gdi32

CreateDCA
CreatePalette
RealizePalette
CreateDIBitmap
SetDIBits
GetObjectA
GetDIBits
SetDIBColorTable
GdiFlush
GetStockObject
GetPaletteEntries
SetPixel
CreateRectRgn
CombineRgn
OffsetRgn
CloseEnhMetaFile
CreateEnhMetaFileW
GetBkMode
SetBkMode
SetWindowExtEx
CreateCompatibleBitmap
CreateSolidBrush
GetCurrentObject
SelectPalette
GetTextAlign
GetTextColor
GetBkColor
GetViewportOrgEx
GetWorldTransform
SetTextAlign
SetTextColor
SetBkColor
SetViewportExtEx
GetWindowOrgEx
SetWindowOrgEx
SetViewportOrgEx
SetWorldTransform
GetDeviceCaps
CreateCompatibleDC
CreateDIBSection
SelectObject
BitBlt
SetStretchBltMode
StretchBlt
DeleteDC
DeleteObject
GetMapMode
LPtoDP
DPtoLP
GetWindowExtEx
GetViewportExtEx
CopyEnhMetaFileW
DeleteEnhMetaFile
SetMapMode

advapi32

RegCreateKeyExA
RegConnectRegistryA
RegEnumValueA
RegDeleteKeyA
RegSetValueExA
RegDeleteValueA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyA
RegQueryInfoKeyA
RegEnumKeyA
RegOpenKeyExA
RegQueryValueExA
RegQueryValueExW
RegCreateKeyW
RegOpenKeyW
RegSetValueExW
RegCloseKey
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
GetAce
SetSecurityDescriptorDacl
LookupAccountNameW
LookupAccountNameA

shell32

SHGetPathFromIDListW
CommandLineToArgvW

ole32

CoInitialize
CoCreateInstance
CoUninitialize
CoTaskMemAlloc
CoTaskMemFree

ws2_32

getpeername
WSASetLastError

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Exports

Exports

AddPassthru
DelPassthru
GetCaptureFlags
GetDocInfos
GetDocLogs
GetDocPolicyLogs
GetIMFTInfos
GetPrintInfos
GetPrintLogs
GetPrintPolicyLogs
GetProcInfosEx
GetUrlInfos
GetUrlPolicyLogs
INJInstallDetours
INJUninstallDetours
InstallDetours
InstallDetoursOne
SetCDBurnCtrlFlag
SetCaptureFlags
SetComputer
SetDocBackupFlag
SetDocCtrl
SetDocCtrlFlag
SetDocTick
SetFlags
SetIMFTCtrl
SetIMFTCtrlFlag
SetIP
SetOffline
SetPrintCtrl
SetPrintCtrlFlag
SetPrintTick
SetProcCtrl
SetProduct
SetStatus
SetUDiskCtrlFlag
SetUDiskTick
SetUDiskVols
SetUrlClsidsTick
SetUrlCtrl
SetUrlCtrlFlag
SetUrlTick
SetUser
TSetLogConfig
UninstallDetours
UninstallDetoursOne

Sections

.text
Size: 620KB - Virtual size: 618KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

whadntds
Size: 608KB - Virtual size: 607KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

TLCONFIG
Size: 4KB - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

be25ba90898d74fce10a19150edbac89

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

56:f5:1b:61:d9:7d:b2:8c:df:fd:e6:ba:2d:15:90:4aCertificate

Extended Key Usages

Key Usages

0d:9a:3d:f7:01:95:60:99:cf:c8:1f:d5:fa:ae:0d:63:16:ea:d3:97Signer

Signature Validations

Verification

22/02/2011, 11:53 Valid: false

Headers

File Characteristics

Imports

mpr

kernel32

user32

gdi32

advapi32

shell32

ole32

ws2_32

version

Exports

Exports

Sections

.text Size: 620KB - Virtual size: 618KB

.rdata Size: 96KB - Virtual size: 95KB

.data Size: 16KB - Virtual size: 141KB

whadntds Size: 608KB - Virtual size: 607KB

TLCONFIG Size: 4KB - Virtual size: 276B

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 36KB - Virtual size: 32KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

56:f5:1b:61:d9:7d:b2:8c:df:fd:e6:ba:2d:15:90:4a
Certificate

0d:9a:3d:f7:01:95:60:99:cf:c8:1f:d5:fa:ae:0d:63:16:ea:d3:97
Signer

22/02/2011, 11:53
Valid: false

.text
Size: 620KB - Virtual size: 618KB

.rdata
Size: 96KB - Virtual size: 95KB

.data
Size: 16KB - Virtual size: 141KB

whadntds
Size: 608KB - Virtual size: 607KB

TLCONFIG
Size: 4KB - Virtual size: 276B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 36KB - Virtual size: 32KB