3eda280f91097293e00bf984d377e1111cfde1fc81b30a3fdeb38f321ef82bb6

Sharing

Copy URL Twitter E-mail

General

Target

3eda280f91097293e00bf984d377e1111cfde1fc81b30a3fdeb38f321ef82bb6
Size

984KB
MD5

0d392ede3b97e0b3131b2f63ef1db94e
SHA1

e92253719e1b71920add22992d32c9f02705dfdc
SHA256

3eda280f91097293e00bf984d377e1111cfde1fc81b30a3fdeb38f321ef82bb6
SHA512

4e8abe8078ff394d917347542bb7db0c623c9993d4596b29055dc5aaf4b330a229d35364674c74c4c9c3c0dcac3b83ef5b431622862b96d130892def7501df11
SSDEEP

24576:sz0/fasVla6LnRahKLPGzzR8dDWtG25rsR6ILl10pD:szMf31LPGzsy7sR6ILl10x

Score

N/A

Malware Config

Signatures

Files

3eda280f91097293e00bf984d377e1111cfde1fc81b30a3fdeb38f321ef82bb6
.exe windows x86

16648489e542f6663f806ece9800e0fb

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

61:14:2c:a7:00:00:00:00:00:06
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/06/2007, 23:54

Not After

13/06/2012, 00:04

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:27F4-D440-54F3,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:14:2c:a7:00:00:00:00:00:06
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/06/2007, 23:54

Not After

13/06/2012, 00:04

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:27F4-D440-54F3,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:21:23:00:00:00:00:00:06
Certificate

Issuer

CN=Microsoft Windows Verification PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/10/2007, 22:09

Not After

18/12/2008, 22:19

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

79:ad:16:a1:4a:a0:a5:ad:4c:73:58:f4:07:13:2e:65
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

09/05/2001, 23:19

Not After

09/05/2021, 23:28

Subject

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:07:02:dc:00:00:00:00:00:0b
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

15/09/2005, 21:55

Not After

15/03/2016, 22:05

Subject

CN=Microsoft Windows Verification PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

b6:a2:96:ac:1a:2f:5d:bc:59:e9:d2:d3:98:58:3b:37:ba:0e:35:a4
Signer

Actual PE Digest

b6:a2:96:ac:1a:2f:5d:bc:59:e9:d2:d3:98:58:3b:37:ba:0e:35:a4

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

19/01/2008, 07:38
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

TraceEvent
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
CryptGenRandom
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegOpenKeyW
LookupAccountSidW
CryptAcquireContextW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
OpenThreadToken
GetLengthSid
GetTokenInformation
ConvertSidToStringSidW

kernel32

GetVersionExW
FormatMessageW
GetTimeFormatW
GetUserDefaultUILanguage
GetDateFormatW
FileTimeToSystemTime
GetLocaleInfoW
GetLocalTime
SetProcessWorkingSetSize
GetModuleHandleW
InterlockedCompareExchange
lstrcmpW
MulDiv
lstrlenW
SetErrorMode
FindFirstFileW
GetLogicalDriveStringsW
GetDriveTypeW
FindResourceExW
SizeofResource
ExpandEnvironmentStringsW
ReadFile
GetFileSize
CreateDirectoryW
CreateProcessW
DeleteFileW
GlobalFree
SetFilePointerEx
WriteFile
SetEndOfFile
GetSystemTime
SystemTimeToFileTime
CreateFileW
FindNextFileW
GetFileTime
GetSystemDefaultLCID
GetSystemInfo
OpenMutexW
ReleaseMutex
QueueUserWorkItem
CreateThread
FindClose
GetSystemTimeAsFileTime
FileTimeToLocalFileTime
FindResourceW
LoadResource
LockResource
RegisterApplicationRestart
CreateMutexW
GetLastError
CloseHandle
DeleteCriticalSection
InitializeCriticalSection
LocalFree
LocalAlloc
FreeLibrary
GetProcAddress
LoadLibraryW
InterlockedExchange
RaiseException
EnterCriticalSection
LeaveCriticalSection
FlushInstructionCache
GetCurrentProcess
InterlockedIncrement
InterlockedDecrement
GetCurrentThreadId
SetLastError
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
MultiByteToWideChar
WideCharToMultiByte
CompareFileTime
GetCurrentThread
WaitForMultipleObjects
ResetEvent
LCMapStringW
GetSystemDirectoryW
GetFileAttributesW
WaitForSingleObject
SetEvent
CreateEventW
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
UnhandledExceptionFilter
TerminateProcess
OutputDebugStringA
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
VirtualAlloc
VirtualFree
LoadLibraryA
GetFileSizeEx

gdi32

GetObjectA
CreatePen
MoveToEx
LineTo
ExtTextOutW
CreateDIBSection
CreateCompatibleBitmap
DeleteDC
GetTextExtentPoint32W
PatBlt
CreatePatternBrush
SetBkColor
CreateCompatibleDC
CreateBitmap
BitBlt
SetBkMode
GetTextExtentPointW
GetTextColor
GetCurrentObject
SaveDC
SetGraphicsMode
SelectObject
CreateFontIndirectW
DeleteObject
GetObjectW
SetTextColor
CreateSolidBrush
SetLayout
GetLayout
GetStockObject
RestoreDC
GetTextMetricsW
DPtoLP
GetDeviceCaps
SetWindowOrgEx
SetViewportOrgEx
ModifyWorldTransform

user32

GetDesktopWindow
LoadIconW
FindWindowExW
CharUpperW
CharNextW
MapWindowPoints
DestroyWindow
TrackMouseEvent
AllowSetForegroundWindow
GetWindowTextW
GetWindowTextLengthW
SetWindowPos
GetDC
ReleaseDC
SystemParametersInfoW
GetWindow
SetTimer
DrawTextW
SetFocus
GetDlgCtrlID
DestroyMenu
TrackPopupMenu
EnableMenuItem
GetSubMenu
LoadMenuW
DialogBoxIndirectParamW
GetLastActivePopup
CallWindowProcW
ShowWindow
IsRectEmpty
PostMessageW
GetParent
IsWindowEnabled
InvalidateRect
EndPaint
BeginPaint
GetWindowRect
GetWindowLongW
RegisterClassExW
DefWindowProcW
GetSysColor
LoadCursorW
GetClassInfoExW
GetDlgItem
SetDlgItemTextW
LoadAcceleratorsW
MoveWindow
SetWindowTextW
UnregisterClassA
EnableWindow
GetCursorPos
SetCursor
OffsetRect
PtInRect
GetKeyState
CopyRect
IsCharAlphaNumericW
LoadStringW
SetRect
EqualRect
DrawFocusRect
GetFocus
IsWindowVisible
IsChild
RedrawWindow
UnregisterClassW
RegisterClassW
PostQuitMessage
GetNextDlgTabItem
GetWindowPlacement
ScreenToClient
LockWindowUpdate
KillTimer
ExitWindowsEx
SetForegroundWindow
AppendMenuW
MessageBoxW
CopyIcon
CheckMenuItem
IsMenu
LoadImageW
SetMenuInfo
SetMenuItemInfoW
GetClassNameW
GetIconInfo
IsWindow
DestroyIcon
GetMessageW
DispatchMessageW
TranslateMessage
IsDialogMessageW
GetClientRect
TranslateAcceleratorW
SendMessageW
CreateWindowExW
SetWindowLongW
EndDialog
FillRect
DrawIconEx
CreateIconIndirect
GetAncestor
GetCapture
GetMessagePos
DrawEdge
GetWindowDC
ReleaseCapture
SetCapture
SetRectEmpty
InflateRect
ShowCursor
SetScrollInfo
GetScrollInfo
SetScrollPos
ScrollWindowEx
ScrollWindow
GetScrollPos
GetSystemMetrics
DrawIcon
GetSysColorBrush
GetDoubleClickTime
MessageBeep
RegisterWindowMessageW
CreatePopupMenu

msvcrt

_wcsicmp
_purecall
wcsstr
wcsrchr
??0exception@@QAE@ABQBD@Z
calloc
_ftol2_sse
_resetstkoflw
wcscpy_s
?what@exception@@UBEPBDXZ
_controlfp
_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
_errno
realloc
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_amsg_exit
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_callnewh
iswspace
_ltoa
_vsnwprintf
wcsncmp
_wtoi
_mktime64
vswprintf_s
_vscwprintf
_ftol2
wcstoul
_vsnprintf
_itow_s
_ltow
??0exception@@QAE@XZ
__RTDynamicCast
??0exception@@QAE@ABV0@@Z
free
malloc
memmove_s
memcpy_s
_wcsnicmp
wcschr
__CxxFrameHandler3
memset
swprintf_s
_CxxThrowException
memcpy
_wcstoui64
swscanf
_beginthreadex
wcscat_s
??1exception@@UAE@XZ

shell32

ord680
SHGetFolderPathW
ord727
ShellExecuteExW
SHGetFolderLocation
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
Shell_NotifyIconW

ole32

OleRun
CoUninitialize
CoCreateInstance
CoTaskMemFree
CoCreateGuid
CoInitializeEx
CoInitialize
StringFromGUID2
CoGetObject

oleaut32

SafeArrayCreate
SafeArrayGetLBound
VariantInit
VariantClear
SysAllocString
LoadTypeLi
SafeArrayLock
SafeArrayUnlock
SysStringLen
SafeArrayDestroy
SysAllocStringLen
SafeArrayGetUBound
SysFreeString

mpclient

MpScanResult
MpRegisterEventNotification
MpScanCancel
MpScan
MpScanThreatEnum
MpScanThreatOpen
MpScanHistoryEnum
MpScanHistoryOpen
MpConfigUnregisterNotifications
MpConfigRegisterForNotifications
MpElevationHandleClose
MpElevationHandleAttach
MpCleanThreats
MpCleanSetAction
MpCleanOpen
MpCleanPreCheck
MpConfigIteratorClose
MpConfigIteratorEnum
MpConfigIteratorOpen
MpQuarantineQuery
MpQuarantineEnum
MpQuarantineOpen
MpGetThreatLocalizedInfo
MpGetThreatStaticInfo
MpSignaturesUpdateClose
MpSignaturesUpdateCancel
MpDownloadAndUpdateSignaturesEx
MpScanOpen
MpQuarantineClose
MpCleanClose
MpScanHistoryClose
MpScanThreatClose
MpScanClose
MpUnregisterEventNotification
MpConfigDelValue
MpConfigSetValue
MpAllocMemory
MpOpen
MpClose
MpFormatVErrorMessage
MpConfigOpen
MpConfigClose
MpConfigGetValueAlloc
MpConfigGetValue
MpFreeMemory
MpConfigUninitialize
MpConfigInitialize
MpClientUtilExportFunctions
MpScanCreateReport

gdiplus

GdipSetSmoothingMode
GdipCloneBrush
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawImageRectI
GdipMeasureString
GdipDrawString
GdipFillRectangleI
GdipDrawLineI
GdipSetTextRenderingHint
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipCreateFromHDC
GdipCreatePath
GdipDeletePath
GdipGetSmoothingMode
GdipFillPath
GdipCreateLineBrushFromRectI
GdipCreateSolidFill
GdipGetImageHeight
GdipGetImageWidth
GdipDeleteFont
GdipDeleteGraphics
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeletePen
GdipCreatePen1
GdipDeleteBrush
GdiplusShutdown
GdipCloneImage
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipDisposeImage
GdipAlloc
GdipFree
GdipDrawImageRectRectI
GdipDrawPath
GdipDrawRectangleI
GdipGetDC
GdipReleaseDC
GdipGetImagePixelFormat
GdipImageRotateFlip
GdipCreateHICONFromBitmap
GdipClosePathFigure
GdipAddPathLineI
GdipAddPathArcI
GdipCloneBitmapAreaI
GdiplusStartup

comctl32

HIMAGELIST_QueryInterface
ord410
ord412
ord413
ImageList_Create
ImageList_ReplaceIcon
ImageList_LoadImageW
ImageList_Destroy
InitCommonControlsEx

shlwapi

StrDupW
StrStrIW
StrStrW
StrChrW
StrCmpNIW
StrCmpIW
StrCmpNW

oleacc

LresultFromObject
AccessibleObjectFromWindow

msmpres

GetMsMpResModuleHandle

rpcrt4

UuidFromStringW

mprtmon

MpConstructCDetections
MpConstructOnDemandDetection
MpInitializeRealtimeMonitoring
MpGetRealtimeManager
MpShutdownRealtimeMonitoring

netapi32

NetApiBufferFree
NetGetJoinInformation

winhttp

WinHttpReadData
WinHttpSendRequest
WinHttpOpen
WinHttpCloseHandle
WinHttpQueryOption
WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpCrackUrl
WinHttpSetTimeouts
WinHttpConnect
WinHttpReceiveResponse
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpSetStatusCallback
WinHttpAddRequestHeaders
WinHttpQueryHeaders
WinHttpWriteData
WinHttpOpenRequest

urlmon

IsValidURL

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 790KB - Virtual size: 790KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

16648489e542f6663f806ece9800e0fb

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

61:14:2c:a7:00:00:00:00:00:06Certificate

Extended Key Usages

Key Usages

61:14:2c:a7:00:00:00:00:00:06Certificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

61:05:21:23:00:00:00:00:00:06Certificate

Extended Key Usages

Key Usages

79:ad:16:a1:4a:a0:a5:ad:4c:73:58:f4:07:13:2e:65Certificate

Key Usages

61:07:02:dc:00:00:00:00:00:0bCertificate

Extended Key Usages

Key Usages

b6:a2:96:ac:1a:2f:5d:bc:59:e9:d2:d3:98:58:3b:37:ba:0e:35:a4Signer

Signature Validations

Verification

19/01/2008, 07:38 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

msvcrt

shell32

ole32

oleaut32

mpclient

gdiplus

comctl32

shlwapi

oleacc

msmpres

rpcrt4

mprtmon

netapi32

winhttp

urlmon

version

Sections

.text Size: 790KB - Virtual size: 790KB

.data Size: 16KB - Virtual size: 29KB

.rsrc Size: 103KB - Virtual size: 102KB

.reloc Size: 63KB - Virtual size: 62KB

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

61:14:2c:a7:00:00:00:00:00:06
Certificate

61:14:2c:a7:00:00:00:00:00:06
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:05:21:23:00:00:00:00:00:06
Certificate

79:ad:16:a1:4a:a0:a5:ad:4c:73:58:f4:07:13:2e:65
Certificate

61:07:02:dc:00:00:00:00:00:0b
Certificate

b6:a2:96:ac:1a:2f:5d:bc:59:e9:d2:d3:98:58:3b:37:ba:0e:35:a4
Signer

19/01/2008, 07:38
Valid: false

.text
Size: 790KB - Virtual size: 790KB

.data
Size: 16KB - Virtual size: 29KB

.rsrc
Size: 103KB - Virtual size: 102KB

.reloc
Size: 63KB - Virtual size: 62KB