49283529781abce96074979fce21dbfe697a5f69e1d3a6d620f0663d30ba4dc1

Sharing

Copy URL Twitter E-mail

General

Target

49283529781abce96074979fce21dbfe697a5f69e1d3a6d620f0663d30ba4dc1
Size

1.7MB
MD5

7ae1a0a5d2bc87816136ba74cbcf24e3
SHA1

aa6d43efd4a0061ce03e1992f3303fbab6378fc2
SHA256

49283529781abce96074979fce21dbfe697a5f69e1d3a6d620f0663d30ba4dc1
SHA512

d34a17b5c8abf042c9d22246f09fd20498a31fb736d97c72e9d5cfe20fa45129ca7aa1f190c7126ca2dbdc4e2cccc582510f1f4a910944d3bbfbbc2e0fadb075
SSDEEP

24576:JX49Ocq6a89WXNSOYPsIvuBX/FDyLdX7YYl2+t3frv+CKyqzYQ0/9DptbdJz01:J+a/XYPxldGwQ0/9ltfz01

Score

N/A

Malware Config

Signatures

Files

49283529781abce96074979fce21dbfe697a5f69e1d3a6d620f0663d30ba4dc1
.dll windows x86

0bf4ffa5ceefc6289c88c5ac49ba7fe8

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

56:f5:1b:61:d9:7d:b2:8c:df:fd:e6:ba:2d:15:90:4a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

13/08/2010, 00:00

Not After

12/08/2013, 23:59

Subject

CN=T.E.C Solutions (G.Z.)Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=T.E.C Solutions (G.Z.)Limited,L=Guangzhou,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

96:0b:74:49:a1:86:46:a6:12:a4:1b:de:61:6c:85:2c:31:5b:37:0b
Signer

Actual PE Digest

96:0b:74:49:a1:86:46:a6:12:a4:1b:de:61:6c:85:2c:31:5b:37:0b

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=T.E.C Solutions (G.Z.)Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=T.E.C Solutions (G.Z.)Limited,L=Guangzhou,ST=Guangdong,C=CN

25/10/2012, 10:46
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalAlloc
TlsAlloc
GlobalFree
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
SetErrorMode
lstrcatA
GetVersion
MulDiv
GlobalFlags
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetCurrentDirectoryA
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
LockResource
LoadResource
FindResourceA
GetProcessVersion
GlobalSize
GetCPInfo
GetOEMCP
RtlUnwind
RaiseException
GetTimeZoneInformation
GetSystemTime
HeapReAlloc
HeapAlloc
HeapFree
GetACP
ExitProcess
ExitThread
HeapSize
FatalAppExitA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
VirtualFree
VirtualAlloc
IsBadWritePtr
GetEnvironmentVariableA
HeapDestroy
HeapCreate
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
UnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
SetConsoleCtrlHandler
SetStdHandle
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetLastError
OpenMutexA
Sleep
SetLastError
lstrlenW
GlobalUnlock
SuspendThread
SetThreadPriority
ResumeThread
GlobalLock
GlobalAlloc
GlobalDeleteAtom
GetCurrentThread
ReleaseSemaphore
CreateSemaphoreA
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetFileTime
GetShortPathNameA
lstrcmpiA
GetThreadLocale
SetCurrentDirectoryA
DefineDosDeviceA
SetVolumeLabelA
GetDiskFreeSpaceA
RemoveDirectoryW
CopyFileW
CreateDirectoryW
MoveFileW
DeleteFileW
GetFileAttributesW
SetFileAttributesW
GetEnvironmentVariableW
GetTempPathW
GetTempPathA
VirtualQueryEx
ReadProcessMemory
GetThreadPriority
CreateProcessW
CreateProcessA
VirtualProtect
GetWindowsDirectoryA
BeginUpdateResourceA
UpdateResourceA
EndUpdateResourceA
EnumResourceTypesA
EnumResourceNamesA
OpenSemaphoreA
OpenEventA
GetQueuedCompletionStatus
PostQueuedCompletionStatus
DisconnectNamedPipe
CreateIoCompletionPort
CancelIo
GetOverlappedResult
CreateNamedPipeA
ConnectNamedPipe
WaitNamedPipeA
SetNamedPipeHandleState
SetThreadLocale
OutputDebugStringA
LoadLibraryExW
EnumResourceLanguagesA
SizeofResource
GetWindowsDirectoryW
GetCurrentDirectoryW
QueryPerformanceCounter
QueryPerformanceFrequency
LoadLibraryW
GetExitCodeThread
TerminateThread
FormatMessageW
FindResourceExA
GetSystemDirectoryA
CreateFileA
GetTickCount
DeviceIoControl
GetCommandLineA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetDriveTypeW
QueryDosDeviceA
CreateDirectoryA
DeleteFileA
SetFileAttributesA
GetFileAttributesA
FreeLibrary
LoadLibraryExA
ReadFile
GetFileSize
GetCurrentProcessId
CreateMutexA
GetCurrentThreadId
WaitForSingleObject
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
WideCharToMultiByte
GlobalMemoryStatus
FindClose
FindNextFileW
lstrcmpW
FindFirstFileW
GetLocalTime
GetModuleFileNameW
ReleaseMutex
GetStringTypeExA
GetFullPathNameA
lstrcpynA
lstrcpyA
UnmapViewOfFile
FlushFileBuffers
DuplicateHandle
FileTimeToLocalFileTime
FileTimeToSystemTime
FormatMessageA
lstrlenA
InterlockedIncrement
GetLogicalDriveStringsA
GetVolumeInformationA
GetDiskFreeSpaceExA
UnlockFile
LockFile
SetEndOfFile
AllocConsole
GetStdHandle
WriteConsoleA
FreeConsole
OutputDebugStringW
SetFilePointer
WriteFile
CreateFileW
InterlockedDecrement
GetSystemDirectoryW
GetLogicalDriveStringsW
GetVolumeInformationW
GetVersionExA
TerminateProcess
SetPriorityClass
GetPriorityClass
GetDriveTypeA
ExpandEnvironmentStringsW
GetLogicalDrives
QueryDosDeviceW
ExpandEnvironmentStringsA
SetEvent
WaitForMultipleObjects
OpenEventW
ResetEvent
CreateEventW
GetComputerNameW
GetProfileStringA
CreateEventA
SetUnhandledExceptionFilter
MoveFileA
CopyFileA
lstrcmpA
RemoveDirectoryA
GetSystemInfo
FindFirstFileA
FindNextFileA
LoadLibraryA
LocalFree
OpenProcess
GetCurrentProcess
CreateThread
GetFileInformationByHandle
OpenFileMappingA
CreateFileMappingA
MapViewOfFile
CloseHandle

user32

FindWindowA
PostThreadMessageA
CloseDesktop
SetThreadDesktop
GetThreadDesktop
OpenDesktopA
OpenInputDesktop
GetUserObjectInformationA
GetProcessWindowStation
CloseWindowStation
SetProcessWindowStation
OpenWindowStationA
MessageBoxA
MessageBoxW
EnumDesktopWindows
GetWindowThreadProcessId
GetWindowLongA
GetParent
IsWindowVisible
MapWindowPoints
GetSysColor
SetActiveWindow
IsWindow
AdjustWindowRectEx
EqualRect
UpdateWindow
GetClientRect
BeginDeferWindowPos
CopyRect
EndDeferWindowPos
ScrollWindow
GetScrollInfo
SetScrollInfo
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
IsChild
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetSubMenu
GetMenuItemID
TrackPopupMenu
SetWindowPlacement
DestroyWindow
GetClassLongA
SetPropA
LoadIconA
DeferWindowPos
LoadCursorA
GetSysColorBrush
CallWindowProcA
EnumWindows
EnumChildWindows
GetDesktopWindow
CharToOemBuffA
OemToCharBuffA
GetUserObjectInformationW
GetWindowTextA
GetWindowTextW
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
wsprintfW
CharToOemA
OemToCharA
wsprintfA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
SetFocus
ShowWindow
SetWindowPos
MoveWindow
SetWindowLongA
IsDialogMessageA
ScrollWindowEx
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
SendDlgItemMessageA
GetDlgItemTextA
GetDlgItemInt
GetDlgItem
CheckRadioButton
CheckDlgButton
GetMenuStringA
DeleteMenu
InsertMenuA
GetMenuItemCount
SetWindowTextA
GetWindow
CharUpperA
GetSystemMetrics
MsgWaitForMultipleObjects
PostQuitMessage
PostMessageA
SendMessageA
GetDlgCtrlID
GetWindowRect
AppendMenuA
RemoveMenu
wvsprintfA
DestroyMenu
GetPropA
PtInRect
GetClassNameA
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
ScreenToClient
LoadStringA
UnregisterClassA
UnhookWindowsHookEx
GetWindowTextLengthA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
GetCursorPos
SetWindowsHookExA
GetLastActivePopup
IsWindowEnabled
EnableWindow
SetCursor
ShowOwnedPopups
CreateWindowExA

gdi32

SetBkMode
SetBkColor
SelectPalette
GetStockObject
SelectObject
RestoreDC
SaveDC
StartDocA
DeleteDC
CreateBitmap
RectVisible
SetStretchBltMode
ExtTextOutA
Escape
GetDCOrgEx
GetObjectA
CopyMetaFileA
CreateDCA
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetPolyFillMode
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
SelectClipRgn
ExcludeClipRect
IntersectClipRect
OffsetClipRgn
MoveToEx
LineTo
SetTextAlign
SetTextJustification
SetTextCharacterExtra
SetMapperFlags
GetCurrentPositionEx
ArcTo
SetArcDirection
PolyDraw
PolylineTo
SetColorAdjustment
PolyBezierTo
DeleteObject
GetClipRgn
CreateRectRgn
SelectClipPath
ExtSelectClipRgn
SetWindowOrgEx
SetROP2
GetBitmapBits
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
GetDeviceCaps
GetViewportExtEx
GetWindowExtEx
PtVisible
CreatePen
ExtCreatePen
CreateSolidBrush
CreateHatchBrush
CreatePatternBrush
CreateDIBPatternBrushPt
TextOutA

comdlg32

GetFileTitleA

winspool.drv

FindFirstPrinterChangeNotification
DocumentPropertiesA
EnumPrintersA
EnumJobsA
EnumPortsA
ClosePrinter
GetPrinterA
OpenPrinterA
DeletePrinter
AddPrinterA
GetJobA
GetPrinterW
OpenPrinterW
FindClosePrinterChangeNotification
FreePrinterNotifyInfo
FindNextPrinterChangeNotification

advapi32

InitializeAcl
SetFileSecurityA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
LookupAccountSidW
GetLengthSid
AddAccessAllowedAce
GetAce
LookupAccountNameW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegEnumKeyA
RegConnectRegistryA
RegSetValueA
RegCreateKeyExA
RegUnLoadKeyW
RegLoadKeyW
RegQueryInfoKeyA
RegEnumValueA
RegDeleteKeyA
RegDeleteValueA
RegOpenKeyExA
RegNotifyChangeKeyValue
RegSetValueExA
RegOpenKeyA
GetUserNameA
GetTokenInformation
LookupAccountSidA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyA
RegQueryValueExA
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW
RegCreateKeyW
RegOpenKeyW
RegSetValueExW
RegCloseKey
OpenSCManagerA
OpenServiceA
QueryServiceConfigA
ChangeServiceConfigA
CloseServiceHandle
RegSetKeySecurity

shell32

SHGetFileInfoA
DragAcceptFiles

comctl32

ord17

ole32

OleDuplicateData
CoTaskMemAlloc
CreateBindCtx
CoTaskMemFree
SetConvertStg
WriteFmtUserTypeStg
WriteClassStg
OleRegGetUserType
ReadFmtUserTypeStg
ReadClassStg
StringFromCLSID
CoTreatAsClass
ReleaseStgMedium
CoDisconnectObject
CoCreateInstance

oleaut32

SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
VariantClear
SafeArrayRedim
VariantCopy
SysAllocStringByteLen
VariantChangeType
SysStringByteLen
VarCyFromStr
VarBstrFromCy
SysAllocString
VarBstrFromDate
SafeArrayCopy
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayGetElement
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
SysStringLen
SysAllocStringLen
SysReAllocStringLen
SysFreeString
VarDateFromStr
GetErrorInfo
SetErrorInfo
CreateErrorInfo
VariantInit

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

mpr

WNetGetConnectionA

rpcrt4

RpcStringFreeA
UuidCreate
UuidToStringW
RpcStringFreeW
UuidToStringA

Exports

Exports

Run32
Start
Stop

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 176KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0bf4ffa5ceefc6289c88c5ac49ba7fe8

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

56:f5:1b:61:d9:7d:b2:8c:df:fd:e6:ba:2d:15:90:4aCertificate

Extended Key Usages

Key Usages

96:0b:74:49:a1:86:46:a6:12:a4:1b:de:61:6c:85:2c:31:5b:37:0bSigner

Signature Validations

Verification

25/10/2012, 10:46 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

ole32

oleaut32

version

mpr

rpcrt4

Exports

Exports

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 176KB - Virtual size: 175KB

.data Size: 100KB - Virtual size: 174KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 84KB - Virtual size: 83KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

56:f5:1b:61:d9:7d:b2:8c:df:fd:e6:ba:2d:15:90:4a
Certificate

96:0b:74:49:a1:86:46:a6:12:a4:1b:de:61:6c:85:2c:31:5b:37:0b
Signer

25/10/2012, 10:46
Valid: false

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 176KB - Virtual size: 175KB

.data
Size: 100KB - Virtual size: 174KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 84KB - Virtual size: 83KB