416f5fa50b4778d8698a6434c038a8df1957ba53aa261be75705aa890ffcd3af

Sharing

Copy URL Twitter E-mail

General

Target

416f5fa50b4778d8698a6434c038a8df1957ba53aa261be75705aa890ffcd3af
Size

1.0MB
MD5

5365438fbf54ecc74bf98eaa23753956
SHA1

fa7c920951a3278bbce5c3d2226aa0c09c0c32da
SHA256

416f5fa50b4778d8698a6434c038a8df1957ba53aa261be75705aa890ffcd3af
SHA512

95ec0886b76b8304153ee8c357b6913e955917b8476dd9f6f16d76637180c7631ec1a612759e0c978f8716a2f79eb7c371ae6b54fd91a88c3306cc0fae5b59d7
SSDEEP

24576:ugpFbhrm7swqYAXSDqBrVY7RPLYKlwXq40:9hy7GYAXHG710Klqq40

Score

N/A

Malware Config

Signatures

Files

416f5fa50b4778d8698a6434c038a8df1957ba53aa261be75705aa890ffcd3af
.dll windows x86

9a88ef6c59a4eda6cc0b75efed6adfc4

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

56:f5:1b:61:d9:7d:b2:8c:df:fd:e6:ba:2d:15:90:4a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

13/08/2010, 00:00

Not After

12/08/2013, 23:59

Subject

CN=T.E.C Solutions (G.Z.)Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=T.E.C Solutions (G.Z.)Limited,L=Guangzhou,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:65:55:d9:cc:89:f4:d6:24:b6:22:6a:4d:d6:d6:3a:ed:03:1f:c9
Signer

Actual PE Digest

05:65:55:d9:cc:89:f4:d6:24:b6:22:6a:4d:d6:d6:3a:ed:03:1f:c9

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=T.E.C Solutions (G.Z.)Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=T.E.C Solutions (G.Z.)Limited,L=Guangzhou,ST=Guangdong,C=CN

21/02/2013, 08:20
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

nnotes

ord3819
ord3817
ord1562
ord2394
ord3823
ord2349
ord3846
ord3845
ord391
ord2348

kernel32

GlobalSize
DuplicateHandle
FlushFileBuffers
LockFile
UnlockFile
MoveFileA
GetVolumeInformationA
GetFullPathNameA
GetStringTypeExA
GetThreadLocale
GetShortPathNameA
GetCPInfo
GetOEMCP
GetFileAttributesA
GetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFileTime
SetFileAttributesA
RtlUnwind
GetCommandLineA
HeapAlloc
HeapFree
ExitProcess
TerminateProcess
ExitThread
RaiseException
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetACP
HeapSize
HeapReAlloc
FatalAppExitA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
UnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetProcessVersion
GetStringTypeW
SetUnhandledExceptionFilter
Sleep
IsBadReadPtr
IsBadCodePtr
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
SetConsoleCtrlHandler
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetLocaleInfoW
GetOverlappedResult
CreateNamedPipeA
ConnectNamedPipe
WaitNamedPipeA
SetNamedPipeHandleState
InterlockedExchange
InterlockedCompareExchange
FormatMessageW
FindResourceExA
OutputDebugStringW
CreateIoCompletionPort
DisconnectNamedPipe
PostQueuedCompletionStatus
GetQueuedCompletionStatus
OpenEventA
OpenMutexA
OpenSemaphoreA
CreateFileW
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
UnmapViewOfFile
TerminateThread
GetExitCodeThread
LoadLibraryW
CreateDirectoryA
GetDriveTypeA
GetDiskFreeSpaceA
SetVolumeLabelA
SetCurrentDirectoryA
FreeLibrary
FindResourceA
LoadResource
LockResource
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GetCurrentDirectoryA
GetModuleFileNameW
GetCurrentDirectoryW
GetWindowsDirectoryW
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
GlobalFlags
MulDiv
SetLastError
GetVersion
lstrcpynA
lstrcpyA
lstrcatA
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
GlobalFree
TlsAlloc
GetSystemDirectoryW
SizeofResource
EnumResourceLanguagesA
LoadLibraryExA
LoadLibraryExW
GetComputerNameW
LocalAlloc
WaitForMultipleObjects
ReleaseMutex
CreateMutexA
ReleaseSemaphore
CreateSemaphoreA
GlobalUnlock
FileTimeToLocalFileTime
FileTimeToSystemTime
FormatMessageA
InterlockedDecrement
InterlockedIncrement
CreateEventA
SuspendThread
SetThreadPriority
ResumeThread
GetSystemInfo
SetEvent
WaitForSingleObject
GetModuleFileNameA
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
LeaveCriticalSection
EnterCriticalSection
AllocConsole
FreeConsole
OutputDebugStringA
SetFilePointer
SetEndOfFile
GetTickCount
lstrlenA
CopyFileA
ReadFile
DeleteFileA
WriteFile
lstrlenW
GetFileSize
DeleteCriticalSection
InitializeCriticalSection
FindFirstFileW
FindNextFileW
FindFirstFileA
FindNextFileA
FindClose
GetLastError
LoadLibraryA
LocalFree
OpenProcess
GetCurrentProcess
CreateThread
GetSystemDirectoryA
CreateFileA
GetFileInformationByHandle
CloseHandle
GetModuleHandleA
GetProcAddress
GetCurrentProcessId
GetCurrentThreadId
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
SetThreadLocale
QueryPerformanceCounter
CancelIo
ResetEvent
GetStringTypeA

user32

GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
SetFocus
ShowWindow
SetWindowPos
MoveWindow
IsDialogMessageA
ScrollWindowEx
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
SendDlgItemMessageA
GetDlgItemTextA
GetDlgItemInt
GetDlgItem
CheckRadioButton
CheckDlgButton
GrayStringA
RemovePropA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
GetClassLongA
GetDC
ScreenToClient
GetMenuStringA
DeleteMenu
InsertMenuA
GetMenuItemCount
GetDesktopWindow
SetWindowTextA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetClassNameA
UnregisterClassA
UnhookWindowsHookEx
MsgWaitForMultipleObjects
GetWindowTextLengthA
GetWindowTextA
wsprintfA
OemToCharA
SetPropA
CallWindowProcA
GetPropA
DrawTextA
CharToOemA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
CreateWindowExA
DestroyWindow
DefWindowProcA
SetWindowPlacement
TrackPopupMenu
GetMenuItemID
GetSubMenu
GetMenu
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
IsChild
GetTopWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
ShowScrollBar
SetScrollInfo
GetScrollInfo
ScrollWindow
EndDeferWindowPos
CopyRect
BeginDeferWindowPos
GetClientRect
DeferWindowPos
EqualRect
AdjustWindowRectEx
IsWindow
SetActiveWindow
GetSysColor
MapWindowPoints
DestroyMenu
CharUpperA
wvsprintfA
RemoveMenu
AppendMenuA
LoadStringA
GetSysColorBrush
LoadCursorA
LoadIconA
ReleaseDC
UpdateWindow
TranslateMessage
DispatchMessageA
CharToOemBuffA
OemToCharBuffA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
EnableWindow
SetCursor
ShowOwnedPopups
SendMessageA
PostMessageA
PostQuitMessage
GetWindowThreadProcessId
EnumDesktopWindows
MessageBoxA
OpenWindowStationA
SetProcessWindowStation
CloseWindowStation
GetUserObjectInformationA
OpenInputDesktop
OpenDesktopA
GetThreadDesktop
SetThreadDesktop
CloseDesktop
GetUserObjectInformationW
GetProcessWindowStation
SetWindowLongA

gdi32

GetClipBox
SelectClipRgn
ExcludeClipRect
IntersectClipRect
OffsetClipRgn
MoveToEx
LineTo
SetTextAlign
SetTextJustification
SetTextCharacterExtra
SetMapperFlags
GetCurrentPositionEx
ArcTo
SetArcDirection
PolyDraw
PolylineTo
SetColorAdjustment
PolyBezierTo
GetClipRgn
CreateRectRgn
SelectClipPath
OffsetWindowOrgEx
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
GetDeviceCaps
GetViewportExtEx
GetWindowExtEx
CreatePen
ScaleWindowExtEx
CreateSolidBrush
CreateHatchBrush
CreatePatternBrush
CreateDIBPatternBrushPt
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetDCOrgEx
GetObjectA
CopyMetaFileA
CreateDCA
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
SetBkColor
SelectPalette
GetStockObject
SelectObject
RestoreDC
SaveDC
ExtCreatePen
SetWindowExtEx
StartDocA
DeleteDC
DeleteObject
GetBitmapBits
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
ExtSelectClipRgn
CreateBitmap

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegisterEventSourceA
ReportEventA
DeregisterEventSource
SetSecurityDescriptorDacl
GetAce
AddAccessAllowedAce
InitializeAcl
GetLengthSid
InitializeSecurityDescriptor
LookupAccountSidW
RegOpenKeyA
RegSetValueA
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
GetUserNameA
GetTokenInformation
LookupAccountSidA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyA
RegQueryValueExA
RegCloseKey
LookupAccountNameW

shell32

SHFileOperationA
SHGetFileInfoA
DragAcceptFiles

comctl32

ord17

ole32

CoCreateInstance
CoCreateGuid
OleDuplicateData
CoTaskMemAlloc
CreateBindCtx
CoTaskMemFree
SetConvertStg
WriteFmtUserTypeStg
WriteClassStg
OleRegGetUserType
ReadFmtUserTypeStg
CoInitialize
ReadClassStg
StringFromCLSID
CoTreatAsClass
ReleaseStgMedium
CoDisconnectObject
CoUninitialize

oleaut32

SysAllocStringByteLen
CreateErrorInfo
SetErrorInfo
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayCopy
VarBstrFromDate
VarDateFromStr
VarBstrFromCy
VarCyFromStr
SysStringByteLen
VariantChangeType
VariantInit
VariantCopy
SafeArrayRedim
VariantClear
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocStringLen
SysFreeString
SysAllocString
SysStringLen
SysReAllocStringLen
SafeArrayCreateVector
GetErrorInfo

rpcrt4

UuidToStringA
RpcStringFreeA
RpcStringFreeW
UuidToStringW
UuidCreate

ws2_32

recv
send
getsockopt
getsockname
getpeername
ntohl
ntohs
listen
shutdown
sendto
connect
socket
WSAIoctl
htons
htonl
bind
accept
setsockopt
WSACleanup
WSAStartup
WSAGetLastError
recvfrom
closesocket

Exports

Exports

?Dll_GetLogFileName@@YAHPADH@Z
?Dll_GetLogLevel@@YAKXZ
?Dll_GetLogTos@@YAKXZ
?Dll_SetLogOutput@@YAXKKPBD@Z
MainEntryPoint

Sections

.text
Size: 768KB - Virtual size: 767KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 156KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.OutputL
Size: 4KB - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9a88ef6c59a4eda6cc0b75efed6adfc4

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

56:f5:1b:61:d9:7d:b2:8c:df:fd:e6:ba:2d:15:90:4aCertificate

Extended Key Usages

Key Usages

05:65:55:d9:cc:89:f4:d6:24:b6:22:6a:4d:d6:d6:3a:ed:03:1f:c9Signer

Signature Validations

Verification

21/02/2013, 08:20 Valid: false

Headers

File Characteristics

Imports

nnotes

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

ole32

oleaut32

rpcrt4

ws2_32

Exports

Exports

Sections

.text Size: 768KB - Virtual size: 767KB

.rdata Size: 156KB - Virtual size: 152KB

.data Size: 60KB - Virtual size: 79KB

.OutputL Size: 4KB - Virtual size: 268B

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 52KB - Virtual size: 49KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

56:f5:1b:61:d9:7d:b2:8c:df:fd:e6:ba:2d:15:90:4a
Certificate

05:65:55:d9:cc:89:f4:d6:24:b6:22:6a:4d:d6:d6:3a:ed:03:1f:c9
Signer

21/02/2013, 08:20
Valid: false

.text
Size: 768KB - Virtual size: 767KB

.rdata
Size: 156KB - Virtual size: 152KB

.data
Size: 60KB - Virtual size: 79KB

.OutputL
Size: 4KB - Virtual size: 268B

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 52KB - Virtual size: 49KB