633f8ba1e563a38c28a4f5cbee908edf5ef046b4afe7ab64947f1f4f55e630e8

Sharing

Copy URL Twitter E-mail

General

Target

633f8ba1e563a38c28a4f5cbee908edf5ef046b4afe7ab64947f1f4f55e630e8
Size

228KB
MD5

6d74aaee12661b69a5df6f7837074478
SHA1

d4c33d2b451892aa9fc3aa3f9294b570de7ef0a1
SHA256

633f8ba1e563a38c28a4f5cbee908edf5ef046b4afe7ab64947f1f4f55e630e8
SHA512

e14a3082e0253b1fe426b8e1761391b83b051af5aaa5bba704c5158ba3f2e44f002c7d852b76f1e896e00a22a07a0c38c1afbff622436d20dc0175fdb0414da9
SSDEEP

3072:PWS/jl98HAUqFJmlA4GcuLQ6LmdsZaltQ9kh51ikcfOgeXyOsQp1Chxw/rXKn:PWS/TRPIYgh51iLeLk4Wn

Score

N/A

Malware Config

Signatures

Files

633f8ba1e563a38c28a4f5cbee908edf5ef046b4afe7ab64947f1f4f55e630e8
.dll regsvr32 windows x86

8d1971725de79b76e812c321dff2b898

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

26:31:97:50:e8:54:09:f9:45:69:40:14:a4:ed:26:5a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

10/05/2011, 00:00

Not After

29/05/2014, 23:59

Subject

CN=Awareness Technologies\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Awareness Technologies\, Inc.,L=Marina del Rey,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a5:b3:6e:6e:a7:2c:3c:a3:4a:ff:34:ea:45:ef:0f:f1:f1:c0:aa:e0
Signer

Actual PE Digest

a5:b3:6e:6e:a7:2c:3c:a3:4a:ff:34:ea:45:ef:0f:f1:f1:c0:aa:e0

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Awareness Technologies\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Awareness Technologies\, Inc.,L=Marina del Rey,ST=California,C=US

19/10/2011, 00:10
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetThreadPriority
GetCurrentThread
TerminateThread
DuplicateHandle
IsBadReadPtr
VirtualProtect
VirtualAlloc
IsBadCodePtr
VirtualFree
Thread32Next
Thread32First
CreateToolhelp32Snapshot
HeapFree
HeapAlloc
GetProcessHeap
SetLastError
OpenThread
CreateThread
ResetEvent
CreateEventW
SetEvent
SetThreadPriority
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetModuleFileNameA
GetStdHandle
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
FreeLibraryAndExitThread
LoadLibraryW
GetProcAddress
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
ProcessIdToSessionId
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
GetModuleHandleW
LoadLibraryExW
FreeLibrary
lstrcmpiW
GetLastError
DisableThreadLibraryCalls
UnmapViewOfFile
InterlockedExchangeAdd
GetComputerNameW
LocalFree
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetModuleFileNameW
InterlockedExchange
DeleteCriticalSection
LocalFileTimeToFileTime
FileTimeToSystemTime
MultiByteToWideChar
InterlockedDecrement
InterlockedIncrement
ReleaseMutex
WaitForSingleObject
IsValidCodePage
GetOEMCP
HeapCreate
ExitProcess
GetModuleHandleA
GetCPInfo
QueryPerformanceCounter
LCMapStringW
LCMapStringA
GetCommandLineA
RtlUnwind
CloseHandle
CreateMutexW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
lstrlenW
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
LoadLibraryA
GetStringTypeW
GetStringTypeA
IsDebuggerPresent
FlushFileBuffers
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapSize
HeapReAlloc
HeapDestroy
GetConsoleMode
GetConsoleCP
lstrcpynW
WriteFile
CreateFileW
DeleteFileW
ReadFile
GetFileSize
GetTempFileNameW
CreateMutexA
lstrcpynA
lstrlenA
GetTickCount
WideCharToMultiByte
GetSystemTime
GlobalUnlock
GlobalLock
GlobalSize
GetTempPathW
CreateSemaphoreW
CreateDirectoryW
lstrcatW
lstrcpyW
GetSystemTimeAsFileTime
ReleaseSemaphore
Sleep
GetTimeZoneInformation
SetFilePointer
GlobalAlloc
GlobalFree
GlobalReAlloc
CreateFileA
GetSystemDefaultLangID
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA

user32

CharLowerBuffW
UnregisterClassA
GetDesktopWindow
CharLowerW
SetTimer
KillTimer
PostThreadMessageW
PeekMessageW
MsgWaitForMultipleObjects
FindWindowExW
GetParent
GetClassNameW
IsWindow
CharNextW
DispatchMessageW

advapi32

AdjustTokenPrivileges
OpenProcessToken
RevertToSelf
OpenThreadToken
ImpersonateLoggedOnUser
SetNamedSecurityInfoW
ConvertStringSidToSidW
CryptDestroyKey
CryptEncrypt
CryptDecrypt
CryptDeriveKey
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegEnumKeyExW
RegQueryInfoKeyW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
RegGetKeySecurity
RegOpenKeyW
RegSetKeySecurity
RegQueryValueExW
LookupAccountNameW
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyExW
RegCreateKeyW
RegSetValueExW
RegCloseKey
LookupPrivilegeValueW

ole32

CreateStreamOnHGlobal
GetHGlobalFromStream
CoCreateInstance
CoGetInterfaceAndReleaseStream
CoUnmarshalInterface
CoUninitialize
CoInitializeEx
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromCLSID
CoMarshalInterThreadInterfaceInStream

oleaut32

VarUI4FromStr
SysStringByteLen
SysAllocStringByteLen
SystemTimeToVariantTime
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
VarBstrCat
SysFreeString
SysStringLen
SafeArrayUnaccessData
SafeArrayAccessData
VarBstrCmp
SafeArrayDestroy
SafeArrayPutElement
SafeArrayGetElement
SafeArrayCreate
SysAllocString

shlwapi

PathStripPathW
SHCreateStreamOnFileW
PathFileExistsW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wtsapi32

WTSCloseServer
WTSQuerySessionInformationW
WTSOpenServerW
WTSFreeMemory

netapi32

NetWkstaUserEnum
NetApiBufferFree

oleacc

AccessibleChildren
AccessibleObjectFromWindow

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 132KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8d1971725de79b76e812c321dff2b898

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

26:31:97:50:e8:54:09:f9:45:69:40:14:a4:ed:26:5aCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

a5:b3:6e:6e:a7:2c:3c:a3:4a:ff:34:ea:45:ef:0f:f1:f1:c0:aa:e0Signer

Signature Validations

Verification

19/10/2011, 00:10 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

version

wtsapi32

netapi32

oleacc

Exports

Exports

Sections

.text Size: 132KB - Virtual size: 128KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 24KB - Virtual size: 23KB

.reloc Size: 20KB - Virtual size: 18KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

26:31:97:50:e8:54:09:f9:45:69:40:14:a4:ed:26:5a
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

a5:b3:6e:6e:a7:2c:3c:a3:4a:ff:34:ea:45:ef:0f:f1:f1:c0:aa:e0
Signer

19/10/2011, 00:10
Valid: false

.text
Size: 132KB - Virtual size: 128KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 24KB - Virtual size: 23KB

.reloc
Size: 20KB - Virtual size: 18KB