c54d5050f250cf796ba35c870c7f260ada80b22023fb1e429ab67bca9a24a949

Sharing

Copy URL Twitter E-mail

General

Target

c54d5050f250cf796ba35c870c7f260ada80b22023fb1e429ab67bca9a24a949
Size

470KB
MD5

6aef6c04e5ee405479398d2d2313075e
SHA1

42e16c9fb204c45b08c76c9772e9ebb29d4a80be
SHA256

c54d5050f250cf796ba35c870c7f260ada80b22023fb1e429ab67bca9a24a949
SHA512

e17d54cdd3d234f4e268a8eeea0fc781c5b5a223100a106f263920490ef3a089dd8949d75089c6cc3aee29a49feb3d0234228c9fae26ac357587ed17b41c68f2
SSDEEP

12288:nFTZURa7kn3T1nctiGAhcytc25p4cVDdubniDNglwwYu:nj76RnuiDhcytc2b4cVD2oNgawYu

Score

N/A

Malware Config

Signatures

Files

c54d5050f250cf796ba35c870c7f260ada80b22023fb1e429ab67bca9a24a949
.dll regsvr32 windows x86

0538876cb30dd7ddf8a120016992dc57

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

68:a5:c8:47:24:52:e9:8d:42:54:88:c3:98:1c:28:f8
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

06/10/2011, 00:00

Not After

31/12/2013, 23:59

Subject

CN=McAfee\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IIS,O=McAfee\, Inc.,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b2:52:1a:7f:f4:9d:b2:73:b9:48:90:43:3d:f7:fd:64:5f:eb:41:3c
Signer

Actual PE Digest

b2:52:1a:7f:f4:9d:b2:73:b9:48:90:43:3d:f7:fd:64:5f:eb:41:3c

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=McAfee\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IIS,O=McAfee\, Inc.,L=Santa Clara,ST=California,C=US

26/10/2012, 18:19
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wintrust

WinVerifyTrust

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

LoadResource
FindResourceW
LoadLibraryExW
GetModuleFileNameW
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
Sleep
InterlockedCompareExchange
GetCurrentProcessId
WritePrivateProfileStructA
GetPrivateProfileStructA
GetPrivateProfileStringA
GetFileAttributesW
CreateMutexW
CloseHandle
CreateDirectoryW
FindClose
FindNextFileW
WriteFile
SetFilePointer
ReadFile
GetFileSize
CreateFileA
GetWindowsDirectoryA
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExW
GetShortPathNameW
MoveFileExW
CopyFileW
SetFileAttributesW
FindFirstFileW
DeleteFileW
RemoveDirectoryW
GetCurrentDirectoryW
InterlockedDecrement
InterlockedIncrement
SizeofResource
OutputDebugStringW
GetLocalTime
GetCurrentThreadId
CreateFileW
WaitForSingleObject
VirtualQuery
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
GetTickCount
SetThreadLocale
lstrlenA
LockResource
FindResourceExW
CompareFileTime
WaitForMultipleObjects
FileTimeToSystemTime
FileTimeToLocalFileTime
SystemTimeToFileTime
OpenProcess
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
LocalFileTimeToFileTime
CreateEventW
SetEvent
ResetEvent
FindFirstFileExW
IsBadReadPtr
GetVersionExA
LoadLibraryA
GetSystemDirectoryA
GetShortPathNameA
Module32Next
Module32First
FindFirstFileA
IsBadWritePtr
LocalFree
IsValidLocale
EnumSystemLocalesA
MultiByteToWideChar
GetLastError
RaiseException
lstrcmpiW
GetModuleHandleW
GetProcAddress
lstrlenW
FreeLibrary
DeleteCriticalSection
SetStdHandle
WriteConsoleW
SetEndOfFile
CompareStringW
ReleaseMutex
SetEnvironmentVariableA
GetUserDefaultLCID
LoadLibraryW
PeekNamedPipe
GetFileInformationByHandle
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
QueryPerformanceCounter
GetEnvironmentStringsW
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedExchange
GetStringTypeW
EncodePointer
DecodePointer
VirtualProtect
VirtualAlloc
GetSystemInfo
GetCommandLineA
GetTimeFormatW
GetDateFormatW
GetSystemTimeAsFileTime
GetDriveTypeW
ExitThread
CreateThread
FreeEnvironmentStringsW
GetModuleFileNameA
GetStartupInfoW
GetFileType
SetHandleCount
GetLocaleInfoW
IsValidCodePage
GetOEMCP
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
HeapCreate
GetStdHandle
ExitProcess
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
LCMapStringW
GetCPInfo
RtlUnwind
GetFullPathNameW
HeapDestroy

user32

CharNextW

advapi32

RegCreateKeyA
RegSetValueExA
OpenProcessToken
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW

shell32

SHGetFolderPathW

ole32

CoInitializeEx
CoUninitialize
CoInitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2
CoCreateInstance

oleaut32

SysAllocStringLen
UnRegisterTypeLi
RegisterTypeLi
SysStringByteLen
SysAllocStringByteLen
VariantCopy
LoadTypeLi
LoadRegTypeLi
SysFreeString
SysStringLen
SysAllocString
VariantClear
VariantInit
VarUI4FromStr

shlwapi

PathFileExistsW

sacore

sa_map_freeitembycopy
sa_list_destroy
sa_list_append
sa_list_cloneitembycopy
sa_list_freeitembycopy
sa_list_create
sa_dss_maintenance
sa_dss_lookupurls
sa_sethttphooks
sa_setcachehooks
sa_setmblhooks
sa_setstorehooks
sa_setloghooks
SA_OPTION_SHAREDDIRECTORY
SA_OPTION_LOCALE
SA_OPTION_AFFID
SA_OPTION_CLIENTTYPE
SA_OPTION_CLIENTVERSION
SA_OPTION_DSSURL
sa_option_setstring
sa_finalize
sa_initialize
sa_map_cloneitembycopy
sa_map_comparestringi
sa_map_hashstringi
sa_map_set
sa_map_destroy
sa_map_get
sa_map_create

sa_cache_sqlite

cache_flush_sqlite
cache_setvalue_sqlite
cache_getvalue_sqlite
cache_initialize_sqlite
cache_finalize_sqlite

sa_http_win32

sa_http_get_win32
sa_http_post_win32
sa_http_cancel_win32

sa_mbl

sa_mbl_authenticate_hook
sa_mbl_lookup_hook

sa_store_sqlite

store_getvalue_sqlite
store_getkeys_sqlite
store_finalize_sqlite
store_initialize_sqlite
store_getkeysvalues_sqlite
store_setvalue_sqlite
store_setvalues_sqlite

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory
WTSQueryUserToken

sqlite3

sqlite3_prepare_v2
sqlite3_step
sqlite3_finalize
sqlite3_column_int
sqlite3_open16
sqlite3_busy_timeout
sqlite3_errmsg
sqlite3_column_int64
sqlite3_db_handle
sqlite3_column_text16
sqlite3_column_count
sqlite3_close

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 314KB - Virtual size: 314KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0538876cb30dd7ddf8a120016992dc57

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

68:a5:c8:47:24:52:e9:8d:42:54:88:c3:98:1c:28:f8Certificate

Extended Key Usages

Key Usages

b2:52:1a:7f:f4:9d:b2:73:b9:48:90:43:3d:f7:fd:64:5f:eb:41:3cSigner

Signature Validations

Verification

26/10/2012, 18:19 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

wintrust

version

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

sacore

sa_cache_sqlite

sa_http_win32

sa_mbl

sa_store_sqlite

wtsapi32

sqlite3

Exports

Exports

Sections

.text Size: 314KB - Virtual size: 314KB

.rdata Size: 91KB - Virtual size: 91KB

.data Size: 19KB - Virtual size: 28KB

.rsrc Size: 7KB - Virtual size: 6KB

.reloc Size: 27KB - Virtual size: 27KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

68:a5:c8:47:24:52:e9:8d:42:54:88:c3:98:1c:28:f8
Certificate

b2:52:1a:7f:f4:9d:b2:73:b9:48:90:43:3d:f7:fd:64:5f:eb:41:3c
Signer

26/10/2012, 18:19
Valid: false

.text
Size: 314KB - Virtual size: 314KB

.rdata
Size: 91KB - Virtual size: 91KB

.data
Size: 19KB - Virtual size: 28KB

.rsrc
Size: 7KB - Virtual size: 6KB

.reloc
Size: 27KB - Virtual size: 27KB