7864b3a415fe198c494e67bdd59636f622a22ea0e5e0ba233003413adae70b03

Sharing

Copy URL

Twitter E-mail

General

Target

7864b3a415fe198c494e67bdd59636f622a22ea0e5e0ba233003413adae70b03
Size

24KB
MD5

65fc6b964bc9be8a0063fe9cb98496a0
SHA1

ce07a009b0b7a55dc6a5051d05b26d59b5874bf8
SHA256

7864b3a415fe198c494e67bdd59636f622a22ea0e5e0ba233003413adae70b03
SHA512

f31dba0fe6505b7a94cdac54a807294325d40001203024ea7fa539ef095eb614fe191846704a73cc9d902bc385590c0dd283c8b6d3dcb87ff5a5dc71eb4a6862
SSDEEP

384:Nu0i1QlBFJOEHRXxIZIDx4WAlvI7IFsIsWKCoHA6mqchYlBfIKVnVYEHiwWs:Nu11oJYtI7msIsdCoHUqchYlBgWVHCzs

Score

N/A

Malware Config

Signatures

Files

7864b3a415fe198c494e67bdd59636f622a22ea0e5e0ba233003413adae70b03
.dll windows x86

133fac2f7e960748f19036f45a2d963a

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:69:41:7a:1c:3e:f4:6a:30:1f:99:38:5f:50:68:0f:a0
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

28/06/2011, 09:46

Not After

28/06/2014, 09:46

Subject

CN=Benjamin Delpy,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

23/08/2013, 00:00

Not After

23/09/2024, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G1,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

c3:2e:30:d2:9f:f3:86:4a:13:f2:55:54:6d:a0:8c:79:57:82:18:d4
Signer

Actual PE Digest

c3:2e:30:d2:9f:f3:86:4a:13:f2:55:54:6d:a0:8c:79:57:82:18:d4

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Benjamin Delpy,C=FR

02/03/2014, 21:45
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTimeFormatA
GetDateFormatA
LocalFree
LocalAlloc
GetProcAddress
LoadLibraryW
CloseHandle
FileTimeToSystemTime
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
RtlUnwind
GetSystemTimeAsFileTime

advapi32

IsTextUnicode
CreateProcessAsUserW
CreateRestrictedToken
OpenProcessToken
ConvertSidToStringSidA

ntdll

RtlFreeUnicodeString
RtlStringFromGUID
RtlEqualString

msvcrt

_wfopen
fclose
vfwprintf
fflush
memset
_XcptFilter
malloc
free
_amsg_exit
_initterm

Exports

Exports

ExtensionApiVersion
InitializeChangeNotify
PasswordChangeNotify
SpLsaModeInitialize
WinDbgExtensionDllInit
mimikatz
startW

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

133fac2f7e960748f19036f45a2d963a

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

04:00:00:00:00:01:2f:4e:e1:35:5cCertificate

Extended Key Usages

Key Usages

11:21:69:41:7a:1c:3e:f4:6a:30:1f:99:38:5f:50:68:0f:a0Certificate

Extended Key Usages

Key Usages

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45Certificate

Extended Key Usages

Key Usages

c3:2e:30:d2:9f:f3:86:4a:13:f2:55:54:6d:a0:8c:79:57:82:18:d4Signer

Signature Validations

Verification

02/03/2014, 21:45 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ntdll

msvcrt

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

11:21:69:41:7a:1c:3e:f4:6a:30:1f:99:38:5f:50:68:0f:a0
Certificate

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

c3:2e:30:d2:9f:f3:86:4a:13:f2:55:54:6d:a0:8c:79:57:82:18:d4
Signer

02/03/2014, 21:45
Valid: false

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB