daabb4546b7b4bbaba4603dc3213d8b33e9f1cc3a637dc8f2bc78fc30fe8e0e9

Sharing

Copy URL Twitter E-mail

General

Target

daabb4546b7b4bbaba4603dc3213d8b33e9f1cc3a637dc8f2bc78fc30fe8e0e9
Size

871KB
MD5

075cc07ee69cbde21c124e588ec8e320
SHA1

00b1fbba601d2c197a8631d8ece227601fcf75e1
SHA256

daabb4546b7b4bbaba4603dc3213d8b33e9f1cc3a637dc8f2bc78fc30fe8e0e9
SHA512

d5cbbed55c780ca716c605e3492447eebd7c859f3325c6084a96ebf5a384353a96984ee8c822727a0581f902c43c438cd069aea8a4df965c6db05a4835d54f78
SSDEEP

24576:OS62nlYAcnutK0e3T3tibiFF/WZ4mnq8Ru0sqMBdv8YY:OS62nlYAen9/WZ4X8/sqMBpQ

Score

N/A

Malware Config

Signatures

Files

daabb4546b7b4bbaba4603dc3213d8b33e9f1cc3a637dc8f2bc78fc30fe8e0e9
.dll windows x86

f2f1bec364d6d465a00d4b90bb4fe9ed

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:b2:9b:00:00:00:00:00:15
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

21/02/2011, 20:53

Not After

21/05/2012, 20:53

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:02

Not After

25/07/2013, 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

a5:de:ff:f0:04:10:79:55:69:54:cb:34:63:26:b4:c1:45:81:b7:64
Signer

Actual PE Digest

a5:de:ff:f0:04:10:79:55:69:54:cb:34:63:26:b4:c1:45:81:b7:64

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

28/04/2011, 15:33
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegQueryValueExW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
OpenProcessToken
LookupAccountSidW
GetTokenInformation
GetServiceDisplayNameW
QueryServiceStatus
OpenServiceW
CloseServiceHandle
OpenSCManagerW
ChangeServiceConfigW
QueryServiceConfigW
ControlService
StartServiceW
ControlTraceW
StartTraceW
EnumerateTraceGuids
EnableTrace
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
CopySid
GetLengthSid
IsValidSid
InitializeAcl
AddAce
GetAclInformation
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
SetSecurityDescriptorDacl
GetSecurityDescriptorSacl
MakeSelfRelativeSD
GetSecurityDescriptorLength
GetSecurityDescriptorControl
MakeAbsoluteSD
InitializeSecurityDescriptor
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenThreadToken
InitiateSystemShutdownW
InitiateSystemShutdownExW

kernel32

CloseHandle
CreateFileW
GetLastError
ReadFile
WriteFile
GetOverlappedResult
SetFilePointer
FlushFileBuffers
SetEndOfFile
GetFileSize
GetTempPathW
GetTempFileNameW
DeleteFileW
MoveFileW
CreateFileMappingW
OpenFileMappingW
UnmapViewOfFile
DuplicateHandle
GetCurrentProcess
GetThreadLocale
MultiByteToWideChar
WideCharToMultiByte
FindFirstFileW
GetFullPathNameW
SetLastError
FindNextFileW
FindClose
GetUserDefaultUILanguage
GetSystemDirectoryW
FreeLibrary
LoadLibraryW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
OpenProcess
GetCurrentProcessId
GetDiskFreeSpaceExW
GetTickCount
CreateEventW
WaitForSingleObject
ResetEvent
WaitForMultipleObjects
SetEvent
CreateThread
MapViewOfFile
OpenEventW
GetFileSizeEx
GetFileAttributesW
GetSystemTime
SystemTimeToFileTime
GetExitCodeProcess
CompareFileTime
CreateProcessW
Sleep
CancelIo
DisconnectNamedPipe
CreateNamedPipeW
ConnectNamedPipe
WaitNamedPipeW
LocalAlloc
CopyFileW
SetFileAttributesW
GetCurrentThreadId
GetCurrentThread
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
OpenMutexW
CreateMutexW
GetLocalTime
GetTimeZoneInformation
SizeofResource
LockResource
LoadResource
FindResourceW
RaiseException
GlobalMemoryStatus
GetSystemDefaultLangID
GetEnvironmentVariableW
DebugBreak
FindResourceExW
GlobalMemoryStatusEx
SetUnhandledExceptionFilter
ExitProcess
lstrcmpA
ReleaseMutex
lstrlenW
CreateDirectoryW
MoveFileExW
InterlockedIncrement
InterlockedDecrement
GlobalFree
GetCurrentDirectoryW
InterlockedCompareExchange
GetModuleFileNameW
FileTimeToLocalFileTime
WriteConsoleW
SetStdHandle
GetConsoleMode
GetConsoleCP
IsProcessorFeaturePresent
RtlUnwind
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapReAlloc
GetStringTypeW
HeapSize
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
HeapDestroy
GetProcessHeap
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStartupInfoW
GetFileType
InitializeCriticalSectionAndSpinCount
GetStdHandle
SetHandleCount
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
VirtualQuery
VirtualAlloc
VirtualProtect
InterlockedExchange
HeapAlloc
HeapFree
GetSystemTimeAsFileTime
GetCommandLineA
GetCommandLineW
VerifyVersionInfoW
VerSetConditionMask
GetSystemInfo
ExpandEnvironmentStringsW
LocalFree
FormatMessageW
OutputDebugStringW
GetModuleHandleW
GetProcAddress
GetVersionExW
GetFileAttributesExW

user32

PostThreadMessageW
CreateWindowExW
ExitWindowsEx
MessageBoxW
PostMessageW
GetDesktopWindow
LoadImageW
SetWindowLongW
GetWindow
GetWindowLongW
MonitorFromWindow
GetMonitorInfoW
GetWindowRect
PeekMessageW
GetClientRect
MapWindowPoints
SetWindowPos
DispatchMessageW
TranslateMessage
GetMessageW
UpdateWindow
ShowWindow
IsWindowVisible
GetWindowTextW
GetWindowThreadProcessId
EnumWindows
GetSystemMetrics
MsgWaitForMultipleObjects
GetParent
SendMessageW

shell32

SHFileOperationW
ord165
SHGetFolderPathW
SHCreateDirectoryExW

ole32

CoUninitialize
CoCreateInstance
CoTaskMemFree
CoInitialize

oleaut32

SysAllocStringLen
SysFreeString
SysStringLen
SysStringByteLen
SysAllocStringByteLen
SysAllocString
VariantClear
VariantInit

shlwapi

PathCompactPathExW
PathStripToRootW
PathRemoveExtensionW
PathFileExistsW
StrPBrkW
PathAppendW
PathCombineW
PathFindExtensionW
PathFindFileNameW
PathIsDirectoryW
PathIsRelativeW
PathQuoteSpacesW
PathRelativePathToW
PathGetDriveNumberW
PathStripPathW
PathRemoveFileSpecW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

msi

ord195
ord215
ord116
ord254
ord246
ord141
ord281
ord171
ord244
ord90
ord115
ord150
ord205
ord169
ord70
ord118
ord160
ord159
ord32
ord92
ord242
ord238
ord190
ord113
ord125
ord8
ord137
ord111
ord78
ord43
ord17
ord270
ord88
ord179

userenv

UnloadUserProfile
ExpandEnvironmentStringsForUserW

psapi

EnumProcessModules
GetModuleBaseNameW

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpQueryHeaders
WinHttpSendRequest
WinHttpOpenRequest
WinHttpConnect
WinHttpOpen
WinHttpCloseHandle
WinHttpDetectAutoProxyConfigUrl
WinHttpGetProxyForUrl
WinHttpSetCredentials
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpReceiveResponse
WinHttpSetStatusCallback
WinHttpQueryAuthSchemes

secur32

GetComputerObjectNameW

wintrust

WinVerifyTrust

crypt32

CertVerifyCertificateChainPolicy
CryptQueryObject
CryptMsgGetAndVerifySigner
CryptHashPublicKeyInfo
CryptMsgGetParam
CryptDecodeObject
CryptMsgClose
CertCloseStore
CertFreeCertificateContext
CertFreeCertificateChain
CertGetCertificateChain

sqmapi

SqmGetSession
SqmEndSession
SqmIsWindowsOptedIn
SqmSetMachineId
SqmWriteSharedMachineId
SqmReadSharedMachineId
SqmSetUserId
SqmWriteSharedUserId
SqmCreateNewId
SqmReadSharedUserId
SqmAddToStreamString
SqmAddToStreamDWord
SqmTimerRecord
SqmTimerStart
SqmSetBool
SqmSet
SqmWaitForUploadComplete
SqmStartUpload
SqmSetString

urlmon

URLDownloadToFileW

Exports

Exports

MakePImpl
Run
_DecodePointerInternal@4
_EncodePointerInternal@4

Sections

.text
Size: 692KB - Virtual size: 692KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f2f1bec364d6d465a00d4b90bb4fe9ed

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:01:b2:9b:00:00:00:00:00:15Certificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

61:06:94:2d:00:00:00:00:00:09Certificate

Extended Key Usages

Key Usages

a5:de:ff:f0:04:10:79:55:69:54:cb:34:63:26:b4:c1:45:81:b7:64Signer

Signature Validations

Verification

28/04/2011, 15:33 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

shell32

ole32

oleaut32

shlwapi

version

msi

userenv

psapi

winhttp

secur32

wintrust

crypt32

sqmapi

urlmon

Exports

Exports

Sections

.text Size: 692KB - Virtual size: 692KB

.data Size: 38KB - Virtual size: 45KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 50KB - Virtual size: 50KB

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:01:b2:9b:00:00:00:00:00:15
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:06:94:2d:00:00:00:00:00:09
Certificate

a5:de:ff:f0:04:10:79:55:69:54:cb:34:63:26:b4:c1:45:81:b7:64
Signer

28/04/2011, 15:33
Valid: false

.text
Size: 692KB - Virtual size: 692KB

.data
Size: 38KB - Virtual size: 45KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 50KB - Virtual size: 50KB