b25de703a9c1fc275414708bfab7da974d54fdf3e845f4e31078277bd7757799

Sharing

Copy URL Twitter E-mail

General

Target

b25de703a9c1fc275414708bfab7da974d54fdf3e845f4e31078277bd7757799
Size

408KB
MD5

4d1e15e6d80ae93aba264fbadf4d81d0
SHA1

c0cd74bb0673706ab814d7b99ea9e533bd453ffa
SHA256

b25de703a9c1fc275414708bfab7da974d54fdf3e845f4e31078277bd7757799
SHA512

a274fc19ae2e2b115a65054b89afdfe56510ff6f16d3da227e0814ab2baf82f75e4732a421c949307601afebdaf76d776dd5e053bfccaea2e1eb53222ab1419d
SSDEEP

12288:oGroDo324aLyuHS0GPubjDgMRGM4h/qofY+jG:TroDF4aLyuzGPa0MRGJ/qof0

Score

N/A

Malware Config

Signatures

Files

b25de703a9c1fc275414708bfab7da974d54fdf3e845f4e31078277bd7757799
.dll windows x86

48d33c128589c5c1581b1025133d0e4a

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04/04/2006, 17:44

Not After

26/04/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/04/2006, 19:43

Not After

04/10/2007, 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

18:60:a0:fe:0b:87:90:d4:ad:1e:e7:c3:b5:5a:f2:0d:7a:03:2f:f2
Signer

Actual PE Digest

18:60:a0:fe:0b:87:90:d4:ad:1e:e7:c3:b5:5a:f2:0d:7a:03:2f:f2

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

18/10/2022, 20:53
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

msvcrt

swprintf
_wcsicmp
wcsrchr
_wcsnicmp
towupper
_endthread
_beginthread
wcstoul
memmove
wcscat
wcschr
wcscpy
_strnicmp
iswctype
_vsnwprintf
strrchr
wcscmp
wcslen
_abnormal_termination
free
_initterm
_adjust_fdiv
malloc
wcsncmp
_except_handler3

ntdll

NtQueryInformationProcess

advapi32

RegDeleteValueW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegCloseKey
SetFileSecurityW
GetFileSecurityW
IsTextUnicode
RegSetValueExW

gdi32

GetTextExtentExPointW
SelectObject

kernel32

HeapAlloc
CompareStringW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
HeapReAlloc
FreeLibrary
GetProcAddress
GetSystemDirectoryA
LoadLibraryA
FindClose
ResetEvent
GetDriveTypeW
HeapFree
GetProcessHeap
CreateMutexW
InterlockedCompareExchange
OutputDebugStringW
GetModuleHandleW
FindFirstFileW
SetErrorMode
CreateDirectoryW
GetWindowsDirectoryW
GetEnvironmentVariableW
SetLastError
GetLastError
Sleep
FlushFileBuffers
SetEndOfFile
CloseHandle
UnmapViewOfFile
LocalFree
WriteFile
FormatMessageW
GetVersionExW
MapViewOfFile
CreateFileMappingW
GetFileSize
CreateFileW
SetFilePointer
lstrlenA
GetCurrentProcessId
GetLocalTime
lstrlenW
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetFileAttributesW
InitializeCriticalSection
lstrcatW
lstrcpyW
DeleteFileW
SetFileAttributesW
GetTempFileNameW
lstrcpynW
lstrcmpiW
GetFileTime
SetFileTime
CopyFileW
MoveFileW
CreateFileA
ReadFile
LocalFileTimeToFileTime
DosDateTimeToFileTime
RaiseException
TlsSetValue
LocalAlloc
TlsGetValue
GetModuleFileNameW
GetSystemDirectoryW
TlsAlloc
TlsFree
WaitForMultipleObjects
ReleaseMutex
GetLocaleInfoW
SetEvent
DuplicateHandle
GetCurrentThread
GetCurrentProcess
GetCurrentThreadId
CreateEventW
WaitForSingleObject
WideCharToMultiByte
MultiByteToWideChar
MoveFileExW
GetShortPathNameW
GetFullPathNameW
lstrcpyA
LoadLibraryW
lstrcmpiA
ExpandEnvironmentStringsW
GetStringTypeExW
GetThreadLocale
lstrcpynA
lstrcmpW
DeviceIoControl

mpr

WNetCancelConnection2W
WNetGetResourceInformationW
WNetAddConnection3W

ole32

OleUninitialize
OleInitialize

shell32

SHGetSpecialFolderPathW

user32

wvsprintfW
ClientToScreen
GetClientRect
GetSystemMetrics
MoveWindow
CharNextW
CharLowerW
CharPrevA
DialogBoxParamW
GetWindowTextLengthW
UpdateWindow
RemovePropW
LoadIconW
SendDlgItemMessageW
GetParent
EnableWindow
GetWindowLongW
MessageBeep
CharUpperW
GetDC
GetWindowRect
ReleaseDC
IsWindow
wsprintfW
CharPrevW
GetUserObjectInformationW
GetProcessWindowStation
DispatchMessageW
TranslateMessage
MsgWaitForMultipleObjectsEx
PeekMessageW
SendMessageW
SetWindowTextW
ShowWindow
GetDlgItem
SetDlgItemTextW
GetWindowTextW
GetKeyboardType
PostMessageW
EndDialog
LoadStringW
GetDlgItemTextW
SetPropW
GetPropW
SetForegroundWindow
GetWindow
SetFocus
DestroyWindow
SetWindowLongW
RegisterWindowMessageW
SystemParametersInfoW
MessageBoxW

winspool.drv

GetPrintProcessorDirectoryW
GetPrinterDriverDirectoryW

Exports

Exports

UpdSpCloseFileQueue
UpdSpCloseInfFile
UpdSpCommitFileQueueA
UpdSpCommitFileQueueW
UpdSpCopyErrorA
UpdSpCopyErrorW
UpdSpDecompressOrCopyFileA
UpdSpDecompressOrCopyFileW
UpdSpDefaultQueueCallbackA
UpdSpDefaultQueueCallbackW
UpdSpDeleteErrorA
UpdSpDeleteErrorW
UpdSpEnumInfSectionsA
UpdSpEnumInfSectionsW
UpdSpFindFirstLineA
UpdSpFindFirstLineW
UpdSpFindNextLine
UpdSpFindNextMatchLineA
UpdSpFindNextMatchLineW
UpdSpGetBinaryField
UpdSpGetFieldCount
UpdSpGetIntField
UpdSpGetLineByIndexA
UpdSpGetLineByIndexW
UpdSpGetLineCountA
UpdSpGetLineCountW
UpdSpGetLineTextA
UpdSpGetLineTextW
UpdSpGetMultiSzFieldA
UpdSpGetMultiSzFieldW
UpdSpGetSourceFileLocationA
UpdSpGetSourceFileLocationW
UpdSpGetSourceInfoA
UpdSpGetSourceInfoW
UpdSpGetStringFieldA
UpdSpGetStringFieldW
UpdSpGetTargetPathA
UpdSpGetTargetPathW
UpdSpInitDefaultQueueCallback
UpdSpInitDefaultQueueCallbackEx
UpdSpInstallFilesFromInfSectionA
UpdSpInstallFilesFromInfSectionW
UpdSpInstallFromInfSectionA
UpdSpInstallFromInfSectionW
UpdSpIterateCabinetA
UpdSpIterateCabinetW
UpdSpOpenAppendInfFileA
UpdSpOpenAppendInfFileW
UpdSpOpenFileQueue
UpdSpOpenInfFileA
UpdSpOpenInfFileW
UpdSpPromptForDiskA
UpdSpPromptForDiskW
UpdSpQueueCopyA
UpdSpQueueCopySectionA
UpdSpQueueCopySectionW
UpdSpQueueCopyW
UpdSpQueueDeleteA
UpdSpQueueDeleteSectionA
UpdSpQueueDeleteSectionW
UpdSpQueueDeleteW
UpdSpScanFileQueueA
UpdSpScanFileQueueW
UpdSpSetDirectoryIdA
UpdSpSetDirectoryIdW
UpdSpSetDynamicStringA
UpdSpSetDynamicStringExA
UpdSpSetDynamicStringExW
UpdSpSetDynamicStringW
UpdSpTermDefaultQueueCallback

Sections

.text
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

48d33c128589c5c1581b1025133d0e4a

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:baCertificate

Extended Key Usages

Key Usages

61:46:9e:cb:00:04:00:00:00:65Certificate

Extended Key Usages

Key Usages

18:60:a0:fe:0b:87:90:d4:ad:1e:e7:c3:b5:5a:f2:0d:7a:03:2f:f2Signer

Signature Validations

Verification

18/10/2022, 20:53 Valid: false

Headers

File Characteristics

Imports

msvcrt

ntdll

advapi32

gdi32

kernel32

mpr

ole32

shell32

user32

winspool.drv

Exports

Exports

Sections

.text Size: 133KB - Virtual size: 133KB

.data Size: 1KB - Virtual size: 7KB

.rsrc Size: 177KB - Virtual size: 177KB

.reloc Size: 7KB - Virtual size: 7KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

61:46:9e:cb:00:04:00:00:00:65
Certificate

18:60:a0:fe:0b:87:90:d4:ad:1e:e7:c3:b5:5a:f2:0d:7a:03:2f:f2
Signer

18/10/2022, 20:53
Valid: false

.text
Size: 133KB - Virtual size: 133KB

.data
Size: 1KB - Virtual size: 7KB

.rsrc
Size: 177KB - Virtual size: 177KB

.reloc
Size: 7KB - Virtual size: 7KB