768f7d2c0b4e1ff4e3b8e773b37441c46efdd715f2e0ff8c2d6a86902bb3b167

Sharing

Copy URL Twitter E-mail

General

Target

768f7d2c0b4e1ff4e3b8e773b37441c46efdd715f2e0ff8c2d6a86902bb3b167
Size

441KB
MD5

5211cdd88a53d60d26c86200c4063002
SHA1

03fca112d6686239c7ef0b315efe4baf8bdf1aae
SHA256

768f7d2c0b4e1ff4e3b8e773b37441c46efdd715f2e0ff8c2d6a86902bb3b167
SHA512

47c3e45bf83c14a67c62cbea91ea80015e67351e8ccdbd370f0018557d25366e8024f452f08d5f3a064d7b4507ccaabc3a548d51bf2ae981e538e7b42cba4237
SSDEEP

6144:32A4DGIwDq+O0OdbV4asmRUJUH/6j6pt11TnBuwHgsjOoDLPDb4:SDGI70OoaBz/6ePDTnBuwHvJDLPX4

Score

N/A

Malware Config

Signatures

Files

768f7d2c0b4e1ff4e3b8e773b37441c46efdd715f2e0ff8c2d6a86902bb3b167
.dll windows x86

b57c9b874f067ccad7cb19c422a8d4f4

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

56:f5:1b:61:d9:7d:b2:8c:df:fd:e6:ba:2d:15:90:4a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

13/08/2010, 00:00

Not After

12/08/2013, 23:59

Subject

CN=T.E.C Solutions (G.Z.)Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=T.E.C Solutions (G.Z.)Limited,L=Guangzhou,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

8e:9b:c0:72:20:ca:a3:57:8d:d1:b6:84:8f:97:0b:08:0a:0d:4e:8d
Signer

Actual PE Digest

8e:9b:c0:72:20:ca:a3:57:8d:d1:b6:84:8f:97:0b:08:0a:0d:4e:8d

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=T.E.C Solutions (G.Z.)Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=T.E.C Solutions (G.Z.)Limited,L=Guangzhou,ST=Guangdong,C=CN

22/02/2011, 11:53
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WritePrivateProfileStringA
GetCurrentDirectoryA
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
LockResource
FindResourceA
GetProcessVersion
FileTimeToSystemTime
FileTimeToLocalFileTime
GetCPInfo
GetOEMCP
RtlUnwind
RaiseException
GetCommandLineA
HeapAlloc
HeapFree
SetStdHandle
GetFileType
ExitProcess
TerminateProcess
CreateThread
ExitThread
HeapSize
HeapReAlloc
GetTimeZoneInformation
GetSystemTime
FatalAppExitA
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
Sleep
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetPrivateProfileStringA
GetEnvironmentStringsW
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
GetStringTypeA
GetStringTypeW
UnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
SetConsoleCtrlHandler
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetPrivateProfileIntA
GlobalFlags
MulDiv
SetFileAttributesA
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetFileTime
GetFileSize
GetFileAttributesA
GetVersion
lstrcatA
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
GlobalUnlock
GetDriveTypeA
FindNextFileA
LoadLibraryExW
EnumResourceLanguagesA
SizeofResource
GetWindowsDirectoryA
CreateProcessA
CopyFileA
CreateDirectoryA
RemoveDirectoryA
OpenProcess
GetFileInformationByHandle
GetSystemDirectoryA
GetSystemInfo
TlsAlloc
LocalAlloc
SuspendThread
SetThreadPriority
ResumeThread
GlobalLock
GlobalDeleteAtom
lstrcmpA
GetCurrentThread
GetModuleFileNameA
GetShortPathNameA
lstrcmpiA
GetThreadLocale
GetStringTypeExA
GetFullPathNameA
lstrcpynA
GetVolumeInformationA
FindFirstFileA
FindClose
lstrcpyA
DeleteFileA
MoveFileA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
ReadFile
GetCurrentProcess
DuplicateHandle
SetLastError
VirtualLock
VirtualUnlock
CreateFileA
DeviceIoControl
OpenMutexA
GetModuleHandleW
LoadLibraryW
WaitForMultipleObjects
ResetEvent
PulseEvent
SetEvent
CreateEventA
ReleaseMutex
CreateMutexA
ReleaseSemaphore
CreateSemaphoreA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
WaitForSingleObject
GetCurrentThreadId
AllocConsole
GetStdHandle
WriteConsoleA
FreeConsole
OutputDebugStringW
SetFilePointer
WriteFile
CreateFileW
CloseHandle
GetVersionExA
FormatMessageW
lstrlenW
GetACP
MultiByteToWideChar
FindResourceExA
LoadResource
GetModuleHandleA
FormatMessageA
LocalFree
InterlockedDecrement
WideCharToMultiByte
lstrlenA
InterlockedIncrement
GlobalAlloc
GlobalFree
LoadLibraryExA
FreeLibrary
GetProcAddress
LoadLibraryA
GetTickCount
GetModuleFileNameW
GetLocalTime
GetCurrentProcessId
GetEnvironmentStrings
GetLastError

user32

LoadCursorA
GetSysColorBrush
DestroyMenu
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetClientRect
BeginDeferWindowPos
CopyRect
EndDeferWindowPos
ScrollWindow
GetScrollInfo
SetScrollInfo
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
IsChild
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetSubMenu
GetMenuItemID
TrackPopupMenu
SetWindowPlacement
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
LoadIconA
SetActiveWindow
SetWindowPos
MoveWindow
SetWindowLongA
GetWindowTextLengthA
IsDialogMessageA
ScrollWindowEx
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
SendDlgItemMessageA
GetDlgItemTextA
GetDlgItemInt
GetDlgItem
CheckRadioButton
CheckDlgButton
GrayStringA
DrawTextA
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
MessageBoxW
MsgWaitForMultipleObjects
CharToOemA
OemToCharA
wsprintfA
TabbedTextOutA
GetDC
ScreenToClient
GetMenuStringA
DeleteMenu
InsertMenuA
GetMenuItemCount
GetDesktopWindow
GetWindowTextA
SetWindowTextA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetClassNameA
LoadStringA
UnregisterClassA
UnhookWindowsHookEx
GetMenuCheckMarkDimensions
LoadBitmapA
UpdateWindow
MapWindowPoints
SetFocus
GetSysColor
GetMenuState
ModifyMenuA
ShowWindow
IsWindow
CharUpperA
GetSystemMetrics
PostQuitMessage
PostMessageA
SendMessageA
ShowOwnedPopups
SetCursor
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
CloseDesktop
SetThreadDesktop
GetThreadDesktop
OpenDesktopA
OpenInputDesktop
GetUserObjectInformationA
CloseWindowStation
SetProcessWindowStation
OpenWindowStationA
EnumDesktopWindows
GetWindowThreadProcessId
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
MessageBoxA
EnableWindow

gdi32

SelectClipPath
ExtSelectClipRgn
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
GetDeviceCaps
GetViewportExtEx
GetWindowExtEx
CreatePen
ExtCreatePen
PolyBezierTo
CreateHatchBrush
CreatePatternBrush
CreateDIBPatternBrushPt
PtVisible
RectVisible
TextOutA
ExtTextOutA
StartDocA
Escape
CreateRectRgn
GetObjectA
SetColorAdjustment
PolylineTo
PolyDraw
SetArcDirection
ArcTo
GetCurrentPositionEx
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
LineTo
MoveToEx
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
SelectClipRgn
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
GetDCOrgEx
GetClipRgn
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
SetBkColor
SelectPalette
GetStockObject
SelectObject
RestoreDC
CreateSolidBrush
CreateBitmap
DeleteDC
DeleteObject
SaveDC

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegEnumValueA
RegEnumKeyA
RegConnectRegistryA
DeleteService
ControlService
OpenServiceA
StartServiceA
OpenSCManagerA
CreateServiceA
CloseServiceHandle
GetUserNameA
GetTokenInformation
LookupAccountSidA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyA
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegOpenKeyA
RegQueryValueExA
RegQueryValueExW
RegCreateKeyW
RegOpenKeyW
RegSetValueExW
RegCloseKey
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
GetAce
SetSecurityDescriptorDacl
LookupAccountNameA
RegQueryInfoKeyA

shell32

SHGetFileInfoA
ShellExecuteA
DragAcceptFiles

comctl32

ord17

setupapi

SetupInstallFileA

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

oleaut32

SysReAllocStringLen
SysAllocStringLen

Exports

Exports

EnumThreads
GTC
GetPortVal
Init
InstallAndStartTSysDrv
InstallTSysDrv
NQSI
OP
OT
RPM
RT
RemoveTSysDrv
SSDTRestoreFunction
ST
STC
SetPortVal
StartTSysDrv
StopAndRemoveTSysDrv
StopTSysDrv
TAddRegKey
TBackupAndSetRealSSDTShadow
TBackupSSDT
TDisableProtected
TEnableProtected
TGetCurrentNtoskrnlSST
TGetCurrentShadowSST
TGetModuleInfo
THideProcess
TOHCloseHandle
TOHRMCloseHandleProc
TPrintDbgInfo
TRecoverSSDT
TRecoverSSDTFunction
TRecoverSSDTShadow
TReleaseSSDTMutex
TRemoveAllRegKeys
TRemoveRegKey
TSetRealSSDTFuncAddr
TSetRealSSDTFuncAddrAll
TUnHideAllProcess
TUnHideProcess
TWaitSSDTMutex
VAE
VFE
WPM
_TOHQueryHandle@16

Sections

.text
Size: 328KB - Virtual size: 325KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.TLOGSYS
Size: 4KB - Virtual size: 864B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.TLOGSYS
Size: 4KB - Virtual size: 128B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b57c9b874f067ccad7cb19c422a8d4f4

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

56:f5:1b:61:d9:7d:b2:8c:df:fd:e6:ba:2d:15:90:4aCertificate

Extended Key Usages

Key Usages

8e:9b:c0:72:20:ca:a3:57:8d:d1:b6:84:8f:97:0b:08:0a:0d:4e:8dSigner

Signature Validations

Verification

22/02/2011, 11:53 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

setupapi

version

oleaut32

Exports

Exports

Sections

.text Size: 328KB - Virtual size: 325KB

.TLOGSYS Size: 4KB - Virtual size: 864B

.TLOGSYS Size: 4KB - Virtual size: 128B

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 24KB - Virtual size: 48KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 24KB - Virtual size: 21KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

56:f5:1b:61:d9:7d:b2:8c:df:fd:e6:ba:2d:15:90:4a
Certificate

8e:9b:c0:72:20:ca:a3:57:8d:d1:b6:84:8f:97:0b:08:0a:0d:4e:8d
Signer

22/02/2011, 11:53
Valid: false

.text
Size: 328KB - Virtual size: 325KB

.TLOGSYS
Size: 4KB - Virtual size: 864B

.TLOGSYS
Size: 4KB - Virtual size: 128B

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 24KB - Virtual size: 48KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 24KB - Virtual size: 21KB