96564b0f3c52ce712bea26de63b4f3e8e9a604e6d240108adfaf1ea9e2d1710b

Sharing

Copy URL Twitter E-mail

General

Target

96564b0f3c52ce712bea26de63b4f3e8e9a604e6d240108adfaf1ea9e2d1710b
Size

1.6MB
MD5

ec08be364fd4ec034597200c42c04b0a
SHA1

664748b86d328aeeed350a79d5bbecea1c08ca85
SHA256

96564b0f3c52ce712bea26de63b4f3e8e9a604e6d240108adfaf1ea9e2d1710b
SHA512

24b29a39b0749b262928556867ca6552b130483d7af77ab329eec1e7bb5227801a27df67016b1f194462e1d1a786f8e88e77770a9838d63c5bbab489a82b4889
SSDEEP

49152:K5BcFMF/zJcYBzZIoU8wVh+PXDg3fWMTk/q5AHI:KhTcWc

Score

N/A

Malware Config

Signatures

Files

96564b0f3c52ce712bea26de63b4f3e8e9a604e6d240108adfaf1ea9e2d1710b
.dll regsvr32 windows x86

56accb93af10812d19391799de9a7230

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7c:77:8f:22:eb:93:3a:28:79:c9:0b:a2:ec:17:18:f5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

30/11/2006, 00:00

Not After

20/10/2008, 23:59

Subject

CN=Codejock Technologies\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Codejock Software,O=Codejock Technologies\, LLC,L=Owosso,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b0:51:1d:1c:93:19:fb:72:0a:df:db:f8:6b:1a:7d:95:23:9d:c2:dc
Signer

Actual PE Digest

b0:51:1d:1c:93:19:fb:72:0a:df:db:f8:6b:1a:7d:95:23:9d:c2:dc

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Codejock Technologies\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Codejock Software,O=Codejock Technologies\, LLC,L=Owosso,ST=Michigan,C=US

24/11/2022, 14:54
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42u

ord5436
ord6379
ord6390
ord4215
ord2576
ord3649
ord2430
ord1173
ord6193
ord6375
ord6376
ord6211
ord6051
ord1768
ord5286
ord3737
ord567
ord818
ord4294
ord6437
ord1230
ord4270
ord755
ord470
ord613
ord289
ord2371
ord6037
ord2444
ord1143
ord1258
ord1560
ord268
ord703
ord603
ord1961
ord2446
ord273
ord403
ord2385
ord1252
ord1763
ord462
ord3110
ord3310
ord3465
ord452
ord6303
ord521
ord4162
ord6153
ord699
ord3933
ord397
ord5589
ord3433
ord6867
ord912
ord4183
ord6489
ord4272
ord6279
ord4273
ord2755
ord4199
ord834
ord836
ord2806
ord4155
ord2805
ord5210
ord1565
ord849
ord850
ord906
ord845
ord537
ord1130
ord2225
ord404
ord957
ord1852
ord5445
ord6389
ord909
ord4200
ord3981
ord1769
ord884
ord886
ord463
ord882
ord876
ord878
ord879
ord2885
ord6568
ord857
ord941
ord6771
ord536
ord6381
ord6385
ord1971
ord5438
ord3313
ord665
ord5180
ord354
ord925
ord927
ord922
ord1203
ord1220
ord2863
ord5571
ord3520
ord433
ord4197
ord5706
ord1637
ord4158
ord1197
ord2914
ord4015
ord2719
ord2722
ord2721
ord1941
ord2144
ord6451
ord6597
ord3792
ord2372
ord2373
ord2559
ord4265
ord1131
ord3000
ord2127
ord3727
ord556
ord809
ord2114
ord1932
ord4282
ord1226
ord5047
ord1787
ord2567
ord4390
ord3397
ord3569
ord609
ord4279
ord4118
ord3084
ord6166
ord6871
ord5781
ord940
ord1147
ord6654
ord1137
ord3605
ord656
ord765
ord6456
ord4474
ord3087
ord2637
ord2100
ord6373
ord2070
ord6195
ord3716
ord795
ord2108
ord6655
ord3693
ord3952
ord2634
ord1863
ord1000
ord5585
ord394
ord696
ord3430
ord4180
ord3625
ord2572
ord4394
ord682
ord1836
ord1841
ord4078
ord1840
ord5801
ord6082
ord1900
ord1683
ord2520
ord5284
ord4433
ord2046
ord4425
ord771
ord2033
ord498
ord1008
ord3470
ord4254
ord5845
ord4709
ord2638
ord5784
ord472
ord4253
ord3714
ord5155
ord5156
ord5154
ord4899
ord4736
ord4942
ord4352
ord4371
ord4848
ord5283
ord4829
ord3694
ord793
ord768
ord489
ord2286
ord2354
ord2294
ord4970
ord6330
ord1764
ord6362
ord2405
ord2016
ord4395
ord692
ord1839
ord3798
ord6190
ord4119
ord1807
ord5857
ord3898
ord1644
ord2862
ord2104
ord6191
ord3515
ord6397
ord3865
ord2455
ord3706
ord783
ord1808
ord4229
ord324
ord2706
ord6004
ord6896
ord2293
ord668
ord2762
ord356
ord1850
ord2644
ord1662
ord4532
ord3525
ord2431
ord1686
ord4336
ord4681
ord4633
ord5670
ord2148
ord4850
ord4914
ord3128
ord5998
ord2129
ord1955
ord5207
ord2948
ord3863
ord5144
ord4699
ord4701
ord2871
ord2993
ord5645
ord4108
ord4655
ord4654
ord4762
ord4644
ord4897
ord4542
ord4515
ord4588
ord4982
ord4919
ord4924
ord4929
ord4653
ord4903
ord4902
ord4662
ord4661
ord4660
ord4642
ord4683
ord5017
ord4648
ord4637
ord4348
ord4774
ord4643
ord4631
ord4630
ord5054
ord4578
ord4365
ord4355
ord4350
ord4733
ord4735
ord4732
ord4403
ord4597
ord4409
ord4986
ord4973
ord2480
ord3399
ord4533
ord4528
ord4943
ord2533
ord2949
ord2376
ord6366
ord2978
ord3143
ord3255
ord4460
ord3264
ord2981
ord3075
ord4076
ord4618
ord5821
ord1202
ord723
ord4244
ord4990
ord4737
ord5884
ord5975
ord6124
ord5569
ord3194
ord5027
ord5570
ord3052
ord4814
ord2558
ord3257
ord812
ord1088
ord5858
ord5606
ord4524
ord4538
ord4517
ord5681
ord3269
ord439
ord736
ord5491
ord5778
ord3915
ord1255
ord1824
ord5647
ord350
ord4028
ord5638
ord1083
ord501
ord1113
ord1112
ord5446
ord3371
ord423
ord1125
ord1607
ord4805
ord1678
ord6036
ord1679
ord3469
ord5002
ord956
ord353
ord6865
ord5679
ord5949
ord3494
ord2507
ord355
ord801
ord541
ord4037
ord2605
ord1699
ord6566
ord729
ord2496
ord2787
ord430
ord2715
ord2382
ord3054
ord5094
ord5097
ord4461
ord4298
ord3345
ord5006
ord975
ord5468
ord3398
ord2874
ord2873
ord4146
ord4072
ord5233
ord5278
ord2641
ord1658
ord4430
ord4421
ord366
ord1834
ord4237
ord4787
ord5248
ord5224
ord1714
ord4583
ord4582
ord4893
ord4364
ord4886
ord4529
ord5070
ord4335
ord4342
ord4881
ord4525
ord4539
ord4537
ord4520
ord4523
ord4518
ord4957
ord4954
ord4103
ord5236
ord3743
ord1718
ord5256
ord4426
ord761
ord480
ord1896
ord4251
ord4888
ord4717
ord5115
ord674
ord5479
ord2488
ord5955
ord3114
ord6038
ord3225
ord3207
ord2896
ord5980
ord3198

msvcrt

_ftol
wcscmp
wcsstr
_wcslwr
_wcsicmp
_wtoi
_purecall
memmove
free
malloc
strchr
swscanf
__CxxFrameHandler
wcslen
wcstod
wcscpy
wcsncpy
calloc
realloc
_wsplitpath
wcstombs
floor
fseek
_fstat
_wfopen
fclose
ftell
fgetws
isprint
swprintf
isxdigit
qsort
sprintf
strncpy
longjmp
fprintf
_iob
abort
_setjmp3
fread
strtod
wcsncmp
_CxxThrowException
wcschr
ceil
wcsrchr
_wcsdup
iswxdigit
iswalnum
iswspace
iswdigit
iswprint
iswalpha
__dllonexit
_onexit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
_initterm
_adjust_fdiv
_CIpow

kernel32

IsDBCSLeadByte
lstrcpyW
InterlockedDecrement
lstrcpynW
GlobalSize
LocalFree
GetPrivateProfileIntW
GetCurrentDirectoryW
GetModuleFileNameW
GetTickCount
GetVersionExW
LoadLibraryA
EnumResourceLanguagesW
EnumResourceTypesW
MultiByteToWideChar
WideCharToMultiByte
WritePrivateProfileStringW
GetFileAttributesW
lstrcmpA
EnumResourceNamesW
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
GlobalAlloc
DeleteCriticalSection
InitializeCriticalSection
SetFilePointer
SizeofResource
FindResourceW
LoadResource
LockResource
CreateFileW
ReadFile
CloseHandle
InterlockedIncrement
GetModuleHandleW
GlobalLock
GlobalUnlock
GetModuleHandleA
MulDiv
LoadLibraryW
GetProcAddress
GetCurrentThreadId
LocalAlloc

user32

TabbedTextOutW
GetSubMenu
PeekMessageW
SetRect
SystemParametersInfoW
DefWindowProcW
LoadCursorW
GetForegroundWindow
GetLastActivePopup
GetWindowLongW
GetDialogBaseUnits
IntersectRect
SetCapture
LockWindowUpdate
IsRectEmpty
GetCapture
GetMessageW
ClientToScreen
GetScrollPos
DispatchMessageW
ReleaseCapture
InvertRect
CopyRect
GetClientRect
IsWindow
GetWindowRect
SetRectEmpty
GetCursorPos
ScreenToClient
PtInRect
CallNextHookEx
GetParent
SetWindowsHookExW
UnhookWindowsHookEx
GetDesktopWindow
GetDC
ReleaseDC
GetSysColor
GetWindowPlacement
ShowWindow
DrawTextW
LoadIconW
DeferWindowPos
BeginDeferWindowPos
CreateAcceleratorTableW
wsprintfW
GetDlgItem
EmptyClipboard
CloseClipboard
CheckMenuItem
GetNextDlgTabItem
MessageBeep
PostMessageW
DrawFrameControl
SetCursor
AdjustWindowRectEx
RedrawWindow
GetSysColorBrush
LoadStringW
SetWindowTextW
GetDlgCtrlID
GetWindow
GetClassNameW
DrawFocusRect
FillRect
GetFocus
InflateRect
SetActiveWindow
UpdateWindow
EqualRect
SetWindowPos
SetTimer
InvalidateRect
GetCursor
GetKeyState
KillTimer
IsWindowVisible
GrayStringW
DrawAnimatedRects
FindWindowW
EnumChildWindows
SetForegroundWindow
ValidateRect
SetParent
GetClassLongW
SetClassLongW
WindowFromPoint
GetSystemMetrics
LoadMenuIndirectW
LookupIconIdFromDirectoryEx
LoadMenuW
CopyImage
SetClipboardData
LoadBitmapW
DestroyIcon
CopyIcon
CreateIconIndirect
GetIconInfo
DrawIconEx
DrawStateW
DestroyAcceleratorTable
UnionRect
TranslateMessage
HideCaret
WinHelpW
OpenClipboard
VkKeyScanW
GetDoubleClickTime
IsChild
MoveWindow
DrawEdge
SetScrollPos
GetClipboardData
EnableMenuItem
IsClipboardFormatAvailable
EnableScrollBar
ShowScrollBar
CreateCaret
SetCaretPos
DragDetect
ShowCaret
GetScrollInfo
EndDeferWindowPos
DestroyCaret
CreateIconFromResourceEx
LoadImageW
RegisterClipboardFormatW
SetWindowRgn
GetWindowRgn
CallWindowProcW
RegisterWindowMessageW
IsWindowUnicode
SetWindowLongW
GetWindowLongA
SetWindowLongA
SendMessageW
OffsetRect
EnableWindow

gdi32

CreateDIBSection
DeleteDC
StretchBlt
CreateBitmap
SetTextColor
SetBkColor
SetStretchBltMode
GetDIBits
GetBitmapBits
ExtCreateRegion
GetTextMetricsW
CreatePatternBrush
GetBkColor
GetTextColor
GetTextAlign
SetPixelV
GetWindowOrgEx
CreateFontW
GetCharWidthW
SetBoundsRect
GetRgnBox
CreatePolygonRgn
RoundRect
CombineRgn
GetClipBox
GetViewportOrgEx
GetViewportExtEx
GetWindowExtEx
SetViewportOrgEx
GetClipRgn
IntersectClipRect
ExtSelectClipRgn
MoveToEx
Polyline
Ellipse
LineTo
Rectangle
GetTextExtentPointW
SetBrushOrgEx
CreateRectRgn
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
CreateFontIndirectW
GetTextExtentPoint32W
Polygon
GetStockObject
EnumFontFamiliesExW
SetPixel
PatBlt
CreateSolidBrush
CreatePen
DeleteObject
BitBlt
CreateRectRgnIndirect
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
GetObjectW
SetBkMode
GetDeviceCaps
GetPixel

advapi32

RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegQueryValueExW

shell32

DragQueryFileW
SHGetMalloc
SHBrowseForFolderW
SHGetPathFromIDListW
SHAppBarMessage
Shell_NotifyIconW

comctl32

ImageList_Destroy
ImageList_GetImageCount
ImageList_GetIcon
ImageList_GetIconSize
ImageList_DrawEx
ImageList_ReplaceIcon
ImageList_Add
ImageList_GetImageInfo
ImageList_Create
_TrackMouseEvent
ImageList_Draw
ImageList_AddMasked
ord17

ole32

CoCreateInstance
OleRun
ReleaseStgMedium

olepro32

ord252
ord254
ord253

oleaut32

VarI4FromCy
VarI4FromR4
VarI4FromR8
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
VariantInit
VariantChangeType
SysFreeString
SysAllocString
VariantChangeTypeEx
OleLoadPicturePath
SafeArrayGetDim
VariantClear
LoadRegTypeLi
SafeArrayCreate

Exports

Exports

?interfaceMap@CWebBrowserSite@@1UAFX_INTERFACEMAP@@B
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 924KB - Virtual size: 922KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 204KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 332KB - Virtual size: 331KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

56accb93af10812d19391799de9a7230

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

7c:77:8f:22:eb:93:3a:28:79:c9:0b:a2:ec:17:18:f5Certificate

Extended Key Usages

Key Usages

b0:51:1d:1c:93:19:fb:72:0a:df:db:f8:6b:1a:7d:95:23:9d:c2:dcSigner

Signature Validations

Verification

24/11/2022, 14:54 Valid: false

Headers

File Characteristics

Imports

mfc42u

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

olepro32

oleaut32

Exports

Exports

Sections

.text Size: 924KB - Virtual size: 922KB

.rdata Size: 204KB - Virtual size: 201KB

.data Size: 56KB - Virtual size: 70KB

.rsrc Size: 332KB - Virtual size: 331KB

.reloc Size: 96KB - Virtual size: 95KB

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

7c:77:8f:22:eb:93:3a:28:79:c9:0b:a2:ec:17:18:f5
Certificate

b0:51:1d:1c:93:19:fb:72:0a:df:db:f8:6b:1a:7d:95:23:9d:c2:dc
Signer

24/11/2022, 14:54
Valid: false

.text
Size: 924KB - Virtual size: 922KB

.rdata
Size: 204KB - Virtual size: 201KB

.data
Size: 56KB - Virtual size: 70KB

.rsrc
Size: 332KB - Virtual size: 331KB

.reloc
Size: 96KB - Virtual size: 95KB