ff5e4cc0fea9eaf44be4723868f28abcc202b8283b4eeb424cd083866d7300d1

Sharing

Copy URL Twitter E-mail

General

Target

ff5e4cc0fea9eaf44be4723868f28abcc202b8283b4eeb424cd083866d7300d1
Size

73KB
MD5

136fdf85fd90f166af828cad5d45cd99
SHA1

a61b25e71328388c5af8954f29381b91a83467f2
SHA256

ff5e4cc0fea9eaf44be4723868f28abcc202b8283b4eeb424cd083866d7300d1
SHA512

6e46eda9149fbb0f726b355fd694efa759c617805565f76106a219088fa909b9c4be2ecdcbe60ba881d29d3cbbd274a5f376ed332192e373689cf52e7e00175f
SSDEEP

1536:c4Uu3aj7mZPts/HJG/S9tD059hndca0DC+yiDbP:c1u3aHmZPqJD0zhnOa0NJ

Score

N/A

Malware Config

Signatures

Files

ff5e4cc0fea9eaf44be4723868f28abcc202b8283b4eeb424cd083866d7300d1
.dll windows x64

e98fe54a29c79bcc2806f5b481b54b12

Code Sign

04:00:00:00:00:01:23:9e:0f:ac:b3
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:29:6e:a8:ed:a8
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

25/06/2010, 10:05

Not After

26/06/2011, 10:05

Subject

CN=Akeo Consulting,OU=libusb.org,O=Akeo Consulting,ST=Co. Donegal,C=IE,1.2.840.113549.1.9.1=#0c117062617461726440676d61696c2e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:23:9e:0f:af:24
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 10:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:00

Not After

23/05/2016, 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

16:54:60:e2:02:82:f8:a5:f1:a7:3d:f1:94:52:cf:e4:50:64:21:8f
Signer

Actual PE Digest

16:54:60:e2:02:82:f8:a5:f1:a7:3d:f1:94:52:cf:e4:50:64:21:8f

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Akeo Consulting,OU=libusb.org,O=Akeo Consulting,ST=Co. Donegal,C=IE,1.2.840.113549.1.9.1=#0c117062617461726440676d61696c2e636f6d

02/10/2010, 16:09
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

memcpy
__C_specific_handler
_amsg_exit
_initterm
_XcptFilter
memmove
_stricmp
realloc
_iob
memset
_getch
fclose
wcstombs
fputws
_strdup
fopen
printf
wcsstr
fgets
fgetws
_beginthread
fputs
_wcsnicmp
_endthread
_strlwr
strncmp
sscanf
mbstowcs
sprintf
_wcsicmp
_vsnprintf
fprintf
strncpy
strerror
getenv
atoi
_snprintf
strstr
malloc
free

setupapi

SetupDiOpenDevRegKey
SetupDiCallClassInstaller
SetupDiSetClassInstallParamsA
CM_Get_Device_IDA
SetupFindNextLine
SetupDiGetDeviceRegistryPropertyA
SetupOpenInfFileA
SetupDiGetDeviceInstallParamsA
SetupDiRemoveDevice
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupCloseInfFile
CM_Get_DevNode_Status
SetupDiSetDeviceRegistryPropertyA
SetupDiGetClassDevsA
SetupFindFirstLineA
SetupGetStringFieldA

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
GetVersion
LocalFree
GetVersionExA
GetModuleHandleA
SetEnvironmentVariableA
LockResource
WriteConsoleA
LoadLibraryA
GetProcAddress
GetStdHandle
CreateSemaphoreA
SizeofResource
Sleep
GetCurrentProcess
LoadResource
FreeLibrary
FindResourceA
GetFullPathNameA
OutputDebugStringA
FormatMessageA
CloseHandle
DeviceIoControl
ResetEvent
GetLastError
GetOverlappedResult
CreateEventA
WaitForSingleObject
CreateFileA

advapi32

RegCloseKey
FreeSid
CheckTokenMembership
RegSetValueExA
RegQueryValueExA
RegEnumKeyExA
RegOpenKeyExA
RegDeleteValueA
AllocateAndInitializeSid

user32

GetMessageA
SetTimer
GetWindowRect
GetWindowLongPtrA
RegisterClassExA
PostQuitMessage
FillRect
GetClassInfoExA
GetParent
LoadIconA
GetClientRect
GetWindowTextLengthA
SendMessageA
DrawEdge
TranslateMessage
InflateRect
OffsetRect
MessageBoxA
InvalidateRect
CreateWindowExA
GetDlgItem
DefWindowProcA
RedrawWindow
GetDesktopWindow
GetSysColor
SetWindowPos
GetSysColorBrush
SetWindowLongPtrA
PostMessageA
DispatchMessageA
GetSystemMetrics
SetWindowTextA
UpdateWindow
EnableWindow
LoadCursorA
DestroyWindow

gdi32

CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
DeleteObject
DeleteDC
BitBlt
CreateSolidBrush

Exports

Exports

usb_bulk_read
usb_bulk_setup_async
usb_bulk_write
usb_cancel_async
usb_claim_interface
usb_clear_halt
usb_close
usb_control_msg
usb_device
usb_find_busses
usb_find_devices
usb_free_async
usb_get_busses
usb_get_descriptor
usb_get_descriptor_by_endpoint
usb_get_string
usb_get_string_simple
usb_get_version
usb_init
usb_install_driver_np
usb_install_driver_np_rundll
usb_install_needs_restart_np
usb_install_npA
usb_install_npW
usb_install_np_rundll
usb_install_service_np
usb_install_service_np_rundll
usb_interrupt_read
usb_interrupt_setup_async
usb_interrupt_write
usb_isochronous_setup_async
usb_open
usb_reap_async
usb_reap_async_nocancel
usb_release_interface
usb_reset
usb_resetep
usb_set_altinterface
usb_set_configuration
usb_set_debug
usb_strerror
usb_submit_async
usb_touch_inf_file_np
usb_touch_inf_file_np_rundll
usb_uninstall_service_np
usb_uninstall_service_np_rundll

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e98fe54a29c79bcc2806f5b481b54b12

Code Sign

04:00:00:00:00:01:23:9e:0f:ac:b3Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:20:19:c1:90:66Certificate

Key Usages

01:00:00:00:00:01:25:b0:b4:cc:01Certificate

Extended Key Usages

Key Usages

01:00:00:00:00:01:29:6e:a8:ed:a8Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:23:9e:0f:af:24Certificate

Extended Key Usages

Key Usages

61:0b:7f:6b:00:00:00:00:00:19Certificate

Key Usages

16:54:60:e2:02:82:f8:a5:f1:a7:3d:f1:94:52:cf:e4:50:64:21:8fSigner

Signature Validations

Verification

02/10/2010, 16:09 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

setupapi

kernel32

advapi32

user32

gdi32

Exports

Exports

Sections

.text Size: 59KB - Virtual size: 59KB

.data Size: 2KB - Virtual size: 4KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 904B

.reloc Size: 512B - Virtual size: 352B

04:00:00:00:00:01:23:9e:0f:ac:b3
Certificate

04:00:00:00:00:01:20:19:c1:90:66
Certificate

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

01:00:00:00:00:01:29:6e:a8:ed:a8
Certificate

04:00:00:00:00:01:23:9e:0f:af:24
Certificate

61:0b:7f:6b:00:00:00:00:00:19
Certificate

16:54:60:e2:02:82:f8:a5:f1:a7:3d:f1:94:52:cf:e4:50:64:21:8f
Signer

02/10/2010, 16:09
Valid: false

.text
Size: 59KB - Virtual size: 59KB

.data
Size: 2KB - Virtual size: 4KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 904B

.reloc
Size: 512B - Virtual size: 352B