89f786c98b3add2d4e7ce44b7e0b595cc77494d527c87331bfb6f63070026653

Sharing

Copy URL Twitter E-mail

General

Target

89f786c98b3add2d4e7ce44b7e0b595cc77494d527c87331bfb6f63070026653
Size

765KB
MD5

de3efc6e2c1a74efa2b0db14820c38b9
SHA1

e3d641cac50e4554d5f43bf71f59c0175c601de4
SHA256

89f786c98b3add2d4e7ce44b7e0b595cc77494d527c87331bfb6f63070026653
SHA512

7cf6993a40078d5f0b0900b8b115a6e881baa916862a06b5473ccdc322f968a8c06acec67f1b4da9bd2c74a079184ef1cf0e49e51836c54d903e7aac763748c7
SSDEEP

12288:qcyb5svDWbS3EcEFNCeyjWYgeWYg955/155/5RiWbByu5bwLh7ow67K5y:tyNsvDWqeiURiWbByuhwLxA7cy

Score

N/A

Malware Config

Signatures

Files

89f786c98b3add2d4e7ce44b7e0b595cc77494d527c87331bfb6f63070026653
.dll windows x64

418a8cfa8a037e9d03420b135fe9c525

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:a9:38:ed:c7:ae:ac:8d:c7:1d:cb:b4:b4:f6:11:f8
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28/09/2012, 00:00

Not After

23/11/2015, 23:59

Subject

CN=Valve,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Valve,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

dc:c4:96:bf:20:6f:59:02:83:99:a3:1c:4a:86:6e:12:57:f7:d7:7b
Signer

Actual PE Digest

dc:c4:96:bf:20:6f:59:02:83:99:a3:1c:4a:86:6e:12:57:f7:d7:7b

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Valve,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Valve,ST=Washington,C=US

20/10/2014, 21:10
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LockResource
LoadResource
SizeofResource
GetModuleHandleExA
FindResourceA
FindResourceW
GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
VirtualProtectEx
GetThreadContext
SetThreadContext
ReadFile
CloseHandle
SetLastError
CreateProcessA
CreateProcessW
GetModuleHandleA
SetEvent
ResetEvent
MapViewOfFile
UnmapViewOfFile
CreateEventA
CreateFileMappingA
DisableThreadLibraryCalls
GetCurrentProcessId
OpenThread
ResumeThread
GetHandleInformation
SetHandleInformation
GetModuleFileNameA
GetEnvironmentVariableA
CreateToolhelp32Snapshot
Module32First
Module32Next
GetExitCodeProcess
CreateMutexA
GetSystemInfo
WaitForSingleObject
ReleaseMutex
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
WriteProcessMemory
GetLastError
GetCurrentProcess
VirtualAllocEx
VirtualQuery
VirtualProtect
FlushInstructionCache
OpenProcess
GetVersion
LocalFree
SetEnvironmentVariableA
WriteConsoleW
SetStdHandle
OutputDebugStringW
LCMapStringW
CompareStringW
GetConsoleCP
HeapReAlloc
ReadConsoleW
GetConsoleMode
GetCurrentDirectoryW
GetStringTypeW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
Sleep
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetStartupInfoW
GetFileType
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetModuleFileNameW
GetStdHandle
GetProcessHeap
IsProcessorFeaturePresent
IsDebuggerPresent
HeapSize
AreFileApisANSI
GetModuleHandleExW
ExitProcess
GetFullPathNameW
GetCurrentThreadId
GetCommandLineA
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
RtlUnwindEx
GetProcAddress
RtlLookupFunctionEntry
RaiseException
RtlPcToFileHeader
DecodePointer
EncodePointer
GetModuleHandleW
LoadLibraryExW
LoadLibraryExA
LoadLibraryW
GetFileSize
WriteFile
FlushFileBuffers
SetEndOfFile
SetFilePointerEx
LoadLibraryA
GetDriveTypeW
CreateDirectoryW
CreateFileW
GetFileAttributesW

user32

GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW
GetDesktopWindow

advapi32

ReportEventW
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegCloseKey
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
CopySid
GetLengthSid
IsValidSid
CreateWellKnownSid
GetTokenInformation
OpenProcessToken
DeregisterEventSource
RegisterEventSourceW

shell32

SHCreateShellItem
SHParseDisplayName

ole32

PropVariantClear
CoTaskMemFree

tier0_s64

Log
AssertMsgImplementation
Is64BitOS
ThreadGetCurrentId
ThreadGetCurrentRunningRef
?Get@CThreadLocalBase@@QEBAPEAXXZ
?Set@CThreadLocalBase@@QEAAXPEAX@Z
?EnterScope@CVProfile@@QEAA_NPEBDH0_NHPEAX@Z
?ExitScope@CVProfile@@QEAAXXZ
?AddProfileForThread@CVProfManager@@QEAAPEAVCVProfileThreadEntry@@PEAVCVProfile@@II@Z
CreateVProfile
g_VProfProfilesRunningCount
ThreadInterlockedAssignIf128
??1CThreadMutex@@QEAA@XZ
Msg
Plat_OutputDebugStringRaw
g_pMemAllocSteam
?ClaimArrayMemory@CValidator@@QEAAXPEAX@Z
?Pop@CValidator@@QEAAXXZ
?Push@CValidator@@QEAAXPEBDPEAX0@Z
Error
g_VProfile
g_VProfManager

vstdlib_s64

Q_FixSlashes
Q_vsnprintf
Q_strncpy
Q_strncat
Q_strnicmp
?Q_stristr@@YAPEBDPEBD0@Z
Q_snprintf
Q_UTF8ToUTF16
Q_UTF16ToUTF8
Q_UTF32ToUTF8
Q_MakeAbsolutePath
Q_IsAbsolutePath
V_FixDoubleSlashes
Q_tolower
Q_atoi
Q_binarytohex
KeyValuesSystemSteam
Q_UnqualifiedFileName

shlwapi

PathFindFileNameW
PathFindExtensionW
SHStrDupA

Exports

Exports

CreateInterface

Sections

.text
Size: 382KB - Virtual size: 382KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 225KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 77KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

418a8cfa8a037e9d03420b135fe9c525

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

47:a9:38:ed:c7:ae:ac:8d:c7:1d:cb:b4:b4:f6:11:f8Certificate

Extended Key Usages

Key Usages

dc:c4:96:bf:20:6f:59:02:83:99:a3:1c:4a:86:6e:12:57:f7:d7:7bSigner

Signature Validations

Verification

20/10/2014, 21:10 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

tier0_s64

vstdlib_s64

shlwapi

Exports

Exports

Sections

.text Size: 382KB - Virtual size: 382KB

.rdata Size: 225KB - Virtual size: 224KB

.data Size: 77KB - Virtual size: 101KB

.pdata Size: 20KB - Virtual size: 19KB

.rsrc Size: 44KB - Virtual size: 44KB

.reloc Size: 11KB - Virtual size: 10KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

47:a9:38:ed:c7:ae:ac:8d:c7:1d:cb:b4:b4:f6:11:f8
Certificate

dc:c4:96:bf:20:6f:59:02:83:99:a3:1c:4a:86:6e:12:57:f7:d7:7b
Signer

20/10/2014, 21:10
Valid: false

.text
Size: 382KB - Virtual size: 382KB

.rdata
Size: 225KB - Virtual size: 224KB

.data
Size: 77KB - Virtual size: 101KB

.pdata
Size: 20KB - Virtual size: 19KB

.rsrc
Size: 44KB - Virtual size: 44KB

.reloc
Size: 11KB - Virtual size: 10KB