7beddcdd203b189f8d24a9735934702e3eae804e84c974c5608d604bf9808f67

Sharing

Copy URL Twitter E-mail

General

Target

7beddcdd203b189f8d24a9735934702e3eae804e84c974c5608d604bf9808f67
Size

2.0MB
MD5

9cb82c604f2b4743c82416e7c6d9f12e
SHA1

ba30af50a598a8f939b1d2efff66ecd7676be2f8
SHA256

7beddcdd203b189f8d24a9735934702e3eae804e84c974c5608d604bf9808f67
SHA512

629b1c99f82dfe8f9ab51f5d96f23e60a313525c941bbb48a21067423960638cb8863661876b8a379bf63728d5c1a05d20f5a9ee8412321c03649ac27d9219bc
SSDEEP

24576:PNXbcKXHsIrLoVYzEqV/l4NkXF5ZQEAF5q0jxMKMw9zQDUWNB0kxv1uK:jBHo6zl/l4aeFs038B0kxv4K

Score

N/A

Malware Config

Signatures

Files

7beddcdd203b189f8d24a9735934702e3eae804e84c974c5608d604bf9808f67
.dll windows x86

2473ffc3fb5b12500231a3f31cc1e2b5

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

56:f5:1b:61:d9:7d:b2:8c:df:fd:e6:ba:2d:15:90:4a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

13/08/2010, 00:00

Not After

12/08/2013, 23:59

Subject

CN=T.E.C Solutions (G.Z.)Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=T.E.C Solutions (G.Z.)Limited,L=Guangzhou,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5e:23:8e:7c:94:f7:50:02:70:a4:4d:ea:e2:58:d4:8d:57:a4:3b:5c
Signer

Actual PE Digest

5e:23:8e:7c:94:f7:50:02:70:a4:4d:ea:e2:58:d4:8d:57:a4:3b:5c

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=T.E.C Solutions (G.Z.)Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=T.E.C Solutions (G.Z.)Limited,L=Guangzhou,ST=Guangdong,C=CN

05/04/2012, 07:01
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mpr

WNetGetConnectionW

kernel32

GetPrivateProfileStringA
WriteConsoleA
GetStdHandle
OutputDebugStringA
FreeConsole
AllocConsole
LocalFree
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
TlsFree
GetProfileStringA
GetVersion
lstrcmpA
GetCurrentThread
GetCurrentProcess
DuplicateHandle
CreateMutexA
InterlockedIncrement
InterlockedDecrement
GetTickCount
GetLocalTime
GetCurrentProcessId
GetEnvironmentVariableW
GetFileAttributesA
DefineDosDeviceA
GetDiskFreeSpaceExA
SetVolumeLabelA
GetVolumeInformationA
QueryDosDeviceA
GetLogicalDrives
RemoveDirectoryW
CreateDirectoryW
RemoveDirectoryA
CopyFileA
CreateDirectoryA
DeleteFileA
SetFileAttributesA
ReleaseMutex
OpenEventW
CreateEventW
OpenMutexA
TerminateThread
ResetEvent
WaitForMultipleObjects
VirtualQueryEx
ReadProcessMemory
SetEvent
WaitForSingleObject
CreateEventA
VirtualProtect
OpenProcess
FindFirstFileW
FindNextFileW
FindFirstFileA
FindNextFileA
FindClose
CreateThread
GetModuleHandleW
GetFileInformationByHandle
GetModuleHandleA
WideCharToMultiByte
IsBadReadPtr
IsBadWritePtr
GetTimeZoneInformation
SystemTimeToFileTime
FileTimeToLocalFileTime
MultiByteToWideChar
CopyFileW
GetTempPathW
GetTempFileNameW
SetFileAttributesW
DeleteFileW
MoveFileExW
QueryDosDeviceW
GetFileAttributesW
GetFileTime
GetFileSize
GetFileAttributesExW
Sleep
GetComputerNameW
MulDiv
GetLastError
ResumeThread
SetLastError
GetDriveTypeW
TlsGetValue
SetFilePointer
WriteFile
CreateFileW
ReadFile
TlsAlloc
TlsSetValue
GetCommandLineW
EnterCriticalSection
LeaveCriticalSection
OutputDebugStringW
GetCurrentThreadId
SetEndOfFile
CreateFileA
InitializeCriticalSection
GetProcessHeap
CloseHandle
DeleteCriticalSection
LoadLibraryW
GetWindowsDirectoryW
GetWindowsDirectoryA
GetCurrentDirectoryW
GetModuleFileNameW
GetSystemDirectoryW
GetCurrentDirectoryA
GetModuleFileNameA
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
FreeLibrary
CreateFileMappingA
GetEnvironmentVariableA
GetTempPathA
ExpandEnvironmentStringsW
ExpandEnvironmentStringsA
MoveFileW
MoveFileA
GetThreadPriority
SetThreadPriority
GetPriorityClass
SetPriorityClass
CreateProcessW
CreateProcessA
SuspendThread
VirtualAllocEx
VirtualFreeEx
WriteProcessMemory
GetThreadContext
SetThreadContext
GetExitCodeThread
OpenSemaphoreA
OpenEventA
CancelIo
GetOverlappedResult
CreateNamedPipeA
ConnectNamedPipe
WaitNamedPipeA
SetNamedPipeHandleState
VirtualProtectEx
CreateFileMappingW
VirtualQuery
FlushInstructionCache
BeginUpdateResourceA
UpdateResourceA
EndUpdateResourceA
EnumResourceTypesA
EnumResourceNamesA
EnumResourceLanguagesA
SizeofResource
LockResource
LoadLibraryExA
FreeResource
lstrlenA
FormatMessageA
LoadResource
FindResourceExA
GetACP
lstrlenW
FormatMessageW
GetVersionExA
SleepEx
InterlockedExchange
CreateSemaphoreA
ReleaseSemaphore
PulseEvent
EncodePointer
DecodePointer
RtlUnwind
GetSystemTimeAsFileTime
RaiseException
GetTimeFormatA
GetDateFormatA
GetTimeFormatW
GetDateFormatW
GetCommandLineA
HeapFree
HeapSize
ExitProcess
GetCPInfo
GetOEMCP
IsValidCodePage
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
IsProcessorFeaturePresent
HeapAlloc
LCMapStringW
GetStringTypeW
GetLocaleInfoW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
FatalAppExitA
HeapReAlloc
SetConsoleCtrlHandler
GetConsoleCP
GetConsoleMode
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleW
FlushFileBuffers
CompareStringW
SetEnvironmentVariableA
GetSystemInfo

user32

MessageBoxW
OpenWindowStationA
MessageBoxA
GetWindowLongA
FindWindowExA
GetWindowTextA
GetClassNameA
FillRect
GetDesktopWindow
GetUserObjectInformationW
GetDC
ReleaseDC
IsRectEmpty
GetWindowRect
ClientToScreen
GetClientRect
SetCursor
LoadCursorA
GetClassNameW
GetForegroundWindow
WindowFromPoint
GetCursorPos
CloseDesktop
SetWindowsHookExA
GetSystemMetrics
MsgWaitForMultipleObjects
SetThreadDesktop
GetThreadDesktop
OpenDesktopA
OpenInputDesktop
GetUserObjectInformationA
GetProcessWindowStation
CloseWindowStation
GetParent
SetProcessWindowStation

gdi32

CreateDCA
CreatePalette
RealizePalette
CreateDIBitmap
SetDIBits
GetObjectA
GetDIBits
SetDIBColorTable
GdiFlush
GetPaletteEntries
SetPixel
CreateRectRgn
CombineRgn
OffsetRgn
CloseEnhMetaFile
CreateEnhMetaFileW
SetWindowExtEx
CreateCompatibleBitmap
CreateSolidBrush
GetCurrentObject
SelectPalette
GetBkColor
GetViewportOrgEx
GetWorldTransform
SetBkColor
SetViewportExtEx
GetWindowOrgEx
SetWorldTransform
SetWindowOrgEx
SetViewportOrgEx
CreateCompatibleDC
CreateDIBSection
BitBlt
SetStretchBltMode
StretchBlt
DeleteDC
SaveDC
GetStockObject
GetObjectW
GetDeviceCaps
CreateFontIndirectW
SelectObject
GetMapMode
LPtoDP
SetMapMode
DPtoLP
GetTextAlign
GetTextColor
SetTextAlign
GetBkMode
SetBkMode
SetTextColor
TextOutW
DeleteObject
RestoreDC
GetWindowExtEx
GetViewportExtEx
CopyEnhMetaFileW
DeleteEnhMetaFile
GetBitmapBits

advapi32

RegCreateKeyW
RegisterEventSourceA
RegEnumValueA
RegDeleteKeyA
RegSetValueExA
RegDeleteValueA
RegOpenKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyA
RegQueryInfoKeyA
RegEnumKeyA
RegOpenKeyExA
RegQueryValueExA
RegQueryValueExW
RegOpenKeyW
RegSetValueExW
RegCloseKey
RegConnectRegistryA
RegCreateKeyExA
LookupAccountNameW
SetSecurityDescriptorDacl
GetAce
AddAccessAllowedAce
InitializeAcl
GetLengthSid
InitializeSecurityDescriptor
LookupAccountSidW
GetUserNameA
SetFileSecurityA
RegSetKeySecurity
DeregisterEventSource
ReportEventA

shell32

SHGetPathFromIDListW
CommandLineToArgvW

ole32

CoInitialize
CoCreateInstance
CoUninitialize
CoTaskMemAlloc
CoTaskMemFree

ws2_32

recvfrom
sendto
recv
send
getpeername
ntohs
ntohl
getsockname
WSASetLastError
WSAGetLastError
WSAStartup
WSACleanup
setsockopt
accept
bind
htonl
htons
WSAIoctl
socket
connect
closesocket
shutdown
listen
getsockopt

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
VerQueryValueA
VerQueryValueW
GetFileVersionInfoW

Exports

Exports

AddPassthru
DelPassthru
GetCaptureFlags
GetDocInfos
GetDocLogs
GetDocPolicyLogs
GetIMFTInfos
GetPrintInfos
GetPrintLogs
GetPrintPolicyLogs
GetProcInfosEx
GetUpDownPolicyLogs
GetUrlInfos
GetUrlPolicyLogs
INJInstallDetours
INJUninstallDetours
InitRecordMgr
InitShareInfoMgr
InstallDetours
InstallDetoursOne
SetCDBurnCtrlFlag
SetCaptureFlags
SetComputer
SetDocBackupFlag
SetDocCtrl
SetDocCtrlFlag
SetDocTick
SetFlags
SetIMFTCtrl
SetIMFTCtrlFlag
SetIP
SetOffline
SetPrintCtrl
SetPrintCtrlFlag
SetPrintPageCtrlFlag
SetPrintPageTick
SetPrintTick
SetProcCtrl
SetProduct
SetStatus
SetUDiskCtrlFlag
SetUDiskTick
SetUDiskVols
SetUpDownCtrlFlag
SetUpDownTick
SetUrlClsidsTick
SetUrlCtrl
SetUrlCtrlFlag
SetUrlTick
SetUser
TSetLogConfig
UninstallDetours
UninstallDetoursOne

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

whadntds
Size: 634KB - Virtual size: 634KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

TLCONFIG
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2473ffc3fb5b12500231a3f31cc1e2b5

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

56:f5:1b:61:d9:7d:b2:8c:df:fd:e6:ba:2d:15:90:4aCertificate

Extended Key Usages

Key Usages

5e:23:8e:7c:94:f7:50:02:70:a4:4d:ea:e2:58:d4:8d:57:a4:3b:5cSigner

Signature Validations

Verification

05/04/2012, 07:01 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

mpr

kernel32

user32

gdi32

advapi32

shell32

ole32

ws2_32

version

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 159KB - Virtual size: 158KB

.data Size: 60KB - Virtual size: 208KB

whadntds Size: 634KB - Virtual size: 634KB

TLCONFIG Size: 512B - Virtual size: 276B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 66KB - Virtual size: 65KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

56:f5:1b:61:d9:7d:b2:8c:df:fd:e6:ba:2d:15:90:4a
Certificate

5e:23:8e:7c:94:f7:50:02:70:a4:4d:ea:e2:58:d4:8d:57:a4:3b:5c
Signer

05/04/2012, 07:01
Valid: false

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 159KB - Virtual size: 158KB

.data
Size: 60KB - Virtual size: 208KB

whadntds
Size: 634KB - Virtual size: 634KB

TLCONFIG
Size: 512B - Virtual size: 276B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 66KB - Virtual size: 65KB