a59118edfdf22c681a681d74125b7575a34cabe99b69d273ddeba4dbd0bed076

Sharing

Copy URL Twitter E-mail

General

Target

a59118edfdf22c681a681d74125b7575a34cabe99b69d273ddeba4dbd0bed076
Size

349KB
MD5

2502220cb46bf6928eaf11dcd0e27f38
SHA1

da17734dce5e31b34dbb7ff97aeb9af1ef93d58f
SHA256

a59118edfdf22c681a681d74125b7575a34cabe99b69d273ddeba4dbd0bed076
SHA512

4b661c762f6066d3054e7f394941343b3fe50707ae24290b5febbbdd12025ec9479173b1f08a732b3f4fb41cfd6a41d4c07bd86008ef2b3da37f771f249dc045
SSDEEP

3072:BeU01ABjrFFoWrO9Pp1SeVC9n7gH788CsMstpZttTBfEvl5XKfVoN7nZ:KknFFoWq9P7bI9n7g3CGtttTBcl56fa

Score

N/A

Malware Config

Signatures

Files

a59118edfdf22c681a681d74125b7575a34cabe99b69d273ddeba4dbd0bed076
.dll regsvr32 windows x86

3f4f0a87a36e72f9c29b5186b35a1b64

Code Sign

1c:aa:0d:0d:ad:f3:2a:24:04:a7:51:95:ae:47:82:0a
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

26/04/2010, 00:00

Not After

25/04/2012, 23:59

Subject

CN=LivePlex Corp,O=LivePlex Corp,L=Gangnam-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2c:50:54:f5:2a:d3:b3:35:b1:b1:21:3e:e5:7c:21:8b:f4:36:a7:2b
Signer

Actual PE Digest

2c:50:54:f5:2a:d3:b3:35:b1:b1:21:3e:e5:7c:21:8b:f4:36:a7:2b

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=LivePlex Corp,O=LivePlex Corp,L=Gangnam-gu,ST=Seoul,C=KR

15/11/2011, 05:00
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesA
GetWindowsDirectoryA
WideCharToMultiByte
MultiByteToWideChar
GetLastError
VirtualProtect
VirtualFree
VirtualAlloc
VirtualQuery
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSize
OpenProcess
GlobalMemoryStatus
GetCurrentProcessId
GetTickCount
GetDiskFreeSpaceExA
GetDriveTypeA
GetVersionExA
GetSystemDefaultLangID
GetACP
GetComputerNameA
FindClose
FindNextFileA
GetModuleFileNameA
SetLastError
WaitForMultipleObjects
GlobalFree
GlobalAlloc
CreateDirectoryA
DeleteFileA
CreateThread
GetCurrentThreadId
CompareStringW
CompareStringA
GetLocaleInfoW
GetTimeZoneInformation
SetStdHandle
GetOEMCP
SetFilePointer
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
GetCPInfo
GetStringTypeW
GetStringTypeA
CopyFileA
GetModuleHandleA
SetFileTime
CreateFileA
GetFileTime
FreeLibrary
GetStdHandle
GetConsoleScreenBufferInfo
ReadConsoleOutputCharacterA
SetConsoleCursorPosition
WriteConsoleOutputCharacterA
FreeConsole
ResetEvent
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
DeleteCriticalSection
CreateEventA
SetEvent
InitializeCriticalSection
WriteFile
CreatePipe
GetSystemDirectoryA
CreateProcessA
PeekNamedPipe
ReadFile
Sleep
CloseHandle
TerminateProcess
LoadLibraryA
GetProcAddress
FindFirstFileA
HeapFree
HeapAlloc
ResumeThread
TlsSetValue
TlsGetValue
ExitThread
RtlUnwind
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
GetVersion
GetEnvironmentVariableA
HeapDestroy
HeapCreate
HeapReAlloc
IsBadWritePtr
ExitProcess
FatalAppExitA
GetCurrentProcess
SetConsoleCtrlHandler
TlsAlloc
TlsFree
GetCurrentThread
UnhandledExceptionFilter
LCMapStringA
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
FlushFileBuffers
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetEnvironmentVariableA

user32

SetCursorPos
GetProcessWindowStation
GetThreadDesktop
OpenWindowStationA
SetProcessWindowStation
OpenDesktopA
SetThreadDesktop
CloseDesktop
CloseWindowStation
GetCursorPos
GetSystemMetrics
GetForegroundWindow
GetClassNameA
GetWindowThreadProcessId

gdi32

SelectObject
BitBlt
GetDIBits
CreateCompatibleDC
CreateDCA
GetDeviceCaps
CreateCompatibleBitmap
DeleteDC
DeleteObject

advapi32

GetTokenInformation
LookupAccountSidA
GetUserNameA
RevertToSelf
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ImpersonateLoggedOnUser
OpenProcessToken
RegisterServiceCtrlHandlerW
SetServiceStatus
RegQueryValueExA
OpenSCManagerA
OpenServiceA
ControlService
RegDeleteValueA
StartServiceA
CloseServiceHandle
RegOpenKeyA
RegCloseKey
RegCreateKeyA
RegSetValueExA

Exports

Exports

CM_Get_Child
CM_Is_Dock_Station_Present
CM_Request_Eject_PC
CloseDriver
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
OpenDriver
PlaySoundW
Reinitialize
SendDriverMessage
ServiceMain
SetupCloseFileQueue
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW
SetupDiGetDeviceInterfaceDetailW
SetupDiOpenDevRegKey
Shutdown
UpdateCharsetChanges
UpdateUIfontsDueToDPIchange
maintest
mciSendCommandA
mixerClose
mixerGetControlDetailsW
mixerGetID
mixerGetLineControlsW
mixerGetLineInfoW
mixerMessage
mixerOpen
mixerSetControlDetails
waveInGetDevCapsW
waveInGetNumDevs
waveInOpen
waveOutGetDevCapsW
waveOutGetNumDevs
waveOutMessage
waveOutOpen

Sections

.text
Size: 264KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3f4f0a87a36e72f9c29b5186b35a1b64

Code Sign

1c:aa:0d:0d:ad:f3:2a:24:04:a7:51:95:ae:47:82:0aCertificate

Extended Key Usages

01Certificate

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

2c:50:54:f5:2a:d3:b3:35:b1:b1:21:3e:e5:7c:21:8b:f4:36:a7:2bSigner

Signature Validations

Verification

15/11/2011, 05:00 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Exports

Exports

Sections

.text Size: 264KB - Virtual size: 260KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 32KB - Virtual size: 35KB

.idata Size: 8KB - Virtual size: 5KB

.reloc Size: 12KB - Virtual size: 8KB

1c:aa:0d:0d:ad:f3:2a:24:04:a7:51:95:ae:47:82:0a
Certificate

01
Certificate

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

2c:50:54:f5:2a:d3:b3:35:b1:b1:21:3e:e5:7c:21:8b:f4:36:a7:2b
Signer

15/11/2011, 05:00
Valid: false

.text
Size: 264KB - Virtual size: 260KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 32KB - Virtual size: 35KB

.idata
Size: 8KB - Virtual size: 5KB

.reloc
Size: 12KB - Virtual size: 8KB