30c982baa3472c86db215cde12dcaf81d6e484a8bc9409cf403a03e7c5bb3541

Sharing

Copy URL Twitter E-mail

General

Target

30c982baa3472c86db215cde12dcaf81d6e484a8bc9409cf403a03e7c5bb3541
Size

25KB
MD5

f39ac1f394b173a79f99b920b16f2df6
SHA1

99616e34233d863db50c418860d936f56ebc2ac4
SHA256

30c982baa3472c86db215cde12dcaf81d6e484a8bc9409cf403a03e7c5bb3541
SHA512

8ae097bbfa14fd21ccb2d926decf4d8b99bd29ccfe5ca9693a3db77793dcfb41fbf78540433ded5c14933b9c876f93e7cfcf12c9bae5dc05d5d90c9c5d902377
SSDEEP

768:WDL0veomYoeQCotO36SfEVG6MiIQgpxbdieYLylIPmdastQ54WQUL/y:jPpXi+IP3su54WQUry

Score

N/A

Malware Config

Signatures

Files

30c982baa3472c86db215cde12dcaf81d6e484a8bc9409cf403a03e7c5bb3541
.dll windows x64

a6c4c4dfc857d362bbae592b4f2dd439

Code Sign

41:22:13:ea:08:15:11:81:4c:17:05:9a:70:91:09:cd
Certificate

Issuer

CN=Microsoft Windows,O=Microsoft Corporation,1.2.840.113549.1.9.1=#1306646565707877

Not Before

18/01/2008, 16:00

Not After

31/12/2009, 16:00

Subject

CN=Microsoft Windows,O=Microsoft Corporation,1.2.840.113549.1.9.1=#1306646565707877

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5c:48:79:5a:60:0a:9c:ae:3a:b2:c2:8c:a0:d4:72:06:37:72:39:b6
Signer

Actual PE Digest

5c:48:79:5a:60:0a:9c:ae:3a:b2:c2:8c:a0:d4:72:06:37:72:39:b6

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,1.2.840.113549.1.9.1=#1306646565707877

11/11/2008, 16:26
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

free
malloc
??3@YAXPEAX@Z
memset
_initterm

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

kernel32

UnhandledExceptionFilter
SetUnhandledExceptionFilter
Sleep
GetWindowsDirectoryW
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
CreateFileW
CloseHandle
DeviceIoControl
lstrcatW
DisableThreadLibraryCalls
lstrcpyW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetModuleFileNameW
lstrcmpW
GetLocaleInfoW
GetSystemInfo
GetProcAddress
GetModuleHandleW
GetVersionExW
FindResourceExW
FreeResource
lstrcpynW
LockResource
LoadResource

user32

MessageBoxW
SetDlgItemTextW
wsprintfW
GetSystemMetrics
EnableWindow
GetDlgItem

comctl32

CreatePropertySheetPageW
DestroyPropertySheetPage

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Exports

Exports

DllMain
TcpzPropPageProvider

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a6c4c4dfc857d362bbae592b4f2dd439

Code Sign

41:22:13:ea:08:15:11:81:4c:17:05:9a:70:91:09:cdCertificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

5c:48:79:5a:60:0a:9c:ae:3a:b2:c2:8c:a0:d4:72:06:37:72:39:b6Signer

Signature Validations

Verification

11/11/2008, 16:26 Valid: false

Headers

File Characteristics

Imports

msvcrt

ntdll

kernel32

user32

comctl32

version

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 12KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 512B - Virtual size: 312B

.rsrc Size: 7KB - Virtual size: 6KB

.reloc Size: 512B - Virtual size: 84B

41:22:13:ea:08:15:11:81:4c:17:05:9a:70:91:09:cd
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

5c:48:79:5a:60:0a:9c:ae:3a:b2:c2:8c:a0:d4:72:06:37:72:39:b6
Signer

11/11/2008, 16:26
Valid: false

.text
Size: 12KB - Virtual size: 12KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 312B

.rsrc
Size: 7KB - Virtual size: 6KB

.reloc
Size: 512B - Virtual size: 84B