905e8fde30928eba20941dae5faff640c73450f80e89bb60c52c795027fc9f22

Sharing

Copy URL

Twitter E-mail

General

Target

905e8fde30928eba20941dae5faff640c73450f80e89bb60c52c795027fc9f22
Size

241KB
MD5

4261f1f8f59733047e7076200f231380
SHA1

98a54bc5cf97142f3e1555638b1e3b2f474844c0
SHA256

905e8fde30928eba20941dae5faff640c73450f80e89bb60c52c795027fc9f22
SHA512

bfccb7aaa772dc981142ffe827593bfa6a97f3b7441033335f964509264509bf4f19dd2d49e37e60b75cd558317970f04974363ff8be3eb9b49962188dc31ad9
SSDEEP

6144:fD7Q5m5kL7U64mX8QIq190ycTNXbcOfKO:fv6m5kLo64mM8190ycTNXNCO

Score

N/A

Malware Config

Signatures

Files

905e8fde30928eba20941dae5faff640c73450f80e89bb60c52c795027fc9f22
.dll windows x86

684ea28eb08782aae860c4d4181e6bef

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSASend
bind
closesocket
WSARecvFrom
WSAGetOverlappedResult
WSASendTo
WSARecv
getservbyname
gethostbyname
getservbyport
gethostbyaddr
WSAGetLastError
WSASetLastError
WSAStartup
htons
ntohs
ntohl
WSAIoctl
WSASocketW
inet_addr
inet_ntoa
htonl

iphlpapi

GetNetworkParams
SendARP
FlushIpNetTable
GetBestRoute
GetFriendlyIfIndex
GetAdaptersInfo
GetPerAdapterInfo

dnsapi

DnsExtractRecordsFromMessage_UTF8
DnsWriteQuestionToBuffer_UTF8
DnsFree
DnsQuery_A

shlwapi

SHGetValueA
PathAppendW
SHSetValueA

rasapi32

RasEnumConnectionsW
RasSetEntryPropertiesW
RasGetEntryPropertiesW
RasGetProjectionInfoW

shell32

SHGetFolderPathW

wininet

InternetQueryOptionW
InternetSetOptionW

kernel32

WriteConsoleW
CreateFileA
FlushFileBuffers
IsBadReadPtr
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringA
MultiByteToWideChar
CloseHandle
WaitForSingleObject
ReleaseMutex
LoadLibraryW
GetProcAddress
GetNativeSystemInfo
GetVersionExW
GetModuleHandleW
GetTickCount
Sleep
GetLastError
LocalAlloc
LocalFree
TerminateProcess
InitializeCriticalSection
DeleteCriticalSection
CreateEventW
CreateDirectoryW
GetLocalTime
CreateFileW
SetEvent
WaitForMultipleObjects
ResetEvent
WriteFile
FreeLibrary
LoadLibraryA
GetSystemDirectoryA
GetSystemDirectoryW
MoveFileW
EnterCriticalSection
LeaveCriticalSection
CreatePipe
DuplicateHandle
GetCurrentProcess
CreateThread
SetLastError
GetCurrentThreadId
GetExitCodeProcess
CreateProcessW
PeekNamedPipe
ReadFile
GetProcessHeap
GetVersionExA
GlobalFree
GlobalAlloc
GetModuleHandleA
CreateMutexA
SystemTimeToFileTime
WideCharToMultiByte
HeapSize
HeapAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
ExitThread
GetCommandLineA
RaiseException
RtlUnwind
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
HeapDestroy
ExitProcess
GetStdHandle
GetModuleFileNameA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
InterlockedExchange

advapi32

OpenSCManagerW
StartServiceW
ChangeServiceConfigW
QueryServiceConfigW
ControlService
CloseServiceHandle
QueryServiceStatus
OpenServiceA

Exports

Exports

GetNetDiagFunctions

Sections

.text
Size: 182KB - Virtual size: 181KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

684ea28eb08782aae860c4d4181e6bef

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

iphlpapi

dnsapi

shlwapi

rasapi32

shell32

wininet

kernel32

advapi32

Exports

Exports

Sections

.text Size: 182KB - Virtual size: 181KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 6KB - Virtual size: 13KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 13KB - Virtual size: 12KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

.text
Size: 182KB - Virtual size: 181KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 6KB - Virtual size: 13KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 13KB - Virtual size: 12KB