af50983e0b867fd66ae23eaed25c457e7ba6df5274da2ec3942229c294b8b1c8

Sharing

Copy URL

Twitter E-mail

General

Target

af50983e0b867fd66ae23eaed25c457e7ba6df5274da2ec3942229c294b8b1c8
Size

515KB
MD5

186cad2d3beace6bfc19b4f9711e3cd1
SHA1

6ef1c73e5d7aff93708357c3e29f1343e28ac475
SHA256

af50983e0b867fd66ae23eaed25c457e7ba6df5274da2ec3942229c294b8b1c8
SHA512

daa5fdf4f5b5ef1b69552060f540d1ad69d412ab460749e3eb661acff9a4cbf1e8cd9655f11aadd0855943db96d86166ad07642eea50c9dbcd1f0e28ab440a81
SSDEEP

12288:QiV7WPiA6QqWItPRDvt3NvzeXk4bbn+7NSLvLR:t6iA6QqW+LCXkY+7N0LR

Score

N/A

Malware Config

Signatures

Files

af50983e0b867fd66ae23eaed25c457e7ba6df5274da2ec3942229c294b8b1c8
.dll windows x86

10c810ea4a3499978956e613eda4e7c3

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16-03-2010 00:00

Not After

15-03-2013 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesExW
GetFileSize
RemoveDirectoryW
FindFirstFileW
FindNextFileW
FindClose
GetLongPathNameW
GetShortPathNameW
SearchPathW
CopyFileW
MoveFileW
MoveFileExW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
ExpandEnvironmentStringsW
lstrlenW
GetSystemDirectoryW
GetTempPathW
GetCurrentDirectoryW
SetFileAttributesW
CreateProcessW
WaitForSingleObject
GetExitCodeProcess
DeviceIoControl
CreateDirectoryW
CreateFileMappingW
MapViewOfFile
CreateToolhelp32Snapshot
Thread32First
OpenThread
Thread32Next
OpenProcess
TerminateProcess
ReadProcessMemory
Process32FirstW
Process32NextW
GetSystemWindowsDirectoryW
GetTickCount
Sleep
ReadFile
DeleteFileW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetCurrentProcess
HeapFree
GetProcessHeap
HeapAlloc
LocalFree
LocalAlloc
MultiByteToWideChar
WideCharToMultiByte
GetSystemDefaultLangID
GetWindowsDirectoryW
GetNativeSystemInfo
GetModuleHandleW
lstrcmpiW
GetFileAttributesW
FreeLibrary
GetProcAddress
LoadLibraryW
SetLastError
GetVersionExW
CloseHandle
OutputDebugStringA
DeleteCriticalSection
EnterCriticalSection
GetLastError
CreateFileW
GetModuleFileNameW
LeaveCriticalSection
InitializeCriticalSection
WriteFile
OutputDebugStringW
SetFilePointer
VirtualQuery
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
LoadLibraryA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
HeapDestroy
HeapReAlloc
HeapSize
RaiseException
GetSystemTime
FormatMessageW
GetCurrentThreadId
GetSystemTimeAsFileTime
CreateFileA
ReleaseMutex
TlsGetValue
TlsSetValue
TlsAlloc
TlsFree
SetEnvironmentVariableW
GetEnvironmentVariableW
CreateMutexW
GetCurrentProcessId
SetFilePointerEx
GetFileSizeEx
LocalFileTimeToFileTime
SystemTimeToFileTime
GetFileType
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
RtlUnwind
ExitProcess
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
GetStdHandle
GetModuleFileNameA
VirtualFree
VirtualAlloc
HeapCreate
LCMapStringA
SetHandleCount
GetModuleHandleA

advapi32

StartServiceW
ChangeServiceConfigW
QueryServiceConfigW
ControlService
CloseServiceHandle
QueryServiceStatus
OpenServiceW
OpenSCManagerW
RegEnumValueW
RegOpenKeyW
RegCreateKeyExW
RegCreateKeyW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW
RegSetValueExW
OpenProcessToken
GetUserNameW
EqualSid
GetAce
GetAclInformation
SetNamedSecurityInfoW
SetEntriesInAclW
BuildExplicitAccessWithNameW
GetNamedSecurityInfoW
DeleteAce
GetExplicitEntriesFromAclW
LookupAccountNameW
AdjustTokenPrivileges
LookupPrivilegeValueW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegQueryValueExA

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetMalloc
ShellExecuteW
CommandLineToArgvW

ole32

CoCreateInstance
CoInitialize

oleaut32

SysAllocString
SysFreeString

shlwapi

SHDeleteValueW
SHDeleteKeyW
PathIsDirectoryW
SHSetValueW
PathCombineW
PathFileExistsW
StrCpyNW
StrCmpNIW
PathAppendW
StrCmpNW
StrChrW
SHGetValueW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

psapi

GetModuleFileNameExW
EnumProcessModules

user32

GetActiveWindow
MessageBoxW

Exports

Exports

DebugTest
Register

Sections

.text
Size: 410KB - Virtual size: 410KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

10c810ea4a3499978956e613eda4e7c3

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

ole32

oleaut32

shlwapi

version

psapi

user32

Exports

Exports

Sections

.text Size: 410KB - Virtual size: 410KB

.rdata Size: 57KB - Virtual size: 57KB

.data Size: 7KB - Virtual size: 22KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 31KB - Virtual size: 31KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

.text
Size: 410KB - Virtual size: 410KB

.rdata
Size: 57KB - Virtual size: 57KB

.data
Size: 7KB - Virtual size: 22KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 31KB - Virtual size: 31KB