6a8c39ee47905f24b80be6255c82ff764e7f1c9ac7b6abb68c77096c2befb552

Sharing

Copy URL Twitter E-mail

General

Target

6a8c39ee47905f24b80be6255c82ff764e7f1c9ac7b6abb68c77096c2befb552
Size

513KB
MD5

c314b9dc9122111238cf81563f9ca60b
SHA1

c62c8919639158e59b9b33ee0c02d37f91ca4f15
SHA256

6a8c39ee47905f24b80be6255c82ff764e7f1c9ac7b6abb68c77096c2befb552
SHA512

04e9be8f7194a624672e4c57d971a175b0f7542ce43c64715dbef511f7933da9fbfc31f89c705a758596b618f15af7febf067c71499466c45e7de535c4185f55
SSDEEP

6144:VkKxoyiG7d2Gma5mFkeYop3vgiwr4Kdyj7XKUTa8m23d7KJqKWMJcjo+eCyGAtOL:vx7U/Yop34iqI7XHgZQKhJgeCmtQeVA

Score

N/A

Malware Config

Signatures

Files

6a8c39ee47905f24b80be6255c82ff764e7f1c9ac7b6abb68c77096c2befb552
.dll regsvr32 windows x86

e0f92787ba9ed596862b5cb1b29044ea

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:02

Not After

25/07/2013, 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

ce:da:db:f5:ad:29:5f:3b:a9:db:ae:ae:df:86:b5:be:45:2d:ec:05
Signer

Actual PE Digest

ce:da:db:f5:ad:29:5f:3b:a9:db:ae:ae:df:86:b5:be:45:2d:ec:05

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

28/02/2010, 09:10
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

secur32

GetUserNameExW

advapi32

GetTokenInformation
OpenThreadToken
UnregisterTraceGuids
ConvertSidToStringSidA
RegSetValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExA
RegQueryValueExW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsA
TraceEvent
RegQueryInfoKeyW
RegEnumKeyW
RegEnumValueW
RegOpenKeyExA
GetLengthSid
AddAccessAllowedAce
AddAccessDeniedAce
InitializeAcl
AllocateAndInitializeSid
CopySid
OpenProcessToken
FreeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
CheckTokenMembership
IsValidSid

gdi32

GetDeviceCaps
DeleteDC
DeleteObject
CreateDCA
CreateSolidBrush

kernel32

WriteConsoleW
lstrcmpiW
GetConsoleOutputCP
GetModuleFileNameW
GetModuleFileNameA
GetModuleHandleA
LoadLibraryA
GetUserDefaultLangID
GetSystemDefaultUILanguage
GetSystemDefaultLCID
FreeLibrary
FindClose
FindNextFileW
FindFirstFileW
RemoveDirectoryW
DeleteFileW
GetSystemWindowsDirectoryW
GetProcAddress
LoadLibraryW
ExpandEnvironmentStringsW
GetLastError
RaiseException
HeapFree
HeapAlloc
GetProcessHeap
VirtualAlloc
HeapSetInformation
HeapCreate
HeapDestroy
HeapReAlloc
HeapSize
HeapUnlock
HeapLock
TlsSetValue
SetLastError
VirtualFree
TlsGetValue
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsFree
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
IsValidLocale
GetModuleHandleW
GetFileAttributesW
GetVersion
GetVersionExA
GetModuleHandleExW
RtlCaptureStackBackTrace
WaitForSingleObject
ReleaseMutex
CloseHandle
GetSystemTimeAsFileTime
GetTickCount
GetLocalTime
WriteFile
SetFileAttributesW
CreateFileW
GetProcessTimes
GetCurrentProcess
GlobalFree
OutputDebugStringA
CreateMutexA
OpenMutexA
CreateSemaphoreA
GetShortPathNameA
GlobalAlloc
GetSystemDirectoryW
GetTimeZoneInformation
GetDiskFreeSpaceExW
IsWow64Process
GetUserDefaultLCID
GetSystemInfo
GetVersionExW
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
CreateProcessW
WriteConsoleA
LocalFree
LocalAlloc
Sleep
IsDBCSLeadByte
GetStringTypeExW
GetACP
WideCharToMultiByte
IsValidCodePage
CompareStringW
MultiByteToWideChar
GetTempPathW
GetShortPathNameW
GetLongPathNameW
CreateDirectoryW
GetFileType
CreateFileA
InitializeCriticalSection
LoadLibraryExW
GetCurrentThread
FlushFileBuffers
GlobalMemoryStatus
ReleaseSemaphore
IsProcessorFeaturePresent
GetCommandLineA
RtlUnwind
InterlockedIncrement
InterlockedDecrement
ExitProcess
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetOEMCP
LCMapStringA
LCMapStringW
GetLocaleInfoA
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
GetStringTypeA
GetStringTypeW

ole32

CoTaskMemAlloc
CoTaskMemFree

rpcrt4

UuidCreate

shell32

SHGetSpecialFolderPathW

shlwapi

SHDeleteKeyW

user32

GetKeyboardLayoutList
GetKeyboardLayout
LoadStringW
GetMenuCheckMarkDimensions
ReleaseDC
GetDC
SystemParametersInfoA
GetSystemMetrics
GetMonitorInfoA
EnumDisplayMonitors
GetSysColor

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 285KB - Virtual size: 284KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 200KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e0f92787ba9ed596862b5cb1b29044ea

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:01:cf:3e:00:00:00:00:00:0fCertificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

61:06:94:2d:00:00:00:00:00:09Certificate

Extended Key Usages

Key Usages

ce:da:db:f5:ad:29:5f:3b:a9:db:ae:ae:df:86:b5:be:45:2d:ec:05Signer

Signature Validations

Verification

28/02/2010, 09:10 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

version

secur32

advapi32

gdi32

kernel32

ole32

rpcrt4

shell32

shlwapi

user32

Exports

Exports

Sections

.text Size: 285KB - Virtual size: 284KB

.data Size: 200KB - Virtual size: 232KB

.rsrc Size: 12KB - Virtual size: 11KB

.reloc Size: 9KB - Virtual size: 9KB

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:01:cf:3e:00:00:00:00:00:0f
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:06:94:2d:00:00:00:00:00:09
Certificate

ce:da:db:f5:ad:29:5f:3b:a9:db:ae:ae:df:86:b5:be:45:2d:ec:05
Signer

28/02/2010, 09:10
Valid: false

.text
Size: 285KB - Virtual size: 284KB

.data
Size: 200KB - Virtual size: 232KB

.rsrc
Size: 12KB - Virtual size: 11KB

.reloc
Size: 9KB - Virtual size: 9KB