a33587154a0960cc2ef9b33409ba463b732a4a8eb7c3d188980e14de512c20a1

Sharing

Copy URL Twitter E-mail

General

Target

a33587154a0960cc2ef9b33409ba463b732a4a8eb7c3d188980e14de512c20a1
Size

620KB
MD5

dff2732d5a749490acf7253bb3f480e0
SHA1

601400d6d7a16f29731218755456b74d7b64d9e1
SHA256

a33587154a0960cc2ef9b33409ba463b732a4a8eb7c3d188980e14de512c20a1
SHA512

876b2178a4ca909fecc38837d49193cce41d26502d0e241ca41f164aebe5d0a4f75c371fff334e67973ef85b8f33b56c66ea2600c6085eeed742f45db517bd9f
SSDEEP

12288:kWkAZe8HIgDhFvtdqOKRWz/+HVAkFtYrcLjwENHGNBK:kWrtoqyxp/fYrcLdNmN0

Score

N/A

Malware Config

Signatures

Files

a33587154a0960cc2ef9b33409ba463b732a4a8eb7c3d188980e14de512c20a1
.dll windows x86

d8b085ee5dd67e07415dcbffec58b9f5

Code Sign

37:e4:ff:85:3d:04:b2:3a:c7:39:f1:a2:78:1b:db:be
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

27/05/2011, 00:00

Not After

26/05/2012, 23:59

Subject

CN=agir,O=agir,L=Yeongcheon Si,ST=GYEONGSANGBUK-DO,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

sqlite3

sqlite3_column_decltype
sqlite3_column_type
sqlite3_errmsg
sqlite3_finalize
sqlite3_step
sqlite3_free_table
sqlite3_reset
sqlite3_changes
sqlite3_bind_text
sqlite3_bind_int
sqlite3_mprintf
sqlite3_bind_blob
sqlite3_bind_null
sqlite3_open
sqlite3_close
sqlite3_free
sqlite3_get_table
sqlite3_last_insert_rowid
sqlite3_busy_timeout
sqlite3_prepare
sqlite3_bind_double
sqlite3_exec
sqlite3_column_name
sqlite3_column_bytes
sqlite3_column_blob
sqlite3_column_double
sqlite3_column_int
sqlite3_column_text
sqlite3_column_count
sqlite3_vmprintf

kernel32

GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
SetErrorMode
GlobalFlags
GetProcessVersion
GetCPInfo
GetOEMCP
GlobalSize
CopyFileA
GetPrivateProfileIntA
GetCurrentDirectoryA
RtlUnwind
LocalAlloc
GetCommandLineA
CreateThread
ExitThread
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetACP
ExitProcess
TerminateProcess
HeapSize
HeapReAlloc
SetStdHandle
GetFileType
FatalAppExitA
LCMapStringA
LCMapStringW
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
UnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
GetDriveTypeA
IsBadReadPtr
IsBadCodePtr
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
SetConsoleCtrlHandler
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrlenW
SetLastError
SystemTimeToFileTime
GetFileTime
GetFileSize
GetStringTypeExA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
SetEndOfFile
UnlockFile
LockFile
TlsAlloc
GetThreadLocale
MulDiv
lstrcmpA
FormatMessageA
LocalFree
SuspendThread
SetThreadPriority
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GlobalLock
GlobalUnlock
GlobalFree
lstrcpynA
FindResourceA
SizeofResource
LoadResource
LockResource
OpenProcess
GetVersion
GetFileAttributesA
SetFileAttributesA
LoadLibraryA
FreeLibrary
CreateProcessA
GetExitCodeProcess
RemoveDirectoryA
GetModuleHandleA
GetProcAddress
GetVersionExA
QueryPerformanceFrequency
QueryPerformanceCounter
GetPrivateProfileSectionA
GetPrivateProfileSectionNamesA
GetFileAttributesExA
GetPrivateProfileStringA
ExpandEnvironmentStringsA
GetShortPathNameA
Sleep
MoveFileA
CreateDirectoryA
WideCharToMultiByte
MultiByteToWideChar
WritePrivateProfileStringA
SetFilePointer
WriteFile
ReadFile
HeapFree
GetProcessHeap
HeapAlloc
lstrcmpiA
DeleteFileA
CreateFileA
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
InterlockedDecrement
InterlockedIncrement
GetModuleFileNameA
GetCurrentThreadId
GetCurrentProcessId
OutputDebugStringA
GetCurrentProcess
DuplicateHandle
WaitForSingleObject
TerminateThread
CloseHandle
CreateEventA
GetLastError
lstrlenA
lstrcpyA
lstrcatA
ResumeThread
GetTickCount
SetEvent
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GlobalAlloc
GetCurrentThread
FlushFileBuffers
FindNextFileA
RaiseException

user32

LoadStringA
CopyAcceleratorTableA
InsertMenuA
AppendMenuA
GetMenuStringA
RemoveMenu
DeleteMenu
GetNextDlgGroupItem
MessageBeep
RegisterClipboardFormatA
PostThreadMessageA
DestroyIcon
BeginPaint
GetWindowDC
GetDialogBaseUnits
ClientToScreen
GetClassNameA
UnregisterClassA
WaitMessage
MapDialogRect
SetWindowContextHelpId
SetCursor
ShowOwnedPopups
PostQuitMessage
CharUpperA
CharNextA
InflateRect
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
MoveWindow
SetWindowTextA
IsDialogMessageA
ScrollWindowEx
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
GetDlgItemTextA
GetDlgItemInt
CheckRadioButton
CheckDlgButton
GetMessageA
TranslateMessage
ValidateRect
OemToCharA
CharToOemA
LoadIconA
SendDlgItemMessageA
MapWindowPoints
GetSysColor
DispatchMessageA
SetFocus
AdjustWindowRectEx
EqualRect
DeferWindowPos
BeginDeferWindowPos
EndDeferWindowPos
IsWindowVisible
ScrollWindow
GetScrollInfo
SetScrollInfo
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
DestroyMenu
IsChild
GetCapture
WinHelpA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
TrackPopupMenu
SetWindowPlacement
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
GetKeyState
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetNextDlgTabItem
EndDialog
SetActiveWindow
GetSystemMetrics
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
IsWindowEnabled
GetClassInfoA
GetDC
ReleaseDC
MonitorFromPoint
GetMonitorInfoA
CopyRect
GetWindowLongA
RegisterWindowMessageA
SetRect
MessageBoxA
ShowWindow
RedrawWindow
IsZoomed
SetWindowPos
InvalidateRect
UpdateWindow
FindWindowExA
SetWindowsHookExA
GetFocus
IsWindow
GetAsyncKeyState
CallNextHookEx
UnhookWindowsHookEx
CallWindowProcA
SendMessageA
SetWindowLongA
GetActiveWindow
GetCursorPos
PtInRect
GetClientRect
GetWindowRect
GetParent
ScreenToClient
GetSysColorBrush
LoadCursorA
GrayStringA
DrawTextA
TabbedTextOutA
GetTopWindow
EndPaint
SetWindowRgn
SetTimer
KillTimer
EnableWindow
PostMessageA
PeekMessageA
GetDesktopWindow
SetParent
wvsprintfA
wsprintfA
GetWindow

gdi32

ArcTo
SetArcDirection
PolyDraw
PolylineTo
SetColorAdjustment
PolyBezierTo
GetClipRgn
SelectClipPath
ExtSelectClipRgn
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
GetViewportExtEx
GetWindowExtEx
CreatePen
SetTextAlign
CreateSolidBrush
CreateHatchBrush
CreateDIBPatternBrushPt
PtVisible
RectVisible
TextOutA
Escape
LPtoDP
CopyMetaFileA
CreateDCA
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetStretchBltMode
GetCurrentPositionEx
SetPolyFillMode
SetBkMode
SelectPalette
RestoreDC
LineTo
MoveToEx
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
SelectClipRgn
ScaleWindowExtEx
DPtoLP
CreateFontIndirectA
ExtTextOutA
CreateRectRgnIndirect
CreateRectRgn
SetRectRgn
PatBlt
CreatePatternBrush
GetMapMode
GetDeviceCaps
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetClipBox
GetDCOrgEx
EnumFontFamiliesA
FrameRgn
CreateRoundRectRgn
CreatePolygonRgn
CombineRgn
SetMapperFlags
SetTextCharacterExtra
SetROP2
SetTextJustification
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
DeleteObject
ExtCreatePen
GetStockObject
SaveDC
StartDocA
DeleteDC
SelectObject
GetTextMetricsA
GetTextExtentPoint32A
GetBkColor
GetTextColor
SetViewportExtEx

comdlg32

GetOpenFileNameA
GetFileTitleA
GetSaveFileNameA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegGetKeySecurity
RegCreateKeyExA
ControlService
DeleteService
EnumServicesStatusA
QueryServiceConfigA
OpenSCManagerA
OpenServiceA
QueryServiceStatus
CloseServiceHandle
RegSetKeySecurity
RegQueryInfoKeyA
AllocateAndInitializeSid
InitializeAcl
AddAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
RegCloseKey
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
GetTokenInformation
GetLengthSid
CopySid
RegOpenKeyExA
RegEnumKeyA
RegDeleteKeyA
RegDeleteValueA
RegSetValueA
RegCreateKeyA
RegSetValueExA
RegQueryValueA
RegOpenKeyA
RegQueryValueExA

shell32

SHGetFileInfoA
DragAcceptFiles
ord680
SHGetDesktopFolder
SHGetSpecialFolderPathA
ExtractIconA

comctl32

ord17

oledlg

ord8

ole32

CLSIDFromProgID
CoCreateInstance
OleInitialize
CLSIDFromString
OleRun
CoDisconnectObject
CoGetClassObject
CreateStreamOnHGlobal
OleIsCurrentClipboard
OleFlushClipboard
OleSetClipboard
CoRevokeClassObject
CoRegisterClassObject
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
ReleaseStgMedium
CoTreatAsClass
StringFromCLSID
ReadClassStg
ReadFmtUserTypeStg
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CreateBindCtx
OleDuplicateData
CoTaskMemAlloc
CoTaskMemFree
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes

olepro32

ord253

oleaut32

VarCyFromStr
VariantCopy
SafeArrayRedim
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElement
SafeArrayDestroy
SysAllocString
SysAllocStringLen
VariantClear
SysFreeString
LoadTypeLi
SysAllocStringByteLen
VariantChangeType
SysStringByteLen
SysStringLen
VarBstrFromCy
VarDateFromStr
VarBstrFromDate
SafeArrayCopy
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroyData
SafeArrayDestroyDescriptor
VariantTimeToSystemTime
SysReAllocStringLen

urlmon

URLDownloadToCacheFileA

wsock32

inet_ntoa
sendto
connect
recvfrom
socket
WSAAsyncSelect
send
recv
gethostbyname
closesocket
WSACleanup
WSAStartup
WSASetLastError
WSAGetLastError
inet_addr
ntohs
getpeername
getsockname
accept
ioctlsocket
bind
htonl
htons

wininet

FtpCreateDirectoryA
FtpRenameFileA
FtpDeleteFileA
InternetQueryDataAvailable
InternetWriteFile
InternetSetFilePointer
InternetGetCookieA
InternetSetCookieA
InternetSetStatusCallback
InternetSetOptionExA
InternetOpenUrlA
InternetQueryOptionA
InternetCanonicalizeUrlA
FindFirstUrlCacheEntryA
DeleteUrlCacheEntry
FindNextUrlCacheEntryA
FindCloseUrlCache
InternetOpenA
InternetSetOptionA
FtpRemoveDirectoryA
InternetConnectA
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestA
InternetReadFile
InternetCloseHandle
FtpPutFileA
FtpGetFileA
GopherCreateLocatorA
GopherGetAttributeA
GopherOpenFileA
FtpOpenFileA
HttpEndRequestA
HttpSendRequestExA
HttpQueryInfoA
FtpFindFirstFileA
InternetFindNextFileA
GopherFindFirstFileA
InternetGetLastResponseInfoA
FtpSetCurrentDirectoryA
FtpGetCurrentDirectoryA
InternetCrackUrlA
InternetErrorDlg

iphlpapi

GetAdaptersInfo

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

winmm

timeKillEvent
timeSetEvent

dbghelp

MakeSureDirectoryPathExists

cabinet

ord22
ord23
ord20

imm32

ImmNotifyIME
ImmReleaseContext
ImmGetContext

psapi

GetModuleFileNameExA

Exports

Exports

BeforeNavigate2
ConnectBrowser
DocumentComplete
NSIS_After_Patch
NSIS_After_Setup
NSIS_After_UnInstall
NSIS_IsPatchStartible
NSIS_IsSetupStartible
NSIS_URL32Encoding
NSIS_VersionCheck
NavigateComplete2
NewWindow2
NewWindow3
OnAddressBar
OnMenuBar
OnToolBar
Quit
SetBandWeb
SetupRegisterServer
SetupUnregisterServer
Test_Func

Sections

.text
Size: 392KB - Virtual size: 390KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d8b085ee5dd67e07415dcbffec58b9f5

Code Sign

37:e4:ff:85:3d:04:b2:3a:c7:39:f1:a2:78:1b:db:beCertificate

Extended Key Usages

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6dCertificate

Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

sqlite3

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

urlmon

wsock32

wininet

iphlpapi

version

winmm

dbghelp

cabinet

imm32

psapi

Exports

Exports

Sections

.text Size: 392KB - Virtual size: 390KB

.rdata Size: 92KB - Virtual size: 88KB

.data Size: 40KB - Virtual size: 67KB

.rsrc Size: 52KB - Virtual size: 48KB

.reloc Size: 36KB - Virtual size: 33KB

37:e4:ff:85:3d:04:b2:3a:c7:39:f1:a2:78:1b:db:be
Certificate

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

.text
Size: 392KB - Virtual size: 390KB

.rdata
Size: 92KB - Virtual size: 88KB

.data
Size: 40KB - Virtual size: 67KB

.rsrc
Size: 52KB - Virtual size: 48KB

.reloc
Size: 36KB - Virtual size: 33KB