16af783a07d7f77cd6283947e00e7d8c00662a713f9b5e50acba871a3ef792cc

Sharing

Copy URL Twitter E-mail

General

Target

16af783a07d7f77cd6283947e00e7d8c00662a713f9b5e50acba871a3ef792cc
Size

2.6MB
MD5

273d609d38d5430282e817004489c335
SHA1

8a58f2211d81899d9d38049277a648019eaf6b26
SHA256

16af783a07d7f77cd6283947e00e7d8c00662a713f9b5e50acba871a3ef792cc
SHA512

cd2364911dbe4f734a1e879ac1e5388bdef78cb9fc47c87b7d3e9e9c67c3cd33264dff7e95983788855b8ac9d7f9a823dadb81f7962d651e87c50d9451089e11
SSDEEP

49152:gYYeSUujSyllUXLtrb8HNOWVP4rfaTKQTRwSY:gZeFHoU0HtRm

Score

N/A

Malware Config

Signatures

Files

16af783a07d7f77cd6283947e00e7d8c00662a713f9b5e50acba871a3ef792cc
.dll regsvr32 windows x86

13df3fb1e3280c3e9b2dbcbeab4ed978

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

26:31:97:50:e8:54:09:f9:45:69:40:14:a4:ed:26:5a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

10/05/2011, 00:00

Not After

29/05/2014, 23:59

Subject

CN=Awareness Technologies\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Awareness Technologies\, Inc.,L=Marina del Rey,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

59:b2:24:50:3e:7f:b8:12:85:e2:36:a0:21:be:6a:ba:44:ec:ef:87
Signer

Actual PE Digest

59:b2:24:50:3e:7f:b8:12:85:e2:36:a0:21:be:6a:ba:44:ec:ef:87

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Awareness Technologies\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Awareness Technologies\, Inc.,L=Marina del Rey,ST=California,C=US

03/10/2011, 15:53
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

xpcom

NS_GetServiceManager
NS_GetMemoryManager
NS_GetComponentRegistrar
NS_GetComponentManager
NS_CStringContainerFinish
NS_CStringContainerInit
NS_StringContainerFinish
NS_StringContainerInit
NS_Alloc
NS_CStringGetData
NS_StringGetData
NS_CStringSetData
NS_CStringCopy
NS_StringCopy
NS_Free

kernel32

GetTempFileNameW
GetTempPathW
GetTickCount
lstrlenA
GetProcAddress
LoadLibraryW
lstrcpynW
lstrcpyW
WaitForMultipleObjects
Sleep
SetThreadPriority
GetThreadPriority
GetCurrentThread
IsBadReadPtr
VirtualProtect
VirtualAlloc
IsBadCodePtr
VirtualFree
GetExitCodeProcess
CreateProcessW
InterlockedExchange
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetCurrentProcessId
GetHandleInformation
GetCurrentThreadId
SetEndOfFile
WriteFile
SetFilePointer
FlushInstructionCache
GetFileAttributesExW
GetFileTime
VirtualUnlock
ResetEvent
IsBadWritePtr
LoadLibraryA
CreateEventA
lstrcatA
SetLastError
OpenProcess
GetSystemDirectoryW
GetExitCodeThread
CompareFileTime
CreateFileW
GetEnvironmentVariableW
MoveFileW
GetSystemTime
ResumeThread
GetACP
IsValidCodePage
HeapSize
HeapReAlloc
ReleaseMutex
CreateMutexW
GetProcessHeap
HeapFree
GetComputerNameW
LocalFree
FindResourceExW
LockResource
WideCharToMultiByte
CloseHandle
WaitForSingleObject
GetCurrentProcess
DuplicateHandle
CreateThread
GetModuleHandleW
LoadLibraryExW
QueryPerformanceFrequency
GetCurrentDirectoryA
SetCurrentDirectoryA
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
SetConsoleCtrlHandler
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
FlushFileBuffers
GetFileSize
ReadFile
DeleteFileW
lstrcmpW
HeapAlloc
SetEvent
TerminateThread
SetEnvironmentVariableW
CreateEventW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
DisableThreadLibraryCalls
GetModuleFileNameW
lstrlenW
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
GlobalUnlock
GlobalLock
CreateSemaphoreW
CreateFileA
CreateFileMappingW
lstrcpyA
ProcessIdToSessionId
OpenFileMappingW
ExpandEnvironmentStringsW
GetComputerNameExW
VirtualLock
FileTimeToSystemTime
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GlobalReAlloc
FindFirstFileW
FindNextFileW
FindClose
GlobalFree
GlobalAlloc
GetFileInformationByHandle
GetLocalTime
SystemTimeToFileTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
LocalAlloc
lstrcatW
SetFileAttributesW
GetTimeZoneInformation
GetVersionExW
MapViewOfFile
UnmapViewOfFile
InterlockedExchangeAdd
ReleaseSemaphore
FindNextFileA
GetOEMCP
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
FatalAppExitA
HeapCreate
ExitProcess
GetModuleHandleA
GetCPInfo
LCMapStringW
LCMapStringA
GetCommandLineA
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
IsProcessorFeaturePresent
InterlockedCompareExchange
HeapDestroy
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetSystemTimeAsFileTime
SetFileTime
GlobalSize
CreateMutexA
FindFirstFileA
lstrcpynA
GetSystemDefaultLangID
RemoveDirectoryW
CopyFileW
CreateDirectoryW
GetFileAttributesW

user32

CharNextW
GetForegroundWindow
IsWindowVisible
PostThreadMessageW
GetDesktopWindow
CharLowerA
CharLowerW
CharLowerBuffW
MsgWaitForMultipleObjects
DispatchMessageW
PeekMessageW
GetParent
GetClassNameW
MessageBoxW
GetWindowDC
GetSystemMetrics
SendMessageW
UnregisterClassA
GetWindowRect
TranslateMessage
GetWindowThreadProcessId
CallWindowProcW
GetWindowLongW
SendMessageTimeoutW
IsWindow
CreateWindowExW
RegisterClassExW
DefWindowProcW
RegisterWindowMessageW
PostMessageW
DestroyWindow
LoadCursorW
GetClassInfoExW
KillTimer
SetTimer
SetWindowLongW

gdi32

CreateCompatibleBitmap
SelectObject
BitBlt
GetObjectW
GetDIBits
DeleteObject
DeleteDC
CreateCompatibleDC

advapi32

CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegisterEventSourceW
ReportEventW
DeregisterEventSource
RegGetKeySecurity
RegOpenKeyW
LookupAccountSidW
ConvertStringSidToSidW
SetNamedSecurityInfoW
IsValidSid
RegSetKeySecurity
RegQueryValueExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LookupAccountNameW
ConvertSidToStringSidW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
CryptDestroyKey
AdjustTokenPrivileges
LookupPrivilegeValueW
InitiateSystemShutdownExW
OpenProcessToken
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
RevertToSelf
OpenThreadToken
ImpersonateLoggedOnUser
CryptEncrypt
CryptDecrypt
CryptDeriveKey
SetTokenInformation
DuplicateTokenEx
CryptAcquireContextW

ole32

StringFromCLSID
OleRun
CoInitializeEx
CoUninitialize
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CreateStreamOnHGlobal
StringFromGUID2
GetHGlobalFromStream

oleaut32

SafeArrayDestroy
SystemTimeToVariantTime
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
VariantTimeToSystemTime
VarBstrCmp
VarBstrFromI4
SysStringByteLen
SysAllocStringByteLen
VariantClear
VariantInit
SysAllocStringLen
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
SysStringLen
VarI4FromStr
SafeArrayRedim
VarBstrCat
VariantChangeType
SafeArrayPutElement
SafeArrayGetElement
SafeArrayCreate
GetErrorInfo
SetErrorInfo
CreateErrorInfo
VarUI4FromStr

shlwapi

PathRemoveFileSpecA
PathFileExistsW
PathRemoveFileSpecW
PathAppendW
StrStrIW
SHCreateStreamOnFileW
PathSkipRootW
PathMatchSpecW
PathFindFileNameW
PathIsDirectoryW
PathSkipRootA
PathStripPathW
PathIsDirectoryA
StrStrIA
PathFindFileNameA
PathAppendA
PathMatchSpecA

rpcrt4

UuidCreate
RpcStringFreeW
UuidToStringW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wtsapi32

WTSFreeMemory
WTSCloseServer
WTSQuerySessionInformationW
WTSOpenServerW

netapi32

NetWkstaUserEnum
NetApiBufferFree

psapi

GetModuleFileNameExW
GetProcessMemoryInfo

nspr4

PR_AtomicDecrement
PR_AtomicIncrement

shell32

SHGetFolderPathW

Exports

Exports

?NS_NewByteArrayInputStream@@YAIPAPAVnsIByteArrayInputStream@@PADK@Z
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
NSGetModule

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 864KB - Virtual size: 862KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

13df3fb1e3280c3e9b2dbcbeab4ed978

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

26:31:97:50:e8:54:09:f9:45:69:40:14:a4:ed:26:5aCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

59:b2:24:50:3e:7f:b8:12:85:e2:36:a0:21:be:6a:ba:44:ec:ef:87Signer

Signature Validations

Verification

03/10/2011, 15:53 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

xpcom

kernel32

user32

gdi32

advapi32

ole32

oleaut32

shlwapi

rpcrt4

version

wtsapi32

netapi32

psapi

nspr4

shell32

Exports

Exports

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 864KB - Virtual size: 862KB

.data Size: 48KB - Virtual size: 55KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 68KB - Virtual size: 65KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

26:31:97:50:e8:54:09:f9:45:69:40:14:a4:ed:26:5a
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

59:b2:24:50:3e:7f:b8:12:85:e2:36:a0:21:be:6a:ba:44:ec:ef:87
Signer

03/10/2011, 15:53
Valid: false

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 864KB - Virtual size: 862KB

.data
Size: 48KB - Virtual size: 55KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 68KB - Virtual size: 65KB