d226a2463046f1b8e02d78e503cd848f958bb2ac7259956117494f527964b34b

Sharing

Copy URL

Twitter E-mail

General

Target

d226a2463046f1b8e02d78e503cd848f958bb2ac7259956117494f527964b34b
Size

1.4MB
MD5

e1855b3b625c35e4356cc150c7986996
SHA1

3a2e9e1f092ce32aee4059a02393df0c8051ea36
SHA256

d226a2463046f1b8e02d78e503cd848f958bb2ac7259956117494f527964b34b
SHA512

1258d0266dde4642aca87deacda6ebd619b79d41567b034b9967e51192b31a269492224723db29a879d5bc52670f2dc414f06ceb04bd39573d228c8a06a700be
SSDEEP

24576:5fOFdnCZr+MxNT0F8Ov0qSs6wF/9Z95bvHT5x1:cdSbxY2un91vdx1

Score

N/A

Malware Config

Signatures

Files

d226a2463046f1b8e02d78e503cd848f958bb2ac7259956117494f527964b34b
.dll windows x86

21bed3953bc4de5fc641c2713abe0a25

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

56:f5:1b:61:d9:7d:b2:8c:df:fd:e6:ba:2d:15:90:4a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

13/08/2010, 00:00

Not After

12/08/2013, 23:59

Subject

CN=T.E.C Solutions (G.Z.)Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=T.E.C Solutions (G.Z.)Limited,L=Guangzhou,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

99:e0:4c:bd:78:ba:67:80:e1:e4:51:b7:87:6b:cc:e5:38:d6:a6:84
Signer

Actual PE Digest

99:e0:4c:bd:78:ba:67:80:e1:e4:51:b7:87:6b:cc:e5:38:d6:a6:84

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=T.E.C Solutions (G.Z.)Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=T.E.C Solutions (G.Z.)Limited,L=Guangzhou,ST=Guangdong,C=CN

01/07/2013, 12:16
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

getpeername
listen
shutdown
closesocket
connect
socket
WSAIoctl
htonl
getsockname
accept
setsockopt
WSACleanup
WSAStartup
htons
getsockopt
send
recv
sendto
ntohl
ntohs
WSAGetLastError
recvfrom
bind
gethostbyname
inet_addr

ippcap

pcap_read
pcap_setbuff
pcap_open_live
pcap_datalink
pcap_lookupdev
pcap_compile
pcap_fileno
pcap_geterr
pcap_next
pcap_setfilter
pcap_close

kernel32

SuspendThread
LocalAlloc
TlsAlloc
GlobalFree
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
SetErrorMode
lstrcatA
GetVersion
MulDiv
GlobalSize
GlobalFlags
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetCurrentDirectoryA
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
LockResource
LoadResource
FindResourceA
FreeLibrary
GetProcessVersion
GetCPInfo
GetOEMCP
HeapFree
HeapAlloc
RtlUnwind
GetFileType
GetTimeZoneInformation
GetSystemTime
HeapReAlloc
RaiseException
GetCommandLineA
ExitProcess
TerminateProcess
CreateThread
ExitThread
HeapSize
FatalAppExitA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
SetThreadPriority
LCMapStringA
LCMapStringW
SetStdHandle
SetHandleCount
GetStartupInfoA
SetUnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
GetDriveTypeA
UnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
SetConsoleCtrlHandler
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetExitCodeThread
FormatMessageW
GetSystemInfo
LoadLibraryW
ResetEvent
TerminateThread
GetCurrentDirectoryW
UnmapViewOfFile
SizeofResource
EnumResourceLanguagesA
LoadLibraryExA
LoadLibraryExW
GetComputerNameW
SetThreadLocale
InterlockedCompareExchange
InterlockedExchange
SetNamedPipeHandleState
WaitNamedPipeA
ConnectNamedPipe
CreateNamedPipeA
GetOverlappedResult
CancelIo
CreateIoCompletionPort
DisconnectNamedPipe
PostQueuedCompletionStatus
GetQueuedCompletionStatus
ResumeThread
SetEvent
GlobalAlloc
GlobalDeleteAtom
GetCurrentThread
FileTimeToLocalFileTime
FileTimeToSystemTime
GlobalLock
GlobalUnlock
SetFileAttributesA
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetFileTime
GetModuleFileNameA
GetShortPathNameA
lstrcmpiA
GetThreadLocale
GetStringTypeExA
GetFullPathNameA
lstrcpynA
GetVolumeInformationA
MoveFileA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
ReadFile
GetCurrentProcess
DuplicateHandle
FindNextFileA
lstrcpyA
FindFirstFileA
OpenEventA
OpenMutexA
OpenSemaphoreA
QueryPerformanceCounter
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
CreateDirectoryA
SetLastError
GetDiskFreeSpaceA
SetVolumeLabelA
GetSystemTimeAsFileTime
SetCurrentDirectoryA
FindClose
lstrcmpA
WaitForMultipleObjects
CreateEventA
ReleaseMutex
CreateMutexA
ReleaseSemaphore
CreateSemaphoreA
FormatMessageA
LocalFree
WideCharToMultiByte
lstrlenA
InterlockedIncrement
GetCurrentThreadId
GetLastError
AllocConsole
GetStdHandle
WriteConsoleA
FreeConsole
SetFilePointer
WriteFile
CreateFileW
GetProfileStringA
GetModuleHandleA
MultiByteToWideChar
GetVersionExA
GetFileAttributesA
WaitForSingleObject
Sleep
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetACP
CopyFileA
lstrlenW
CreateFileA
GetFileSize
CloseHandle
DeleteFileA
InterlockedDecrement
LoadLibraryA
GetProcAddress
OutputDebugStringW
OutputDebugStringA
GetTickCount
GetModuleFileNameW
GetLocalTime
GetCurrentProcessId
GetWindowsDirectoryW
GetWindowsDirectoryA
GetSystemDirectoryW
GetSystemDirectoryA
IsBadWritePtr
FindResourceExA

user32

AdjustWindowRectEx
EqualRect
DeferWindowPos
GetClientRect
BeginDeferWindowPos
CopyRect
EndDeferWindowPos
ScrollWindow
GetScrollInfo
SetScrollInfo
ShowScrollBar
GetScrollRange
SetScrollRange
GetTopWindow
IsChild
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
TrackPopupMenu
SetWindowPlacement
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
ShowWindow
SetWindowPos
MoveWindow
SetWindowLongA
IsDialogMessageA
ScrollWindowEx
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
SendDlgItemMessageA
GetDlgItemTextA
IsWindow
SetActiveWindow
GetSysColor
MapWindowPoints
GetDlgItemInt
GetDlgItem
CheckRadioButton
CheckDlgButton
DeleteMenu
CharToOemBuffA
OemToCharBuffA
GetProcessWindowStation
GetUserObjectInformationW
GetScrollPos
SetScrollPos
wvsprintfA
SetFocus
SetWindowTextA
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetClassNameA
RemoveMenu
GetMenuItemCount
GetSubMenu
GetMenuStringA
AppendMenuA
GetMenuItemID
InsertMenuA
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
ScreenToClient
LoadStringA
UnregisterClassA
UnhookWindowsHookEx
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
UpdateWindow
LoadIconA
LoadCursorA
GetSysColorBrush
DestroyMenu
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
MessageBoxA
EnableWindow
SetCursor
ShowOwnedPopups
SendMessageA
PostMessageA
PostQuitMessage
GetWindowTextLengthA
GetWindowTextA
GetSystemMetrics
CharUpperA
wsprintfA
MsgWaitForMultipleObjects
OemToCharA
CharToOemA
MessageBoxW
GetDesktopWindow

gdi32

CreateHatchBrush
CreateSolidBrush
CreateDIBPatternBrushPt
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
CopyMetaFileA
CreateDCA
GetDCOrgEx
GetObjectA
ExtCreatePen
CreatePen
GetWindowExtEx
GetViewportExtEx
GetDeviceCaps
CreateCompatibleDC
PlayMetaFile
EnumMetaFile
GetObjectType
PlayMetaFileRecord
ExtSelectClipRgn
SelectClipPath
CreateRectRgn
GetClipRgn
DeleteObject
ScaleWindowExtEx
GetClipBox
SelectClipRgn
ExcludeClipRect
IntersectClipRect
CreatePatternBrush
OffsetClipRgn
CreateCompatibleBitmap
BitBlt
GetBitmapBits
SetColorAdjustment
PolylineTo
PolyDraw
SetArcDirection
ArcTo
GetCurrentPositionEx
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
LineTo
MoveToEx
CreateBitmap
DeleteDC
StartDocA
SaveDC
RestoreDC
SelectObject
GetStockObject
SelectPalette
SetBkColor
SetBkMode
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
PolyBezierTo

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

InitializeSecurityDescriptor
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA
RegOpenKeyExA
LookupAccountSidW
GetLengthSid
InitializeAcl
AddAccessAllowedAce
GetAce
LookupAccountNameW
RegisterEventSourceA
ReportEventA
DeregisterEventSource
SetSecurityDescriptorDacl
RegCreateKeyExA
RegSetValueA
RegOpenKeyA
RegQueryValueExA
RegQueryValueExW
RegCreateKeyW
RegOpenKeyW
RegSetValueExW
RegCloseKey
RegConnectRegistryA
RegEnumKeyA
RegQueryInfoKeyA
RegEnumValueA

shell32

DragAcceptFiles
SHGetFileInfoA
SHFileOperationA

comctl32

ord17

ole32

StringFromCLSID
ReadClassStg
WriteClassStg
ReadFmtUserTypeStg
CoCreateInstance
CoUninitialize
CoInitialize
CoCreateGuid
OleDuplicateData
CoTaskMemAlloc
CreateBindCtx
CoTaskMemFree
SetConvertStg
WriteFmtUserTypeStg
CoTreatAsClass
ReleaseStgMedium
CoDisconnectObject
OleRegGetUserType

oleaut32

SysFreeString
SysAllocString
SysStringLen
SysAllocStringLen
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
VariantClear
SafeArrayRedim
VariantCopy
SysAllocStringByteLen
VariantChangeType
SysStringByteLen
VarCyFromStr
VarBstrFromCy
VarDateFromStr
VarBstrFromDate
SafeArrayCopy
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayGetElement
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
SysReAllocStringLen
SafeArrayCreateVector
GetErrorInfo
SetErrorInfo
CreateErrorInfo
VariantInit

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

rpcrt4

UuidToStringA
RpcStringFreeA
UuidToStringW
RpcStringFreeW
UuidCreate

Exports

Exports

GetSmbLog
RunDll32
SetLocalIPs
SetLogFlag
SetLogMode
SetSmbLogFlag
SetSyncTime
SetUserName
StartMonitor
StopMonitor

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 180KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 92KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

21bed3953bc4de5fc641c2713abe0a25

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

56:f5:1b:61:d9:7d:b2:8c:df:fd:e6:ba:2d:15:90:4aCertificate

Extended Key Usages

Key Usages

99:e0:4c:bd:78:ba:67:80:e1:e4:51:b7:87:6b:cc:e5:38:d6:a6:84Signer

Signature Validations

Verification

01/07/2013, 12:16 Valid: false

Headers

File Characteristics

Imports

ws2_32

ippcap

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

ole32

oleaut32

version

rpcrt4

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 180KB - Virtual size: 177KB

.data Size: 92KB - Virtual size: 129KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 68KB - Virtual size: 67KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

56:f5:1b:61:d9:7d:b2:8c:df:fd:e6:ba:2d:15:90:4a
Certificate

99:e0:4c:bd:78:ba:67:80:e1:e4:51:b7:87:6b:cc:e5:38:d6:a6:84
Signer

01/07/2013, 12:16
Valid: false

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 180KB - Virtual size: 177KB

.data
Size: 92KB - Virtual size: 129KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 68KB - Virtual size: 67KB