1daa45061d9d5486d1c61e30f6176854bc4e06c7e34e00165ea912740d531538

Sharing

Copy URL Twitter E-mail

General

Target

1daa45061d9d5486d1c61e30f6176854bc4e06c7e34e00165ea912740d531538
Size

443KB
MD5

edac5d3677875eb1677c8d4b4de7f779
SHA1

48a00752233499c4288d2b0c416fb7f993de7154
SHA256

1daa45061d9d5486d1c61e30f6176854bc4e06c7e34e00165ea912740d531538
SHA512

a36235b795113c69ada0bf4ed9f57aae877be8f7ab3aa195d79adb099c306ea6b92b7efb02287d3415843b2db085cf76a64443fa51379feada70c90a5c689933
SSDEEP

6144:9PqStW+iMqzI3FdQh0z1OgmoY5c7QElNSFkzvUFEhC88VQMsUJz0RCY6w:9bYzI3FdfmliFzS2zv/C88VTB0RQw

Score

N/A

Malware Config

Signatures

Files

1daa45061d9d5486d1c61e30f6176854bc4e06c7e34e00165ea912740d531538
.dll windows x86

791f36781e0f8a1a47b5ffd432359e07

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

56:f5:1b:61:d9:7d:b2:8c:df:fd:e6:ba:2d:15:90:4a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

13/08/2010, 00:00

Not After

12/08/2013, 23:59

Subject

CN=T.E.C Solutions (G.Z.)Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=T.E.C Solutions (G.Z.)Limited,L=Guangzhou,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

25:a4:2a:c4:39:f5:57:65:95:dc:b4:86:ca:05:06:8d:5a:f4:e1:cc
Signer

Actual PE Digest

25:a4:2a:c4:39:f5:57:65:95:dc:b4:86:ca:05:06:8d:5a:f4:e1:cc

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=T.E.C Solutions (G.Z.)Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=T.E.C Solutions (G.Z.)Limited,L=Guangzhou,ST=Guangdong,C=CN

02/08/2013, 03:29
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessVersion
FileTimeToSystemTime
FileTimeToLocalFileTime
GetCPInfo
GetOEMCP
RtlUnwind
GetCommandLineA
HeapAlloc
HeapFree
SetStdHandle
GetFileType
ExitProcess
TerminateProcess
CreateThread
ExitThread
RaiseException
HeapSize
HeapReAlloc
GetACP
GetTimeZoneInformation
GetSystemTime
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
FatalAppExitA
FindResourceA
LCMapStringW
GetStringTypeA
GetStringTypeW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
Sleep
IsBadReadPtr
IsBadCodePtr
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
SetConsoleCtrlHandler
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetLocaleInfoW
LoadResource
LockResource
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GetCurrentDirectoryA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
GlobalFlags
SetFileAttributesA
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetFileTime
GetFileSize
GetFileAttributesA
MulDiv
GetModuleHandleA
GetVersion
lstrcatA
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
GetDriveTypeA
FindNextFileA
GetSystemInfo
LoadLibraryExW
EnumResourceLanguagesA
SizeofResource
GetWindowsDirectoryA
CreateProcessA
CopyFileA
CreateDirectoryA
RemoveDirectoryA
OpenProcess
GetSystemDirectoryA
GetFileInformationByHandle
FormatMessageW
lstrlenW
FindResourceExA
GlobalUnlock
TlsAlloc
LocalAlloc
SuspendThread
SetThreadPriority
ResumeThread
SetEvent
GlobalLock
GlobalDeleteAtom
lstrcmpA
GetCurrentThread
FormatMessageA
LocalFree
GetModuleFileNameA
GetShortPathNameA
lstrcmpiA
GetThreadLocale
GetStringTypeExA
GetFullPathNameA
lstrcpynA
GetVolumeInformationA
FindFirstFileA
FindClose
lstrcpyA
DeleteFileA
MoveFileA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
ReadFile
GetCurrentProcess
DuplicateHandle
WaitForMultipleObjects
CreateEventA
ReleaseSemaphore
CreateSemaphoreA
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
InterlockedDecrement
InterlockedIncrement
SetLastError
VirtualLock
VirtualUnlock
CreateFileA
ReleaseMutex
WaitForSingleObject
GetLastError
DeviceIoControl
CreateMutexA
OpenMutexA
GetModuleHandleW
LoadLibraryW
GetCurrentThreadId
AllocConsole
GetStdHandle
WriteConsoleA
FreeConsole
OutputDebugStringW
SetFilePointer
WriteFile
CreateFileW
CloseHandle
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetProfileStringA
GlobalAlloc
GlobalFree
LoadLibraryExA
FreeLibrary
GetProcAddress
LoadLibraryA
GetTickCount
GetModuleFileNameW
GetLocalTime
LCMapStringA
GetCurrentProcessId

user32

MapWindowPoints
GetSysColor
SetActiveWindow
IsWindow
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetClientRect
BeginDeferWindowPos
CopyRect
EndDeferWindowPos
ScrollWindow
GetScrollInfo
SetScrollInfo
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
IsChild
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetSubMenu
GetMenuItemID
TrackPopupMenu
SetWindowPlacement
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
LoadIconA
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
SetFocus
ShowWindow
SetWindowPos
MoveWindow
SetWindowLongA
GetWindowTextLengthA
IsDialogMessageA
ScrollWindowEx
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
SendDlgItemMessageA
GetDlgItemTextA
GetDlgItemInt
GetDlgItem
CheckDlgButton
GetMenuStringA
DeleteMenu
InsertMenuA
MessageBoxW
CharToOemA
OemToCharA
MsgWaitForMultipleObjects
wsprintfA
CharUpperA
GetMenuItemCount
GetDesktopWindow
GetWindowTextA
SetWindowTextA
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetClassNameA
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
DestroyMenu
GetSysColorBrush
RegisterWindowMessageA
LoadCursorA
BeginPaint
GetWindowDC
OffsetRect
UpdateWindow
GetSystemMetrics
PostQuitMessage
PostMessageA
SendMessageA
ShowOwnedPopups
SetCursor
EnableWindow
ReleaseDC
GetDC
ClientToScreen
ScreenToClient
LoadStringA
UnregisterClassA
UnhookWindowsHookEx
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
CloseDesktop
SetThreadDesktop
GetThreadDesktop
OpenDesktopA
OpenInputDesktop
GetUserObjectInformationA
CloseWindowStation
SetProcessWindowStation
OpenWindowStationA
EnumDesktopWindows
GetWindowThreadProcessId
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
MessageBoxA
CheckRadioButton

gdi32

ExtSelectClipRgn
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
GetDeviceCaps
GetViewportExtEx
GetWindowExtEx
CreatePen
ExtCreatePen
CreateSolidBrush
GetClipRgn
CreatePatternBrush
CreateDIBPatternBrushPt
PtVisible
RectVisible
TextOutA
SelectClipPath
SaveDC
Escape
GetDCOrgEx
GetObjectA
DeleteObject
PolyBezierTo
SetColorAdjustment
PolylineTo
PolyDraw
SetArcDirection
ArcTo
GetCurrentPositionEx
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
LineTo
ExtTextOutA
CreateRectRgn
MoveToEx
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
SelectClipRgn
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
SetBkColor
SelectPalette
GetStockObject
SelectObject
CreateHatchBrush
CreateBitmap
StartDocA
DeleteDC
RestoreDC

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

DeleteService
OpenServiceA
StartServiceA
OpenSCManagerA
CreateServiceA
CloseServiceHandle
LookupAccountSidW
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
GetAce
SetSecurityDescriptorDacl
LookupAccountNameW
GetUserNameA
GetTokenInformation
LookupAccountSidA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyA
RegEnumValueA
RegQueryInfoKeyA
RegEnumKeyA
RegConnectRegistryA
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegOpenKeyA
RegQueryValueExA
RegQueryValueExW
RegCreateKeyW
RegOpenKeyW
RegSetValueExW
RegCloseKey
ControlService

shell32

SHGetFileInfoA
ShellExecuteA
DragAcceptFiles

comctl32

ord17

setupapi

SetupInstallFileA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

oleaut32

SysReAllocStringLen
SysAllocStringLen

Exports

Exports

EnumThreads
GTC
GetPortVal
Init
InstallAndStartTSysDrv
InstallTSysDrv
NQSI
OP
OT
RPM
RT
RemoveTSysDrv
SSDTRestoreFunction
ST
STC
SetPortVal
StartTSysDrv
StopAndRemoveTSysDrv
StopTSysDrv
TAddRegKey
TBackupAndSetRealSSDTShadow
TBackupSSDT
TDisableProtected
TEnableProtected
TGetCurrentNtoskrnlSST
TGetCurrentShadowSST
TGetModuleInfo
THideProcess
TOHCloseHandle
TOHQueryFileHandle
TOHQueryHandle
TOHRMCloseHandleProc
TPrintDbgInfo
TRecoverSSDT
TRecoverSSDTFunction
TRecoverSSDTShadow
TReleaseSSDTMutex
TRemoveAllRegKeys
TRemoveRegKey
TSetRealSSDTFuncAddr
TSetRealSSDTFuncAddrAll
TUnHideAllProcess
TUnHideProcess
TWaitSSDTMutex
VAE
VFE
VPE
WPM

Sections

.text
Size: 320KB - Virtual size: 316KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.TLOGSYS
Size: 4KB - Virtual size: 864B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.TLOGSYS
Size: 4KB - Virtual size: 128B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

791f36781e0f8a1a47b5ffd432359e07

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

56:f5:1b:61:d9:7d:b2:8c:df:fd:e6:ba:2d:15:90:4aCertificate

Extended Key Usages

Key Usages

25:a4:2a:c4:39:f5:57:65:95:dc:b4:86:ca:05:06:8d:5a:f4:e1:ccSigner

Signature Validations

Verification

02/08/2013, 03:29 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

setupapi

version

oleaut32

Exports

Exports

Sections

.text Size: 320KB - Virtual size: 316KB

.TLOGSYS Size: 4KB - Virtual size: 864B

.TLOGSYS Size: 4KB - Virtual size: 128B

.rdata Size: 44KB - Virtual size: 41KB

.data Size: 24KB - Virtual size: 49KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 24KB - Virtual size: 21KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

56:f5:1b:61:d9:7d:b2:8c:df:fd:e6:ba:2d:15:90:4a
Certificate

25:a4:2a:c4:39:f5:57:65:95:dc:b4:86:ca:05:06:8d:5a:f4:e1:cc
Signer

02/08/2013, 03:29
Valid: false

.text
Size: 320KB - Virtual size: 316KB

.TLOGSYS
Size: 4KB - Virtual size: 864B

.TLOGSYS
Size: 4KB - Virtual size: 128B

.rdata
Size: 44KB - Virtual size: 41KB

.data
Size: 24KB - Virtual size: 49KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 24KB - Virtual size: 21KB