f47a4524087e3f5e074a617c5e7b7386c1d36a808e7a9b067c41df2d686735ea

Sharing

Copy URL Twitter E-mail

General

Target

f47a4524087e3f5e074a617c5e7b7386c1d36a808e7a9b067c41df2d686735ea
Size

2.2MB
MD5

0859326370114c2165779266dd9cb077
SHA1

e506f5338540d04a6d67b065b83cc9c4ed379624
SHA256

f47a4524087e3f5e074a617c5e7b7386c1d36a808e7a9b067c41df2d686735ea
SHA512

a196cb70285000b6e463298ac6da5f3172e2a6996aad50f81866f0d26c09dcdc4909b0c4954b344e8ede1d8690c6023c72dfb0520d1da9a0778a4a31ed2d5517
SSDEEP

49152:Z2l2PTQyl2D1XjVhbJCh9BeL/WUEVugTrxOuEuDZM+F:U0TN2d7JChmsr

Score

N/A

Malware Config

Signatures

Files

f47a4524087e3f5e074a617c5e7b7386c1d36a808e7a9b067c41df2d686735ea
.dll windows x64

844a7ee174a2cc64d1eb9b5cd29f9b7f

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

56:f5:1b:61:d9:7d:b2:8c:df:fd:e6:ba:2d:15:90:4a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

13/08/2010, 00:00

Not After

12/08/2013, 23:59

Subject

CN=T.E.C Solutions (G.Z.)Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=T.E.C Solutions (G.Z.)Limited,L=Guangzhou,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

d9:61:ed:f8:cc:b6:75:de:f2:79:98:a5:70:cd:e7:70:fd:c4:3b:80
Signer

Actual PE Digest

d9:61:ed:f8:cc:b6:75:de:f2:79:98:a5:70:cd:e7:70:fd:c4:3b:80

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=T.E.C Solutions (G.Z.)Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=T.E.C Solutions (G.Z.)Limited,L=Guangzhou,ST=Guangdong,C=CN

05/04/2012, 07:01
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mpr

WNetGetConnectionW

kernel32

OutputDebugStringA
FreeConsole
AllocConsole
LocalFree
SetFilePointer
WriteFile
GetStdHandle
WriteConsoleA
CreateFileW
ReadFile
TlsFree
GetCurrentThread
GetCurrentProcess
DuplicateHandle
GetCurrentThreadId
GetPrivateProfileStringA
GetTickCount
GetLocalTime
GetCurrentProcessId
GetEnvironmentVariableW
GetFileAttributesA
DefineDosDeviceA
QueryDosDeviceA
GetDiskFreeSpaceExA
SetVolumeLabelA
GetVolumeInformationA
GetLogicalDrives
ExpandEnvironmentStringsW
ExpandEnvironmentStringsA
GetEnvironmentVariableA
GetTempPathA
CopyFileA
RemoveDirectoryW
RemoveDirectoryA
CreateDirectoryW
GetProfileStringA
CreateMutexA
ReleaseMutex
OpenEventW
CreateEventW
OpenMutexA
TerminateThread
ResetEvent
WaitForMultipleObjects
VirtualQueryEx
ReadProcessMemory
SetEvent
WaitForSingleObject
CreateEventA
VirtualProtect
OpenProcess
FindFirstFileW
FindNextFileW
FindFirstFileA
FindNextFileA
FindClose
CreateThread
GetFileInformationByHandle
GetModuleHandleA
WideCharToMultiByte
IsBadReadPtr
IsBadWritePtr
GetTimeZoneInformation
SystemTimeToFileTime
FileTimeToLocalFileTime
MultiByteToWideChar
CopyFileW
GetTempPathW
GetTempFileNameW
SetFileAttributesW
DeleteFileW
MoveFileExW
QueryDosDeviceW
GetFileAttributesW
GetFileTime
GetFileSize
GetFileAttributesExW
Sleep
ResumeThread
TlsAlloc
GetCommandLineW
OutputDebugStringW
GetModuleHandleW
CreateFileMappingA
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
EnterCriticalSection
LeaveCriticalSection
GetComputerNameW
SetLastError
MulDiv
GetDriveTypeW
TlsSetValue
GetLastError
SetEndOfFile
CreateFileA
InitializeCriticalSection
CloseHandle
DeleteCriticalSection
LoadLibraryW
GetWindowsDirectoryW
GetProcessHeap
GetWindowsDirectoryA
GetCurrentDirectoryW
GetModuleFileNameW
GetSystemDirectoryW
GetCurrentDirectoryA
GetModuleFileNameA
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
FreeLibrary
TlsGetValue
CreateDirectoryA
DeleteFileA
SetFileAttributesA
MoveFileW
MoveFileA
VirtualQuery
VirtualAllocEx
VirtualFreeEx
VirtualProtectEx
WriteProcessMemory
GetThreadContext
SetThreadContext
FlushInstructionCache
GetExitCodeThread
lstrcmpA
GetThreadPriority
SetThreadPriority
GetPriorityClass
SetPriorityClass
SuspendThread
CreateProcessW
CreateProcessA
CreateNamedPipeA
ConnectNamedPipe
WaitNamedPipeA
SetNamedPipeHandleState
CancelIo
GetOverlappedResult
OpenSemaphoreA
OpenEventA
SizeofResource
LockResource
BeginUpdateResourceA
UpdateResourceA
EndUpdateResourceA
EnumResourceLanguagesA
EnumResourceNamesA
EnumResourceTypesA
FreeResource
LoadLibraryExA
GetSystemInfo
LoadResource
FindResourceExA
lstrlenA
lstrlenW
GetVersionExA
FormatMessageA
GetACP
FormatMessageW
SleepEx
CreateSemaphoreA
ReleaseSemaphore
PulseEvent
EncodePointer
DecodePointer
RtlLookupFunctionEntry
RtlUnwindEx
RaiseException
RtlPcToFileHeader
GetSystemTimeAsFileTime
GetDateFormatA
GetTimeFormatA
GetDateFormatW
GetTimeFormatW
FlsSetValue
GetCommandLineA
HeapFree
HeapSize
ExitProcess
GetCPInfo
GetOEMCP
IsValidCodePage
FlsGetValue
FlsFree
FlsAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
TerminateProcess
HeapAlloc
LCMapStringW
GetStringTypeW
GetLocaleInfoW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
QueryPerformanceCounter
FatalAppExitA
HeapReAlloc
SetConsoleCtrlHandler
GetConsoleCP
GetConsoleMode
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleW
FlushFileBuffers
CompareStringW
SetEnvironmentVariableA

user32

MessageBoxA
GetParent
GetWindowLongA
FindWindowExA
GetWindowTextA
GetClassNameA
GetDesktopWindow
GetUserObjectInformationW
FillRect
GetDC
ReleaseDC
IsRectEmpty
GetWindowRect
ClientToScreen
GetClientRect
SetCursor
LoadCursorA
GetClassNameW
GetForegroundWindow
WindowFromPoint
GetCursorPos
GetSystemMetrics
MsgWaitForMultipleObjects
CloseDesktop
SetThreadDesktop
GetThreadDesktop
OpenDesktopA
OpenInputDesktop
GetUserObjectInformationA
GetProcessWindowStation
CloseWindowStation
SetProcessWindowStation
MessageBoxW
OpenWindowStationA

gdi32

CreateDCA
CreatePalette
RealizePalette
CreateDIBitmap
SetDIBits
GetObjectA
GetDIBits
SetDIBColorTable
GdiFlush
GetPaletteEntries
SetPixel
CreateRectRgn
CombineRgn
OffsetRgn
CloseEnhMetaFile
CreateEnhMetaFileW
SetWindowExtEx
CreateCompatibleBitmap
CreateSolidBrush
GetCurrentObject
SelectPalette
GetBkColor
GetViewportOrgEx
GetWorldTransform
SetBkColor
SetViewportExtEx
GetWindowOrgEx
SetWorldTransform
SetWindowOrgEx
SetViewportOrgEx
CreateCompatibleDC
CreateDIBSection
BitBlt
SetStretchBltMode
StretchBlt
DeleteDC
SaveDC
GetStockObject
GetObjectW
GetDeviceCaps
CreateFontIndirectW
SelectObject
GetMapMode
LPtoDP
SetMapMode
DPtoLP
GetTextAlign
GetTextColor
SetTextAlign
GetBkMode
SetBkMode
SetTextColor
TextOutW
DeleteObject
RestoreDC
GetWindowExtEx
GetViewportExtEx
CopyEnhMetaFileW
DeleteEnhMetaFile
GetBitmapBits
CreateDCW

advapi32

RegEnumKeyA
RegisterEventSourceW
RegEnumValueA
RegDeleteKeyA
RegSetValueExA
RegDeleteValueA
RegOpenKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyA
RegQueryInfoKeyA
RegOpenKeyExA
RegQueryValueExA
RegQueryValueExW
RegCreateKeyW
RegOpenKeyW
RegSetValueExW
RegCloseKey
RegConnectRegistryA
RegCreateKeyExA
GetUserNameA
LookupAccountNameW
SetSecurityDescriptorDacl
GetAce
AddAccessAllowedAce
InitializeAcl
GetLengthSid
InitializeSecurityDescriptor
LookupAccountSidW
SetFileSecurityA
RegSetKeySecurity
DeregisterEventSource
ReportEventW

shell32

SHGetPathFromIDListW
CommandLineToArgvW

ole32

CoInitialize
CoCreateInstance
CoUninitialize
CoTaskMemAlloc
CoTaskMemFree

ws2_32

recvfrom
sendto
recv
send
getpeername
ntohs
ntohl
getsockname
WSASetLastError
WSAGetLastError
WSAStartup
WSACleanup
setsockopt
accept
bind
htonl
htons
WSAIoctl
socket
connect
closesocket
shutdown
listen
getsockopt

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
VerQueryValueA
GetFileVersionInfoW
VerQueryValueW

Exports

Exports

AddPassthru
DelPassthru
GetCaptureFlags
GetDocInfos
GetDocLogs
GetDocPolicyLogs
GetIMFTInfos
GetPrintInfos
GetPrintLogs
GetPrintPolicyLogs
GetProcInfosEx
GetUpDownPolicyLogs
GetUrlInfos
GetUrlPolicyLogs
INJInstallDetours
INJUninstallDetours
InitRecordMgr
InitShareInfoMgr
InstallDetours
InstallDetoursOne
SetCDBurnCtrlFlag
SetCaptureFlags
SetComputer
SetDocBackupFlag
SetDocCtrl
SetDocCtrlFlag
SetDocTick
SetFlags
SetIMFTCtrl
SetIMFTCtrlFlag
SetIP
SetOffline
SetPrintCtrl
SetPrintCtrlFlag
SetPrintPageCtrlFlag
SetPrintPageTick
SetPrintTick
SetProcCtrl
SetProduct
SetStatus
SetUDiskCtrlFlag
SetUDiskTick
SetUDiskVols
SetUpDownCtrlFlag
SetUpDownTick
SetUrlClsidsTick
SetUrlCtrl
SetUrlCtrlFlag
SetUrlTick
SetUser
TSetLogConfig
UninstallDetours
UninstallDetoursOne

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 322KB - Virtual size: 321KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 237KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

whadntds
Size: 634KB - Virtual size: 634KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

TLCONFIG
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

844a7ee174a2cc64d1eb9b5cd29f9b7f

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

56:f5:1b:61:d9:7d:b2:8c:df:fd:e6:ba:2d:15:90:4aCertificate

Extended Key Usages

Key Usages

d9:61:ed:f8:cc:b6:75:de:f2:79:98:a5:70:cd:e7:70:fd:c4:3b:80Signer

Signature Validations

Verification

05/04/2012, 07:01 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

mpr

kernel32

user32

gdi32

advapi32

shell32

ole32

ws2_32

version

Exports

Exports

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 322KB - Virtual size: 321KB

.data Size: 84KB - Virtual size: 237KB

.pdata Size: 76KB - Virtual size: 76KB

whadntds Size: 634KB - Virtual size: 634KB

TLCONFIG Size: 512B - Virtual size: 276B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 20KB - Virtual size: 20KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

56:f5:1b:61:d9:7d:b2:8c:df:fd:e6:ba:2d:15:90:4a
Certificate

d9:61:ed:f8:cc:b6:75:de:f2:79:98:a5:70:cd:e7:70:fd:c4:3b:80
Signer

05/04/2012, 07:01
Valid: false

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 322KB - Virtual size: 321KB

.data
Size: 84KB - Virtual size: 237KB

.pdata
Size: 76KB - Virtual size: 76KB

whadntds
Size: 634KB - Virtual size: 634KB

TLCONFIG
Size: 512B - Virtual size: 276B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 20KB - Virtual size: 20KB