0fb335964ff11791e61786afafb6b8695f5db4a80eefae58a1b9ba590c39632c

Sharing

Copy URL

Twitter E-mail

General

Target

0fb335964ff11791e61786afafb6b8695f5db4a80eefae58a1b9ba590c39632c
Size

402KB
MD5

9d9dc338c229befc48952d665b7414d6
SHA1

1f179fd735bdcd8432b842f6e99a3bc7a24d12f7
SHA256

0fb335964ff11791e61786afafb6b8695f5db4a80eefae58a1b9ba590c39632c
SHA512

7e048651280e4d47017ab09c01badc79191b209d1371ddba2dba64019eed87313f1c9fb73f0278da93d9e7a6e4f03d5df3baef980926ca62b828a0ad4795b30d
SSDEEP

6144:KjQYoi2EXPuQfZQrIujs+ZiGIdfUhvg+4ZfWsJ:+zPuQfZQr5iGoUk+sJ

Score

N/A

Malware Config

Signatures

Files

0fb335964ff11791e61786afafb6b8695f5db4a80eefae58a1b9ba590c39632c
.dll windows x86

06dd8d089043defca6ec948e0ab12cf3

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

56:f5:1b:61:d9:7d:b2:8c:df:fd:e6:ba:2d:15:90:4a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

13/08/2010, 00:00

Not After

12/08/2013, 23:59

Subject

CN=T.E.C Solutions (G.Z.)Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=T.E.C Solutions (G.Z.)Limited,L=Guangzhou,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

38:6a:75:8c:fa:05:1c:e0:c7:b6:38:0b:5f:ba:38:2b:e4:fa:c9:fe
Signer

Actual PE Digest

38:6a:75:8c:fa:05:1c:e0:c7:b6:38:0b:5f:ba:38:2b:e4:fa:c9:fe

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=T.E.C Solutions (G.Z.)Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=T.E.C Solutions (G.Z.)Limited,L=Guangzhou,ST=Guangdong,C=CN

25/10/2012, 10:47
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

ntohl
WSACleanup
WSAStartup
inet_addr
gethostbyname
gethostbyaddr
gethostname
htonl

ippcap

pcap_close
pcap_lookupdev
pcap_lookupnet
pcap_read
pcap_compile
pcap_setfilter
pcap_setbuff
pcap_setmintocopy
pcap_sendpacket
pcap_open_live

kernel32

GetCurrentDirectoryA
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
LockResource
LoadResource
FindResourceA
GetProcessVersion
DuplicateHandle
GetCurrentProcess
CreateFileA
ReadFile
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
MoveFileA
DeleteFileA
FindClose
FindFirstFileA
GetVolumeInformationA
GetFullPathNameA
GetStringTypeExA
GetThreadLocale
GetShortPathNameA
GetCPInfo
GetOEMCP
GetFileAttributesA
GetFileSize
GetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFileTime
SetFileAttributesA
FileTimeToSystemTime
FileTimeToLocalFileTime
RtlUnwind
CreateThread
WritePrivateProfileStringA
GetCommandLineA
HeapAlloc
HeapFree
RaiseException
ExitProcess
TerminateProcess
HeapSize
HeapReAlloc
GetACP
GetTimeZoneInformation
GetSystemTime
UnhandledExceptionFilter
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
FatalAppExitA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
SetConsoleCtrlHandler
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetLocaleInfoW
GetPrivateProfileStringA
GetPrivateProfileIntA
GlobalFlags
MulDiv
SetLastError
GetVersion
lstrcpynA
lstrcpyA
lstrcatA
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
GlobalUnlock
GlobalFree
TlsAlloc
LocalAlloc
GetModuleFileNameA
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpiA
WaitForMultipleObjects
ReleaseMutex
CreateMutexA
ReleaseSemaphore
CreateSemaphoreA
lstrcmpA
FormatMessageA
LocalFree
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
InterlockedDecrement
InterlockedIncrement
GetLastError
AllocConsole
GetStdHandle
WriteConsoleA
FreeConsole
OutputDebugStringW
SetFilePointer
WriteFile
CreateFileW
GetModuleHandleA
GetModuleFileNameW
GetLocalTime
GetCurrentProcessId
TerminateThread
SuspendThread
GetCurrentThread
GetCurrentThreadId
ResetEvent
Sleep
SetEvent
GetExitCodeThread
SetThreadPriority
ResumeThread
CloseHandle
CreateEventA
LeaveCriticalSection
WaitForSingleObject
GetTickCount
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LoadLibraryA
GetProcAddress
FreeLibrary
GetComputerNameA
DeviceIoControl
FindResourceExA
lstrlenW
FormatMessageW
GetSystemDirectoryA
ExitThread

user32

GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
DestroyWindow
SetWindowPlacement
TrackPopupMenu
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
IsChild
GetTopWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
ShowScrollBar
SetScrollInfo
GetScrollInfo
ScrollWindow
EndDeferWindowPos
CopyRect
BeginDeferWindowPos
GetClientRect
DeferWindowPos
EqualRect
AdjustWindowRectEx
IsWindow
SetActiveWindow
GetSysColor
MapWindowPoints
UpdateWindow
LoadIconA
LoadCursorA
GetSysColorBrush
CharUpperA
DestroyMenu
GetForegroundWindow
SetForegroundWindow
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
SetFocus
ShowWindow
SetWindowPos
MoveWindow
SetWindowLongA
GetWindowTextLengthA
IsDialogMessageA
ScrollWindowEx
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
SendDlgItemMessageA
GetDlgItemTextA
GetDlgItemInt
GetDlgItem
CheckRadioButton
CheckDlgButton
GetMenuStringA
DeleteMenu
InsertMenuA
GetMenuItemCount
wsprintfA
GetDesktopWindow
GetWindowTextA
SetWindowTextA
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetClassNameA
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
ScreenToClient
LoadStringA
UnregisterClassA
UnhookWindowsHookEx
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
MessageBoxA
EnableWindow
SetCursor
ShowOwnedPopups
SendMessageA
PostMessageA
PostQuitMessage
MsgWaitForMultipleObjects
OemToCharA
CharToOemA
MessageBoxW
TranslateMessage

gdi32

SetWindowExtEx
ScaleWindowExtEx
GetClipBox
SelectClipRgn
ExcludeClipRect
IntersectClipRect
OffsetClipRgn
MoveToEx
LineTo
SetTextAlign
SetTextJustification
SetTextCharacterExtra
SetMapperFlags
GetCurrentPositionEx
ArcTo
SetArcDirection
PolyDraw
PolylineTo
SetColorAdjustment
PolyBezierTo
DeleteObject
GetClipRgn
ScaleViewportExtEx
SelectClipPath
OffsetWindowOrgEx
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
GetDeviceCaps
GetViewportExtEx
GetWindowExtEx
CreatePen
ExtCreatePen
CreateSolidBrush
CreateHatchBrush
CreatePatternBrush
CreateDIBPatternBrushPt
PtVisible
RectVisible
TextOutA
SelectPalette
ExtTextOutA
Escape
GetDCOrgEx
GetObjectA
GetStockObject
SelectObject
ExtSelectClipRgn
SetWindowOrgEx
RestoreDC
SaveDC
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
StartDocA
DeleteDC
CreateRectRgn
CreateBitmap
SetBkColor

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegDeleteKeyA
RegDeleteValueA
RegEnumValueA
RegQueryInfoKeyA
RegEnumKeyA
RegConnectRegistryA
RegEnumKeyExA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExW
RegCreateKeyW
RegOpenKeyW
RegSetValueExW
RegCloseKey
RegOpenKeyA

shell32

SHGetFileInfoA
DragAcceptFiles

comctl32

ord17

mpr

WNetAddConnection2A

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

oleaut32

SysReAllocStringLen
SysAllocStringLen

Exports

Exports

CanStart
GetIPMacInfos
GetLogInfos
GetStatus
SetAuthCallback
SetAuthItem
SetDetectRanges
SetIllegalItem
SetInvalid
SetLegalItem
Start
Stop

Sections

.text
Size: 292KB - Virtual size: 291KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

06dd8d089043defca6ec948e0ab12cf3

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

56:f5:1b:61:d9:7d:b2:8c:df:fd:e6:ba:2d:15:90:4aCertificate

Extended Key Usages

Key Usages

38:6a:75:8c:fa:05:1c:e0:c7:b6:38:0b:5f:ba:38:2b:e4:fa:c9:feSigner

Signature Validations

Verification

25/10/2012, 10:47 Valid: false

Headers

File Characteristics

Imports

ws2_32

ippcap

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

mpr

version

oleaut32

Exports

Exports

Sections

.text Size: 292KB - Virtual size: 291KB

.rdata Size: 36KB - Virtual size: 35KB

.data Size: 28KB - Virtual size: 52KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 24KB - Virtual size: 20KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

56:f5:1b:61:d9:7d:b2:8c:df:fd:e6:ba:2d:15:90:4a
Certificate

38:6a:75:8c:fa:05:1c:e0:c7:b6:38:0b:5f:ba:38:2b:e4:fa:c9:fe
Signer

25/10/2012, 10:47
Valid: false

.text
Size: 292KB - Virtual size: 291KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 28KB - Virtual size: 52KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 24KB - Virtual size: 20KB