c2889d86a3879afdf60f83efd983ca0ae2a5dacdc7154275fee5510d47c55485

Sharing

Copy URL

Twitter E-mail

General

Target

c2889d86a3879afdf60f83efd983ca0ae2a5dacdc7154275fee5510d47c55485
Size

1.3MB
MD5

26449b805bc6f82e24d2e8df8c156a10
SHA1

67c60b51ed4c6019b8d5c3d638230e2ded787b2e
SHA256

c2889d86a3879afdf60f83efd983ca0ae2a5dacdc7154275fee5510d47c55485
SHA512

a1db7682db41558ffc1f407470173442b7a8a4f26f5c52243ab7c0233e092cbaf815d9847d2c7afa847507e60861fe736864d5a0498c6202d5c3a946ff0f6112
SSDEEP

24576:dStKmfI37zTdAzTZI05ickZdIL9oCL7k2yYx:YKwICzWwpBoCnNyYx

Score

N/A

Malware Config

Signatures

Files

c2889d86a3879afdf60f83efd983ca0ae2a5dacdc7154275fee5510d47c55485
.dll regsvr32 windows x86

5151576c2c646400368c80ee99a69b10

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

56:f5:1b:61:d9:7d:b2:8c:df:fd:e6:ba:2d:15:90:4a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

13/08/2010, 00:00

Not After

12/08/2013, 23:59

Subject

CN=T.E.C Solutions (G.Z.)Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=T.E.C Solutions (G.Z.)Limited,L=Guangzhou,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6e:38:34:e2:43:7c:65:26:47:1d:74:17:90:8a:e1:51:41:2d:ff:31
Signer

Actual PE Digest

6e:38:34:e2:43:7c:65:26:47:1d:74:17:90:8a:e1:51:41:2d:ff:31

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=T.E.C Solutions (G.Z.)Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=T.E.C Solutions (G.Z.)Limited,L=Guangzhou,ST=Guangdong,C=CN

02/08/2013, 03:27
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetCurrentDirectoryA
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
LockResource
GetProcessVersion
GlobalSize
GetCPInfo
GetOEMCP
RtlUnwind
HeapFree
HeapAlloc
HeapReAlloc
RaiseException
GetCommandLineA
GetSystemTime
GetLocalTime
ExitProcess
TerminateProcess
ExitThread
GetACP
HeapSize
FatalAppExitA
LCMapStringA
LCMapStringW
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
UnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetVersionExA
SetConsoleCtrlHandler
SetStdHandle
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetTickCount
CloseHandle
GetFileSize
GetExitCodeThread
TerminateThread
CreateFileA
GlobalFlags
MulDiv
GetVersion
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
GlobalFree
TlsAlloc
LocalAlloc
SetLastError
GlobalUnlock
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetFileTime
SetCurrentDirectoryA
SetVolumeLabelA
GetDiskFreeSpaceA
GetDriveTypeA
CreateDirectoryA
OpenFileMappingA
CreateFileMappingA
MapViewOfFile
LoadLibraryW
OpenSemaphoreA
OpenMutexA
OpenEventA
GetQueuedCompletionStatus
PostQueuedCompletionStatus
DisconnectNamedPipe
CreateIoCompletionPort
ResetEvent
CancelIo
GetOverlappedResult
CreateNamedPipeA
ConnectNamedPipe
WaitNamedPipeA
SetNamedPipeHandleState
InterlockedExchange
InterlockedCompareExchange
SetThreadLocale
GetComputerNameW
EnumResourceLanguagesA
UnmapViewOfFile
GetSystemDirectoryW
GetWindowsDirectoryW
GetCurrentDirectoryW
GetModuleFileNameW
QueryPerformanceCounter
FormatMessageW
FindResourceExA
OutputDebugStringW
WideCharToMultiByte
lstrlenW
DeleteFileA
CopyFileA
WriteFile
GetLastError
GetCurrentThreadId
MultiByteToWideChar
lstrlenA
FreeLibrary
LoadResource
FindResourceA
LoadLibraryExA
LoadLibraryExW
GetSystemDirectoryA
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
InterlockedIncrement
EnterCriticalSection
InterlockedDecrement
GetModuleFileNameA
FlushInstructionCache
GetCurrentProcess
GetShortPathNameA
SizeofResource
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
HeapDestroy
GetProcAddress
LoadLibraryA
lstrcpyA
lstrcatA
GetCurrentProcessId
GetModuleHandleA
SetEndOfFile
SetFilePointer
OutputDebugStringA
FreeConsole
AllocConsole
GetProfileStringA
GetThreadLocale
GetStringTypeExA
GetFullPathNameA
GetVolumeInformationA
FlushFileBuffers
DuplicateHandle
WaitForMultipleObjects
ReleaseMutex
CreateMutexA
ReleaseSemaphore
CreateSemaphoreA
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateEventA
SuspendThread
SetThreadPriority
ResumeThread
SetEvent
WaitForSingleObject
GlobalLock
GlobalAlloc
GlobalDeleteAtom
GetCurrentThread
GetFileInformationByHandle
FormatMessageA
CreateFileW
GetTimeZoneInformation
UnlockFile
LockFile
ReadFile
Sleep
MoveFileA
GetFileAttributesA
SetFileAttributesA
lstrcmpA
RemoveDirectoryA
GetSystemInfo
FindFirstFileW
FindNextFileW
FindFirstFileA
FindNextFileA
FindClose
LocalFree
OpenProcess
CreateThread

user32

GetSysColor
SetActiveWindow
IsWindow
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetClientRect
BeginDeferWindowPos
CopyRect
EndDeferWindowPos
ScrollWindow
GetScrollInfo
SetScrollInfo
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
GetCapture
keybd_event
SetFocus
MapWindowPoints
SetTimer
SendMessageA
GetDlgItem
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetSubMenu
GetMenuItemID
TrackPopupMenu
SetWindowPlacement
DefWindowProcA
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetMessageTime
GetMessagePos
RegisterWindowMessageA
OffsetRect
IntersectRect
UpdateWindow
LoadIconA
GetFocus
LoadCursorA
SystemParametersInfoA
IsIconic
CheckDlgButton
SetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
GetForegroundWindow
CallWindowProcA
GetSysColorBrush
PostMessageA
GetWindowLongA
GetParent
FindWindowExA
GetClassNameA
SetWindowLongA
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
CharNextA
CloseDesktop
SetThreadDesktop
CharToOemBuffA
GetWindowPlacement
ShowWindow
SetWindowPos
MoveWindow
IsDialogMessageA
ScrollWindowEx
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
SendDlgItemMessageA
GetDlgItemTextA
GetDlgItemInt
CheckRadioButton
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ScreenToClient
GetMenuStringA
DeleteMenu
InsertMenuA
GetMenuItemCount
GetDesktopWindow
SetWindowTextA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
LoadStringA
UnregisterClassA
GetWindowTextLengthA
GetSystemMetrics
CharUpperA
MsgWaitForMultipleObjects
wsprintfA
GetMenuCheckMarkDimensions
LoadBitmapA
OemToCharBuffA
GetUserObjectInformationW
GetThreadDesktop
OpenDesktopA
OpenInputDesktop
GetUserObjectInformationA
GetProcessWindowStation
AppendMenuA
RemoveMenu
wvsprintfA
DestroyMenu
KillTimer
CloseWindowStation
SetProcessWindowStation
OpenWindowStationA
MessageBoxA
MessageBoxW
EnumDesktopWindows
IsWindowVisible
EnumWindows
GetWindowTextA
GetWindowTextW
CharToOemA
OemToCharA
PostQuitMessage
ShowOwnedPopups
SetCursor
EnableWindow
IsWindowEnabled
GetLastActivePopup
GetCursorPos
PeekMessageA
ValidateRect
GetKeyState
GetActiveWindow
DispatchMessageA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetNextDlgTabItem
GetMessageA
TranslateMessage
IsChild

gdi32

DeleteObject
CreateBitmap
PolylineTo
SetColorAdjustment
PolyBezierTo
GetClipRgn
CreateRectRgn
SelectClipPath
ExtSelectClipRgn
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
GetDeviceCaps
GetViewportExtEx
GetWindowExtEx
CreatePen
ExtCreatePen
SaveDC
CreateHatchBrush
CreatePatternBrush
CreateDIBPatternBrushPt
PtVisible
RectVisible
TextOutA
DeleteDC
Escape
GetDCOrgEx
GetObjectA
CopyMetaFileA
CreateDCA
RestoreDC
SelectObject
GetStockObject
SelectPalette
SetBkColor
SetBkMode
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
ExtTextOutA
StartDocA
GetBitmapBits
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
SelectClipRgn
ExcludeClipRect
IntersectClipRect
OffsetClipRgn
MoveToEx
LineTo
SetTextAlign
PolyDraw
SetTextJustification
SetTextCharacterExtra
SetMapperFlags
GetCurrentPositionEx
ArcTo
SetArcDirection
CreateSolidBrush

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

SetSecurityDescriptorDacl
GetLengthSid
InitializeAcl
AddAccessAllowedAce
GetAce
LookupAccountNameW
InitializeSecurityDescriptor
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegEnumKeyA
RegSetValueExW
RegQueryValueExW
RegConnectRegistryA
RegSetValueA
RegOpenKeyA
GetTokenInformation
LookupAccountSidA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyA
RegEnumValueA
RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyExA
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA
GetUserNameA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
LookupAccountSidW

shell32

SHGetFileInfoA
SHFileOperationA
DragAcceptFiles

comctl32

ord17

ole32

WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CreateBindCtx
OleDuplicateData
CoDisconnectObject
CoInitialize
CoUninitialize
OleRegGetUserType
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoCreateGuid
ReadClassStg
StringFromCLSID
ReleaseStgMedium
CoCreateInstance
ReadFmtUserTypeStg
CoTreatAsClass

oleaut32

SysAllocString
SysStringLen
VariantClear
DispCallFunc
VarUI4FromStr
LoadTypeLi
RegisterTypeLi
LoadRegTypeLi
SafeArrayDestroy
SafeArrayAccessData
SafeArrayCreateVector
SafeArrayUnaccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
SysAllocStringLen
VariantCopy
SysAllocStringByteLen
VariantChangeType
SysStringByteLen
VarCyFromStr
VarBstrFromCy
VarDateFromStr
VarBstrFromDate
SafeArrayCopy
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayGetElement
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SafeArrayDestroyData
SafeArrayDestroyDescriptor
SysFreeString
SafeArrayRedim
VariantInit
SysReAllocStringLen
GetErrorInfo
SetErrorInfo
CreateErrorInfo
SafeArrayUnlock

mapi32

ord17
ord135

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

rpcrt4

RpcStringFreeW
UuidToStringA
RpcStringFreeA
UuidCreate
UuidToStringW

ws2_32

shutdown
closesocket
connect
socket
WSAIoctl
htons
htonl
bind
accept
listen
WSACleanup
WSAStartup
getsockname
getsockopt
send
recv
sendto
WSAGetLastError
recvfrom
ntohs
ntohl
setsockopt
getpeername

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Dll_GetLogFileName
Dll_GetLogLevel
Dll_GetLogTos
Dll_SetLogOutput

Sections

.text
Size: 1012KB - Virtual size: 1010KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 192KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.OutputL
Size: 4KB - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5151576c2c646400368c80ee99a69b10

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

56:f5:1b:61:d9:7d:b2:8c:df:fd:e6:ba:2d:15:90:4aCertificate

Extended Key Usages

Key Usages

6e:38:34:e2:43:7c:65:26:47:1d:74:17:90:8a:e1:51:41:2d:ff:31Signer

Signature Validations

Verification

02/08/2013, 03:27 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

ole32

oleaut32

mapi32

version

rpcrt4

ws2_32

Exports

Exports

Sections

.text Size: 1012KB - Virtual size: 1010KB

.rdata Size: 192KB - Virtual size: 188KB

.data Size: 72KB - Virtual size: 126KB

.OutputL Size: 4KB - Virtual size: 268B

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 68KB - Virtual size: 66KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

56:f5:1b:61:d9:7d:b2:8c:df:fd:e6:ba:2d:15:90:4a
Certificate

6e:38:34:e2:43:7c:65:26:47:1d:74:17:90:8a:e1:51:41:2d:ff:31
Signer

02/08/2013, 03:27
Valid: false

.text
Size: 1012KB - Virtual size: 1010KB

.rdata
Size: 192KB - Virtual size: 188KB

.data
Size: 72KB - Virtual size: 126KB

.OutputL
Size: 4KB - Virtual size: 268B

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 68KB - Virtual size: 66KB