6c946cbf370a01a0d0869eba346938a1dbdf2da2a3e154ddfb76531fd65c92e9

Sharing

Copy URL

Twitter E-mail

General

Target

6c946cbf370a01a0d0869eba346938a1dbdf2da2a3e154ddfb76531fd65c92e9
Size

1.3MB
MD5

85c75333fb1aceaaf42ac0c1304d8a6c
SHA1

79fc5fba022f5e67e49745502d595c45507a9a06
SHA256

6c946cbf370a01a0d0869eba346938a1dbdf2da2a3e154ddfb76531fd65c92e9
SHA512

8f920b768fb97daa4f46cff121b5f2c07bd30892b1d896cdb1290e65509a4b4e43b0f810f867cdd4a5e4f0f2dec4037bef5fc5f8ed708865bdea054eeb3510e0
SSDEEP

12288:fx1dLnY20zLgmUgI2b5AlmuPiRu5Oe+38/luyctxt8Tdsmz3hEmY6wrid3xIsfls:5fu30SPfvbQQj

Score

N/A

Malware Config

Signatures

Files

6c946cbf370a01a0d0869eba346938a1dbdf2da2a3e154ddfb76531fd65c92e9
.dll windows x86

feb77a7c6b3d936374f1df27850297c0

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

56:f5:1b:61:d9:7d:b2:8c:df:fd:e6:ba:2d:15:90:4a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

13/08/2010, 00:00

Not After

12/08/2013, 23:59

Subject

CN=T.E.C Solutions (G.Z.)Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=T.E.C Solutions (G.Z.)Limited,L=Guangzhou,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

9b:ed:dd:e3:76:94:26:ff:34:0a:35:54:79:4f:b7:69:f7:67:54:cd
Signer

Actual PE Digest

9b:ed:dd:e3:76:94:26:ff:34:0a:35:54:79:4f:b7:69:f7:67:54:cd

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=T.E.C Solutions (G.Z.)Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=T.E.C Solutions (G.Z.)Limited,L=Guangzhou,ST=Guangdong,C=CN

22/02/2011, 11:51
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryExA
LoadLibraryExW
CreateEventA
WaitForSingleObject
SetEvent
ReleaseMutex
ResetEvent
OpenEventA
OpenMutexA
OpenSemaphoreA
CreateMutexA
CreateSemaphoreA
WaitForMultipleObjects
SetNamedPipeHandleState
WaitNamedPipeA
ConnectNamedPipe
CreateNamedPipeA
GetOverlappedResult
CancelIo
TerminateThread
OpenEventW
CreateEventW
lstrlenA
LocalFree
FormatMessageA
GetACP
lstrlenW
FormatMessageW
GetProfileStringA
GetPrivateProfileStringA
FreeConsole
AllocConsole
WriteConsoleA
GetStdHandle
OutputDebugStringA
OutputDebugStringW
EnumResourceLanguagesA
PulseEvent
lstrcmpiA
VirtualQueryEx
VirtualProtect
SuspendThread
VirtualAllocEx
VirtualFreeEx
GetThreadContext
SetThreadContext
GetExitCodeThread
ReadProcessMemory
WriteProcessMemory
GetSystemInfo
VirtualProtectEx
CreateFileMappingW
VirtualQuery
FlushInstructionCache
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
FlushFileBuffers
SetStdHandle
SetConsoleCtrlHandler
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
UnhandledExceptionFilter
IsBadCodePtr
GetStringTypeW
GetStringTypeA
GetEnvironmentStringsW
FindResourceExA
SizeofResource
GetLastError
LoadResource
LockResource
FreeResource
OpenProcess
FindFirstFileW
FindNextFileW
FindFirstFileA
FindNextFileA
FindClose
CreateThread
GetModuleHandleW
GetFileInformationByHandle
GetModuleHandleA
WideCharToMultiByte
IsBadReadPtr
IsBadWritePtr
GetTimeZoneInformation
SystemTimeToFileTime
FileTimeToLocalFileTime
GetWindowsDirectoryW
GetWindowsDirectoryA
MultiByteToWideChar
GetCurrentDirectoryW
GetCurrentDirectoryA
UnmapViewOfFile
OpenFileMappingA
CreateFileMappingA
MapViewOfFile
CopyFileW
GetTempPathW
GetTempFileNameW
SetFileAttributesW
MoveFileExW
DeleteFileW
QueryDosDeviceW
GetFileAttributesW
GetFileTime
GetFileSize
GetFileAttributesExW
Sleep
MulDiv
EnterCriticalSection
LeaveCriticalSection
GetComputerNameW
LoadLibraryW
FreeLibrary
GetCurrentThreadId
SetLastError
ResumeThread
GetDriveTypeW
TlsGetValue
SetFilePointer
WriteFile
CreateFileW
ReadFile
TlsAlloc
TlsSetValue
GetCommandLineW
GetCurrentThread
GetCurrentProcess
DuplicateHandle
TlsFree
InterlockedIncrement
InterlockedDecrement
LoadLibraryA
GetProcAddress
GetTickCount
GetLocalTime
GetCurrentProcessId
GetFileAttributesA
SetEndOfFile
CreateFileA
InitializeCriticalSection
CloseHandle
DeleteCriticalSection
GetModuleFileNameW
GetSystemDirectoryW
GetSystemDirectoryA
GetVersionExA
ReleaseSemaphore
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetModuleFileNameA
SetUnhandledExceptionFilter
LCMapStringW
LCMapStringA
RtlUnwind
RaiseException
GetSystemTime
HeapFree
HeapAlloc
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
HeapReAlloc
HeapSize
FatalAppExitA
GetCPInfo
GetOEMCP

user32

GetClassNameA
FillRect
GetWindowTextA
GetDC
SetCursor
FindWindowExA
GetWindowLongA
SetWindowsHookExA
ReleaseDC
GetProcessWindowStation
MsgWaitForMultipleObjects
MessageBoxW
GetClassNameW
GetParent
MessageBoxA
OpenWindowStationA
SetProcessWindowStation
CloseWindowStation
GetSystemMetrics
GetUserObjectInformationA
OpenInputDesktop
OpenDesktopA
GetThreadDesktop
SetThreadDesktop
CloseDesktop
GetCursorPos
WindowFromPoint
GetClientRect
ClientToScreen
GetWindowRect
IsRectEmpty
LoadCursorA

gdi32

CreateDCA
CreatePalette
RealizePalette
CreateDIBitmap
SetDIBits
GetObjectA
GetDIBits
SetDIBColorTable
GdiFlush
GetStockObject
GetPaletteEntries
SetPixel
CreateRectRgn
CombineRgn
OffsetRgn
CloseEnhMetaFile
CreateEnhMetaFileW
GetBkMode
SetBkMode
SetWindowExtEx
CreateCompatibleBitmap
CreateSolidBrush
GetCurrentObject
SelectPalette
GetTextAlign
GetTextColor
GetBkColor
GetViewportOrgEx
GetWorldTransform
SetTextAlign
SetTextColor
SetBkColor
SetViewportExtEx
GetWindowExtEx
GetViewportExtEx
GetWindowOrgEx
SetWindowOrgEx
SetViewportOrgEx
SetWorldTransform
GetDeviceCaps
CreateCompatibleDC
CreateDIBSection
SelectObject
BitBlt
SetStretchBltMode
StretchBlt
DeleteDC
DeleteObject
GetMapMode
SetMapMode
LPtoDP
CopyEnhMetaFileW
DeleteEnhMetaFile
DPtoLP

advapi32

RegCreateKeyExA
RegConnectRegistryA
RegEnumValueA
RegDeleteKeyA
RegSetValueExA
RegDeleteValueA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyA
RegQueryInfoKeyA
RegEnumKeyA
RegOpenKeyExA
RegQueryValueExA
RegQueryValueExW
RegCreateKeyW
RegOpenKeyW
RegSetValueExW
RegCloseKey
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
GetAce
SetSecurityDescriptorDacl
LookupAccountNameW
LookupAccountNameA

shell32

SHGetPathFromIDListW
CommandLineToArgvW

mpr

WNetGetConnectionW

ws2_32

getpeername
WSASetLastError

version

GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueA
GetFileVersionInfoA
VerQueryValueW

Exports

Exports

AddPassthru
DelPassthru
GetCaptureFlags
GetDocInfos
GetDocLogs
GetDocPolicyLogs
GetIMFTInfos
GetPrintInfos
GetPrintLogs
GetPrintPolicyLogs
GetProcInfosEx
GetUrlInfos
GetUrlPolicyLogs
INJInstallDetours
INJUninstallDetours
InstallDetours
InstallDetoursOne
SetCDBurnCtrlFlag
SetCaptureFlags
SetComputer
SetDocBackupFlag
SetDocCtrl
SetDocCtrlFlag
SetDocTick
SetFlags
SetIMFTCtrl
SetIMFTCtrlFlag
SetIP
SetOffline
SetPrintCtrl
SetPrintCtrlFlag
SetPrintTick
SetProcCtrl
SetProduct
SetStatus
SetUDiskCtrlFlag
SetUDiskTick
SetUDiskVols
SetUrlClsidsTick
SetUrlCtrl
SetUrlCtrlFlag
SetUrlTick
SetUser
TSetLogConfig
UninstallDetours
UninstallDetoursOne

Sections

.text
Size: 544KB - Virtual size: 541KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

whadntds
Size: 608KB - Virtual size: 607KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

TLCONFIG
Size: 4KB - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

feb77a7c6b3d936374f1df27850297c0

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

56:f5:1b:61:d9:7d:b2:8c:df:fd:e6:ba:2d:15:90:4aCertificate

Extended Key Usages

Key Usages

9b:ed:dd:e3:76:94:26:ff:34:0a:35:54:79:4f:b7:69:f7:67:54:cdSigner

Signature Validations

Verification

22/02/2011, 11:51 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

mpr

ws2_32

version

Exports

Exports

Sections

.text Size: 544KB - Virtual size: 541KB

.rdata Size: 44KB - Virtual size: 43KB

.data Size: 56KB - Virtual size: 177KB

whadntds Size: 608KB - Virtual size: 607KB

TLCONFIG Size: 4KB - Virtual size: 276B

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 36KB - Virtual size: 34KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

56:f5:1b:61:d9:7d:b2:8c:df:fd:e6:ba:2d:15:90:4a
Certificate

9b:ed:dd:e3:76:94:26:ff:34:0a:35:54:79:4f:b7:69:f7:67:54:cd
Signer

22/02/2011, 11:51
Valid: false

.text
Size: 544KB - Virtual size: 541KB

.rdata
Size: 44KB - Virtual size: 43KB

.data
Size: 56KB - Virtual size: 177KB

whadntds
Size: 608KB - Virtual size: 607KB

TLCONFIG
Size: 4KB - Virtual size: 276B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 36KB - Virtual size: 34KB