1b2cfde8ae64ea8565b3d4cf932b7b9209bb65aa6a939844e20e495fc42eac06

Sharing

Copy URL Twitter E-mail

General

Target

1b2cfde8ae64ea8565b3d4cf932b7b9209bb65aa6a939844e20e495fc42eac06
Size

4.7MB
MD5

d870f57b611faf5b7ffb546c648c1bcf
SHA1

76b3e257ffdf72e98c7e00850eec63c4d5bffae7
SHA256

1b2cfde8ae64ea8565b3d4cf932b7b9209bb65aa6a939844e20e495fc42eac06
SHA512

0c2592ba1d049e7ac1164b534f116b80f4eec3183237421e250ea40c68c290d1600c6f5fb992a90e2788e7e3d38779921cb294b3050eef2c2838d601e6735efc
SSDEEP

49152:6Y1JE7FFS1jl2igRt0o5jy/U373BLoB42sT6bhfsuSoO9zPCmyzgkU/wqCug//EI:fecjl2igRthy/U3tLc42nbNY9zPs

Score

N/A

Malware Config

Signatures

Files

1b2cfde8ae64ea8565b3d4cf932b7b9209bb65aa6a939844e20e495fc42eac06
.dll windows x86

b453d58ed10a61af1ef467e735051ccc

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

56:f5:1b:61:d9:7d:b2:8c:df:fd:e6:ba:2d:15:90:4a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

13/08/2010, 00:00

Not After

12/08/2013, 23:59

Subject

CN=T.E.C Solutions (G.Z.)Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=T.E.C Solutions (G.Z.)Limited,L=Guangzhou,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3e:e7:8d:87:56:f2:ea:67:b2:4d:36:91:75:eb:5c:42:e7:d7:bd:16
Signer

Actual PE Digest

3e:e7:8d:87:56:f2:ea:67:b2:4d:36:91:75:eb:5c:42:e7:d7:bd:16

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=T.E.C Solutions (G.Z.)Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=T.E.C Solutions (G.Z.)Limited,L=Guangzhou,ST=Guangdong,C=CN

05/04/2012, 06:48
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

ntohl
WSACloseEvent
WSACreateEvent
WSAGetLastError
inet_ntoa
gethostname
recvfrom
sendto
recv
send
getsockopt
getsockname
getpeername
WSACleanup
ntohs
listen
shutdown
closesocket
connect
socket
WSAIoctl
htons
bind
accept
setsockopt
gethostbyname
inet_addr
htonl
WSAStartup

version

VerQueryValueA
GetFileVersionInfoSizeA
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerLanguageNameA
GetFileVersionInfoA

netapi32

Netbios

rpcrt4

UuidFromStringA
RpcStringFreeW
UuidToStringW
UuidCreate
RpcStringFreeA
UuidToStringA

kernel32

FindFirstChangeNotificationA
FindNextChangeNotification
FileTimeToDosDateTime
FileTimeToLocalFileTime
SetFileTime
LocalFileTimeToFileTime
GetCurrentDirectoryA
GetFileTime
CreateMutexW
OutputDebugStringW
FreeConsole
WriteConsoleA
GetStdHandle
AllocConsole
SetEndOfFile
LockFile
UnlockFile
GetWindowsDirectoryW
FindResourceA
LoadLibraryW
CreateSemaphoreA
ReleaseSemaphore
lstrcmpiA
GlobalDeleteAtom
GlobalAlloc
GlobalLock
ResumeThread
SetThreadPriority
SuspendThread
GlobalUnlock
FileTimeToSystemTime
lstrcpyA
DuplicateHandle
FlushFileBuffers
lstrcpynA
GetFullPathNameA
GetStringTypeExA
GetThreadLocale
GetShortPathNameA
SystemTimeToFileTime
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
TlsAlloc
GlobalFree
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
MulDiv
GlobalFlags
GetPrivateProfileIntA
GetProcessVersion
GlobalSize
GetCPInfo
FindCloseChangeNotification
RtlUnwind
HeapFree
HeapAlloc
RaiseException
GetTimeZoneInformation
GetSystemTime
HeapReAlloc
GetFileType
ExitProcess
ExitThread
SetStdHandle
HeapSize
FatalAppExitA
LCMapStringA
LCMapStringW
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
CompareStringA
CompareStringW
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeA
GetStringTypeW
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
UnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetConsoleCtrlHandler
GetLocaleInfoW
SetEnvironmentVariableA
GetLongPathNameA
GetSystemDirectoryW
GetPriorityClass
ExpandEnvironmentStringsW
QueryDosDeviceW
OpenEventW
CreateEventW
DeleteFileW
MoveFileW
MoveFileExW
GetPrivateProfileStringA
WritePrivateProfileStringA
SetLastError
lstrlenW
GetVersion
LoadLibraryExW
EnumResourceLanguagesA
FindResourceExA
SizeofResource
LoadResource
LockResource
FormatMessageA
QueryPerformanceFrequency
QueryPerformanceCounter
InterlockedDecrement
lstrlenA
CreateThread
GetFileInformationByHandle
GetLogicalDriveStringsW
GetVolumeInformationW
SetFileAttributesW
GetDiskFreeSpaceExW
OpenFileMappingA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
ReleaseMutex
EnumResourceNamesA
GetDiskFreeSpaceA
GetLogicalDrives
GetDiskFreeSpaceExA
DefineDosDeviceA
FormatMessageW
GetCurrentDirectoryW
SetThreadLocale
InterlockedCompareExchange
SetNamedPipeHandleState
WaitNamedPipeA
ConnectNamedPipe
CreateNamedPipeA
GetOverlappedResult
CancelIo
CreateIoCompletionPort
DisconnectNamedPipe
PostQueuedCompletionStatus
GetQueuedCompletionStatus
OpenSemaphoreA
LocalAlloc
LocalFree
GetSystemPowerStatus
GetLogicalDriveStringsA
CreateFileW
OutputDebugStringA
GetDriveTypeA
GetExitCodeProcess
OpenProcess
SetPriorityClass
GetModuleFileNameW
GetFileAttributesW
CreateDirectoryW
GetLocalTime
FindFirstFileW
lstrcmpW
FindNextFileW
TerminateThread
GetExitCodeThread
WideCharToMultiByte
GetWindowsDirectoryA
MoveFileExA
GetProfileIntA
CreateMutexA
OpenEventA
FindFirstFileA
lstrcmpA
FindNextFileA
FindClose
GetSystemInfo
GetModuleHandleW
SetCurrentDirectoryA
CreateProcessA
SetFilePointer
WriteFile
GetACP
SetProcessShutdownParameters
GetComputerNameW
GetVolumeInformationA
RemoveDirectoryA
GetProfileStringA
WriteProfileStringA
DosDateTimeToFileTime
GlobalMemoryStatus
GetThreadSelectorEntry
InterlockedIncrement
InterlockedExchange
SetEvent
CopyFileA
GetComputerNameA
ExpandEnvironmentStringsA
MoveFileA
GetFileSize
ReadFile
GetFileAttributesA
SetFileAttributesA
DeleteFileA
CreateDirectoryA
QueryDosDeviceA
GetDriveTypeW
GetModuleFileNameA
GetCommandLineA
OpenMutexA
GetLastError
SetErrorMode
SetUnhandledExceptionFilter
GetModuleHandleA
FreeLibraryAndExitThread
GetCurrentProcessId
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
TerminateProcess
GetThreadContext
EnumResourceTypesA
EndUpdateResourceA
UpdateResourceA
BeginUpdateResourceA
VirtualProtect
FlushInstructionCache
SetThreadContext
WriteProcessMemory
ReadProcessMemory
VirtualProtectEx
VirtualFreeEx
VirtualAllocEx
VirtualQueryEx
VirtualQuery
CreateProcessW
GetThreadPriority
GetTempPathA
GetTempPathW
WaitForMultipleObjects
ResetEvent
CreateEventA
Sleep
lstrcatA
LoadLibraryExA
GetSystemDirectoryA
FreeLibrary
MultiByteToWideChar
GetVersionExA
LoadLibraryA
GetProcAddress
CreateFileA
CloseHandle
DeviceIoControl
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObject
GetTickCount
DeleteCriticalSection
InitializeCriticalSection
GetEnvironmentVariableW
CopyFileW
RemoveDirectoryW
SetVolumeLabelA
GetOEMCP

user32

DestroyMenu
InflateRect
wvsprintfA
RemoveMenu
AppendMenuA
GetSysColorBrush
MoveWindow
IsDialogMessageA
ScrollWindowEx
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
GetDlgItemTextA
GetDlgItemInt
CheckRadioButton
CheckDlgButton
GetMenuStringA
DeleteMenu
InsertMenuA
SetWindowTextA
PtInRect
LoadStringA
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
UnregisterClassA
LoadIconA
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
GetSysColor
SetFocus
AdjustWindowRectEx
ScreenToClient
DeferWindowPos
BeginDeferWindowPos
EndDeferWindowPos
ScrollWindow
GetScrollInfo
SetScrollInfo
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
IsChild
GetCapture
WinHelpA
GetClassInfoA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
TrackPopupMenu
SetWindowPlacement
GetDlgCtrlID
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
SetForegroundWindow
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
CharUpperA
CopyRect
GetClientRect
GetWindowTextLengthA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
GetCursorPos
GetLastActivePopup
IsWindowEnabled
EnableWindow
ShowOwnedPopups
PostQuitMessage
OemToCharA
CharToOemA
MsgWaitForMultipleObjects
IsWindow
GetForegroundWindow
GetWindow
GetDlgItem
DefWindowProcA
RegisterClassA
CreateWindowExA
SetWindowLongA
DestroyWindow
CloseWindow
RegisterWindowMessageA
ShowWindow
SetActiveWindow
GetClassNameA
FindWindowExA
EqualRect
SetRect
IsRectEmpty
UnionRect
ExitWindowsEx
PostMessageA
wsprintfW
wsprintfA
GetWindowTextW
GetWindowTextA
GetDesktopWindow
EnumChildWindows
EnumWindows
IsWindowVisible
GetParent
GetWindowLongA
GetWindowThreadProcessId
EnumDesktopWindows
MessageBoxW
MessageBoxA
OpenWindowStationA
SetProcessWindowStation
CloseWindowStation
GetProcessWindowStation
GetUserObjectInformationA
OpenInputDesktop
OpenDesktopA
GetThreadDesktop
SetThreadDesktop
LoadImageA
GetClassLongA
CopyIcon
GetIconInfo
DestroyIcon
GetDC
ReleaseDC
LoadCursorA
SetCursor
SendMessageTimeoutA
EnumDisplaySettingsA
GetSystemMetrics
SendMessageA
CreateDesktopA
CloseDesktop
PostThreadMessageA
FindWindowA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
GetUserObjectInformationW
OemToCharBuffA
CharToOemBuffA
SetWindowsHookExA

gdi32

DPtoLP
CreateFontIndirectA
SetRectRgn
GetMapMode
CreateDCA
CopyMetaFileA
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateDIBPatternBrushPt
CreatePatternBrush
CreateHatchBrush
CreateSolidBrush
ExtCreatePen
CreatePen
GetWindowExtEx
GetViewportExtEx
DeleteDC
PolyDraw
PolylineTo
SetColorAdjustment
PolyBezierTo
DeleteObject
GetDeviceCaps
GetPaletteEntries
GetStockObject
GdiFlush
StretchBlt
SetStretchBltMode
BitBlt
SetDIBColorTable
CreateDIBSection
SetPixel
SelectObject
CreateCompatibleBitmap
GetClipRgn
SelectClipPath
ExtSelectClipRgn
GetBitmapBits
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
SetDIBits
GetDIBits
GetObjectA
CombineRgn
CreateRectRgnIndirect
CreateRectRgn
GetRegionData
CreateBitmap
PatBlt
GetDCOrgEx
GetClipBox
SetTextColor
SetBkColor
StartDocA
SaveDC
RestoreDC
SelectPalette
SetBkMode
SetPolyFillMode
SetROP2
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
SelectClipRgn
ExcludeClipRect
IntersectClipRect
OffsetClipRgn
MoveToEx
LineTo
SetTextAlign
SetTextJustification
SetTextCharacterExtra
SetMapperFlags
GetCurrentPositionEx
ArcTo
SetArcDirection
CreateCompatibleDC

comdlg32

GetFileTitleA

winspool.drv

FreePrinterNotifyInfo
FindNextPrinterChangeNotification
FindFirstPrinterChangeNotification
FindClosePrinterChangeNotification
EnumPortsA
EnumJobsA
EnumPrintersA
OpenPrinterW
GetPrinterW
GetJobA
AddPrinterA
DeletePrinter
OpenPrinterA
DocumentPropertiesA
ClosePrinter
GetPrinterA

advapi32

RegOpenKeyW
GetTokenInformation
LookupAccountSidA
OpenProcessToken
LookupAccountSidW
LookupAccountNameW
QueryServiceStatus
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegEnumKeyA
RegConnectRegistryA
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyA
RegQueryValueA
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW
RegSetValueA
RegCreateKeyExA
RegSetKeySecurity
GetLengthSid
InitializeSecurityDescriptor
InitializeAcl
AddAccessAllowedAce
GetAce
SetSecurityDescriptorDacl
LookupAccountNameA
ControlService
StartServiceA
DeleteService
LockServiceDatabase
CreateServiceA
UnlockServiceDatabase
RegUnLoadKeyA
RegLoadKeyA
EnumServicesStatusA
RegUnLoadKeyW
RegLoadKeyW
RegQueryInfoKeyA
RegEnumValueA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
RegNotifyChangeKeyValue
CloseServiceHandle
ChangeServiceConfigA
QueryServiceConfigA
OpenServiceA
OpenSCManagerA
RegOpenKeyA
GetUserNameA
SetFileSecurityA
RegSetValueExW
RegCreateKeyW
RegSetValueExA

shell32

SHChangeNotify
SHGetSpecialFolderLocation
SHFileOperationW
DragAcceptFiles
SHFileOperationA
SHGetPathFromIDListA
SHGetFileInfoA

comctl32

ImageList_GetImageCount
ord13
ord14
ImageList_Destroy
ImageList_Create
ImageList_LoadImageA
ImageList_Merge
ImageList_Read
ImageList_Write
ord17

ole32

CoInitializeEx
CoInitialize
CoUninitialize
CoCreateGuid
CoSetProxyBlanket
CoTaskMemFree
CLSIDFromProgID
OleRun
OleDuplicateData
CoTaskMemAlloc
CreateBindCtx
SetConvertStg
WriteFmtUserTypeStg
WriteClassStg
OleRegGetUserType
ReadFmtUserTypeStg
ReadClassStg
StringFromCLSID
CoTreatAsClass
ReleaseStgMedium
CoDisconnectObject
CoCreateInstance

oleaut32

GetErrorInfo
SetErrorInfo
CreateErrorInfo
SysAllocStringLen
SysStringLen
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayUnlock
SysReAllocStringLen
SysAllocStringByteLen
SafeArrayLock
SysFreeString
VariantChangeType
VariantCopy
VariantClear
VariantInit
SysAllocString
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
SafeArrayRedim
SafeArrayCreateVector
SysStringByteLen
VarCyFromStr
VarBstrFromCy
VarDateFromStr
VarBstrFromDate
SafeArrayCopy
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayGetElement
SafeArrayPtrOfIndex
SafeArrayPutElement

setupapi

SetupInstallFileA

shlwapi

PathFileExistsA

mpr

WNetGetConnectionA

Exports

Exports

AddDbgStr
AddDbgThread
DelDbgThread
InjectAgent32
RunAgent32

Sections

.text
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 380KB - Virtual size: 377KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 532KB - Virtual size: 697KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 244KB - Virtual size: 241KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b453d58ed10a61af1ef467e735051ccc

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

56:f5:1b:61:d9:7d:b2:8c:df:fd:e6:ba:2d:15:90:4aCertificate

Extended Key Usages

Key Usages

3e:e7:8d:87:56:f2:ea:67:b2:4d:36:91:75:eb:5c:42:e7:d7:bd:16Signer

Signature Validations

Verification

05/04/2012, 06:48 Valid: false

Headers

File Characteristics

Imports

ws2_32

version

netapi32

rpcrt4

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

ole32

oleaut32

setupapi

shlwapi

mpr

Exports

Exports

Sections

.text Size: 3.6MB - Virtual size: 3.6MB

.rdata Size: 380KB - Virtual size: 377KB

.data Size: 532KB - Virtual size: 697KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 244KB - Virtual size: 241KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

56:f5:1b:61:d9:7d:b2:8c:df:fd:e6:ba:2d:15:90:4a
Certificate

3e:e7:8d:87:56:f2:ea:67:b2:4d:36:91:75:eb:5c:42:e7:d7:bd:16
Signer

05/04/2012, 06:48
Valid: false

.text
Size: 3.6MB - Virtual size: 3.6MB

.rdata
Size: 380KB - Virtual size: 377KB

.data
Size: 532KB - Virtual size: 697KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 244KB - Virtual size: 241KB