ccLgView[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

ccLgView.exe
Size

253KB
MD5

40c36181ea76beeca95cf73547f98598
SHA1

c719119398f978aae18b48f154219f32f62e0593
SHA256

ec74c171a7d99788333e4ad4aa4663c21a3c0a4389ea96e027d6f45ed3804c91
SHA512

d4d03827b306f31e604dc0e8eafcedb66d78e613b69d11c3d43c55d774591d783516a2648940030ed747eee52c7854c6ddc0cde2134606a96cca738546627af8
SSDEEP

3072:DQ4ZI1/gVr5wLmlhK3W+GGMG8UDlCHyxPpuR2sH+i8sFlTJffRaSh1MaN5WFSYso:02hyq8kUJC6BuR2a4cjffRaSoSY

Score

N/A

Malware Config

Signatures

Files

ccLgView.exe
.exe windows x86

bf32b3b76ba2f6e5567bf03e524260ff

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2009, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4b:da:43:8e:69:27:c9:46:a4:9a:dd:3e:6a:c9:da:d2
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

09/11/2004, 00:00

Not After

21/11/2005, 23:59

Subject

CN=Symantec Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Symantec Research Labs,O=Symantec Corporation,L=Santa Monica,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

8a:84:db:62:35:d9:9b:e2:1c:78:5f:b7:2c:cd:e6:49:cc:2b:2f:47
Signer

Actual PE Digest

8a:84:db:62:35:d9:9b:e2:1c:78:5f:b7:2c:cd:e6:49:cc:2b:2f:47

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Symantec Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Symantec Research Labs,O=Symantec Corporation,L=Santa Monica,ST=California,C=US

15/12/2022, 13:59
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_AddMasked
ImageList_Create
ImageList_Destroy
PropertySheetA
InitCommonControlsEx

kernel32

GetCurrentProcess
HeapAlloc
GetCurrentThreadId
LoadLibraryA
IsDBCSLeadByte
lstrlenW
GetTimeFormatA
GetDateFormatA
DeleteFileA
CloseHandle
WriteFile
GetLastError
CreateFileA
SetCurrentDirectoryA
MulDiv
SizeofResource
LockResource
LoadResource
FindResourceA
lstrcatA
FindResourceExA
InterlockedIncrement
InterlockedDecrement
FreeLibrary
GetModuleHandleA
MultiByteToWideChar
GetModuleFileNameA
LoadLibraryExA
lstrcmpiA
lstrcpynA
GetProcAddress
lstrcpyA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
ExitProcess
HeapSize
HeapReAlloc
HeapDestroy
LocalFree
InitializeCriticalSection
DeleteCriticalSection
HeapFree
GetProcessHeap
GlobalUnlock
GlobalFree
GlobalLock
GlobalAlloc
GlobalReAlloc
FlushInstructionCache
LocalAlloc
lstrlenA
FormatMessageA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
RaiseException

user32

SystemParametersInfoA
GetClientRect
MapWindowPoints
SetWindowPos
ShowWindow
UpdateWindow
GetWindowLongA
LoadCursorA
SetCursor
MsgWaitForMultipleObjectsEx
DrawTextA
PeekMessageA
TranslateMessage
DispatchMessageA
DialogBoxParamA
LoadStringA
CharNextA
SetClipboardData
CloseClipboard
UnregisterClassA
wsprintfA
EndDialog
SendMessageA
GetDlgItem
SetWindowTextA
LoadIconA
SetWindowLongA
EmptyClipboard
OpenClipboard
GetWindowRect
PostMessageA
SetForegroundWindow
GetKeyState
LoadImageA
SetCapture
GetCapture
GetWindowDC
EndPaint
DrawEdge
BeginPaint
GetSystemMetrics
GetMessagePos
PtInRect
ReleaseCapture
DeleteMenu
GetCursorPos
ScreenToClient
GetMenuItemCount
InsertMenuA
TrackPopupMenu
DestroyMenu
GetSysColorBrush
FillRect
GetSysColor
SetRectEmpty
GetSubMenu
EnableMenuItem
GetFocus
IsChild
DefWindowProcA
GetWindow
GetParent
GetClassInfoExA
CreateWindowExA
RegisterClassExA
LoadMenuA
GetMessageA
CopyRect
DrawTextExA
PostQuitMessage
DestroyWindow
SetFocus
CallWindowProcA
GetMenu
GetWindowPlacement
GetDC
ReleaseDC
InvalidateRect
MessageBoxA
IsDialogMessageA
IsWindow

gdi32

CreateBitmap
CreatePatternBrush
PatBlt
CreateSolidBrush
SetTextColor
SetBkMode
CreateCompatibleDC
GetDeviceCaps
StartDocA
EndDoc
DeleteDC
StartPage
EndPage
GetObjectA
CreateFontIndirectA
SelectObject
GetTextExtentPointA
TextOutA
MoveToEx
LineTo
DeleteObject

comdlg32

GetSaveFileNameA
PrintDlgA

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance

oleaut32

SysAllocString
VariantInit
VariantCopy
VariantChangeType
VariantClear
VariantTimeToSystemTime
VarUI4FromStr
SysFreeString
SysAllocStringLen

msvcp71

?_Nomemory@std@@YAXXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@V312@0@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z

ccl40

ord1450
ord1455
ord1452
ord324
ord573
ord576
ord585
ord577
ord574
ord140
ord158
ord139
ord157
ord1092
ord141
ord937
ord938
ord1093
ord493
ord1178
ord1176
ord1174
ord529
ord1756
ord1334
ord1689
ord1754
ord1757
ord1761
ord1804
ord1298
ord1301
ord1289
ord1299
ord1297
ord1755
ord1303
ord1284
ord1286
ord1295
ord1691

msvcr71

memset
??3@YAXPAX@Z
memmove
??1exception@@UAE@XZ
??0exception@@QAE@XZ
__CxxFrameHandler
free
??0exception@@QAE@ABV0@@Z
_CxxThrowException
??_V@YAXPAX@Z
_mbsinc
_mbsncmp
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
?terminate@@YAXXZ
_onexit
__dllonexit
__security_error_handler
??1type_info@@UAE@XZ
_callnewh
_except_handler3
_mbsnbcpy
_resetstkoflw
_purecall
realloc
_mbsstr
sprintf
_mbsnbcat
atoi
_beginthreadex
vsprintf
_vscprintf
_strdup
_mbschr
_wcsicmp
strtoul
malloc
_ismbcdigit
strtol
_mbslwr
_mbsnicmp

Sections

.text
Size: 152KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bf32b3b76ba2f6e5567bf03e524260ff

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0aCertificate

Extended Key Usages

Key Usages

4b:da:43:8e:69:27:c9:46:a4:9a:dd:3e:6a:c9:da:d2Certificate

Extended Key Usages

Key Usages

8a:84:db:62:35:d9:9b:e2:1c:78:5f:b7:2c:cd:e6:49:cc:2b:2f:47Signer

Signature Validations

Verification

15/12/2022, 13:59 Valid: false

Headers

File Characteristics

Imports

comctl32

kernel32

user32

gdi32

comdlg32

ole32

oleaut32

msvcp71

ccl40

msvcr71

Sections

.text Size: 152KB - Virtual size: 148KB

.rdata Size: 44KB - Virtual size: 40KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 44KB - Virtual size: 41KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

4b:da:43:8e:69:27:c9:46:a4:9a:dd:3e:6a:c9:da:d2
Certificate

8a:84:db:62:35:d9:9b:e2:1c:78:5f:b7:2c:cd:e6:49:cc:2b:2f:47
Signer

15/12/2022, 13:59
Valid: false

.text
Size: 152KB - Virtual size: 148KB

.rdata
Size: 44KB - Virtual size: 40KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 44KB - Virtual size: 41KB