SymRedir[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

SymRedir.dll
Size

157KB
MD5

a4aac583dd6cadaaa721eaaa0b60f0ac
SHA1

e7460c45dfac2cf7d47cf2025b77030f7b9b41f2
SHA256

23bf638f97934a60096a5d089d688784b52e455c5584c337fc2118823963e9ed
SHA512

e1727d2ab3abc3f438eb3afb299c3bf705cb13b5f125043df0ed61be715d92e595f90619f51d89693fe5a2837af33d2f7622f93e81d19901a94c04699dfe8262
SSDEEP

3072:nr5Ogr6r3K1qYO4rHqf825pypbSj+WZsryYU603hzNmmBX5a2sg9VUbiGcDJHbjZ:+r3K1qUHD6pay0+Bgvg9VUbiGcDJHbjZ

Score

N/A

Malware Config

Signatures

Files

SymRedir.dll
.dll windows x86

3ad60f6711be02dcdb9c50932ceeb1d0

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04-12-2003 00:00

Not After

03-12-2008 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2009 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4b:da:43:8e:69:27:c9:46:a4:9a:dd:3e:6a:c9:da:d2
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

09-11-2004 00:00

Not After

21-11-2005 23:59

Subject

CN=Symantec Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Symantec Research Labs,O=Symantec Corporation,L=Santa Monica,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

10:9b:4c:ec:c0:c3:a7:e2:66:2e:55:28:c2:00:3c:aa:60:48:ad:4d
Signer

Actual PE Digest

10:9b:4c:ec:c0:c3:a7:e2:66:2e:55:28:c2:00:3c:aa:60:48:ad:4d

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Symantec Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Symantec Research Labs,O=Symantec Corporation,L=Santa Monica,ST=California,C=US

15-12-2022 14:03
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

connect
WSARecv
recv
inet_addr
WSASend
WSAGetLastError
accept
WSAStartup
bind
listen
WSACleanup
WSASocketA
setsockopt
htons

kernel32

lstrlenA
FreeLibrary
GetProcAddress
LoadLibraryA
lstrcatA
lstrcpyA
GetModuleFileNameA
CreateDirectoryA
GetWindowsDirectoryA
CloseHandle
DeviceIoControl
CreateFileA
InterlockedDecrement
GetCurrentProcessId
lstrlenW
GetModuleHandleA
MultiByteToWideChar
WideCharToMultiByte
DeleteCriticalSection
LoadResource
FindResourceA
LoadLibraryExA
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
CreateEventA
InitializeCriticalSectionAndSpinCount
SetEvent
WaitForSingleObjectEx
Sleep
GetCurrentThreadId
CreateThread
GetExitCodeThread
WaitForMultipleObjects
InitializeCriticalSection
RaiseException
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
WaitForMultipleObjectsEx
OpenSemaphoreA
GetLastError
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
OutputDebugStringA
FlushFileBuffers
GetFileSize
SetEndOfFile
DeleteFileA
HeapFree
GetProcessHeap
GlobalAlloc
VirtualFree
HeapSize
HeapAlloc
VirtualAlloc
GetSystemInfo
HeapReAlloc
GlobalFree
SizeofResource
CreateSemaphoreA
ResetEvent
PulseEvent
ReleaseSemaphore
TryEnterCriticalSection
GetCurrentThread
GetCurrentProcess
WriteFile
ReadFile
SetFilePointer
OpenMutexA
CreateMutexA
IsBadStringPtrA
OpenProcess
CreateFileMappingA
OpenEventA
LocalAlloc
LocalFree
SetErrorMode
GetFileAttributesA
VirtualQuery
lstrcmpA
GetSystemDirectoryA
WaitForSingleObject
ReleaseMutex
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
ExitProcess

user32

MsgWaitForMultipleObjects
CharPrevA
PostQuitMessage
MsgWaitForMultipleObjectsEx
PeekMessageA
DispatchMessageA
CharNextA
MessageBoxA
UnregisterClassA
wsprintfA
TranslateMessage

advapi32

RegDeleteKeyA
RegEnumKeyExA
RegQueryInfoKeyA
RegDeleteValueA
CreateServiceA
StartServiceA
RegQueryValueExA
DeleteService
RegOpenKeyExA
RegCreateKeyExA
RegEnumKeyA
RegEnumValueA
RegSetValueExA
RegCloseKey
GetUserNameA
OpenSCManagerA
OpenServiceA
QueryServiceConfigA
ChangeServiceConfigA
CloseServiceHandle
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegOpenKeyA
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
OpenProcessToken

ole32

CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
StringFromIID
CoCreateInstance

oleaut32

VarUI4FromStr

msvcr71

_initterm
_adjust_fdiv
__CppXcptFilter
?terminate@@YAXXZ
memset
memmove
strtoul
atoi
strncpy
strstr
calloc
_CxxThrowException
realloc
??_U@YAPAXI@Z
??_V@YAXPAX@Z
_resetstkoflw
_purecall
??1type_info@@UAE@XZ
_except_handler3
malloc
free
??2@YAPAXI@Z
??3@YAXPAX@Z
_mbsicmp
_mbschr
vsprintf
_strdup
_mbsstr
_mbsnbcpy
_mbslen
??1exception@@UAE@XZ
??0exception@@QAE@XZ
??0exception@@QAE@ABV0@@Z
_mbsnbicmp
_snprintf
_vsnprintf
_onexit
__dllonexit
__CxxFrameHandler
__security_error_handler

shlwapi

SHDeleteEmptyKeyA
SHDeleteKeyA
PathAddBackslashA
PathIsUNCA
PathSkipRootA

msvcp71

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

Exports

Exports

?SRControl@@YAKKPAXK0KPAK@Z
GetFactory
GetObjectCount
_AreComponentsInstalled@4
_NISInstallNISDRV@4

Sections

.text
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3ad60f6711be02dcdb9c50932ceeb1d0

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0aCertificate

Extended Key Usages

Key Usages

4b:da:43:8e:69:27:c9:46:a4:9a:dd:3e:6a:c9:da:d2Certificate

Extended Key Usages

Key Usages

10:9b:4c:ec:c0:c3:a7:e2:66:2e:55:28:c2:00:3c:aa:60:48:ad:4dSigner

Signature Validations

Verification

15-12-2022 14:03 Valid: false

Headers

File Characteristics

Imports

ws2_32

kernel32

user32

advapi32

ole32

oleaut32

msvcr71

shlwapi

msvcp71

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 98KB

.rdata Size: 32KB - Virtual size: 29KB

.data Size: 4KB - Virtual size: 18KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 6KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

4b:da:43:8e:69:27:c9:46:a4:9a:dd:3e:6a:c9:da:d2
Certificate

10:9b:4c:ec:c0:c3:a7:e2:66:2e:55:28:c2:00:3c:aa:60:48:ad:4d
Signer

15-12-2022 14:03
Valid: false

.text
Size: 100KB - Virtual size: 98KB

.rdata
Size: 32KB - Virtual size: 29KB

.data
Size: 4KB - Virtual size: 18KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 6KB