CfgWzRes[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

CfgWzRes.dll
Size

514KB
MD5

7b3abda0eca779f9ff7afa68045574b9
SHA1

9aa7932e10b1f7b88ac089bd643bfe87b0629ea3
SHA256

38d024f7fb6c1101a679df8214e3c9151a662cf26ec1fc75179e40bc30d5f091
SHA512

9fe1ea0b4e353f56a5f9ef8cbfc9443a2a2461d0c8694a4f4ef73971a5cb8a9a4bc6b5388b376a6d869c516f4daa4825a8f681cc3e866096cf96f686d08025a2
SSDEEP

12288:tEDSU1iblRRsKyWBgZd0sIXEQdXzCULH8:GrUL4Zd0sIX5dmULH8

Score

N/A

Malware Config

Signatures

Files

CfgWzRes.dll
.dll windows x86

fe009acf1cc018783a5fa6eb8409948c

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2009, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4b:da:43:8e:69:27:c9:46:a4:9a:dd:3e:6a:c9:da:d2
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

09/11/2004, 00:00

Not After

21/11/2005, 23:59

Subject

CN=Symantec Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Symantec Research Labs,O=Symantec Corporation,L=Santa Monica,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

e3:d5:50:01:0e:95:cf:c4:e5:39:81:d6:a9:07:d8:ed:84:1c:ad:19
Signer

Actual PE Digest

e3:d5:50:01:0e:95:cf:c4:e5:39:81:d6:a9:07:d8:ed:84:1c:ad:19

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Symantec Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Symantec Research Labs,O=Symantec Corporation,L=Santa Monica,ST=California,C=US

15/12/2022, 14:00
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

symneti

ord6
ord9
ord13
ord38
ord85

shfolder

SHGetFolderPathA
SHGetFolderPathW

imagehlp

ImageNtHeader
MapAndLoad
UnMapAndLoad

kernel32

GetFileAttributesA
SetEndOfFile
GetSystemTimeAsFileTime
QueryPerformanceCounter
ExitProcess
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetCurrentProcessId
SetFilePointer
ReadFile
WriteFile
GetTempPathA
GetCurrentDirectoryA
OpenMutexA
CreateMutexA
GetWindowsDirectoryA
GetLastError
InterlockedIncrement
InterlockedDecrement
LocalAlloc
lstrlenA
FormatMessageA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
GetCurrentThreadId
GetProcAddress
FreeLibrary
LocalFree
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetSystemInfo
WaitForSingleObject
LoadLibraryExA
lstrcatA
DeleteFileA
SetFileAttributesA
GetUserDefaultLCID
GetModuleHandleA
GetPrivateProfileStringA
lstrlenW
GetModuleFileNameA
LoadLibraryA
GetPrivateProfileIntA
lstrcpyA
RaiseException
GetShortPathNameA
DisableThreadLibraryCalls
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
UnmapViewOfFile
GetFileSize
MapViewOfFile
CloseHandle
CreateFileMappingA
CreateFileA
GetTickCount
WaitForMultipleObjects
CreateProcessA
OutputDebugStringA

user32

CharPrevA
EnumThreadWindows
EnumChildWindows
IsWindow
GetClassNameA
IsWindowEnabled
IsWindowVisible
GetWindowLongA
GetParent
MsgWaitForMultipleObjects
FindWindowA
GetSystemMetrics
LoadStringA
MessageBoxA
PeekMessageA
TranslateMessage
DispatchMessageA
wsprintfA
wvsprintfA
CharLowerBuffA
CharNextA

ole32

CoUninitialize
OleRun
CoCreateInstance
CoInitializeEx
CLSIDFromProgID
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CLSIDFromString

oleaut32

SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantChangeType
VarUI4FromStr
SysStringLen
SysAllocString
SysFreeString
SafeArrayPutElement
VariantClear
VarBstrCmp
GetErrorInfo
VariantInit

msvcp71

??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?_Nomemory@std@@YAXXZ
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?ends@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?width@ios_base@std@@QAEHH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
?setf@ios_base@std@@QAEHHH@Z
??1strstream@std@@UAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1strstreambuf@std@@UAE@XZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?freeze@strstreambuf@std@@QAEX_N@Z
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Init@strstreambuf@std@@IAEXHPAD0H@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?overflow@strstreambuf@std@@MAEHH@Z
?pbackfail@strstreambuf@std@@MAEHH@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?underflow@strstreambuf@std@@MAEHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHPADH@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHPBDH@Z
?seekoff@strstreambuf@std@@MAE?AV?$fpos@H@2@JHH@Z
?seekpos@strstreambuf@std@@MAE?AV?$fpos@H@2@V32@H@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PADH@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z

msvcr71

_wcsicmp
??0exception@@QAE@ABV0@@Z
_CxxThrowException
rand
srand
time
_purecall
memcmp
_mbschr
_mbsnbcpy
_mbspbrk
_mbslen
free
_vscwprintf
vswprintf
memcpy
?what@exception@@UBEPBDXZ
memset
_mktime64
_localtime64
strcpy
strlen
_vscprintf
vsprintf
malloc
_mbscmp
wcslen
strcat
_time64
sprintf
strftime
wcscpy
isdigit
??0exception@@QAE@ABQBD@Z
_splitpath
_mbsstr
_mbsnbicmp
_mbsrchr
_except_handler3
_resetstkoflw
realloc
strncpy
atoi
_snprintf
swprintf
wcsrchr
_strtime
_strdate
_vsnprintf
_callnewh
??1type_info@@UAE@XZ
__security_error_handler
__dllonexit
_onexit
?terminate@@YAXXZ
_initterm
_adjust_fdiv
__CppXcptFilter
_strcmpi
_stricmp
__CxxFrameHandler
??_V@YAXPAX@Z
??3@YAXPAX@Z
memmove
??1exception@@UAE@XZ
??0exception@@QAE@XZ

Exports

Exports

SimonGetClassObject
SimonModuleGetLockCount

Sections

.text
Size: 186KB - Virtual size: 186KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 191KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fe009acf1cc018783a5fa6eb8409948c

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0aCertificate

Extended Key Usages

Key Usages

4b:da:43:8e:69:27:c9:46:a4:9a:dd:3e:6a:c9:da:d2Certificate

Extended Key Usages

Key Usages

e3:d5:50:01:0e:95:cf:c4:e5:39:81:d6:a9:07:d8:ed:84:1c:ad:19Signer

Signature Validations

Verification

15/12/2022, 14:00 Valid: false

Headers

File Characteristics

Imports

symneti

shfolder

imagehlp

kernel32

user32

ole32

oleaut32

msvcp71

msvcr71

Exports

Exports

Sections

.text Size: 186KB - Virtual size: 186KB

.rdata Size: 90KB - Virtual size: 90KB

.data Size: 11KB - Virtual size: 16KB

.rsrc Size: 191KB - Virtual size: 191KB

.reloc Size: 28KB - Virtual size: 27KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

4b:da:43:8e:69:27:c9:46:a4:9a:dd:3e:6a:c9:da:d2
Certificate

e3:d5:50:01:0e:95:cf:c4:e5:39:81:d6:a9:07:d8:ed:84:1c:ad:19
Signer

15/12/2022, 14:00
Valid: false

.text
Size: 186KB - Virtual size: 186KB

.rdata
Size: 90KB - Virtual size: 90KB

.data
Size: 11KB - Virtual size: 16KB

.rsrc
Size: 191KB - Virtual size: 191KB

.reloc
Size: 28KB - Virtual size: 27KB