ca18fa87927bda78adc7e6a3f35a452663790d4d79ca1dfc40312e76eafe4b90

Sharing

Copy URL Twitter E-mail

General

Target

ca18fa87927bda78adc7e6a3f35a452663790d4d79ca1dfc40312e76eafe4b90
Size

363KB
MD5

07326e8a22bccaaf70552c0fd30f567c
SHA1

1d0ae5ed227d10e2d8ff2355b27c29af3c55ec59
SHA256

ca18fa87927bda78adc7e6a3f35a452663790d4d79ca1dfc40312e76eafe4b90
SHA512

962e331a779d4f779b9aee53fe70e22b4255885818ba5f40eb4fe1c4c1c6f1782b1d19094e5a5d788d527ed30a4e343c4ba5307a5aaad5b844008c5bcd0c231a
SSDEEP

6144:7JhLx8coo7lvcmRwGNjqJn0Mb0ikZwZEu5SDrG:/LJoURckAJ0MbzkZ7vrG

Score

N/A

Malware Config

Signatures

Files

ca18fa87927bda78adc7e6a3f35a452663790d4d79ca1dfc40312e76eafe4b90
.dll windows x86

add5d8bd3d16bfe24df181bd4abe89e7

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

56:f5:1b:61:d9:7d:b2:8c:df:fd:e6:ba:2d:15:90:4a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

13/08/2010, 00:00

Not After

12/08/2013, 23:59

Subject

CN=T.E.C Solutions (G.Z.)Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=T.E.C Solutions (G.Z.)Limited,L=Guangzhou,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

19:24:9d:4b:70:76:1b:84:a8:47:2d:ca:67:a9:f8:0b:82:ac:54:35
Signer

Actual PE Digest

19:24:9d:4b:70:76:1b:84:a8:47:2d:ca:67:a9:f8:0b:82:ac:54:35

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=T.E.C Solutions (G.Z.)Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=T.E.C Solutions (G.Z.)Limited,L=Guangzhou,ST=Guangdong,C=CN

01/07/2013, 12:20
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

UnlockFile
MoveFileA
DeleteFileA
GetVolumeInformationA
GetFullPathNameA
GetStringTypeExA
GetThreadLocale
GetShortPathNameA
GetCPInfo
GetOEMCP
GetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFileTime
SetFileAttributesA
FileTimeToSystemTime
FileTimeToLocalFileTime
RtlUnwind
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetCommandLineA
HeapAlloc
HeapFree
ExitProcess
TerminateProcess
ExitThread
RaiseException
HeapSize
HeapReAlloc
GetACP
FatalAppExitA
LCMapStringA
LCMapStringW
Sleep
LockFile
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
UnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
SetStdHandle
SetConsoleCtrlHandler
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
FlushFileBuffers
DuplicateHandle
GetProcessVersion
FreeLibrary
FindResourceA
LoadResource
LockResource
GlobalGetAtomNameA
FormatMessageW
lstrlenW
FindResourceExA
GetExitCodeThread
TerminateThread
ResetEvent
GlobalAddAtomA
GlobalFindAtomA
GetCurrentDirectoryA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
GlobalFlags
MulDiv
SetLastError
GetVersion
lstrcpynA
lstrcpyA
lstrcatA
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
GlobalUnlock
GlobalFree
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
FormatMessageA
lstrlenA
InterlockedDecrement
InterlockedIncrement
CreateEventA
SuspendThread
SetThreadPriority
ResumeThread
SetEvent
GetModuleFileNameA
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
OutputDebugStringW
OutputDebugStringA
GetStdHandle
WriteConsoleA
AllocConsole
FreeConsole
CompareFileTime
GetFileSize
ReadFile
SetFilePointer
WriteFile
SetEndOfFile
GetFileAttributesA
CopyFileA
WaitForSingleObject
FindFirstFileW
FindNextFileW
FindFirstFileA
FindNextFileA
FindClose
GetLastError
LoadLibraryA
LocalFree
OpenProcess
GetCurrentProcess
CreateThread
GetSystemDirectoryA
CreateFileA
GetFileInformationByHandle
CloseHandle
GetCurrentProcessId
GetCurrentThreadId
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetModuleHandleA
GetProcAddress
SetHandleCount
GetSystemInfo

user32

GetClassLongA
CreateWindowExA
DestroyWindow
SetWindowPlacement
TrackPopupMenu
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
IsChild
GetTopWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
ShowScrollBar
SetScrollInfo
GetScrollInfo
ScrollWindow
EndDeferWindowPos
CopyRect
BeginDeferWindowPos
GetClientRect
DeferWindowPos
EqualRect
AdjustWindowRectEx
IsWindow
SetActiveWindow
GetSysColor
MapWindowPoints
UpdateWindow
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
CharUpperA
DestroyMenu
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
SetFocus
ShowWindow
SetWindowPos
MoveWindow
SetWindowLongA
GetWindowTextLengthA
IsDialogMessageA
ScrollWindowEx
IsDlgButtonChecked
SetDlgItemTextA
SetPropA
SendDlgItemMessageA
GetDlgItemTextA
GetDlgItemInt
GetDlgItem
CheckRadioButton
CheckDlgButton
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ScreenToClient
GetMenuStringA
DeleteMenu
InsertMenuA
GetMenuItemCount
wsprintfA
GetDesktopWindow
SetWindowTextA
ClientToScreen
GetWindow
GetDlgCtrlID
PtInRect
GetClassNameA
UnregisterClassA
UnhookWindowsHookEx
OemToCharA
CharToOemA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
CloseDesktop
SetThreadDesktop
GetThreadDesktop
OpenDesktopA
OpenInputDesktop
GetUserObjectInformationA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetLastActivePopup
IsWindowEnabled
EnableWindow
SetCursor
ShowOwnedPopups
SendMessageA
PostMessageA
PostQuitMessage
EnumWindows
GetPropA
SetDlgItemInt
CallWindowProcA
IsWindowVisible
GetParent
CloseWindowStation
SetProcessWindowStation
OpenWindowStationA
MessageBoxA
GetWindowLongA
GetWindowTextA
GetWindowThreadProcessId
EnumDesktopWindows
GetWindowRect

gdi32

OffsetClipRgn
MoveToEx
LineTo
SetTextAlign
SetTextJustification
SetTextCharacterExtra
SetMapperFlags
GetCurrentPositionEx
ArcTo
SetArcDirection
PolyDraw
PolylineTo
SetColorAdjustment
PolyBezierTo
GetClipRgn
CreateRectRgn
SelectClipPath
ExtSelectClipRgn
PlayMetaFileRecord
SelectClipRgn
EnumMetaFile
StartDocA
PlayMetaFile
GetDeviceCaps
GetViewportExtEx
GetWindowExtEx
CreatePen
IntersectClipRect
CreateSolidBrush
CreateHatchBrush
CreatePatternBrush
CreateDIBPatternBrushPt
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetDCOrgEx
GetObjectA
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
SetBkColor
ExtCreatePen
ExcludeClipRect
SelectPalette
GetStockObject
SelectObject
RestoreDC
GetObjectType
CreateBitmap
DeleteDC
DeleteObject
SaveDC

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegEnumValueA
RegEnumKeyA
RegSetValueExW
RegQueryValueExW
RegConnectRegistryA
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegOpenKeyA
GetUserNameA
GetTokenInformation
LookupAccountSidA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyA
RegQueryValueExA
RegCloseKey
RegQueryInfoKeyA

shell32

DragAcceptFiles
SHGetFileInfoA

comctl32

ord17

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

oleaut32

SysReAllocStringLen
SysAllocStringLen

Exports

Exports

Control
Start
Stop
TGetLogConfig
TSBAllowAgentModule
TSBAllowModule
TSetLogConfig
Valid

Sections

.text
Size: 260KB - Virtual size: 258KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

TLCONFIG
Size: 4KB - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

add5d8bd3d16bfe24df181bd4abe89e7

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

56:f5:1b:61:d9:7d:b2:8c:df:fd:e6:ba:2d:15:90:4aCertificate

Extended Key Usages

Key Usages

19:24:9d:4b:70:76:1b:84:a8:47:2d:ca:67:a9:f8:0b:82:ac:54:35Signer

Signature Validations

Verification

01/07/2013, 12:20 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

version

oleaut32

Exports

Exports

Sections

.text Size: 260KB - Virtual size: 258KB

.rdata Size: 36KB - Virtual size: 32KB

.data Size: 20KB - Virtual size: 40KB

TLCONFIG Size: 4KB - Virtual size: 276B

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 20KB - Virtual size: 17KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

56:f5:1b:61:d9:7d:b2:8c:df:fd:e6:ba:2d:15:90:4a
Certificate

19:24:9d:4b:70:76:1b:84:a8:47:2d:ca:67:a9:f8:0b:82:ac:54:35
Signer

01/07/2013, 12:20
Valid: false

.text
Size: 260KB - Virtual size: 258KB

.rdata
Size: 36KB - Virtual size: 32KB

.data
Size: 20KB - Virtual size: 40KB

TLCONFIG
Size: 4KB - Virtual size: 276B

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 20KB - Virtual size: 17KB