df16fa3275d52bfa9828f2f9f147b513eadf16bab84a7ceb51d32aac99c815fa

Sharing

Copy URL Twitter E-mail

General

Target

df16fa3275d52bfa9828f2f9f147b513eadf16bab84a7ceb51d32aac99c815fa
Size

846KB
MD5

7485aee63e2e70641d21fe6faeb69084
SHA1

e63508b9aa9cccbb347282d71d27e7d22f6273ee
SHA256

df16fa3275d52bfa9828f2f9f147b513eadf16bab84a7ceb51d32aac99c815fa
SHA512

d9935ac69776f78a250052b1d6338674360ce763761d96a84fbbcbb3e74414a2d21d2dc2bc446bb2aa1e0f67b4c29fd33a62a1b40f97e3a87edd916b3aec7979
SSDEEP

12288:N7dOOkZ5z1OSDIqqpIWPa8YkdLzS3+r7YDK:e8SDHqNDdLz9r7YDK

Score

N/A

Malware Config

Signatures

Files

df16fa3275d52bfa9828f2f9f147b513eadf16bab84a7ceb51d32aac99c815fa
.dll windows x86

6884e66ba7a18e88ee772592fbfc5126

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

56:f5:1b:61:d9:7d:b2:8c:df:fd:e6:ba:2d:15:90:4a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

13/08/2010, 00:00

Not After

12/08/2013, 23:59

Subject

CN=T.E.C Solutions (G.Z.)Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=T.E.C Solutions (G.Z.)Limited,L=Guangzhou,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

66:26:6b:21:83:e5:95:f8:fa:02:65:8e:89:3a:af:15:f2:c0:ba:2a
Signer

Actual PE Digest

66:26:6b:21:83:e5:95:f8:fa:02:65:8e:89:3a:af:15:f2:c0:ba:2a

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=T.E.C Solutions (G.Z.)Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=T.E.C Solutions (G.Z.)Limited,L=Guangzhou,ST=Guangdong,C=CN

05/04/2012, 06:27
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winimhc3

SetPhotoWarningFlag
SetPhotoFlagType
SetNotRecordContentType
DbgInfo
SetIMTypeHooked
SetIMAgentInfo

kernel32

TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
SetErrorMode
lstrcatW
GetVersion
SetLastError
GetFileSize
GetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFileTime
MulDiv
GlobalFlags
GetPrivateProfileIntW
WritePrivateProfileStringW
GetCurrentDirectoryW
GlobalFindAtomW
GlobalAddAtomW
LockResource
FindResourceW
LoadLibraryA
GetProcessVersion
GlobalSize
RtlUnwind
RaiseException
HeapFree
HeapAlloc
GetCommandLineA
GetTimeZoneInformation
GetSystemTime
ExitProcess
TerminateProcess
ExitThread
HeapSize
HeapReAlloc
FatalAppExitA
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetHandleCount
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GlobalHandle
GetEnvironmentStrings
GetEnvironmentStringsW
UnhandledExceptionFilter
IsBadCodePtr
GetCPInfo
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetVersionExA
GetStringTypeA
GetStringTypeW
GetOEMCP
SetConsoleCtrlHandler
SetStdHandle
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetLastError
GetSystemDirectoryW
GetCurrentProcessId
CloseHandle
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
FormatMessageW
FindClose
FindNextFileW
lstrcmpW
FindFirstFileW
GetLocalTime
CreateDirectoryW
GetFileAttributesW
GetTickCount
GetModuleFileNameW
WaitForSingleObject
WideCharToMultiByte
MultiByteToWideChar
GetCurrentThreadId
GetProcAddress
GetModuleHandleW
GetFileInformationByHandle
CreateFileA
GetModuleHandleA
CreateThread
GetCurrentProcess
OpenProcess
LocalFree
LoadLibraryW
ResetEvent
TerminateThread
GetExitCodeThread
GlobalMemoryStatus
QueryPerformanceCounter
GlobalFree
TlsAlloc
LocalAlloc
WaitForMultipleObjects
ReleaseSemaphore
CreateSemaphoreW
GlobalUnlock
CreateEventW
SuspendThread
SetThreadPriority
ResumeThread
SetEvent
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpiA
GetCurrentThread
lstrcmpA
FileTimeToLocalFileTime
FindNextFileA
FileTimeToSystemTime
GetShortPathNameW
lstrcmpiW
GetThreadLocale
GetStringTypeExW
GetFullPathNameW
lstrcpynW
GetVolumeInformationW
lstrcpyW
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
ReadFile
DuplicateHandle
LeaveCriticalSection
EnterCriticalSection
AllocConsole
GetStdHandle
WriteConsoleW
FreeConsole
OutputDebugStringW
SetFilePointer
WriteFile
CreateFileW
DeleteCriticalSection
InitializeCriticalSection
GetPrivateProfileStringW
GetProfileStringW
GetVersionExW
lstrlenW
GetACP
FindResourceExW
LoadResource
FormatMessageA
InterlockedDecrement
lstrlenA
InterlockedIncrement
ReleaseMutex
FreeLibrary
IsBadReadPtr
CreateMutexW
OpenMutexW
Sleep
MoveFileW
CopyFileW
SetFileAttributesW
RemoveDirectoryW
DeleteFileW
GetSystemInfo
FindFirstFileA
FreeEnvironmentStringsW

user32

LoadCursorW
GetSysColorBrush
AppendMenuW
RemoveMenu
wvsprintfW
DestroyMenu
MapWindowPoints
GetSysColor
SetActiveWindow
IsWindow
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetClientRect
BeginDeferWindowPos
CopyRect
EndDeferWindowPos
ScrollWindow
GetScrollInfo
SetScrollInfo
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
IsChild
GetCapture
WinHelpW
GetClassInfoW
RegisterClassW
GetMenu
GetSubMenu
GetMenuItemID
TrackPopupMenu
SetWindowPlacement
DefWindowProcW
DestroyWindow
CreateWindowExW
SetPropW
GetPropW
CallWindowProcW
RemovePropW
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
OffsetRect
IntersectRect
SystemParametersInfoW
IsIconic
GetWindowPlacement
SetFocus
LoadIconW
SetWindowPos
MoveWindow
SetWindowLongW
IsDialogMessageW
ScrollWindowEx
IsDlgButtonChecked
SetDlgItemTextW
SetDlgItemInt
SendDlgItemMessageW
GetDlgItemTextW
GetDlgItemInt
GetDlgItem
CheckRadioButton
CheckDlgButton
GrayStringW
DrawTextW
TabbedTextOutW
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ScreenToClient
GetMenuStringW
DeleteMenu
InsertMenuW
MessageBoxA
GetMenuItemCount
SetWindowTextW
ClientToScreen
GetWindowRect
PtInRect
LoadStringW
UnregisterClassW
UnhookWindowsHookEx
MsgWaitForMultipleObjects
GetWindowTextLengthW
LoadBitmapW
GetMenuState
ModifyMenuW
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
PeekMessageW
GetCursorPos
UpdateWindow
ShowWindow
SendDlgItemMessageA
SetWindowsHookExW
GetLastActivePopup
GetProcessWindowStation
IsWindowEnabled
EnableWindow
SetCursor
ShowOwnedPopups
SendMessageW
PostQuitMessage
GetSystemMetrics
CharUpperW
wsprintfW
GetDlgCtrlID
EnumChildWindows
PostMessageW
GetWindowTextA
IsWindowVisible
EnumDesktopWindows
MessageBoxW
SetProcessWindowStation
CloseWindowStation
GetUserObjectInformationW
OpenInputDesktop
OpenDesktopW
GetThreadDesktop
SetThreadDesktop
CloseDesktop
EnumDesktopsW
OpenWindowStationW
RegisterWindowMessageW
GetDesktopWindow
EnumWindows
GetWindowThreadProcessId
GetWindowLongW
GetWindow
GetWindowTextW
GetParent
GetClassNameW
FindWindowExW
GetMenuCheckMarkDimensions

gdi32

MoveToEx
LineTo
SetTextAlign
SetTextJustification
SetTextCharacterExtra
SetMapperFlags
GetCurrentPositionEx
ArcTo
SetArcDirection
PolyDraw
PolylineTo
SetColorAdjustment
PolyBezierTo
GetClipRgn
CreateRectRgn
SelectClipPath
ExtSelectClipRgn
PlayMetaFileRecord
GetObjectType
OffsetClipRgn
PlayMetaFile
GetDeviceCaps
GetViewportExtEx
GetWindowExtEx
CreatePen
ExtCreatePen
CreateSolidBrush
CreateHatchBrush
CreatePatternBrush
CreateDIBPatternBrushPt
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
GetDCOrgEx
GetObjectW
CopyMetaFileW
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectA
BitBlt
GetBitmapBits
IntersectClipRect
ExcludeClipRect
SelectClipRgn
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
SetBkColor
SelectPalette
GetStockObject
SelectObject
RestoreDC
SaveDC
StartDocW
DeleteDC
DeleteObject
CreateDCA
EnumMetaFile
CreateBitmap

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegEnumValueW
RegSetValueExA
RegQueryValueExA
SetSecurityDescriptorDacl
RegSetValueW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegConnectRegistryW
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumKeyW
GetUserNameW
GetTokenInformation
LookupAccountSidW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegQueryValueExW
RegCreateKeyW
RegOpenKeyW
RegSetValueExW
RegCloseKey
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
GetAce
LookupAccountNameW

shell32

SHGetFileInfoW
DragAcceptFiles

comctl32

ord17

ole32

WriteFmtUserTypeStg
WriteClassStg
OleRegGetUserType
ReadFmtUserTypeStg
SetConvertStg
CoTaskMemFree
CreateBindCtx
CoTaskMemAlloc
OleDuplicateData
CoCreateInstance
ReadClassStg
StringFromCLSID
CoTreatAsClass
ReleaseStgMedium
CoDisconnectObject

oleaut32

SysReAllocStringLen
SysAllocStringLen
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
VariantClear
SafeArrayRedim
VariantCopy
SysAllocString
VariantChangeType
SysStringByteLen
SysAllocStringByteLen
VarCyFromStr
VarBstrFromCy
VarDateFromStr
VarBstrFromDate
SafeArrayCopy
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayGetElement

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Exports

Exports

DebugInfo
GetIMFTLog
ScanIM
SetIMHookLogFlag
SetIMType
SetNotRecordContent
SetPhotoFlag
SetPhotoWarning
SetRecordFlag
SetUserInfo
StartIMHook
StopIMHook
SyncTime

Sections

.text
Size: 620KB - Virtual size: 619KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6884e66ba7a18e88ee772592fbfc5126

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

56:f5:1b:61:d9:7d:b2:8c:df:fd:e6:ba:2d:15:90:4aCertificate

Extended Key Usages

Key Usages

66:26:6b:21:83:e5:95:f8:fa:02:65:8e:89:3a:af:15:f2:c0:ba:2aSigner

Signature Validations

Verification

05/04/2012, 06:27 Valid: false

Headers

File Characteristics

Imports

winimhc3

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

ole32

oleaut32

version

Exports

Exports

Sections

.text Size: 620KB - Virtual size: 619KB

.rdata Size: 96KB - Virtual size: 92KB

.data Size: 64KB - Virtual size: 90KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 44KB - Virtual size: 42KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

56:f5:1b:61:d9:7d:b2:8c:df:fd:e6:ba:2d:15:90:4a
Certificate

66:26:6b:21:83:e5:95:f8:fa:02:65:8e:89:3a:af:15:f2:c0:ba:2a
Signer

05/04/2012, 06:27
Valid: false

.text
Size: 620KB - Virtual size: 619KB

.rdata
Size: 96KB - Virtual size: 92KB

.data
Size: 64KB - Virtual size: 90KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 44KB - Virtual size: 42KB