bf826eb82ee17e0a68f347b9dd4a5318e9c428a79abd1534c5e595cec1679b1a

Sharing

Copy URL Twitter E-mail

General

Target

bf826eb82ee17e0a68f347b9dd4a5318e9c428a79abd1534c5e595cec1679b1a
Size

1.9MB
MD5

936aefd601fb71ae9e59a9e33f0f8952
SHA1

e61fd25041dc4eb47c87067c890dc6ef50a88751
SHA256

bf826eb82ee17e0a68f347b9dd4a5318e9c428a79abd1534c5e595cec1679b1a
SHA512

8aa3825a111be816fce52345245c034f5c751aec18274366e94309c6d0ef26ec46eeeef3bfc06e7a5efef408509f9abdadeeb532b96619e057c6ece3c879f554
SSDEEP

24576:DQhvn43tTgKNonmnV+tN4hiS04iEtGkdWSESF+k0PCe1pbc56t:DQl43tTgKNGJf4iEiJpk0PCA7t

Score

1^/10

Malware Config

Signatures

Files

bf826eb82ee17e0a68f347b9dd4a5318e9c428a79abd1534c5e595cec1679b1a
.dll windows x86

203f9f06398736541b4feb47b8e2fd00

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

56:f5:1b:61:d9:7d:b2:8c:df:fd:e6:ba:2d:15:90:4a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

13/08/2010, 00:00

Not After

12/08/2013, 23:59

Subject

CN=T.E.C Solutions (G.Z.)Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=T.E.C Solutions (G.Z.)Limited,L=Guangzhou,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

fd:c9:2d:2b:46:5f:d2:c6:a1:f4:af:d7:62:a5:28:fa:64:4a:f2:b3
Signer

Actual PE Digest

fd:c9:2d:2b:46:5f:d2:c6:a1:f4:af:d7:62:a5:28:fa:64:4a:f2:b3

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=T.E.C Solutions (G.Z.)Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=T.E.C Solutions (G.Z.)Limited,L=Guangzhou,ST=Guangdong,C=CN

02/08/2013, 03:24
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OutputDebugStringA
LocalFree
GetModuleFileNameA
GetCurrentDirectoryA
GetStdHandle
QueryPerformanceCounter
GetSystemDirectoryW
GetModuleFileNameW
GetCurrentDirectoryW
GetWindowsDirectoryA
GetWindowsDirectoryW
GetProcAddress
LoadLibraryW
FreeLibrary
LoadLibraryA
WriteConsoleA
CloseHandle
InitializeCriticalSection
CreateFileA
SetEndOfFile
DefineDosDeviceA
GetDiskFreeSpaceExA
SetVolumeLabelA
GetVolumeInformationA
QueryDosDeviceA
GetLogicalDrives
GetDriveTypeA
MoveFileExA
RemoveDirectoryW
CreateDirectoryW
RemoveDirectoryA
CopyFileA
CreateDirectoryA
AllocConsole
FreeConsole
GetPrivateProfileStringA
GetProfileStringA
CreateFileMappingA
MapViewOfFile
OpenFileMappingA
UnmapViewOfFile
CreateMutexA
ReleaseMutex
CreateEventW
OpenEventW
OpenMutexA
TerminateThread
ResetEvent
WaitForMultipleObjects
VirtualQueryEx
ReadProcessMemory
SetEvent
WaitForSingleObject
CreateEventA
OutputDebugStringW
OpenProcess
FindFirstFileW
FindNextFileW
FindFirstFileA
FindNextFileA
FindClose
CreateThread
GetModuleHandleW
GetFileInformationByHandle
GetModuleHandleA
WideCharToMultiByte
IsBadReadPtr
IsBadWritePtr
GetTimeZoneInformation
SystemTimeToFileTime
GetFileTime
FileTimeToLocalFileTime
MultiByteToWideChar
CopyFileW
GetTempPathW
GetTempFileNameW
SetFileAttributesW
MoveFileExW
DeleteFileW
GetFileSize
QueryDosDeviceW
GetFileAttributesW
GetFileAttributesExW
MulDiv
Sleep
EnterCriticalSection
LeaveCriticalSection
GetComputerNameW
GetCurrentThreadId
SetLastError
ResumeThread
GetDriveTypeW
DeleteCriticalSection
TlsGetValue
SetFilePointer
WriteFile
CreateFileW
ReadFile
GetCommandLineW
TlsAlloc
TlsSetValue
GetCurrentThread
GetCurrentProcess
DuplicateHandle
TlsFree
InterlockedIncrement
GetLastError
InterlockedDecrement
GetTickCount
GetLocalTime
GetCurrentProcessId
GetFileAttributesA
GetEnvironmentVariableW
DeleteFileA
SetFileAttributesA
GetTempPathA
ExpandEnvironmentStringsW
ExpandEnvironmentStringsA
MoveFileW
MoveFileA
lstrcmpA
OpenSemaphoreA
OpenEventA
CancelIo
GetOverlappedResult
CreateNamedPipeA
ConnectNamedPipe
WaitNamedPipeA
SetNamedPipeHandleState
VirtualQuery
VirtualAllocEx
VirtualFreeEx
VirtualProtectEx
WriteProcessMemory
GetThreadContext
SetThreadContext
FlushInstructionCache
GetExitCodeThread
GetThreadPriority
SetThreadPriority
GetPriorityClass
SetPriorityClass
SuspendThread
CreateProcessW
CreateProcessA
BeginUpdateResourceA
UpdateResourceA
EndUpdateResourceA
EnumResourceTypesA
lstrlenA
FormatMessageA
LoadResource
FindResourceExA
GetACP
lstrlenW
FormatMessageW
GetVersionExA
SleepEx
InterlockedExchange
CreateSemaphoreA
ReleaseSemaphore
PulseEvent
RtlUnwind
GetSystemTime
RaiseException
GetCommandLineA
GetVersion
HeapAlloc
HeapFree
ExitProcess
FatalAppExitA
GetCPInfo
GetOEMCP
TerminateProcess
HeapReAlloc
HeapSize
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
GetStringTypeA
GetStringTypeW
IsBadCodePtr
UnhandledExceptionFilter
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
SetConsoleCtrlHandler
SetStdHandle
FlushFileBuffers
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetSystemInfo
VirtualProtect
FreeResource
LoadLibraryExA
LockResource
SizeofResource
EnumResourceLanguagesA
EnumResourceNamesA
GetSystemDirectoryA

user32

GetClassNameA
FillRect
GetDC
ReleaseDC
SetCursor
LoadCursorA
IsRectEmpty
GetWindowRect
ClientToScreen
GetClientRect
GetClassNameW
GetForegroundWindow
GetUserObjectInformationW
GetCursorPos
CloseDesktop
GetSystemMetrics
MsgWaitForMultipleObjects
SetThreadDesktop
GetThreadDesktop
OpenDesktopA
OpenInputDesktop
GetUserObjectInformationA
GetProcessWindowStation
CloseWindowStation
SetProcessWindowStation
GetDesktopWindow
GetWindowTextA
FindWindowExA
GetWindowLongA
WindowFromPoint
MessageBoxW
GetParent
MessageBoxA
OpenWindowStationA

gdi32

CreatePalette
RealizePalette
CreateDIBitmap
SetDIBits
GetObjectA
GetDIBits
SetDIBColorTable
GdiFlush
GetPaletteEntries
SetPixel
CreateRectRgn
CombineRgn
OffsetRgn
CloseEnhMetaFile
CreateEnhMetaFileW
SetWindowExtEx
CreateCompatibleBitmap
CreateSolidBrush
GetCurrentObject
SelectPalette
GetBkColor
GetViewportOrgEx
GetWorldTransform
SetBkColor
SetViewportExtEx
GetWindowExtEx
GetViewportExtEx
GetWindowOrgEx
SetWorldTransform
SetWindowOrgEx
SetViewportOrgEx
CreateCompatibleDC
CreateDIBSection
BitBlt
SetStretchBltMode
StretchBlt
DeleteDC
SaveDC
GetStockObject
GetObjectW
GetDeviceCaps
CreateFontIndirectW
SelectObject
GetMapMode
LPtoDP
SetMapMode
DPtoLP
GetTextAlign
GetTextColor
SetTextAlign
GetBkMode
SetBkMode
SetTextColor
TextOutW
DeleteObject
RestoreDC
EndDoc
CopyEnhMetaFileW
DeleteEnhMetaFile
CreateDCA
GetBitmapBits

advapi32

RegCloseKey
ReportEventA
DeregisterEventSource
RegCreateKeyExW
RegSetKeySecurity
SetFileSecurityA
LookupAccountSidW
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
GetAce
SetSecurityDescriptorDacl
LookupAccountNameW
GetUserNameA
RegCreateKeyExA
RegConnectRegistryA
RegEnumValueA
RegDeleteKeyA
RegSetValueExA
RegDeleteValueA
RegOpenKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyA
RegQueryInfoKeyA
RegEnumKeyA
RegOpenKeyExA
RegQueryValueExA
RegQueryValueExW
RegCreateKeyW
RegOpenKeyW
RegSetValueExW
RegisterEventSourceA

shell32

CommandLineToArgvW
SHGetPathFromIDListW

mpr

WNetGetConnectionW

ws2_32

setsockopt
accept
bind
htonl
htons
WSAIoctl
socket
connect
WSACleanup
shutdown
listen
getsockopt
send
recv
sendto
recvfrom
WSAStartup
WSAGetLastError
getsockname
ntohl
getpeername
closesocket
ntohs

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeW

Exports

Exports

AddPassthru
DelPassthru
GetCaptureFlags
GetDocInfos
GetDocLogs
GetDocPolicyLogs
GetIMFTInfos
GetPrintInfos
GetPrintLogs
GetPrintPolicyLogs
GetProcInfosEx
GetUpDownPolicyLogs
GetUrlInfos
GetUrlPolicyLogs
INJInstallDetours
INJUninstallDetours
InitRecordMgr
InitShareInfoMgr
InstallDetours
InstallDetoursOne
SetCDBurnCtrlFlag
SetCaptureFlags
SetComputer
SetDocBackupFlag
SetDocCtrl
SetDocCtrlFlag
SetDocTick
SetFlags
SetIMFTCtrl
SetIMFTCtrlFlag
SetIP
SetOffline
SetPrintCtrl
SetPrintCtrlFlag
SetPrintPageCtrlFlag
SetPrintPageTick
SetPrintTick
SetProcCtrl
SetProduct
SetStatus
SetUDiskCtrlFlag
SetUDiskTick
SetUDiskVols
SetUpDownCtrlFlag
SetUpDownTick
SetUrlClsidsTick
SetUrlCtrl
SetUrlCtrlFlag
SetUrlTick
SetUser
TSetLogConfig
UninstallDetours
UninstallDetoursOne

Sections

.text
Size: 984KB - Virtual size: 980KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 116KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

whadntds
Size: 636KB - Virtual size: 634KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

TLCONFIG
Size: 4KB - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

203f9f06398736541b4feb47b8e2fd00

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

56:f5:1b:61:d9:7d:b2:8c:df:fd:e6:ba:2d:15:90:4aCertificate

Extended Key Usages

Key Usages

fd:c9:2d:2b:46:5f:d2:c6:a1:f4:af:d7:62:a5:28:fa:64:4a:f2:b3Signer

Signature Validations

Verification

02/08/2013, 03:24 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

mpr

ws2_32

version

Exports

Exports

Sections

.text Size: 984KB - Virtual size: 980KB

.rdata Size: 96KB - Virtual size: 94KB

.data Size: 116KB - Virtual size: 260KB

whadntds Size: 636KB - Virtual size: 634KB

TLCONFIG Size: 4KB - Virtual size: 276B

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 68KB - Virtual size: 64KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

56:f5:1b:61:d9:7d:b2:8c:df:fd:e6:ba:2d:15:90:4a
Certificate

fd:c9:2d:2b:46:5f:d2:c6:a1:f4:af:d7:62:a5:28:fa:64:4a:f2:b3
Signer

02/08/2013, 03:24
Valid: false

.text
Size: 984KB - Virtual size: 980KB

.rdata
Size: 96KB - Virtual size: 94KB

.data
Size: 116KB - Virtual size: 260KB

whadntds
Size: 636KB - Virtual size: 634KB

TLCONFIG
Size: 4KB - Virtual size: 276B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 68KB - Virtual size: 64KB