acf74d98b104e556c6028834804a0a1c063affc50eee27e0af151332ee0dfaf2

Sharing

Copy URL Twitter E-mail

General

Target

acf74d98b104e556c6028834804a0a1c063affc50eee27e0af151332ee0dfaf2
Size

918KB
MD5

1903f8d2e5af04b6f0209410df7ed7f3
SHA1

455591c6e7a925e954e0b8c60fe245ba250374f4
SHA256

acf74d98b104e556c6028834804a0a1c063affc50eee27e0af151332ee0dfaf2
SHA512

0e8a571f0443401beaefc1c22ed3f44f6c8e24ac4d4dc5c2aec18378d6862964f8ba66ac6ba683ef38f35b0d9c5a81d049ef479e4b9911f9067793c5f7ae6a6c
SSDEEP

12288:4Eg6uGAQhCc9CaCN2uR1GzQbxBMzuRbMr8JJJvL+r50jSAVMg:Hug2aCNF1eQbxBMzuR9vL+r6jpMg

Score

1^/10

Malware Config

Signatures

Files

acf74d98b104e556c6028834804a0a1c063affc50eee27e0af151332ee0dfaf2
.dll windows x86

d7488f4a2acbe6f36e24c2ea3d0b3779

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

56:f5:1b:61:d9:7d:b2:8c:df:fd:e6:ba:2d:15:90:4a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

13/08/2010, 00:00

Not After

12/08/2013, 23:59

Subject

CN=T.E.C Solutions (G.Z.)Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=T.E.C Solutions (G.Z.)Limited,L=Guangzhou,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:62:6f:93:ee:b4:25:dd:80:be:4b:eb:2c:e7:27:27:91:0a:4f:4f
Signer

Actual PE Digest

65:62:6f:93:ee:b4:25:dd:80:be:4b:eb:2c:e7:27:27:91:0a:4f:4f

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=T.E.C Solutions (G.Z.)Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=T.E.C Solutions (G.Z.)Limited,L=Guangzhou,ST=Guangdong,C=CN

25/10/2012, 10:46
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateSemaphoreW
ReleaseSemaphore
WaitForMultipleObjects
LocalAlloc
TlsAlloc
GlobalFree
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
SetErrorMode
lstrcatW
GetVersion
GetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFileTime
MulDiv
GlobalFlags
GetPrivateProfileIntW
WritePrivateProfileStringW
GetCurrentDirectoryW
GlobalFindAtomW
GlobalAddAtomW
LockResource
FindResourceW
GetProcessVersion
GlobalSize
GetTimeZoneInformation
GetSystemTime
RtlUnwind
RaiseException
HeapFree
HeapAlloc
GetCommandLineA
ExitProcess
TerminateProcess
ExitThread
GlobalUnlock
HeapReAlloc
FatalAppExitA
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
UnhandledExceptionFilter
GetCPInfo
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetVersionExA
IsBadCodePtr
GetStringTypeA
GetStringTypeW
GetOEMCP
SetStdHandle
SetConsoleCtrlHandler
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
CreateEventW
SuspendThread
SetThreadPriority
ResumeThread
SetEvent
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
QueryPerformanceCounter
GetExitCodeThread
TerminateThread
ResetEvent
FileTimeToLocalFileTime
FileTimeToSystemTime
GetShortPathNameW
lstrcmpiW
GetThreadLocale
GetStringTypeExW
GetFullPathNameW
lstrcpynW
GetVolumeInformationW
lstrcpyW
UnlockFile
LockFile
FlushFileBuffers
ReadFile
DuplicateHandle
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetPrivateProfileStringW
GetProfileStringW
GetVersionExW
lstrlenW
GetACP
FindResourceExW
LoadResource
FormatMessageA
InterlockedDecrement
lstrlenA
InterlockedIncrement
VirtualProtect
WriteProcessMemory
WaitForSingleObject
ReleaseMutex
SetLastError
CreateMutexW
OpenMutexW
IsBadStringPtrW
IsBadReadPtr
Sleep
MoveFileW
CopyFileW
SetFileAttributesW
RemoveDirectoryW
DeleteFileW
GetSystemInfo
FindFirstFileA
FindNextFileA
LoadLibraryW
LocalFree
OpenProcess
CreateThread
GetFileInformationByHandle
GetModuleHandleW
GetCurrentThreadId
MultiByteToWideChar
GetCurrentProcessId
WideCharToMultiByte
VirtualProtectEx
GetModuleHandleA
IsBadWritePtr
GetFileAttributesA
GetSystemDirectoryA
GetWindowsDirectoryA
CreateFileA
CreateFileMappingA
LoadLibraryA
GetProcAddress
GetCurrentProcess
FreeLibrary
GetTickCount
GetFileAttributesW
CreateDirectoryW
GetLocalTime
FindFirstFileW
lstrcmpW
FindNextFileW
FindClose
FormatMessageW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
GetModuleFileNameW
GetModuleFileNameA
GetSystemDirectoryW
GetLastError
OutputDebugStringW
OutputDebugStringA
GetFileSize
WriteFile
GetStdHandle
WriteConsoleW
CloseHandle
CreateFileW
SetFilePointer
SetEndOfFile
AllocConsole
FreeConsole
HeapSize

user32

GetMenuItemID
TrackPopupMenu
SetWindowPlacement
DefWindowProcW
DestroyWindow
CreateWindowExW
SetPropW
GetPropW
CallWindowProcW
RemovePropW
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
OffsetRect
IntersectRect
SystemParametersInfoW
IsIconic
GetWindowPlacement
SetFocus
ShowWindow
SetWindowPos
MoveWindow
SetWindowLongW
IsDialogMessageW
ScrollWindowEx
IsDlgButtonChecked
SetDlgItemTextW
SetDlgItemInt
SendDlgItemMessageW
GetDlgItemTextW
GetDlgItemInt
CheckRadioButton
CheckDlgButton
GrayStringW
DrawTextW
TabbedTextOutW
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
GetMenuStringW
DeleteMenu
InsertMenuW
GetMenuItemCount
SetWindowTextW
ClientToScreen
GetWindowRect
PtInRect
UnregisterClassW
MsgWaitForMultipleObjects
GetWindowTextLengthW
GetMenuCheckMarkDimensions
LoadBitmapW
GetMenuState
AppendMenuW
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetNextDlgTabItem
GetMessageW
TranslateMessage
GetActiveWindow
GetKeyState
ValidateRect
GetCursorPos
GetLastActivePopup
FindWindowExW
GetClassNameW
ScreenToClient
GetParent
GetWindowTextW
GetWindow
IsWindowEnabled
EnableWindow
SetCursor
ShowOwnedPopups
PostQuitMessage
GetSystemMetrics
CharUpperW
wsprintfW
GetDlgCtrlID
EnumChildWindows
IsWindow
PeekMessageW
DispatchMessageW
UnhookWindowsHookEx
CallNextHookEx
GetFocus
GetDlgItem
PostMessageW
SendMessageW
GetWindowTextA
IsWindowVisible
EnumDesktopWindows
MessageBoxW
OpenWindowStationW
SetProcessWindowStation
CloseWindowStation
GetUserObjectInformationW
DestroyMenu
wvsprintfW
LoadStringW
RemoveMenu
OpenInputDesktop
OpenDesktopW
GetWindowLongW
GetWindowThreadProcessId
EnumWindows
GetDesktopWindow
RegisterWindowMessageW
SetWindowsHookExW
MessageBoxA
GetProcessWindowStation
SetWindowsHookExA
CloseDesktop
SetThreadDesktop
GetThreadDesktop
GetSysColorBrush
LoadCursorW
LoadIconW
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
GetSysColor
SetActiveWindow
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetClientRect
BeginDeferWindowPos
CopyRect
EndDeferWindowPos
ScrollWindow
GetScrollInfo
SetScrollInfo
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
IsChild
GetCapture
WinHelpW
GetClassInfoW
RegisterClassW
GetMenu
ModifyMenuW
GetSubMenu

gdi32

GetCurrentPositionEx
ArcTo
SetArcDirection
PolyDraw
PolylineTo
SetColorAdjustment
PolyBezierTo
GetClipRgn
CreateRectRgn
SelectClipPath
ExtSelectClipRgn
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
GetDeviceCaps
GetViewportExtEx
GetWindowExtEx
CreatePen
SetTextJustification
CreateSolidBrush
CreateHatchBrush
CreatePatternBrush
CreateDIBPatternBrushPt
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
GetDCOrgEx
SetMapperFlags
CopyMetaFileW
CreateDCW
SetTextAlign
LineTo
MoveToEx
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
SelectClipRgn
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
SetBkColor
SelectPalette
GetStockObject
SelectObject
RestoreDC
GetObjectW
SetTextCharacterExtra
GetBitmapBits
BitBlt
GetObjectA
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA
SaveDC
StartDocW
DeleteDC
DeleteObject
ExtCreatePen
CreateBitmap

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegisterEventSourceA
DeregisterEventSource
RegEnumValueW
RegSetValueExA
RegQueryValueExA
RegSetValueW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegConnectRegistryW
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumKeyW
GetUserNameW
GetTokenInformation
LookupAccountSidW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegQueryValueExW
RegCreateKeyW
RegOpenKeyW
RegSetValueExW
RegCloseKey
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
GetAce
SetSecurityDescriptorDacl
LookupAccountNameW
ReportEventA

shell32

SHGetFileInfoW
DragQueryFileW
DragAcceptFiles

comctl32

ord17

ole32

ReadFmtUserTypeStg
OleRegGetUserType
ReadClassStg
WriteFmtUserTypeStg
SetConvertStg
CoTaskMemFree
CreateBindCtx
CoTaskMemAlloc
OleDuplicateData
CoCreateInstance
StringFromCLSID
CoTreatAsClass
ReleaseStgMedium
CoDisconnectObject
WriteClassStg

oleaut32

SafeArrayDestroyData
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayCopy
VarBstrFromDate
VarDateFromStr
VarBstrFromCy
VarCyFromStr
SysAllocStringByteLen
SysStringByteLen
VariantChangeType
SysAllocString
VariantCopy
SafeArrayRedim
VariantClear
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroyDescriptor
SysAllocStringLen
SysReAllocStringLen
SafeArrayDestroy

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Exports

Exports

CLearInvalidIMControlData
CheckIMType
DbgInfo
GetIMControlData
GetIMType
INJSetThreadHookFlag
InitShareSeg
SetHook
SetIMAgentInfo
SetIMTypeHooked
SetNotRecordContentType
SetPhotoFlagType
SetPhotoWarningFlag
UnSetHook

Sections

.text
Size: 660KB - Virtual size: 658KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

TLCONFIG
Size: 4KB - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.IMContr
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Desktop
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.IMHookC
Size: 4KB - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d7488f4a2acbe6f36e24c2ea3d0b3779

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

56:f5:1b:61:d9:7d:b2:8c:df:fd:e6:ba:2d:15:90:4aCertificate

Extended Key Usages

Key Usages

65:62:6f:93:ee:b4:25:dd:80:be:4b:eb:2c:e7:27:27:91:0a:4f:4fSigner

Signature Validations

Verification

25/10/2012, 10:46 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

ole32

oleaut32

version

Exports

Exports

Sections

.text Size: 660KB - Virtual size: 658KB

.rdata Size: 96KB - Virtual size: 92KB

.data Size: 68KB - Virtual size: 98KB

TLCONFIG Size: 4KB - Virtual size: 536B

.IMContr Size: 8KB - Virtual size: 6KB

.Desktop Size: 8KB - Virtual size: 5KB

.IMHookC Size: 4KB - Virtual size: 664B

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 48KB - Virtual size: 45KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

56:f5:1b:61:d9:7d:b2:8c:df:fd:e6:ba:2d:15:90:4a
Certificate

65:62:6f:93:ee:b4:25:dd:80:be:4b:eb:2c:e7:27:27:91:0a:4f:4f
Signer

25/10/2012, 10:46
Valid: false

.text
Size: 660KB - Virtual size: 658KB

.rdata
Size: 96KB - Virtual size: 92KB

.data
Size: 68KB - Virtual size: 98KB

TLCONFIG
Size: 4KB - Virtual size: 536B

.IMContr
Size: 8KB - Virtual size: 6KB

.Desktop
Size: 8KB - Virtual size: 5KB

.IMHookC
Size: 4KB - Virtual size: 664B

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 48KB - Virtual size: 45KB