et199aCSP_BJZ[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

et199aCSP_BJZ.dll
Size

190KB
MD5

66044bf624f7b9263acd13e8a0d5f060
SHA1

a42ed549c98a0d8c03774fd47de6e487c7dcc988
SHA256

4fb9a2fa1bb947090efaeb5cab45653814660b404f3f10cce7603ae6621b97ef
SHA512

64834334bb06d17c24645d1358a8c912502ed9fe78bc5d75125232237b9fda7c0fad7198fd7da7a3c61063f13136f3b57625142f3a04e0525cff5bbc4a15eac5
SSDEEP

3072:rMgL0jrorbR2WEUNbB/3pbri0sdxLbbW8MoRe3esaa3IUhRbd2Ve:rjLDvECbB/3pbwHRfYie

Score

1^/10

Malware Config

Signatures

Files

et199aCSP_BJZ.dll
.dll regsvr32 windows x86

2bfe462f975824bf2ad041cb60bb72da

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

40:60:80:81:90:c7:c8:87:13:28:bc:48:53:fb:71:35
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

20/09/2019, 00:00

Not After

19/10/2022, 23:59

Subject

CN=Feitian Technologies Co.\, Ltd.,O=Feitian Technologies Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

40:60:80:81:90:c7:c8:87:13:28:bc:48:53:fb:71:35
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

20/09/2019, 00:00

Not After

19/10/2022, 23:59

Subject

CN=Feitian Technologies Co.\, Ltd.,O=Feitian Technologies Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

b4:67:6d:96:64:6c:e7:ae:c2:35:e0:de:b7:43:1b:c5:51:b1:e4:65:94:3f:ed:b4:51:3e:af:71:36:fa:92:9d
Signer

Actual PE Digest

b4:67:6d:96:64:6c:e7:ae:c2:35:e0:de:b7:43:1b:c5:51:b1:e4:65:94:3f:ed:b4:51:3e:af:71:36:fa:92:9d

Digest Algorithm

sha256

PE Digest Matches

true

75:a7:03:77:89:09:6a:da:53:59:ed:0c:de:9c:cb:ea:05:da:5e:d8
Signer

Actual PE Digest

75:a7:03:77:89:09:6a:da:53:59:ed:0c:de:9c:cb:ea:05:da:5e:d8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CertFindExtension
CertDeleteCertificateFromStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CertEnumCertificatesInStore
CertOpenStore
CertFreeCertificateContext
CertCreateCertificateContext
CryptVerifyCertificateSignature
CertNameToStrA
CertGetNameStringA
CryptHashMessage
CertAddCertificateContextToStore
CertSetCertificateContextProperty
CertGetIntendedKeyUsage
CertCloseStore
CryptDecodeObject

setupapi

SetupDiGetClassDevsA
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA
SetupDiDestroyDeviceInfoList

mfc42

ord2370
ord2301
ord6334
ord2642
ord3092
ord2645
ord6453
ord6197
ord6380
ord1768
ord5718
ord6215
ord2086
ord926
ord609
ord810
ord686
ord2764
ord4202
ord539
ord3398
ord3733
ord2575
ord6055
ord1776
ord4396
ord5290
ord3402
ord3574
ord384
ord567
ord1168
ord2862
ord1146
ord2096
ord2453
ord6008
ord3287
ord3290
ord2652
ord1669
ord4224
ord3303
ord941
ord1105
ord693
ord547
ord6673
ord3811
ord2614
ord2915
ord2582
ord4402
ord3370
ord3640
ord6907
ord3998
ord3996
ord400
ord702
ord5596
ord922
ord5834
ord2448
ord3825
ord6648
ord3706
ord3626
ord613
ord2414
ord5875
ord5781
ord1641
ord289
ord536
ord2567
ord2754
ord6905
ord6007
ord3286
ord4287
ord755
ord470
ord4299
ord3874
ord500
ord610
ord772
ord4275
ord2860
ord287
ord3693
ord4133
ord4297
ord3089
ord940
ord6778
ord859
ord6142
ord5860
ord398
ord700
ord913
ord4189
ord396
ord698
ord5856
ord4187
ord5592
ord3437
ord6877
ord6930
ord5710
ord6928
ord6282
ord911
ord3619
ord3721
ord795
ord6880
ord3571
ord3573
ord6170
ord3797
ord2452
ord5785
ord1640
ord323
ord4160
ord4284
ord2243
ord5787
ord283
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord826
ord269
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6139
ord6383
ord5440
ord2107
ord2841
ord6394
ord5450
ord3663
ord6874
ord1175
ord6467
ord2864
ord4191
ord5634
ord6143
ord6883
ord801
ord541
ord860
ord6662
ord4277
ord4278
ord2763
ord2725
ord3953
ord815
ord561
ord3738
ord4424
ord4622
ord5714
ord5289
ord5307
ord4698
ord4079
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4376
ord2379
ord4710
ord6199
ord540
ord4853
ord2818
ord5981
ord4234
ord2302
ord641
ord324
ord3597
ord4425
ord4627
ord4080
ord2859
ord6052
ord2514
ord4998
ord5265
ord823
ord825
ord537
ord535
ord4129
ord858
ord800
ord924
ord5683
ord915
ord3441
ord1577
ord1575
ord1176
ord1116
ord3079
ord2044

msvcrt

malloc
??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
_CxxThrowException
memset
memcpy
_wcsicmp
_mbscmp
sprintf
memcmp
_strlwr
strcat
strcpy
strcmp
free
_onexit
__dllonexit
_EH_prolog
__CxxFrameHandler
_endthreadex
_beginthreadex
strlen
_mbsstr
printf
_stricmp
_wcsupr
mbstowcs
srand
time
rand
abs
_ftol
qsort
fclose
fgets
fopen
atol
_strcmpi

kernel32

LeaveCriticalSection
EnterCriticalSection
TerminateThread
UnmapViewOfFile
OpenFileMappingA
CreateFileMappingA
MapViewOfFile
GetFileAttributesA
OpenMutexA
GetCurrentThread
GetVersionExA
GetSystemInfo
lstrcmpiA
GetUserDefaultLangID
VirtualQuery
GetModuleFileNameA
GetTickCount
lstrcmpA
GetCurrentThreadId
DeleteCriticalSection
InitializeCriticalSection
LocalAlloc
DeviceIoControl
WaitForSingleObject
OpenEventA
GetCurrentProcessId
CreateFileA
WaitForMultipleObjects
CreateEventA
SetEvent
GetSystemDirectoryA
GetShortPathNameA
GetCurrentProcess
GetModuleHandleA
ReleaseMutex
SystemTimeToFileTime
CompareFileTime
FindResourceA
LoadResource
LockResource
CreateProcessA
Sleep
CloseHandle
CreateThread
lstrcpyA
CreateMutexA
SetLastError
FreeLibrary
LoadLibraryA
GetProcAddress
TlsAlloc
TlsFree
InterlockedIncrement
TlsSetValue
GetLastError
TlsGetValue
LocalFree
MultiByteToWideChar
lstrlenA

user32

wsprintfA
EnableWindow
RegisterWindowMessageA
LoadImageA
GetSystemMetrics
LoadIconA
SetTimer
GetWindowTextA
GetForegroundWindow
KillTimer
GetWindowThreadProcessId
SetActiveWindow
SetForegroundWindow
SetWindowTextA
GetWindow
MessageBoxA
SetCursor
OffsetRect
RedrawWindow
SetWindowsHookExA
UnhookWindowsHookEx
GetKeyboardState
ToAscii
GetFocus
GetClassNameA
CallNextHookEx
GetDC
ReleaseDC
CopyRect
IsWindow
GetActiveWindow
GetDesktopWindow
FillRect
GetWindowRect
GetDlgItemTextA
EnumWindows
LoadStringA
PostMessageA
DestroyWindow
ClientToScreen
GetParent
SendMessageA
GetDlgCtrlID
InvalidateRect
UpdateWindow
AttachThreadInput
GetClientRect
PtInRect
InflateRect
GetSysColor
IsWindowVisible
DefWindowProcA
SetWindowLongA
RegisterClassExA
UnregisterClassA
CreateWindowExA
ShowWindow
GetMessageA
TranslateMessage
DispatchMessageA
CreateDialogIndirectParamA
GetDlgItem

gdi32

GetStockObject
CreateRectRgnIndirect
GetTextExtentPoint32A
CreatePen
CreateSolidBrush
DeleteObject
CreateFontIndirectA
BitBlt
SetViewportOrgEx
GetViewportOrgEx
GetObjectA
CreateCompatibleBitmap
CreateCompatibleDC
Rectangle
SelectObject

advapi32

RegCreateKeyA
RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
OpenThreadToken
GetTokenInformation
OpenSCManagerA
CreateServiceA
OpenServiceA
DeleteService
StartServiceA
CloseServiceHandle
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
RegDeleteValueA
LookupPrivilegeValueA
AdjustTokenPrivileges
AllocateAndInitializeSid
SetEntriesInAclA
OpenProcessToken
FreeSid
GetNamedSecurityInfoA
SetNamedSecurityInfoA
RegOpenKeyExA
RegQueryValueExA
RegDeleteKeyA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyA

shell32

ShellExecuteA
Shell_NotifyIconA

comctl32

ImageList_ReplaceIcon

ole32

CoInitializeSecurity
CoSetProxyBlanket
CoUninitialize
CoInitializeEx
OleRun
CoInitialize
CoCreateInstance
CoCreateGuid

oleaut32

VariantCopy
VariantInit
VariantClear
SysAllocString
SysAllocStringLen
GetErrorInfo
SysFreeString

Exports

Exports

CPAcquireContext
CPCreateHash
CPDecrypt
CPDeriveKey
CPDestroyHash
CPDestroyKey
CPEncrypt
CPExportKey
CPGenKey
CPGenRandom
CPGetHashParam
CPGetKeyParam
CPGetProvParam
CPGetUserKey
CPHashData
CPHashSessionKey
CPImportKey
CPReleaseContext
CPSetHashParam
CPSetKeyParam
CPSetProvParam
CPSignHash
CPVerifySignature
CPlApplet
DllRegisterServer
DllUnregisterServer
E_GetAuxFunctionList
StartManager
eb_Install
eb_service

Sections

.text
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2bfe462f975824bf2ad041cb60bb72da

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

40:60:80:81:90:c7:c8:87:13:28:bc:48:53:fb:71:35Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

40:60:80:81:90:c7:c8:87:13:28:bc:48:53:fb:71:35Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

b4:67:6d:96:64:6c:e7:ae:c2:35:e0:de:b7:43:1b:c5:51:b1:e4:65:94:3f:ed:b4:51:3e:af:71:36:fa:92:9dSigner

75:a7:03:77:89:09:6a:da:53:59:ed:0c:de:9c:cb:ea:05:da:5e:d8Signer

Headers

File Characteristics

Imports

crypt32

setupapi

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 112KB - Virtual size: 112KB

.rdata Size: 15KB - Virtual size: 15KB

.data Size: 11KB - Virtual size: 19KB

.rsrc Size: 28KB - Virtual size: 28KB

.reloc Size: 8KB - Virtual size: 7KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

40:60:80:81:90:c7:c8:87:13:28:bc:48:53:fb:71:35
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

40:60:80:81:90:c7:c8:87:13:28:bc:48:53:fb:71:35
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

b4:67:6d:96:64:6c:e7:ae:c2:35:e0:de:b7:43:1b:c5:51:b1:e4:65:94:3f:ed:b4:51:3e:af:71:36:fa:92:9d
Signer

75:a7:03:77:89:09:6a:da:53:59:ed:0c:de:9c:cb:ea:05:da:5e:d8
Signer

.text
Size: 112KB - Virtual size: 112KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 11KB - Virtual size: 19KB

.rsrc
Size: 28KB - Virtual size: 28KB

.reloc
Size: 8KB - Virtual size: 7KB