SecuriteInfo[.]com[.]PowerShell[.]DownLoader[.]1445[.]12909[.]14248[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

SecuriteInfo.com.PowerShell.DownLoader.1445.12909.14248.dll
Size

473KB
MD5

a41e2c95349731f3326defe16bf0c5eb
SHA1

d304c4cd0ff4d4ebefb072e357a26ae0b1421633
SHA256

d272a0133604711622deb2c250160c8a811df5f3141f84cadc69c55d0c3219f2
SHA512

34aebd677f81bf9667b17e4276412ef677394a801b36d4eac4f8b2c7eea3a1876becc6100e11df313c58825681e17c21b24e518b69047bbe81f0758af874bb99
SSDEEP

12288:AtBqnkbIQ6HHI/RpXupEP49v63zLrVVdWHA+f:yBqnGIQ5M6DLrVVdWHA+

Score

1^/10

Malware Config

Signatures

Files

SecuriteInfo.com.PowerShell.DownLoader.1445.12909.14248.dll
.dll windows x86

f8cac6e3e6f3790a4b594ed48691db70

Code Sign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5c:fc:d4:eb:f6:72:c2:d7:52:e8:40:22:f4:aa:4b:3d
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

24-02-2017 00:00

Not After

24-02-2020 23:59

Subject

CN=Caphyon SRL,OU=SECURE APPLICATION DEVELOPMENT,O=Caphyon SRL,L=Bucuresti,ST=Dolj,C=RO

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4c:ed:f9:ee:cf:85:41:d8:65:4b:90:78:19:bf:4a:38:26:6d:aa:41:f2:94:a0:e8:59:82:fe:ca:74:22:be:f8
Signer

Actual PE Digest

4c:ed:f9:ee:cf:85:41:d8:65:4b:90:78:19:bf:4a:38:26:6d:aa:41:f2:94:a0:e8:59:82:fe:ca:74:22:be:f8

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msi

ord49
ord158
ord17
ord125
ord171
ord47
ord74
ord70
ord43
ord190
ord113
ord58
ord139
ord221
ord51
ord147
ord20
ord124
ord26
ord48
ord34
ord163
ord121
ord117
ord165
ord205
ord145
ord103
ord116
ord118
ord159
ord32
ord160
ord8

shell32

ShellExecuteW
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetFolderPathW

ws2_32

gethostbyname
htonl
WSAStartup
WSACleanup
ntohs

netapi32

NetUserGetInfo
NetApiBufferFree
NetGetDCName
NetQueryDisplayInformation
NetLocalGroupGetInfo
NetGroupGetInfo
NetUserModalsGet

shlwapi

ord176
PathFileExistsW

iphlpapi

GetTcpTable

kernel32

CreateFileW
WriteFile
LocalFree
GetLastError
LocalAlloc
LoadLibraryW
GetProcAddress
FreeLibrary
RaiseException
FindFirstFileW
DeleteFileW
RemoveDirectoryW
FindNextFileW
ReadFile
SetFilePointer
FindClose
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
GetTempPathW
GetTempFileNameW
EncodePointer
GetSystemDirectoryW
LoadLibraryExW
CreateToolhelp32Snapshot
Process32FirstW
OpenProcess
Process32NextW
GetCurrentProcess
GetCurrentProcessId
GetExitCodeProcess
WaitForSingleObject
ReadProcessMemory
SizeofResource
LockResource
LoadResource
FindResourceExW
FindResourceW
GetWindowsDirectoryW
IsDebuggerPresent
GetModuleFileNameW
ExpandEnvironmentStringsW
OutputDebugStringW
lstrcmpiW
DeleteCriticalSection
EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
GetCurrentThreadId
FlushFileBuffers
MultiByteToWideChar
GetStringTypeW
GlobalFindAtomW
WideCharToMultiByte
GlobalAddAtomW
GlobalDeleteAtom
lstrcpynW
lstrcpyW
MulDiv
InitializeCriticalSectionAndSpinCount
DecodePointer
ExitProcess
lstrlenW
lstrcmpW
DuplicateHandle
GetStdHandle
CreateProcessW
GetLocaleInfoW
lstrcatW
GetDiskFreeSpaceW
OpenMutexW
SetLastError
TerminateProcess
GetCPInfo
TlsAlloc
TlsGetValue
TlsSetValue
SetUnhandledExceptionFilter
TlsFree
LCMapStringW
RtlUnwind
InterlockedFlushSList
GetModuleHandleExW
GetFileType
InitializeSListHead
GetSystemTimeAsFileTime
CloseHandle
GetTickCount
FormatMessageW
QueryPerformanceCounter
Sleep
GetStartupInfoW
UnhandledExceptionFilter
GetModuleHandleW
IsProcessorFeaturePresent
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFilePointerEx
SetStdHandle
GetConsoleCP
GetConsoleMode
WriteConsoleW
MoveFileW
SetEndOfFile

user32

GetClassNameW
EnumChildWindows
MessageBoxW
GetDC
wsprintfW
GetWindowThreadProcessId
EnumWindows
BringWindowToTop
GetForegroundWindow
GetWindowTextW
CreateWindowExW
GetWindowLongW
SendMessageW
GetDesktopWindow
RedrawWindow
IsWindow
PostMessageW

gdi32

AbortDoc
EndDoc
EndPage
StartPage
StartDocW
DeleteDC
GetDeviceCaps

comdlg32

PrintDlgW
GetOpenFileNameW

advapi32

QueryServiceStatusEx
OpenServiceW
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegOpenKeyExW
RegCloseKey
GetTokenInformation
OpenProcessToken
LookupAccountSidW
LookupAccountNameW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclW
GetSecurityDescriptorDacl
LogonUserW
AllocateAndInitializeSid
FreeSid
GetSidSubAuthorityCount
GetSidLengthRequired
InitializeSid
GetSidIdentifierAuthority
GetSidSubAuthority
EnumServicesStatusW
LsaOpenPolicy
LsaNtStatusToWinError
LsaAddAccountRights
LsaClose
RegQueryInfoKeyW
ConvertStringSidToSidW
RegEnumValueW
LookupPrivilegeValueW
AdjustTokenPrivileges
ConvertSidToStringSidW
CloseServiceHandle
OpenSCManagerW
StartServiceW
ControlService
QueryServiceStatus
SetServiceObjectSecurity
QueryServiceObjectSecurity
ChangeServiceConfig2W

ole32

CoUninitialize
CoCreateInstance
CoTaskMemFree
CLSIDFromString
CoInitialize

oleaut32

VariantClear
SysFreeString
SysAllocString
VariantInit

Exports

Exports

AI_AuthorSinglePackage
AI_ResolveKnownFolders
AI_SearchOfficeAddins
AddCaspolSecurityPolicy
BrowseForFile
CheckFreeTCPPort
CheckIfUserExists
ChooseTextStyles
CloseApplication
CollectFeaturesWithoutCab
ComputeReplaceProductsList
ConfigureNonAdminServiceStart
ConfigureServFailActions
CreateExeProcess
DeleteEmptyDirectory
DeleteFromComboBox
DeleteFromListBox
DeleteShortcuts
DetectModernWindows
DetectProcess
DetectService
DisableFeatures
DoEvents
DpiContentScale
EnableDebugLog
EnumStartedServices
ExtractComboBoxData
ExtractListBoxData
GetArpIconPath
GetFreeTCPPort
GetLocalizedCredentials
GetPathFreeSpace
InstanceMajorUpgrade
JoinFiles
LaunchApp
LaunchLogFile
LoadShortcutDirs
LogOnAsAService
MixedAllUsersInstallLocation
MsgBox
MsmTrialMessage
PlayAudioFile
PopulateComboBox
PopulateListBox
PrepareUpgrade
PreserveInstallType
PreventInstancesUpgrade
PrintRTF
ProcessFailActions
RemoveCaspolSecurityPolicy
ResolveKnownFolder
ResolveServiceProperties
RestartElevated
RestoreLocation
RunAllExitActions
RunFinishActions
SetLatestVersionPath
StartWinService
StopProcess
StopWinService
TrialMessage
UninstallPreviousVersions
UpdateFeatureStates
UpdateInstallMode
UpdateMsiEditControls
ValidateInstallFolder
ViewReadMe
WarningMessageBox

Sections

.text
Size: 236KB - Virtual size: 235KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f8cac6e3e6f3790a4b594ed48691db70

Code Sign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

5c:fc:d4:eb:f6:72:c2:d7:52:e8:40:22:f4:aa:4b:3dCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

4c:ed:f9:ee:cf:85:41:d8:65:4b:90:78:19:bf:4a:38:26:6d:aa:41:f2:94:a0:e8:59:82:fe:ca:74:22:be:f8Signer

Headers

DLL Characteristics

File Characteristics

Imports

msi

shell32

ws2_32

netapi32

shlwapi

iphlpapi

kernel32

user32

gdi32

comdlg32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 236KB - Virtual size: 235KB

.rdata Size: 114KB - Virtual size: 113KB

.data Size: 3KB - Virtual size: 7KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 17KB - Virtual size: 16KB

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

5c:fc:d4:eb:f6:72:c2:d7:52:e8:40:22:f4:aa:4b:3d
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

4c:ed:f9:ee:cf:85:41:d8:65:4b:90:78:19:bf:4a:38:26:6d:aa:41:f2:94:a0:e8:59:82:fe:ca:74:22:be:f8
Signer

.text
Size: 236KB - Virtual size: 235KB

.rdata
Size: 114KB - Virtual size: 113KB

.data
Size: 3KB - Virtual size: 7KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 17KB - Virtual size: 16KB