accesschk-2003-xp[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

accesschk-2003-xp.exe
Size

324KB
MD5

d5311c8b83873e3f5dd8ec4a9d931151
SHA1

21f36fad8215ae64cd56ea40afeff321400b8788
SHA256

b4c6dd2730219a06b46b729e983f6d92b6594d4744c32583e57867312878de53
SHA512

303a61197d9bb8c242a59267780073fefe6a2412dff41bdce2565e1eeffb8f8d4b77f9e11ff28926365aacbff84a2abfc01c92f1ca97f4972c587f750e7ea4de
SSDEEP

3072:n6XpxcYv8va/D3VHlcLE6ye7lhoyx9jLSSaxVLJi6L+MXcJKgwmo6VWnsTVl+mZa:nsv8y/D3V27gQLSSaxVD+MMlNDTV2

Score

1^/10

Malware Config

Signatures

Files

accesschk-2003-xp.exe
.exe windows:5 windows x86

65101f74a9d3bb9c88db9b4e4aa6cd78

Code Sign

61:19:cc:93:00:01:00:00:00:66
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

10/10/2011, 20:32

Not After

10/01/2013, 20:32

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:05:19:96:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2011, 20:42

Not After

25/10/2012, 20:42

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:9E78-864B-039D,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7a:b6:2f:2e:e6:02:dc:28:69:23:83:e8:be:01:66:76:e9:c5:43:67
Signer

Actual PE Digest

7a:b6:2f:2e:e6:02:dc:28:69:23:83:e8:be:01:66:76:e9:c5:43:67

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

netapi32

NetApiBufferFree
NetUserGetLocalGroups

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

EnumSystemLocalesA
IsValidLocale
WriteConsoleA
WriteConsoleW
GetLocaleInfoA
SetStdHandle
HeapSize
GetLocaleInfoW
GetTimeZoneInformation
Thread32First
OpenThread
Thread32Next
FindFirstFileW
FindNextFileW
FindClose
GetFileAttributesW
CreateFileW
FindResourceW
LoadResource
SizeofResource
LockResource
GetFullPathNameW
GetVersion
GetModuleFileNameW
GetLastError
GetCurrentProcess
SetLastError
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OpenProcess
CloseHandle
GetSystemDirectoryW
ExpandEnvironmentStringsW
GetCurrentDirectoryW
SetEnvironmentVariableA
DeleteFileW
DeviceIoControl
FormatMessageW
GetProcAddress
GetCommandLineW
LocalAlloc
LoadLibraryW
LocalFree
GetModuleHandleW
CreateFileA
SetEndOfFile
GetProcessHeap
ReadFile
CompareStringA
CompareStringW
GetConsoleOutputCP
HeapAlloc
HeapFree
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
FatalAppExitA
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
HeapDestroy
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
GetCurrentThread
RtlUnwind
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetHandleCount
GetFileType
GetStartupInfoA
LCMapStringA
MultiByteToWideChar
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
LoadLibraryA
SetFilePointer
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID

user32

GetSysColorBrush
EndDialog
SetWindowTextW
GetDlgItem
SetCursor
InflateRect
SendMessageW
DialogBoxIndirectParamW
LoadCursorW

gdi32

GetDeviceCaps
SetMapMode
EndDoc
EndPage
StartPage
StartDocW

comdlg32

PrintDlgW

advapi32

RevertToSelf
OpenSCManagerW
CloseServiceHandle
OpenServiceW
EnumServicesStatusW
QueryServiceObjectSecurity
GetSecurityInfo
DeleteAce
RegCreateKeyExW
RegGetKeySecurity
RegEnumKeyW
GetNamedSecurityInfoW
RegDeleteKeyW
LookupPrivilegeValueW
AdjustTokenPrivileges
GetKernelObjectSecurity
LsaOpenPolicy
LsaNtStatusToWinError
LsaEnumerateAccountsWithUserRight
LookupPrivilegeNameW
LookupPrivilegeDisplayNameW
LsaEnumerateAccountRights
LsaFreeMemory
LsaClose
GetEffectiveRightsFromAclW
GetSecurityDescriptorSacl
GetSecurityDescriptorControl
IsWellKnownSid
GetSecurityDescriptorOwner
LookupAccountNameW
GetSecurityDescriptorDacl
GetLengthSid
CopySid
GetTokenInformation
EqualSid
IsValidSid
GetSidIdentifierAuthority
GetAce
LookupAccountSidW
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
ImpersonateLoggedOnUser
RegCreateKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey

Sections

.text
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 121KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

65101f74a9d3bb9c88db9b4e4aa6cd78

Code Sign

61:19:cc:93:00:01:00:00:00:66Certificate

Extended Key Usages

Key Usages

61:05:19:96:00:00:00:00:00:1bCertificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

7a:b6:2f:2e:e6:02:dc:28:69:23:83:e8:be:01:66:76:e9:c5:43:67Signer

Headers

DLL Characteristics

File Characteristics

Imports

netapi32

version

kernel32

user32

gdi32

comdlg32

advapi32

Sections

.text Size: 152KB - Virtual size: 151KB

.rdata Size: 37KB - Virtual size: 37KB

.data Size: 121KB - Virtual size: 128KB

.rsrc Size: 5KB - Virtual size: 5KB

61:19:cc:93:00:01:00:00:00:66
Certificate

61:05:19:96:00:00:00:00:00:1b
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

7a:b6:2f:2e:e6:02:dc:28:69:23:83:e8:be:01:66:76:e9:c5:43:67
Signer

.text
Size: 152KB - Virtual size: 151KB

.rdata
Size: 37KB - Virtual size: 37KB

.data
Size: 121KB - Virtual size: 128KB

.rsrc
Size: 5KB - Virtual size: 5KB