SecuriteInfo[.]com[.]Trojan[.]Win32[.]Sasfis[.]31102[.]11632[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

SecuriteInfo.com.Trojan.Win32.Sasfis.31102.11632.dll
Size

1.9MB
MD5

206d9f529cff4cd41a9e5592baabe229
SHA1

5b3571f68d21f59e7d33f0ae51d570e8a879e3c6
SHA256

1decfea1035ea74d84f391c73e8bf71161ee62e1c633ea4d7efd93aa5cad4865
SHA512

1f408bcc09e2ff9290a59c6a049776c6bad8a15489bce03bdd6066c59145802e9991945a536bd9a707d06c2e9d39e3008a5a6c67c85407dacbe8ddb2fef845df
SSDEEP

12288:dI0aZz+AO72eL36ykVC3q0JQ7iTkAcBSpXnT8Srd+kKgKSx4/JWsnswR4/pJbUvb:MzwexAtQSx+HwxQJtswR4/DAHP1zt

Score

1^/10

Malware Config

Signatures

Files

SecuriteInfo.com.Trojan.Win32.Sasfis.31102.11632.dll
.dll regsvr32 windows:5 windows x86

3148ed1aa884909e121e1b8dc4bcae40

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

70:d9:a6:4c:ff:b3:e1:f6:49:29:ef:fd:88:f4:7e:db
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

10/10/2012, 00:00

Not After

09/01/2016, 23:59

Subject

CN=PPLive Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Planning Dept.,O=PPLive Corporation,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

92:a9:08:bf:fd:d9:94:67:9e:da:45:9f:96:08:17:dc:0a:c1:4d:73
Signer

Actual PE Digest

92:a9:08:bf:fd:d9:94:67:9e:da:45:9f:96:08:17:dc:0a:c1:4d:73

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LocalAlloc
GetCommandLineW
FreeLibrary
LoadLibraryW
GetTimeZoneInformation
GetVersionExW
GetEnvironmentVariableW
lstrcmpiW
CreateEventW
SetEvent
ResetEvent
GetCurrentProcessId
SetFileAttributesW
WriteFile
SetFilePointer
GetLocalTime
FreeLibraryAndExitThread
ResumeThread
OpenThread
RaiseException
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedExchange
DecodePointer
EncodePointer
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetLastError
LocalFree
Sleep
GetCurrentThreadId
OutputDebugStringW
DisableThreadLibraryCalls
GetCurrentProcess
FlushInstructionCache
GetFileSize
CreateProcessW
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateThread
GetPrivateProfileStringW
CreateDirectoryW
WritePrivateProfileStringW
GetPrivateProfileIntW
FindFirstFileW
GetFullPathNameW
SetLastError
ReadFile
FindClose
FindNextFileW
CreateFileW
InterlockedDecrement
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedIncrement
CopyFileW
GetSystemDirectoryW
GetSystemTime
SystemTimeToFileTime
TerminateThread
WaitForSingleObject
CloseHandle
GetTickCount
DeleteFileW
GetModuleHandleW
GetProcAddress
WideCharToMultiByte
GetModuleFileNameW
lstrlenW
lstrlenA
MultiByteToWideChar
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
LeaveCriticalSection
EnterCriticalSection
GetSystemTimeAsFileTime

user32

DestroyWindow
FindWindowW
SendMessageTimeoutW
CreateWindowExW
IsWindow
wsprintfW
PostMessageW
UnregisterClassA
GetClassInfoExW
LoadCursorW
RegisterClassExW
SendMessageW
SetTimer
KillTimer
CharNextW
SetWindowLongW
GetWindowLongW
CallWindowProcW
DefWindowProcW

advapi32

CryptGetKeyParam
RegCloseKey
RegQueryValueExW
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
CreateProcessAsUserW
SetTokenInformation
GetLengthSid
ConvertStringSidToSidW
DuplicateTokenEx
OpenProcessToken
RegEnumValueA
RegDeleteKeyW
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
GetNamedSecurityInfoW
GetEffectiveRightsFromAclW
CryptExportKey
CryptGetProvParam
CryptGenKey
RegCreateKeyExW
CryptGenRandom
CryptImportKey
CryptSetKeyParam
CryptDecrypt
CryptEncrypt
CryptDestroyKey
CryptDestroyHash
CryptAcquireContextW
CryptReleaseContext

shell32

ord165
SHGetSpecialFolderPathW
CommandLineToArgvW
SHGetFolderPathW
SHCreateDirectoryExW

ole32

CoTaskMemAlloc
StringFromGUID2
CoCreateGuid
CLSIDFromString
CoCreateInstance
CoUninitialize
CoTaskMemFree
StringFromIID
CoInitialize

oleaut32

RegisterTypeLi
UnRegisterTypeLi
VariantCopy
VariantInit
VarBstrCmp
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantClear
LoadTypeLi
LoadRegTypeLi
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
VarBstrCat
SysAllocString
SysFreeString
DispCallFunc
SysStringLen

atl100

ord64
ord44
ord43
ord15
ord61
ord23
ord54
ord11
ord30
ord32
ord31
ord10
ord68
ord56
ord49
ord58

shlwapi

PathMakeSystemFolderW
PathFileExistsA
PathStripPathW
PathIsDirectoryW
StrStrW
PathFindFileNameW
PathFindExtensionW
PathRemoveFileSpecW
PathAddBackslashW
StrStrIW
PathFileExistsW
PathAppendW

msvcp100

??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXH@Z
?pbase@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
?setp@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXPA_W00@Z
?pbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXH@Z
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Ipfx@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE_N_N@Z
?epptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?width@ios_base@std@@QAE_J_J@Z
?snextc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?is@?$ctype@_W@std@@QBE_NF_W@Z
?width@ios_base@std@@QBE_JXZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?is@?$ctype@D@std@@QBE_NFD@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z
?eof@ios_base@std@@QBE_NXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
?ignore@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@_JG@Z
?get@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@AAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@_W@Z
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?egptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
?setp@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXPA_W0@Z
?id@?$ctype@_W@std@@2V0locale@2@A
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?eback@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
?setg@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXPA_W00@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??_7ios_base@std@@6B@
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBEPAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ
?_Decref@facet@locale@std@@QAEPAV123@XZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Init@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXXZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?sbumpc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?sgetc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
??1_Lockit@std@@QAE@XZ
?_Incref@facet@locale@std@@QAEXXZ
?_Getcat@?$codecvt@_WDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??Bid@locale@std@@QAEIXZ
?id@?$codecvt@_WDH@std@@2V0locale@2@A
??0_Lockit@std@@QAE@H@Z
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?gptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
?getloc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QBE?AVlocale@2@XZ
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?_Gndec@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
??1_Container_base12@std@@QAE@XZ
?_Orphan_all@_Container_base12@std@@QAEXXZ
?_Orphan_all@_Container_base0@std@@QAEXXZ
?in@?$codecvt@_WDH@std@@QBEHAAHPBD1AAPBDPA_W3AAPA_W@Z
?_Gninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
?out@?$codecvt@_WDH@std@@QBEHAAHPB_W1AAPB_WPAD3AAPAD@Z
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
?pptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
?unshift@?$codecvt@_WDH@std@@QBEHAAHPAD1AAPAD@Z
?_BADOFF@std@@3_JB
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?bad@ios_base@std@@QBE_NXZ
?fail@ios_base@std@@QBE_NXZ
?unsetf@ios_base@std@@QAEXH@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?id@?$codecvt@DDH@std@@2V0locale@2@A
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?clear@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0_Container_base12@std@@QAE@XZ
?_Swap_all@_Container_base0@std@@QAEXAAU12@@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
?_Ios_base_dtor@ios_base@std@@CAXPAV12@@Z

omng

ord7

msvcr100

_strdup
_stricmp
__clean_type_info_names_internal
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
_ui64toa_s
strncmp
isalnum
isalpha
isspace
sscanf_s
_vsnprintf_s
ferror
_wfopen_s
fopen_s
memchr
tolower
atof
wcscspn
wcsspn
_wcsdup
_beginthreadex
_splitpath
strcat
_makepath
fopen
fputs
_i64tow
_wtoi64
_gmtime64
strftime
wcstoul
atoi
_itow
swscanf
_mkgmtime64
_vswprintf
srand
rand
wcsncpy_s
_wfopen
??3@YAXPAX@Z
_CxxThrowException
__CxxFrameHandler3
wcsncpy
memcmp
_purecall
??2@YAPAXI@Z
memcpy
memmove
free
wmemcpy_s
wcslen
_vscwprintf
vswprintf_s
swprintf_s
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
strlen
memcpy_s
memmove_s
calloc
_recalloc
??0exception@std@@QAE@ABV01@@Z
??_V@YAXPAX@Z
wcscmp
_wcsicmp
memset
??0exception@std@@QAE@XZ
wcsnlen
??0bad_cast@std@@QAE@PBD@Z
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@ABV01@@Z
_vscprintf
vsprintf_s
_lock_file
_unlock_file
fgetwc
fputwc
ungetwc
setvbuf
fflush
_wtoi
wcschr
ungetc
fgetc
wcscpy
fwrite
sprintf_s
fgetpos
_fseeki64
fsetpos
fclose
atol
wcstok
_i64toa
_wtol
wcscpy_s
wcsrchr
_mktime64
_localtime64_s
fputc
_time64
isdigit
wcstok_s
_atoi64
malloc
wcsstr
_resetstkoflw
wcsftime
iswdigit
iswalpha
_wcslwr_s
wcscat_s
sprintf
sscanf
fprintf
strcmp
modf
strchr
strpbrk
strstr
strspn
strtol
strtok
_localtime64
_swprintf
_ltoa
fread
ftell
fseek

uilib

sqlite3_column_text
sqlite3_column_int64
sqlite3_column_count
sqlite3_reset
sqlite3_step
sqlite3_open
sqlite3_next_stmt
sqlite3_finalize
sqlite3_close
sqlite3_prepare_v2
sqlite3_exec
PP_URLEncodeW
PP_URLYYY
PP_URLXXX
PP_free
PP_GetCurrentUserAppdata
PP_AtlEscapeUrlW
PP_OpenURLUsingIEW
PP_OpenUrlW
ord5
PP_GetComManager
PP_AddEveryoneAccessToFile
PP_GetDiskId
PP_GetGlobalConfig
PP_AtlEscapeUrlA
PP_GetAllUserAppData
ord392
PP_GetProxyType
PP_ElapsedTickSince
sqlite3_vmprintf
PPTVLogOutW
sqlite3_free
PP_GetCurrentVersion

rpcrt4

UuidFromStringA

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wininet

InternetCloseHandle
InternetTimeToSystemTimeW
InternetReadFile
InternetTimeFromSystemTimeW
InternetSetCookieA
HttpEndRequestW
InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpAddRequestHeadersW
HttpSendRequestExW
InternetWriteFile

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
NSGetModule
RD_XXXX

Sections

.text
Size: 623KB - Virtual size: 623KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 69KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3148ed1aa884909e121e1b8dc4bcae40

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

70:d9:a6:4c:ff:b3:e1:f6:49:29:ef:fd:88:f4:7e:dbCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

92:a9:08:bf:fd:d9:94:67:9e:da:45:9f:96:08:17:dc:0a:c1:4d:73Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

atl100

shlwapi

msvcp100

omng

msvcr100

uilib

rpcrt4

version

wininet

Exports

Exports

Sections

.text Size: 623KB - Virtual size: 623KB

.rdata Size: 204KB - Virtual size: 204KB

.data Size: 69KB - Virtual size: 70KB

.rsrc Size: 77KB - Virtual size: 77KB

.reloc Size: 53KB - Virtual size: 53KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

70:d9:a6:4c:ff:b3:e1:f6:49:29:ef:fd:88:f4:7e:db
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

92:a9:08:bf:fd:d9:94:67:9e:da:45:9f:96:08:17:dc:0a:c1:4d:73
Signer

.text
Size: 623KB - Virtual size: 623KB

.rdata
Size: 204KB - Virtual size: 204KB

.data
Size: 69KB - Virtual size: 70KB

.rsrc
Size: 77KB - Virtual size: 77KB

.reloc
Size: 53KB - Virtual size: 53KB