Binary[.]SoftwareDetector[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

Binary.SoftwareDetector.dll
Size

897KB
MD5

6189cdcb92ab9ddbffd95facd0b631fa
SHA1

b74c72cefcb5808e2c9ae4ba976fa916ba57190d
SHA256

519f7ac72beba9d5d7dcf71fcac15546f5cfd3bcfc37a5129e63b4e0be91a783
SHA512

ee9ce27628e7a07849cd9717609688ca4229d47579b69e3d3b5b2e7c2433369de9557ef6a13fa59964f57fb213cd8ca205b35f5791ea126bde5a4e00f6a11caf
SSDEEP

24576:rx90VXSK4fSa6HXr1iWn8Zlv2x4ntHurpllQ6a:Nq4Fb6HXr1iWnYs4ntHurpllQ6a

Score

1^/10

Malware Config

Signatures

Files

Binary.SoftwareDetector.dll
.dll windows:6 windows x86 arch:x86

a4b13f033c4b3f1a0c84923466d51583

Code Sign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

79:7d:59:66:04:91:55:be:bf:38:3f:fb:0b:e3:29:10
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

06/03/2020, 00:00

Not After

05/03/2023, 23:59

Subject

CN=Caphyon SRL,OU=SECURE APPLICATION DEVELOPMENT,O=Caphyon SRL,L=Craiova,ST=Dolj,C=RO

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fa:8c:07:2f:05:b5:0c:e6:12:cf:c0:88:15:1a:a0:7d:cb:14:b0:90:3d:f4:c8:7d:f0:2d:9e:db:0c:f2:98:d1
Signer

Actual PE Digest

fa:8c:07:2f:05:b5:0c:e6:12:cf:c0:88:15:1a:a0:7d:cb:14:b0:90:3d:f4:c8:7d:f0:2d:9e:db:0c:f2:98:d1

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msi

ord74
ord8
ord17
ord90
ord70
ord125
ord103
ord113
ord145
ord205

netapi32

NetUserGetLocalGroups
NetApiBufferFree
NetLocalGroupGetMembers
NetUserGetInfo

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

secur32

GetUserNameExW

kernel32

RemoveDirectoryW
FindNextFileW
GetLogicalDriveStringsW
GetDriveTypeW
CloseHandle
CreateFileW
CreateDirectoryW
CopyFileW
ReadFile
WriteFile
SetFilePointer
FindClose
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
GetTempPathW
GetTempFileNameW
GetModuleHandleW
GetSystemDirectoryW
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
LoadLibraryExW
CreateToolhelp32Snapshot
Process32FirstW
OpenProcess
Process32NextW
GetCurrentProcessId
GetCurrentProcess
GetExitCodeProcess
WaitForSingleObject
TerminateProcess
LoadLibraryW
DeleteFileW
GetDateFormatW
GetTimeFormatW
GetLocaleInfoW
CreateProcessW
GetWindowsDirectoryW
MultiByteToWideChar
WideCharToMultiByte
FormatMessageW
GetSystemFirmwareTable
SetLastError
GetEnvironmentVariableW
GetModuleFileNameW
lstrlenW
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
DeleteCriticalSection
EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
OutputDebugStringW
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
FlushFileBuffers
GetStringTypeW
CreateThread
GlobalFindAtomW
DuplicateHandle
GetStdHandle
LockFile
UnlockFile
lstrcmpW
InitializeCriticalSectionEx
DecodePointer
CreateEventW
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
TlsAlloc
FindFirstFileW
GetLastError
TlsGetValue
RaiseException
FreeLibrary
LocalFree
GetProcAddress
WaitForSingleObjectEx
ResetEvent
TlsSetValue
TlsFree
ExitProcess
GetModuleHandleExW
SetEvent
IsDebuggerPresent
EncodePointer
LCMapStringEx
GetLocaleInfoEx
CompareStringEx
GetCPInfo
UnhandledExceptionFilter
GetFileType
CompareStringW
LCMapStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetFilePointerEx
SetStdHandle
GetConsoleOutputCP
GetConsoleMode
ReadConsoleW
SetEndOfFile
WriteConsoleW
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
ReadProcessMemory

user32

GetSystemMetrics
GetDC

gdi32

GetDeviceCaps

advapi32

GetUserNameW
OpenSCManagerW
CloseServiceHandle
RegOpenKeyExW
RegEnumValueW
RegEnumKeyExW
RegQueryValueExW
RegCloseKey
OpenServiceW
QueryServiceStatus

shell32

SHGetPathFromIDListW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetFolderPathW

ole32

CoUninitialize
CoCreateInstance
CoInitializeSecurity
CoSetProxyBlanket
CoInitializeEx
CoInitialize

oleaut32

SetErrorInfo
GetErrorInfo
SysStringLen
SysAllocString
SysFreeString
SysAllocStringByteLen
VariantCopy
VariantClear
VariantInit

shlwapi

PathFileExistsW
PathIsUNCW

psapi

GetModuleFileNameExW

Exports

Exports

OnDetectSoftware
OnResolveProps

Sections

.text
Size: 598KB - Virtual size: 597KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 185KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a4b13f033c4b3f1a0c84923466d51583

Code Sign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

79:7d:59:66:04:91:55:be:bf:38:3f:fb:0b:e3:29:10Certificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

fa:8c:07:2f:05:b5:0c:e6:12:cf:c0:88:15:1a:a0:7d:cb:14:b0:90:3d:f4:c8:7d:f0:2d:9e:db:0c:f2:98:d1Signer

Headers

DLL Characteristics

File Characteristics

Imports

msi

netapi32

version

secur32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

psapi

Exports

Exports

Sections

.text Size: 598KB - Virtual size: 597KB

.rdata Size: 185KB - Virtual size: 184KB

.data Size: 44KB - Virtual size: 48KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 61KB - Virtual size: 61KB

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

79:7d:59:66:04:91:55:be:bf:38:3f:fb:0b:e3:29:10
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

fa:8c:07:2f:05:b5:0c:e6:12:cf:c0:88:15:1a:a0:7d:cb:14:b0:90:3d:f4:c8:7d:f0:2d:9e:db:0c:f2:98:d1
Signer

.text
Size: 598KB - Virtual size: 597KB

.rdata
Size: 185KB - Virtual size: 184KB

.data
Size: 44KB - Virtual size: 48KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 61KB - Virtual size: 61KB