448ab437e8243b810c92e0884a60155e

Sharing

Copy URL

Twitter E-mail

General

Target

448ab437e8243b810c92e0884a60155e
Size

2.1MB
MD5

448ab437e8243b810c92e0884a60155e
SHA1

abaa888f405a0396c66f47dab66d724d7a7a8c57
SHA256

a8598600cd5df779325d9485ddf7f635439ce5710dc01dad3f9ec85d3e7e37ec
SHA512

1e99d38c68256a3d2bc030fe51040c7c00f93e0378a8eca00ff7c63b25d1ae3f679ebf4eda3cd5fb74a27bda5dcbfc5189fc431c5da3313d128b45626d11ea3d
SSDEEP

24576:PQ5GGsF4YZoQ5GGsF4YZIQ5GGsF4YZoQ5GGsF4YZ:I0G24i0G24a0G24y0G24

Score

1^/10

Malware Config

Signatures

Files

448ab437e8243b810c92e0884a60155e
.dll windows:6 windows x86 arch:x86

38002bfb317baf0ab2ecb9ab8d6f152f

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10-01-1997 07:00

Not After

31-12-2020 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22-08-2007 22:31

Not After

25-08-2012 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0f:78:4d:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-08-2007 00:23

Not After

23-02-2009 00:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-09-2006 01:53

Not After

16-09-2011 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16-09-2006 01:04

Not After

15-09-2019 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

98:32:e0:73:cd:fd:f6:de:84:0d:aa:f8:c1:d9:0e:c7:5e:b6:f6:ef
Signer

Actual PE Digest

98:32:e0:73:cd:fd:f6:de:84:0d:aa:f8:c1:d9:0e:c7:5e:b6:f6:ef

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

??1type_info@@UAE@XZ
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
_amsg_exit
_initterm
free
malloc
_XcptFilter
tolower
_stricmp
_CxxThrowException
_isnan
floor
_controlfp
_purecall
_CIatan
_CIcos
_CIasin
_finite
_CIsin
_CIatan2
_CIacos
_CIsqrt
iswspace
iswalpha
iswdigit
iswpunct
memmove
qsort
memset
??2@YAPAXI@Z
memcpy
??3@YAXPAX@Z
_vsnprintf
__CxxFrameHandler

gdi32

CreateDIBSection
GetCharacterPlacementA
GetCharacterPlacementW
SetTextColor
DeleteDC
DeleteObject
SelectObject
GetGlyphOutlineA
GetTextMetricsA
GetObjectW
GetObjectA
SetBkMode
GetTextMetricsW
GetFontLanguageInfo
CreateFontIndirectA
CreateFontIndirectW
SetTextAlign
SetMapMode
CreateCompatibleDC
ExtTextOutA
MoveToEx
ExtTextOutW
TranslateCharsetInfo
SetBkColor

kernel32

IsProcessorFeaturePresent
MultiByteToWideChar
CreateFileA
GetFileSizeEx
ReadFile
WideCharToMultiByte
GetFullPathNameA
GetModuleHandleA
FreeLibrary
GetCurrentProcess
GetProcessAffinityMask
CreateThread
InterlockedIncrement
Sleep
WaitForSingleObject
InterlockedDecrement
DebugBreak
CreateFileW
ReleaseSemaphore
ReleaseMutex
CloseHandle
CreateSemaphoreA
CreateMutexA
LoadLibraryA
LeaveCriticalSection
EnterCriticalSection
GetVersion
GetProcAddress
DisableThreadLibraryCalls
InitializeCriticalSection
DeleteCriticalSection
GetFileSize
GetModuleFileNameA
InterlockedExchange
InterlockedCompareExchange
OutputDebugStringA
RtlUnwind
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
WriteFile
GetLastError
LockResource
FindResourceW
LoadResource
SizeofResource
FindResourceA
WaitForMultipleObjects

advapi32

RegCloseKey
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA

ole32

CreateStreamOnHGlobal

Exports

Exports

D3DX10CheckVersion
D3DX10CompileFromFileA
D3DX10CompileFromFileW
D3DX10CompileFromMemory
D3DX10CompileFromResourceA
D3DX10CompileFromResourceW
D3DX10ComputeNormalMap
D3DX10CreateAsyncCompilerProcessor
D3DX10CreateAsyncEffectCreateProcessor
D3DX10CreateAsyncEffectPoolCreateProcessor
D3DX10CreateAsyncFileLoaderA
D3DX10CreateAsyncFileLoaderW
D3DX10CreateAsyncMemoryLoader
D3DX10CreateAsyncResourceLoaderA
D3DX10CreateAsyncResourceLoaderW
D3DX10CreateAsyncShaderPreprocessProcessor
D3DX10CreateAsyncShaderResourceViewProcessor
D3DX10CreateAsyncTextureInfoProcessor
D3DX10CreateAsyncTextureProcessor
D3DX10CreateDevice
D3DX10CreateDeviceAndSwapChain
D3DX10CreateEffectFromFileA
D3DX10CreateEffectFromFileW
D3DX10CreateEffectFromMemory
D3DX10CreateEffectFromResourceA
D3DX10CreateEffectFromResourceW
D3DX10CreateEffectPoolFromFileA
D3DX10CreateEffectPoolFromFileW
D3DX10CreateEffectPoolFromMemory
D3DX10CreateEffectPoolFromResourceA
D3DX10CreateEffectPoolFromResourceW
D3DX10CreateFontA
D3DX10CreateFontIndirectA
D3DX10CreateFontIndirectW
D3DX10CreateFontW
D3DX10CreateMesh
D3DX10CreateShaderResourceViewFromFileA
D3DX10CreateShaderResourceViewFromFileW
D3DX10CreateShaderResourceViewFromMemory
D3DX10CreateShaderResourceViewFromResourceA
D3DX10CreateShaderResourceViewFromResourceW
D3DX10CreateSkinInfo
D3DX10CreateSprite
D3DX10CreateTextureFromFileA
D3DX10CreateTextureFromFileW
D3DX10CreateTextureFromMemory
D3DX10CreateTextureFromResourceA
D3DX10CreateTextureFromResourceW
D3DX10CreateThreadPump
D3DX10FilterTexture
D3DX10GetFeatureLevel1
D3DX10GetImageInfoFromFileA
D3DX10GetImageInfoFromFileW
D3DX10GetImageInfoFromMemory
D3DX10GetImageInfoFromResourceA
D3DX10GetImageInfoFromResourceW
D3DX10LoadTextureFromTexture
D3DX10PreprocessShaderFromFileA
D3DX10PreprocessShaderFromFileW
D3DX10PreprocessShaderFromMemory
D3DX10PreprocessShaderFromResourceA
D3DX10PreprocessShaderFromResourceW
D3DX10SHProjectCubeMap
D3DX10SaveTextureToFileA
D3DX10SaveTextureToFileW
D3DX10SaveTextureToMemory
D3DX10UnsetAllDeviceObjects
D3DXBoxBoundProbe
D3DXColorAdjustContrast
D3DXColorAdjustSaturation
D3DXComputeBoundingBox
D3DXComputeBoundingSphere
D3DXCpuOptimizations
D3DXCreateMatrixStack
D3DXFloat16To32Array
D3DXFloat32To16Array
D3DXFresnelTerm
D3DXIntersectTri
D3DXMatrixAffineTransformation
D3DXMatrixAffineTransformation2D
D3DXMatrixDecompose
D3DXMatrixDeterminant
D3DXMatrixInverse
D3DXMatrixLookAtLH
D3DXMatrixLookAtRH
D3DXMatrixMultiply
D3DXMatrixMultiplyTranspose
D3DXMatrixOrthoLH
D3DXMatrixOrthoOffCenterLH
D3DXMatrixOrthoOffCenterRH
D3DXMatrixOrthoRH
D3DXMatrixPerspectiveFovLH
D3DXMatrixPerspectiveFovRH
D3DXMatrixPerspectiveLH
D3DXMatrixPerspectiveOffCenterLH
D3DXMatrixPerspectiveOffCenterRH
D3DXMatrixPerspectiveRH
D3DXMatrixReflect
D3DXMatrixRotationAxis
D3DXMatrixRotationQuaternion
D3DXMatrixRotationX
D3DXMatrixRotationY
D3DXMatrixRotationYawPitchRoll
D3DXMatrixRotationZ
D3DXMatrixScaling
D3DXMatrixShadow
D3DXMatrixTransformation
D3DXMatrixTransformation2D
D3DXMatrixTranslation
D3DXMatrixTranspose
D3DXPlaneFromPointNormal
D3DXPlaneFromPoints
D3DXPlaneIntersectLine
D3DXPlaneNormalize
D3DXPlaneTransform
D3DXPlaneTransformArray
D3DXQuaternionBaryCentric
D3DXQuaternionExp
D3DXQuaternionInverse
D3DXQuaternionLn
D3DXQuaternionMultiply
D3DXQuaternionNormalize
D3DXQuaternionRotationAxis
D3DXQuaternionRotationMatrix
D3DXQuaternionRotationYawPitchRoll
D3DXQuaternionSlerp
D3DXQuaternionSquad
D3DXQuaternionSquadSetup
D3DXQuaternionToAxisAngle
D3DXSHAdd
D3DXSHDot
D3DXSHEvalConeLight
D3DXSHEvalDirection
D3DXSHEvalDirectionalLight
D3DXSHEvalHemisphereLight
D3DXSHEvalSphericalLight
D3DXSHMultiply2
D3DXSHMultiply3
D3DXSHMultiply4
D3DXSHMultiply5
D3DXSHMultiply6
D3DXSHRotate
D3DXSHRotateZ
D3DXSHScale
D3DXSphereBoundProbe
D3DXVec2BaryCentric
D3DXVec2CatmullRom
D3DXVec2Hermite
D3DXVec2Normalize
D3DXVec2Transform
D3DXVec2TransformArray
D3DXVec2TransformCoord
D3DXVec2TransformCoordArray
D3DXVec2TransformNormal
D3DXVec2TransformNormalArray
D3DXVec3BaryCentric
D3DXVec3CatmullRom
D3DXVec3Hermite
D3DXVec3Normalize
D3DXVec3Project
D3DXVec3ProjectArray
D3DXVec3Transform
D3DXVec3TransformArray
D3DXVec3TransformCoord
D3DXVec3TransformCoordArray
D3DXVec3TransformNormal
D3DXVec3TransformNormalArray
D3DXVec3Unproject
D3DXVec3UnprojectArray
D3DXVec4BaryCentric
D3DXVec4CatmullRom
D3DXVec4Cross
D3DXVec4Hermite
D3DXVec4Normalize
D3DXVec4Transform
D3DXVec4TransformArray

Sections

.text
Size: 397KB - Virtual size: 396KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

38002bfb317baf0ab2ecb9ab8d6f152f

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:0f:78:4d:00:00:00:00:00:03Certificate

Extended Key Usages

Key Usages

61:47:52:ba:00:00:00:00:00:04Certificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

98:32:e0:73:cd:fd:f6:de:84:0d:aa:f8:c1:d9:0e:c7:5e:b6:f6:efSigner

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

gdi32

kernel32

advapi32

ole32

Exports

Exports

Sections

.text Size: 397KB - Virtual size: 396KB

.data Size: 21KB - Virtual size: 23KB

.rsrc Size: 1024B - Virtual size: 936B

.reloc Size: 14KB - Virtual size: 14KB

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:0f:78:4d:00:00:00:00:00:03
Certificate

61:47:52:ba:00:00:00:00:00:04
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

98:32:e0:73:cd:fd:f6:de:84:0d:aa:f8:c1:d9:0e:c7:5e:b6:f6:ef
Signer

.text
Size: 397KB - Virtual size: 396KB

.data
Size: 21KB - Virtual size: 23KB

.rsrc
Size: 1024B - Virtual size: 936B

.reloc
Size: 14KB - Virtual size: 14KB