03dc35fa6c794aa88c15ddcd3d344b40

Sharing

Copy URL Twitter E-mail

General

Target

03dc35fa6c794aa88c15ddcd3d344b40
Size

204KB
MD5

03dc35fa6c794aa88c15ddcd3d344b40
SHA1

0d3bb7163078239cc976d83930c5b1ccd10ed18e
SHA256

24dcee5fe27e763b37a4bfa75fe5293d5d4a8c49a445ce3903354c7ad6d74741
SHA512

85f72602f5717c7decd4458c2b8399be2cd4a36b140ea3885ded6fea78bb7d237f3352a21c1028e2baf8cbfa91d2da43cd60262f70eb4b6f63a20fcd184404c4
SSDEEP

6144:pEod5j7uVeHSJh4XhG2+pMMxrzFMUiT0nVIg/TjZOAH1L:p70eKhCo2AvxbiT0nBTNO

Score

1^/10

Malware Config

Signatures

Files

03dc35fa6c794aa88c15ddcd3d344b40
.dll windows:5 windows x86 arch:x86

882adf9cce272050a3352369d454443a

Code Sign

75:05:7b:60:21:ff:39:53:bd:24:29:60:2a:8a:6e:1a
Certificate

Issuer

CN=AeFR9zQ3lCYA

Not Before

12/03/2012, 08:17

Not After

31/12/2039, 23:59

Subject

CN=AeFR9zQ3lCYA

Extended Key Usages

ExtKeyUsageCodeSigning

90:e5:8a:af:9f:03:35:f4:ae:bb:27:38:68:8f:fd:46:df:3b:58:04
Signer

Actual PE Digest

90:e5:8a:af:9f:03:35:f4:ae:bb:27:38:68:8f:fd:46:df:3b:58:04

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
GetWindowsDirectoryA
VirtualAlloc
GetSystemPowerStatus
CancelDeviceWakeupRequest
CancelTimerQueueTimer
ChangeTimerQueueTimer
CompareFileTime
ConnectNamedPipe
ConvertThreadToFiber
CopyFileExW
CreateDirectoryExW
CreateNamedPipeW
CreateTimerQueue
DeleteFileA
DisableThreadLibraryCalls
DisconnectNamedPipe
EnumDateFormatsExA
EnumSystemLanguageGroupsA
FillConsoleOutputAttribute
FindFirstFileA
FindFirstFileExA
FindNextVolumeW
FreeLibrary
GetCommModemStatus
GetConsoleAliasesLengthW
GetConsoleOutputCP
GetDefaultCommConfigA
GetEnvironmentStringsA
GetEnvironmentVariableA
GetEnvironmentVariableW
GetFileAttributesExA
GetFileSizeEx
GetLastError
GetLocaleInfoA
GetLongPathNameA
GetLongPathNameW
GetNamedPipeHandleStateW
GetNumberOfConsoleInputEvents
GetPrivateProfileSectionA
GetProcAddress
GetProfileIntA
GetProfileStringW
GetStdHandle
GetSystemWindowsDirectoryA
GlobalDeleteAtom
GlobalGetAtomNameA
Heap32First
Heap32ListNext
lstrcpyA
HeapValidate
InitializeCriticalSectionAndSpinCount
InterlockedExchange
InterlockedIncrement
IsBadReadPtr
IsBadStringPtrW
IsProcessorFeaturePresent
IsValidLanguageGroup
LCMapStringW
LoadLibraryExA
LoadModule
LocalHandle
LocalUnlock
LockFile
Module32FirstW
MoveFileW
OpenEventA
OpenEventW
OpenJobObjectW
SetCalendarInfoW
SetCommMask
SetConsoleActiveScreenBuffer
SetConsoleCP
SetConsoleOutputCP
SetCurrentDirectoryA
SetEnvironmentVariableA
SetEvent
SetFileAttributesW
SetFilePointerEx
SetLastError
SetLocaleInfoA
SetProcessShutdownParameters
SetSystemTimeAdjustment
SetTapeParameters
SetThreadPriority
SetWaitableTimer
Thread32First
Thread32Next
TlsFree
TlsGetValue
UnregisterWait
VerLanguageNameW
VirtualFree
VirtualUnlock
WideCharToMultiByte
WriteConsoleOutputW
WritePrivateProfileStringA
WriteProfileSectionW
lstrcpyn
HeapAlloc
CreateFileA

advapi32

RegOpenKeyExA

shell32

WOWShellExecute
Shell_NotifyIconW
Shell_NotifyIconA
Shell_NotifyIcon
ShellHookProc
ShellExecuteW
ShellExecuteExW
ShellExecuteExA
ShellAboutW
ShellAboutA
SHQueryRecycleBinW
SHLoadNonloadedIconOverlayIdentifiers
SHLoadInProc
SHIsFileAvailableOffline
SHInvokePrinterCommandA
SHGetSpecialFolderPathA
SHGetSettings
SHGetPathFromIDListW
SHGetPathFromIDList
SHGetInstanceExplorer
SHGetIconOverlayIndexA
SHGetFolderPathW
SHGetFolderPathA
SHGetFileInfoW
SHGetFileInfoA
SHGetDiskFreeSpaceExW
SHGetDiskFreeSpaceA
SHGetDesktopFolder
SHGetDataFromIDListW
SHFreeNameMappings
SHFileOperationW
SHFileOperationA
SHFileOperation
SHEmptyRecycleBinW
SHEmptyRecycleBinA
SHCreateProcessAsUserW
SHCreateDirectoryExA
SHBrowseForFolderA
SHBindToParent
SHAppBarMessage
FindExecutableW
FindExecutableA
ExtractIconW
ExtractIconEx
ExtractIconA
ExtractAssociatedIconW
ExtractAssociatedIconExW
ExtractAssociatedIconExA
ExtractAssociatedIconA
DuplicateIcon
DragQueryPoint
DragQueryFileW
DragQueryFileAorW
DragQueryFileA
DragFinish
DoEnvironmentSubstW
DoEnvironmentSubstA

shlwapi

StrChrW
StrCmpNA
StrCmpNIA
StrRChrIW
StrRChrW
StrRStrIA
StrRStrIW
StrStrIA
StrStrIW

Sections

.text
Size: 191KB - Virtual size: 191KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 996B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

882adf9cce272050a3352369d454443a

Code Sign

75:05:7b:60:21:ff:39:53:bd:24:29:60:2a:8a:6e:1aCertificate

Extended Key Usages

90:e5:8a:af:9f:03:35:f4:ae:bb:27:38:68:8f:fd:46:df:3b:58:04Signer

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

shlwapi

Sections

.text Size: 191KB - Virtual size: 191KB

.data Size: 1024B - Virtual size: 996B

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 1KB - Virtual size: 1KB

75:05:7b:60:21:ff:39:53:bd:24:29:60:2a:8a:6e:1a
Certificate

90:e5:8a:af:9f:03:35:f4:ae:bb:27:38:68:8f:fd:46:df:3b:58:04
Signer

.text
Size: 191KB - Virtual size: 191KB

.data
Size: 1024B - Virtual size: 996B

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 1KB - Virtual size: 1KB