0ee72171a95ea65a4aa1f2f6b1689ceb

Sharing

Copy URL Twitter E-mail

General

Target

0ee72171a95ea65a4aa1f2f6b1689ceb
Size

164KB
MD5

0ee72171a95ea65a4aa1f2f6b1689ceb
SHA1

6ecc50dc6d7d7f6e3951494d231d17537cea2714
SHA256

e77e47ff0733e3cb2c735ac9a558d40892805abf213fbfb9536ebf4334b786ac
SHA512

c3b61cf47e6700ba537af4866df60514235b5cacc4a133198cde9f2f55bceba142dc86766ee436ed8adf0798ef837bef4f10295d51c761fe292e7cb4124c689b
SSDEEP

3072:oWnSUnM+tE+SfWZDfzhhZTSxRfMAVD0ns3dmFh9JQufqq:ovJQLSuNfklzwHZiq

Score

1^/10

Malware Config

Signatures

Files

0ee72171a95ea65a4aa1f2f6b1689ceb
.dll regsvr32 windows:4 windows x86 arch:x86

fd5aea816952678940d456ae93929445

Code Sign

41:73:0e:b0:e6:d9:2a:47:6e:16:62:8a:0d:be:fb:36
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

31/05/2010, 00:00

Not After

06/05/2012, 23:59

Subject

CN=Mindspark Interactive Network,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Mindspark Interactive Network,L=White Plains,ST=NewYork,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesA
MoveFileA
GetFileSize
InitializeCriticalSection
DeleteCriticalSection
FindClose
FindNextFileA
lstrcmpA
FindFirstFileA
SearchPathA
GetCurrentProcessId
GetTempPathA
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
GetLastError
ResetEvent
WaitForSingleObject
SetEvent
CreateMutexA
ReleaseMutex
CreateEventA
DebugBreak
HeapAlloc
GetProcessHeap
HeapReAlloc
HeapFree
lstrlenW
CreateThread
SetFileTime
GetModuleHandleA
CreateDirectoryA
SetLastError
GetVersionExA
GetSystemDirectoryA
SetCurrentDirectoryA
GetCurrentDirectoryA
GetDriveTypeA
GetCurrentProcess
CallNamedPipeA
GetEnvironmentVariableA
CreateFileMappingA
DuplicateHandle
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
GlobalUnlock
GlobalLock
InterlockedIncrement
InterlockedDecrement
GetSystemTimeAsFileTime
CompareStringA
LockResource
LoadResource
SizeofResource
FindResourceA
GetTempFileNameA
SetThreadPriority
GetCurrentThread
GetFileTime
SetFilePointer
WriteFile
ReadFile
CreateFileA
lstrcpynA
GetModuleFileNameA
GetShortPathNameA
CreateProcessA
CloseHandle
GetTickCount
OpenFile
CopyFileA
SetFileAttributesA
DeleteFileA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
lstrcpyA
lstrcatA
lstrlenA
LocalFree
WideCharToMultiByte

user32

GetMenuItemInfoA
GetSubMenu
DrawMenuBar
SetMenu
GetDlgItem
GetSystemMetrics
SetActiveWindow
InflateRect
EnableMenuItem
GetSystemMenu
KillTimer
SetTimer
PtInRect
GetWindowRect
GetCursorPos
IsWindowVisible
GetForegroundWindow
GetWindow
SetRect
GetFocus
IntersectRect
MapWindowPoints
EqualRect
GetWindowThreadProcessId
ReleaseDC
GetDC
BringWindowToTop
IsRectEmpty
GetClassNameA
EnableWindow
InsertMenuA
ModifyMenuW
DispatchMessageA
TranslateMessage
GetMessageA
MsgWaitForMultipleObjects
PeekMessageA
GetMenu
CreateAcceleratorTableA
GetClientRect
SetRectEmpty
GetParent
ShowWindow
InvalidateRect
SetFocus
GetKeyState
CopyRect
ReleaseCapture
TrackPopupMenuEx
RemoveMenu
CreatePopupMenu
ModifyMenuA
AppendMenuA
GetMenuItemCount
DestroyMenu
EnumChildWindows
GetUpdateRect
BeginPaint
EndPaint
SetWindowPos
PostMessageA
GetMessageTime
GetMessagePos
AppendMenuW
DestroyAcceleratorTable
SendMessageA
IsWindow
DestroyWindow
UnregisterClassA
GetClassInfoA
LoadCursorA
RegisterClassA
CreateWindowExA
GetWindowLongA
SetWindowLongA
DefWindowProcA
SystemParametersInfoA
wsprintfA
GetKeyboardType

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
GetDIBits
DeleteDC
DeleteObject
GetPixel

advapi32

RegCreateKeyExA
RegDeleteValueA
RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyExA
CloseServiceHandle
QueryServiceStatus
OpenServiceA
OpenSCManagerA
RegFlushKey
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegDeleteKeyA

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc

ole32

CoCreateGuid
CLSIDFromString
CLSIDFromProgID
CreateOleAdviseHolder
CoDisconnectObject
CoTaskMemAlloc
OleDestroyMenuDescriptor
CoTaskMemFree
CoGetInterfaceAndReleaseStream
CoCreateInstance
CoMarshalInterThreadInterfaceInStream
StringFromGUID2
CoUninitialize
OleSetMenuDescriptor
CoInitialize

oleaut32

VariantCopy
DispInvoke
DispGetIDsOfNames
SysStringLen
SysAllocStringByteLen
DispGetParam
VariantInit
SysAllocString
VariantClear
SysFreeString
LoadRegTypeLi
LoadTypeLi
RegisterTypeLi

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
SCI

Sections

.text
Size: 104KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fd5aea816952678940d456ae93929445

Code Sign

41:73:0e:b0:e6:d9:2a:47:6e:16:62:8a:0d:be:fb:36Certificate

Extended Key Usages

Key Usages

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

version

Exports

Exports

Sections

.text Size: 104KB - Virtual size: 102KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 8KB - Virtual size: 8KB

.rsrc Size: 16KB - Virtual size: 12KB

.reloc Size: 8KB - Virtual size: 5KB

41:73:0e:b0:e6:d9:2a:47:6e:16:62:8a:0d:be:fb:36
Certificate

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

.text
Size: 104KB - Virtual size: 102KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 16KB - Virtual size: 12KB

.reloc
Size: 8KB - Virtual size: 5KB