416a4c92af1eed40e8044d627d3c448c

Sharing

Copy URL

Twitter E-mail

General

Target

416a4c92af1eed40e8044d627d3c448c
Size

121KB
MD5

416a4c92af1eed40e8044d627d3c448c
SHA1

1eac77c3efa67f78a6a489ca1b521eb076e5280d
SHA256

6d8ca639161289d999f9fb5d957b517b4ea051f15e225ff5f84e456021640cf5
SHA512

cccab43f041d0879ec10f2b129c0df6f1c40563850a85b7bfcc6cb8c73f088e88b975d9c74344e967eafe482b1354784787bef28bdc45dd5ed81ad860d449b29
SSDEEP

1536:KMnFskg6M/IkXjxKzw9jUPxxXIh0FCVNG3Q/qIh0FCVNG3Q/rkn:Km4B/I43Y5xXzoG3QCzoG3Qjkn

Score

1^/10

Malware Config

Signatures

Files

416a4c92af1eed40e8044d627d3c448c
.dll windows:5 windows x86 arch:x86

73054a8db131c60c892ce6fde5c03536

Code Sign

37:a4:2c:ff:86:a6:ef:af:4c:0d:60:05:d7:bf:d6:97
Certificate

Issuer

CN=63wyw23

Not Before

10-02-2012 05:45

Not After

31-12-2039 23:59

Subject

CN=63wyw23

Extended Key Usages

ExtKeyUsageCodeSigning

94:ff:71:a5:df:20:31:6f:cf:1d:60:f5:51:1e:08:85:03:dd:60:46
Signer

Actual PE Digest

94:ff:71:a5:df:20:31:6f:cf:1d:60:f5:51:1e:08:85:03:dd:60:46

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcatW
GetWindowsDirectoryW
LoadLibraryA
GetProcAddress
GetSystemInfo
VirtualAlloc
CreateFileW

user32

InsertMenuA
InsertMenuItemA
IntersectRect
InvalidateRgn
InvertRect
IsCharAlphaW
IsCharUpperA
IsRectEmpty
IsWindowUnicode
KillTimer
LoadAcceleratorsW
LoadBitmapA
LoadBitmapW
LoadCursorA
LoadCursorFromFileW
LoadMenuA
LockSetForegroundWindow
MapVirtualKeyA
MessageBoxExW
MessageBoxIndirectW
ModifyMenuA
MonitorFromPoint
NotifyWinEvent
OffsetRect
OpenDesktopW
PaintDesktop
PostMessageA
PostMessageW
PostThreadMessageA
RealChildWindowFromPoint
RealGetWindowClass
RedrawWindow
RegisterClassA
RegisterClassExA
InflateRect
RegisterClassW
RegisterHotKey
RegisterShellHookWindow
RegisterWindowMessageA
RemoveMenu
ScrollDC
ScrollWindowEx
SendDlgItemMessageW
SendIMEMessageExA
SendMessageCallbackW
SendMessageTimeoutA
SendMessageTimeoutW
SendMessageW
SetCaretPos
SetDlgItemTextA
SetForegroundWindow
SetMenuDefaultItem
SetMenuInfo
SetMenuItemInfoW
SetMessageQueue
SetParent
SetProcessWindowStation
SetScrollInfo
SetThreadDesktop
SetUserObjectInformationW
SetWindowContextHelpId
SetWindowLongA
SetWindowTextA
SetWindowsHookA
SubtractRect
SystemParametersInfoW
TranslateAccelerator
TranslateAcceleratorW
UnregisterDeviceNotification
UpdateWindow
VkKeyScanA
WINNLSGetIMEHotkey
WaitMessage
WinHelpA
wvsprintfA
wvsprintfW
IMPSetIMEW
HiliteMenuItem
HideCaret
GetWindowModuleFileNameA
GetWindowLongA
GetWindowDC
GetUpdateRgn
GetTitleBarInfo
GetSystemMenu
GetScrollInfo
GetPropW
GetPropA
GetParent
GetNextDlgGroupItem
GetMonitorInfoW
GetMessagePos
GetMessageExtraInfo
GetMenuStringA
GetMenuItemID
GetMenuItemCount
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyNameTextW
GetKBCodePage
GetInputState
GetDlgItemTextA
GetCursorPos
GetCursorInfo
GetCursor
GetComboBoxInfo
GetClipboardFormatNameW
GetClipboardData
GetClipCursor
GetClassNameW
GetClassLongA
GetCaretBlinkTime
GetAsyncKeyState
GetAltTabInfoW
GetActiveWindow
FrameRect
ExcludeUpdateRgn
EnumWindowStationsA
EnumDisplaySettingsExW
EnumDisplayDevicesA
EnumDesktopsW
EnumDesktopWindows
EnumChildWindows
EndTask
EnableMenuItem
DrawStateA
DrawIcon
DrawFrameControl
DrawFrame
DragObject
DlgDirListW
DispatchMessageW
DestroyCaret
DefWindowProcW
DdeSetUserHandle
DdeQueryStringW
DdeQueryNextServer
DdePostAdvise
DdeKeepStringHandle
DdeInitializeA
DdeGetData
DdeFreeStringHandle
DdeDisconnectList
DdeCreateStringHandleW
DdeConnect
DdeCmpStringHandles
DdeAbandonTransaction
CreateMenu
CreateIconIndirect
CreateCursor
CreateAcceleratorTableA
CountClipboardFormats
CopyIcon
CopyAcceleratorTableA
CloseWindow
ClientToScreen
CheckMenuItem
CharUpperBuffW
CharUpperA
CharToOemA
CharPrevW
CharLowerBuffW
CharLowerBuffA
CharLowerA
ChangeMenuW
ChangeDisplaySettingsExA
CascadeWindows
CascadeChildWindows
CallMsgFilterA
BringWindowToTop
BlockInput
AttachThreadInput
AdjustWindowRect
RegisterClassExW

shell32

Shell_NotifyIconW
Shell_NotifyIconA
Shell_NotifyIcon
ShellHookProc
ShellExecuteW
ShellExecuteExW
ShellExecuteExA
ShellExecuteEx
ShellExecuteA
ShellAboutW
SHQueryRecycleBinW
SHQueryRecycleBinA
SHPathPrepareForWriteW
SHPathPrepareForWriteA
SHLoadNonloadedIconOverlayIdentifiers
SHLoadInProc
SHIsFileAvailableOffline
CheckEscapesW
CommandLineToArgvW
DoEnvironmentSubstA
DoEnvironmentSubstW
DragAcceptFiles
DragFinish
DragQueryFile
DragQueryFileA
DragQueryFileAorW
DragQueryFileW
DragQueryPoint
DuplicateIcon
ExtractAssociatedIconA
ExtractAssociatedIconExA
ExtractAssociatedIconExW
ExtractAssociatedIconW
ExtractIconA
ExtractIconEx
ExtractIconExW
ExtractIconW
FindExecutableA
FindExecutableW
SHAddToRecentDocs
SHAppBarMessage
SHBindToParent
SHBrowseForFolder
SHBrowseForFolderA
SHBrowseForFolderW
SHChangeNotify
SHCreateDirectoryExA
SHCreateDirectoryExW
SHCreateProcessAsUserW
SHEmptyRecycleBinA
SHEmptyRecycleBinW
SHFileOperation
SHFileOperationA
SHFileOperationW
SHFormatDrive
SHFreeNameMappings
SHGetDataFromIDListA
SHGetDesktopFolder
SHGetDiskFreeSpaceA
SHGetDiskFreeSpaceExA
SHGetDiskFreeSpaceExW
SHGetFileInfo
SHGetFileInfoA
SHGetFileInfoW
SHGetFolderLocation
SHGetFolderPathA
SHGetFolderPathW
SHGetIconOverlayIndexA
SHGetIconOverlayIndexW
SHGetMalloc
SHGetPathFromIDListA
SHGetPathFromIDListW
SHGetSettings
SHGetSpecialFolderLocation
SHGetSpecialFolderPathA
SHGetSpecialFolderPathW
SHInvokePrinterCommandA
SHInvokePrinterCommandW
WOWShellExecute

shlwapi

StrChrIA
StrChrIW
StrChrW
StrCmpNA
StrCmpNIA
StrCmpNIW
StrCmpNW
StrRChrIA
StrRChrIW
StrRChrW
StrRStrIA
StrRStrIW
StrStrA
StrStrIA
StrStrIW
StrStrW
StrChrA

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 516B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text4
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text5
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

73054a8db131c60c892ce6fde5c03536

Code Sign

37:a4:2c:ff:86:a6:ef:af:4c:0d:60:05:d7:bf:d6:97Certificate

Extended Key Usages

94:ff:71:a5:df:20:31:6f:cf:1d:60:f5:51:1e:08:85:03:dd:60:46Signer

Headers

File Characteristics

Imports

kernel32

user32

shell32

shlwapi

Sections

.text Size: 11KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 516B

.text4 Size: 22KB - Virtual size: 21KB

.text5 Size: 2KB - Virtual size: 1KB

.rsrc Size: 82KB - Virtual size: 81KB

.reloc Size: 2KB - Virtual size: 2KB

37:a4:2c:ff:86:a6:ef:af:4c:0d:60:05:d7:bf:d6:97
Certificate

94:ff:71:a5:df:20:31:6f:cf:1d:60:f5:51:1e:08:85:03:dd:60:46
Signer

.text
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 516B

.text4
Size: 22KB - Virtual size: 21KB

.text5
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 82KB - Virtual size: 81KB

.reloc
Size: 2KB - Virtual size: 2KB