0065e043344106582bb94004053159d3

Sharing

Copy URL Twitter E-mail

General

Target

0065e043344106582bb94004053159d3
Size

1.0MB
MD5

0065e043344106582bb94004053159d3
SHA1

76ce6e23091052942a6fd5770877aacd79d2f01a
SHA256

79eb5a05ecab5c54b5a8f2e6ff7046d748f5cd5368671064637fc512cf4c078f
SHA512

dc50c578b96775a0a1ef3d0cfb045aa842bb7fa2903e6a091e98ea3b6334220b2113fb1a1305f088500c5175c57de53ad6f20ac01e0475059cb5f2c70a2e0268
SSDEEP

24576:bpCIuDRx+yXVGWH01BnWE2NKF6MiRJvId0uS+pmHy1G+C/:bzARx+PWH01BT0KoMOCd0gmHy1G+C/

Score

1^/10

Malware Config

Signatures

Files

0065e043344106582bb94004053159d3
.dll regsvr32 windows:4 windows x86 arch:x86

52be23c8453af8bb33a923c557767bb0

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1c:a0:0c:ae:a0:54:61:4d:44:d3:11:9b:6d:b4:8a:d8
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

14/02/2008, 00:00

Not After

12/05/2010, 23:59

Subject

CN=Zango,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Zango,O=Zango,L=Bellevue,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2c:d0:5d:0a:23:2f:4b:37:9e:be:e1:75:2a:76:3e:b4:98:d5:74:08
Signer

Actual PE Digest

2c:d0:5d:0a:23:2f:4b:37:9e:be:e1:75:2a:76:3e:b4:98:d5:74:08

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

sensapi

IsNetworkAlive

wininet

InternetCrackUrlA

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

comctl32

ord17

wsock32

WSACancelAsyncRequest
WSAStartup
WSACleanup
WSAAsyncGetHostByName

msimg32

GradientFill

rpcrt4

UuidCreate

kernel32

IsBadWritePtr
GetCurrentThread
OutputDebugStringA
GetExitCodeThread
ResumeThread
SetThreadPriority
TerminateThread
CreateThread
CreateProcessA
CreateDirectoryA
FindClose
FindNextFileA
RemoveDirectoryA
FindFirstFileA
SetFileTime
SystemTimeToFileTime
FileTimeToSystemTime
GetFileTime
ReleaseMutex
CreateMutexA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
HeapFree
GetProcessHeap
LocalFree
LocalAlloc
GetVolumeInformationA
GetSystemDefaultLangID
GetLocalTime
GetSystemTime
lstrcatA
GetTempPathA
DeviceIoControl
GetFileAttributesA
GetTempFileNameA
GetComputerNameA
SetErrorMode
GetDriveTypeA
GetSystemDirectoryA
GetOEMCP
GetACP
GetThreadLocale
DosDateTimeToFileTime
OpenFileMappingA
LoadLibraryW
CreateFileW
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
lstrcpyA
GetCurrentProcess
EnumSystemLocalesA
GetUserDefaultLCID
GetTimeZoneInformation
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStringTypeW
VirtualQuery
IsValidCodePage
GetStartupInfoA
GetFileType
SetHandleCount
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStdHandle
HeapCreate
ExitProcess
GetCPInfo
LCMapStringW
LCMapStringA
GetDateFormatA
GetTimeFormatA
GetCommandLineA
GetSystemTimeAsFileTime
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
GetSystemInfo
VirtualProtect
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
InterlockedCompareExchange
GetLocaleInfoA
SetEnvironmentVariableA
SetEndOfFile
SetUnhandledExceptionFilter
GlobalAlloc
GlobalLock
GlobalUnlock
LoadLibraryA
GetProcAddress
GetVersionExA
ReleaseSemaphore
CreateSemaphoreA
WaitForMultipleObjects
DeleteFileA
GetCurrentProcessId
lstrcpynA
GetFileSize
ReadFile
SetFilePointer
WriteFile
WaitForSingleObject
lstrcmpA
ResetEvent
CreateEventA
CreateFileA
CloseHandle
SetEvent
CompareStringW
CompareStringA
GetVersion
InterlockedExchange
FlushInstructionCache
lstrcmpiA
GetLastError
DeleteCriticalSection
InitializeCriticalSection
RaiseException
WideCharToMultiByte
InterlockedDecrement
GetModuleFileNameA
lstrlenA
LeaveCriticalSection
EnterCriticalSection
lstrlenW
MultiByteToWideChar
Sleep
FindResourceExA
GetStringTypeA
FormatMessageA
LockResource
GetTickCount
GetModuleHandleA
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
FreeLibrary
SetLastError
IsDBCSLeadByte
GetCurrentThreadId
DisableThreadLibraryCalls
InterlockedIncrement
GetLocaleInfoW
MulDiv
IsValidLocale

user32

LoadImageA
LoadStringA
SetPropA
IsWindowEnabled
wsprintfA
FindWindowExA
MsgWaitForMultipleObjects
SystemParametersInfoA
EnumWindows
PostThreadMessageA
PeekMessageA
IsWindowUnicode
GetWindowLongW
SetWindowLongW
GetCursorPos
GetForegroundWindow
UnregisterClassA
CharNextA
PtInRect
UnionRect
SetWindowLongA
GetWindowLongA
DefWindowProcA
ShowWindow
GetClassInfoExA
LoadCursorA
ReleaseDC
GetDC
SetWindowPos
SetWindowRgn
OffsetRect
EqualRect
IntersectRect
EndPaint
GetClientRect
BeginPaint
CallWindowProcA
GetKeyState
DestroyWindow
IsWindow
InvalidateRect
EnumChildWindows
CreateAcceleratorTableA
DestroyAcceleratorTable
InvalidateRgn
ScreenToClient
GetWindowTextLengthA
DrawTextA
GetMessageA
SetParent
ShowWindowAsync
PostQuitMessage
SetCursor
GetSystemMetrics
GetWindowRgn
ReleaseCapture
GetDesktopWindow
SetCapture
GetSysColorBrush
GetPropA
GetDlgItem
GetTopWindow
RedrawWindow
GetWindowThreadProcessId
ReplyMessage
SendMessageTimeoutA
SetWindowTextA
IsWindowVisible
MessageBoxA
CharLowerBuffA
GetWindowRect
GetWindow
GetWindowTextW
GetWindowTextA
ClientToScreen
SendMessageA
SetWindowsHookExA
CallNextHookEx
UnhookWindowsHookEx
RemovePropA
GetClassNameA
PostMessageA
KillTimer
SetTimer
LoadAcceleratorsA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
GetSysColor
FillRect
MoveWindow
CreateWindowExA
GetParent
SetFocus
GetFocus
IsChild
RegisterClassExA
RegisterWindowMessageA

gdi32

SetBkColor
BitBlt
DeleteObject
LPtoDP
SaveDC
SetMapMode
SetWindowOrgEx
SetViewportOrgEx
DeleteDC
RestoreDC
CreateDCA
CreateRectRgnIndirect
GetDeviceCaps
CreateBitmap
CreateCompatibleDC
SelectObject
CreateCompatibleBitmap
Polyline
CreatePen
RealizePalette
SelectPalette
TextOutA
SetBkMode
CreateSolidBrush
GetTextExtentPoint32A
CreateFontIndirectA
CombineRgn
CreateRoundRectRgn
CreatePolygonRgn
PtInRegion
CreateRectRgn
FrameRgn
FillRgn
GetStockObject
LineTo
MoveToEx
GetObjectA
TextOutW
GetTextExtentPoint32W
StretchBlt
SetStretchBltMode
SetTextColor

advapi32

RegCreateKeyA
RegSetKeySecurity
RegOpenKeyA
RegGetKeySecurity
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
RegEnumKeyA
RegEnumValueA
RegQueryValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

shell32

SHGetSpecialFolderPathA

ole32

StringFromGUID2
CoCreateInstance
OleSaveToStream
WriteClassStm
CreateOleAdviseHolder
OleRun
OleRegGetUserType
OleRegEnumVerbs
OleLoadFromStream
CoTaskMemFree
CoTaskMemRealloc
CoUninitialize
CoInitialize
CoTaskMemAlloc
CreateStreamOnHGlobal
OleUninitialize
OleInitialize
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
StringFromCLSID
CoCreateGuid
OleRegGetMiscStatus

oleaut32

SafeArrayCopy
SysFreeString
VariantInit
VariantClear
SysAllocString
SysStringLen
DispCallFunc
LoadRegTypeLi
LoadTypeLi
SysAllocStringByteLen
SysStringByteLen
VariantChangeType
SafeArrayDestroy
RegisterTypeLi
VarUI4FromStr
OleCreatePropertyFrame
SafeArrayGetUBound
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreate
VariantCopy
SafeArrayGetLBound
VarBstrCmp
SysAllocStringLen
OleCreateFontIndirect
SafeArrayPutElement
UnRegisterTypeLi

shlwapi

PathIsUNCA

crypt32

CertFreeCertificateContext
CryptMsgClose
CertFindCertificateInStore
CryptMsgGetParam
CryptQueryObject
CertGetNameStringA
CertCloseStore

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllTVRemoteExec
DllUnregisterServer

Sections

.text
Size: 684KB - Virtual size: 683KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 192KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

52be23c8453af8bb33a923c557767bb0

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

1c:a0:0c:ae:a0:54:61:4d:44:d3:11:9b:6d:b4:8a:d8Certificate

Extended Key Usages

Key Usages

2c:d0:5d:0a:23:2f:4b:37:9e:be:e1:75:2a:76:3e:b4:98:d5:74:08Signer

Headers

File Characteristics

Imports

sensapi

wininet

version

comctl32

wsock32

msimg32

rpcrt4

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

crypt32

Exports

Exports

Sections

.text Size: 684KB - Virtual size: 683KB

.rdata Size: 192KB - Virtual size: 191KB

.data Size: 44KB - Virtual size: 56KB

.rsrc Size: 40KB - Virtual size: 39KB

.reloc Size: 72KB - Virtual size: 71KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

1c:a0:0c:ae:a0:54:61:4d:44:d3:11:9b:6d:b4:8a:d8
Certificate

2c:d0:5d:0a:23:2f:4b:37:9e:be:e1:75:2a:76:3e:b4:98:d5:74:08
Signer

.text
Size: 684KB - Virtual size: 683KB

.rdata
Size: 192KB - Virtual size: 191KB

.data
Size: 44KB - Virtual size: 56KB

.rsrc
Size: 40KB - Virtual size: 39KB

.reloc
Size: 72KB - Virtual size: 71KB