052d5fbb08676743393cba8194a10523

Sharing

Copy URL

Twitter E-mail

General

Target

052d5fbb08676743393cba8194a10523
Size

271KB
MD5

052d5fbb08676743393cba8194a10523
SHA1

f2054c1490fca6ac57009053794cd6b460b210e9
SHA256

1269ba8b32d6469ae83806e2da9ac4cb6cdff2dc2c1fc54edc4997b699434a2c
SHA512

0cc6062be06b19c89b9f08ef158afd43e423ebd4c8028678b5090675554013f5357ede1b77a4395b6bea50a965f1ba6815117d5397e9bf8c5d2db9292a419738
SSDEEP

3072:814HvJ/fFRnhfRcwqLU14CTdcUs+FHea/yTktaG++bStSgMbwoy28oKXL:81Ih/bjcwMSTeUFHezkz+Wn0b

Score

1^/10

Malware Config

Signatures

Files

052d5fbb08676743393cba8194a10523
.dll windows:5 windows x64 arch:x64

56d3341d894596c50b66bbee2ba3e3cb

Code Sign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

13-04-2019 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:b1:54:e0:74:6b:42:4c:a2:8c:9c:31:0b:83:74:b2:4b
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

25-02-2015 09:23

Not After

26-02-2016 09:23

Subject

CN=Lucuma,O=Lucuma,L=Hod Hasharon,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

94:d0:4c:c0:98:ae:a2:74:22:81:72:19:c6:39:94:e9:3b:9d:1f:11
Signer

Actual PE Digest

94:d0:4c:c0:98:ae:a2:74:22:81:72:19:c6:39:94:e9:3b:9d:1f:11

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
LoadLibraryW
GetProcAddress
CloseHandle
GetModuleHandleW
CreateFileW
FreeLibrary
GetFileSize
ReadFile
GetVersionExW
SetFilePointer
WriteFile
FlushFileBuffers
ExpandEnvironmentStringsW
LoadLibraryA
InitializeCriticalSection
LeaveCriticalSection
VirtualQuery
VirtualProtect
GetThreadContext
SetThreadContext
Thread32First
Thread32Next
OpenThread
CreateToolhelp32Snapshot
GetCurrentThreadId
GetCurrentProcessId
SuspendThread
ResumeThread
VirtualFree
VirtualAlloc
GetSystemInfo
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
WideCharToMultiByte
GetModuleFileNameA
MultiByteToWideChar
ReadConsoleW
WriteConsoleW
SetStdHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
OutputDebugStringW
LoadLibraryExW
HeapReAlloc
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetFileType
GetOEMCP
GetACP
IsValidCodePage
GetSystemTimeAsFileTime
GetStringTypeW
EncodePointer
DecodePointer
Sleep
HeapFree
GetCommandLineA
HeapAlloc
IsDebuggerPresent
IsProcessorFeaturePresent
RtlPcToFileHeader
RaiseException
RtlLookupFunctionEntry
RtlUnwindEx
GetCPInfo
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ExitProcess
GetModuleHandleExW
HeapSize
GetStdHandle
GetModuleFileNameW
GetProcessHeap

advapi32

RegOpenKeyExA
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegQueryValueExA

shell32

SHGetFolderPathW
ord165

ole32

CoTaskMemFree

ws2_32

send
getsockopt
recv
WSARecv
WSASend
ioctlsocket
setsockopt
WSAGetLastError

shlwapi

PathRemoveFileSpecW
PathAppendW
PathStripPathW
PathRemoveFileSpecA
PathAppendA

Exports

Exports

AddToRestricted
InstallHooks
Set_localStoreDefaultValue
Set_localStoreFileName
Set_localStorePath
UninstallHooks

Sections

.text
Size: 165KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.WEMXAFT
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.HKT
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

56d3341d894596c50b66bbee2ba3e3cb

Code Sign

04:00:00:00:00:01:2f:4e:e1:35:5cCertificate

Extended Key Usages

Key Usages

11:21:b1:54:e0:74:6b:42:4c:a2:8c:9c:31:0b:83:74:b2:4bCertificate

Extended Key Usages

Key Usages

94:d0:4c:c0:98:ae:a2:74:22:81:72:19:c6:39:94:e9:3b:9d:1f:11Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

ole32

ws2_32

shlwapi

Exports

Exports

Sections

.text Size: 165KB - Virtual size: 165KB

.rdata Size: 62KB - Virtual size: 61KB

.data Size: 9KB - Virtual size: 19KB

.pdata Size: 9KB - Virtual size: 8KB

.WEMXAFT Size: 4KB - Virtual size: 4KB

.HKT Size: 8KB - Virtual size: 8KB

.rsrc Size: 1024B - Virtual size: 936B

.reloc Size: 8KB - Virtual size: 8KB

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

11:21:b1:54:e0:74:6b:42:4c:a2:8c:9c:31:0b:83:74:b2:4b
Certificate

94:d0:4c:c0:98:ae:a2:74:22:81:72:19:c6:39:94:e9:3b:9d:1f:11
Signer

.text
Size: 165KB - Virtual size: 165KB

.rdata
Size: 62KB - Virtual size: 61KB

.data
Size: 9KB - Virtual size: 19KB

.pdata
Size: 9KB - Virtual size: 8KB

.WEMXAFT
Size: 4KB - Virtual size: 4KB

.HKT
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 1024B - Virtual size: 936B

.reloc
Size: 8KB - Virtual size: 8KB