17e7f40796365feacb143301bad927ed

Sharing

Copy URL Twitter E-mail

General

Target

17e7f40796365feacb143301bad927ed
Size

78KB
MD5

17e7f40796365feacb143301bad927ed
SHA1

7fc1a7cdec3f70033ca00f1033fa08f5e948a7e4
SHA256

49fb51862de692655a47cbcdd4248aa9063031ad1ebde49ce51246088e5bc8e5
SHA512

5c9c6d7f6dec97f498fa0dbd8bc4775992d608cd7fe6a59e7414f3a6f5262cb120fbd29587eab17785b885be9dd524ef5feda126b61c1a9ae2eace1cea309573
SSDEEP

1536:QuCMm7bXStTReJ3S5gK9HZUkXBXU3kV9fxeP6uTJwk0bu7ZT4ZBxp:QuCMm7bXMApSRRXlU3kV9fxeP6uTJwkQ

Score

1^/10

Malware Config

Signatures

Files

17e7f40796365feacb143301bad927ed
.dll windows:4 windows x86 arch:x86

da4a2321eb82faf7832fc53f2459310d

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/12/2000, 08:00

Not After

12/11/2005, 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:07:11:43:00:00:00:00:00:34
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/05/2002, 00:55

Not After

25/11/2003, 01:05

Subject

CN=Microsoft Corporation,OU=Copyright (c) 2002 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c4:7d:13:37:ea:ab:ad:d8:4c:1a:d8:62:d0:6b:ca:26:73:a7:33:4f
Signer

Actual PE Digest

c4:7d:13:37:ea:ab:ad:d8:4c:1a:d8:62:d0:6b:ca:26:73:a7:33:4f

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
GetVolumeInformationA
GetWindowsDirectoryA
GlobalAddAtomA
LCMapStringA
LoadLibraryExA
MoveFileA
MoveFileW
DeleteFileW
OpenEventA
OpenFileMappingA
OpenMutexA
OpenSemaphoreA
OutputDebugStringA
RemoveDirectoryA
SearchPathA
SetCurrentDirectoryA
SetFileAttributesA
SetEnvironmentVariableA
WaitNamedPipeA
WritePrivateProfileStringA
WriteProfileStringA
lstrcmpiA
lstrcmpA
GetTimeFormatA
LoadResource
FindResourceW
FreeLibrary
GetCommandLineA
GetDiskFreeSpaceA
EnterCriticalSection
GetLastError
VirtualProtect
FlushInstructionCache
GetCurrentProcess
WideCharToMultiByte
IsValidCodePage
MultiByteToWideChar
IsDBCSLeadByte
GetACP
Sleep
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
RaiseException
TerminateProcess
GetTempPathA
GetTempFileNameA
GetSystemDirectoryA
GetStringTypeExA
GetShortPathNameA
GetProfileStringA
GetProfileIntA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetNumberFormatA
GetModuleHandleA
GetModuleFileNameA
GetLogicalDriveStringsA
GetLocaleInfoA
GetFullPathNameA
GetFileAttributesA
GetEnvironmentVariableA
GetDriveTypeA
GetDateFormatA
GetCurrentDirectoryA
GetCurrencyFormatA
GetComputerNameA
FindResourceA
GetSystemTimeAsFileTime
FormatMessageA
FindNextFileA
FindFirstFileA
ExpandEnvironmentStringsA
DeleteFileA
CreateSemaphoreA
CreateProcessA
CreateFileMappingA
CreateMutexA
CreateFileA
CreateEventA
CreateDirectoryA
CopyFileW
CopyFileA
LocalAlloc
CompareStringA
AddAtomA
LoadLibraryA
GetProcAddress
LocalFree
SetLastError
LockResource
IsDebuggerPresent

user32

LoadBitmapA
IsCharUpperA
LoadCursorA
LoadCursorFromFileA
LoadIconA
LoadMenuA
MessageBoxA
ModifyMenuA
IsCharAlphaA
InsertMenuA
GrayStringA
GetWindowTextA
PeekMessageA
GetMenuStringA
RegisterWindowMessageA
GetMenuItemInfoA
GetMessageA
GetDlgItemTextA
GetClipboardFormatNameA
GetClassNameA
GetClassInfoExA
GetClassLongA
FindWindowA
DrawTextA
DlgDirSelectComboBoxExA
DlgDirSelectExA
DlgDirListComboBoxA
DlgDirListA
DispatchMessageA
DialogBoxParamA
DialogBoxIndirectParamA
DefWindowProcA
PostMessageA
PostThreadMessageA
RegisterClassExA
RegisterClassExW
GetWindowLongA
RegisterClipboardFormatA
AppendMenuA
CallWindowProcA
ChangeMenuA
CharLowerBuffW
GetPropA
SetPropA
RemovePropA
SendMessageA
SendMessageTimeoutA
SetClassLongA
SetDlgItemTextA
wvsprintfA
WinHelpA
VkKeyScanA
UnregisterClassA
SystemParametersInfoA
SetWindowTextA
SetMenuItemInfoA
SetWindowLongA
CreateWindowExA
CreateDialogParamA
CharUpperBuffW
InsertMenuItemA

advapi32

CryptAcquireContextA
GetUserNameA
LookupAccountNameA
LookupPrivilegeValueA
RegConnectRegistryA
RegCreateKeyExA
RegCreateKeyA
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegOpenKeyA
RegQueryInfoKeyA
RegQueryValueExA
RegQueryValueA
RegSetValueExA
RegSetValueA
SetFileSecurityA
GetFileSecurityA

rpcrt4

UuidFromStringA
RpcStringFreeA
UuidToStringA

gdi32

AddFontResourceA
CopyMetaFileA
CreateDCA
CreateEnhMetaFileA
CreateFontIndirectA
CreateFontA
CreateICA
CreateMetaFileA
GetEnhMetaFileA
GetEnhMetaFileDescriptionA
GetObjectType
GetObjectA
GetTextExtentPoint32A
GetTextFaceA
GetTextMetricsA
ResetDCA
StartDocA
GetOutlineTextMetricsA
GetTextExtentExPointA
GetCharWidthW
GetCharWidthA
ExtTextOutA
CopyEnhMetaFileA

shell32

DragQueryFileA
ExtractIconA
ShellExecuteA
SHGetFileInfoA
ShellExecuteExA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

msvcrt

_XcptFilter
_onexit
__dllonexit
_except_handler3
_adjust_fdiv
malloc
_initterm
free
__CxxFrameHandler
_CxxThrowException
??3@YAXPAX@Z
??2@YAPAXI@Z
memmove
??1type_info@@UAE@XZ

Exports

Exports

AddAccessAllowedAce
AddAccessDeniedAce
AddAce
AddAtomW
AddFontResourceW
AdjustTokenPrivileges
AppendMenuW
CallWindowProcW
CancelIo
ChangeMenuW
CharLowerBuffW
CharLowerW
CharNextW
CharPrevW
CharUpperBuffW
CharUpperW
CheckComputerAlive
CloseServiceHandle
CompareStringW
ControlService
CopyEnhMetaFileW
CopyFileExW
CopyFileW
CopyMetaFileW
CopySid
CreateDCW
CreateDialogParamW
CreateDirectoryW
CreateEnhMetaFileW
CreateEventW
CreateFileMappingW
CreateFileW
CreateFontIndirectW
CreateFontW
CreateICW
CreateMetaFileW
CreateMutexW
CreateNamedPipeW
CreateProcessW
CreateSemaphoreW
CreateWaitableTimerW
CreateWindowExW
CryptAcquireContextW
DefWindowProcW
DeleteAce
DeleteFileW
DeregisterEventSource
DialogBoxIndirectParamW
DialogBoxParamW
DispatchMessageW
DlgDirListComboBoxW
DlgDirListW
DlgDirSelectComboBoxExW
DlgDirSelectExW
DragQueryFileW
DrawTextW
DuplicateToken
EqualSid
ExpandEnvironmentStringsW
ExtTextOutW
ExtractIconW
FindFirstFileW
FindNextFileW
FindResourceW
FindWindowW
FoldStringW
FormatMessageW
GetAce
GetAclInformation
GetCharWidthW
GetClassInfoExW
GetClassLongW
GetClassNameW
GetClipboardFormatNameW
GetCommandLineW
GetComputerNameW
GetCurrencyFormatW
GetCurrentDirectoryW
GetDateFormatW
GetDiskFreeSpaceExW
GetDlgItemTextW
GetDriveTypeW
GetEnhMetaFileDescriptionW
GetEnhMetaFileW
GetEnvironmentVariableW
GetFileAttributesExW
GetFileAttributesW
GetFileSecurityW
GetFileVersionInfoSizeW
GetFileVersionInfoW
GetFullPathNameW
GetLengthSid
GetLocaleInfoW
GetLogicalDriveStringsW
GetMenuItemInfoW
GetMenuStringW
GetMessageW
GetModuleFileNameW
GetModuleHandleW
GetNumberFormatW
GetObjectW
GetOutlineTextMetricsW
GetPrivateProfileIntW
GetPrivateProfileStringW
GetProfileIntW
GetProfileStringW
GetPropW
GetSaveFileNameW
GetShortPathNameW
GetSidLengthRequired
GetSidSubAuthority
GetStringTypeExW
GetSystemDirectoryW
GetTempFileNameW
GetTempPathW
GetTextExtentExPointW
GetTextExtentPoint32W
GetTextFaceW
GetTextMetricsW
GetTimeFormatW
GetTokenInformation
GetUserNameW
GetVersionExW
GetVolumeInformationW
GetWindowLongW
GetWindowTextW
GetWindowsDirectoryW
GlobalAddAtomW
GrayStringW
I_NetLogonControl
ImpersonateLoggedOnUser
InitializeAcl
InitializeSid
InsertMenuItemW
InsertMenuW
InterlockedCompareExchange
InterlockedExchangeAdd
IsCharAlphaW
IsCharUpperW
IsDebuggerPresent
IsValidAcl
IsValidSid
LCMapStringW
LMInitSSPISecurityDLL
LoadBitmapW
LoadCursorFromFileW
LoadCursorW
LoadIconW
LoadLibraryExW
LoadLibraryW
LoadMenuW
LoadStringW
LogonUserW
LookupAccountNameW
LookupAccountSidW
LookupPrivilegeValueW
LsaAddAccountRights
LsaClose
LsaEnumerateAccountRights
LsaFreeMemory
LsaNtStatusToWinError
LsaOpenPolicy
LsaRemoveAccountRights
LsaRetrievePrivateData
LsaStorePrivateData
MakeSelfRelativeSD
MessageBoxW
ModifyMenuW
MoveFileExW
MoveFileW
NetApiBufferFree
NetGetDCName
NetServerGetInfo
NetShareAdd
NetShareDel
NetShareGetInfo
NetShareSetInfo
OpenEventW
OpenFileMappingW
OpenMutexW
OpenProcessToken
OpenSCManagerW
OpenSemaphoreW
OpenServiceW
OpenThreadToken
OutputDebugStringW
PeekMessageW
PostMessageW
PostThreadMessageW
QueryServiceStatus
ReadDirectoryChangesW
RegConnectRegistryW
RegCreateKeyExW
RegCreateKeyW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumKeyW
RegEnumValueW
RegOpenKeyExW
RegOpenKeyW
RegQueryInfoKeyW
RegQueryValueExW
RegQueryValueW
RegSetValueExW
RegSetValueW
RegisterClassExW
RegisterClassW
RegisterClipboardFormatW
RegisterEventSourceW
RegisterWindowMessageW
RemoveDirectoryW
RemovePropW
ReportEventW
ResetDCW
RevertToSelf
RpcStringFreeW
SHGetFileInfoW
SearchPathW
SendMessageTimeoutW
SendMessageW
SetClassLongW
SetCurrentDirectoryW
SetDlgItemTextW
SetEnvironmentVariableW
SetFileAttributesW
SetFileSecurityW
SetMenuItemInfoW
SetPropW
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetWindowLongW
SetWindowTextW
SetupDefaultQueueCallbackW
SetupFindFirstLineW
SetupGetLineCountW
SetupGetLineTextW
SetupGetStringFieldW
SetupGetTargetPathW
SetupInstallFileExW
SetupInstallFileW
SetupOpenInfFileW
SetupPromptForDiskW
SetupSetDirectoryIdW
ShellExecuteExW
ShellExecuteW
StartDocW
StartServiceW
SystemParametersInfoW
TryEnterCriticalSection
UnregisterClassW
UuidFromStringW
UuidToStringW
VerQueryValueW
VirtualAlloc
VkKeyScanW
WaitNamedPipeW
WinHelpW
WritePrivateProfileStringW
WriteProfileStringW
lstrcatW
lstrcmpW
lstrcmpiW
lstrcpyW
lstrcpynW
lstrlenW
wsprintfW

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

da4a2321eb82faf7832fc53f2459310d

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9dCertificate

Extended Key Usages

Key Usages

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6Certificate

Extended Key Usages

Key Usages

61:07:11:43:00:00:00:00:00:34Certificate

Extended Key Usages

Key Usages

c4:7d:13:37:ea:ab:ad:d8:4c:1a:d8:62:d0:6b:ca:26:73:a7:33:4fSigner

Headers

File Characteristics

Imports

kernel32

user32

advapi32

rpcrt4

gdi32

shell32

version

msvcrt

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 59KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 4KB

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

61:07:11:43:00:00:00:00:00:34
Certificate

c4:7d:13:37:ea:ab:ad:d8:4c:1a:d8:62:d0:6b:ca:26:73:a7:33:4f
Signer

.text
Size: 60KB - Virtual size: 59KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 4KB