19d7a983051890920121e5d71dc9e44d

Sharing

Copy URL Twitter E-mail

General

Target

19d7a983051890920121e5d71dc9e44d
Size

655KB
MD5

19d7a983051890920121e5d71dc9e44d
SHA1

ca04598f5157e4375141120634ca0ccf4e7aa534
SHA256

5cc2f1e241795820ad5c27c4c790167e91296f27efe792d3e982bfd27affabc8
SHA512

7dd44cd04e5f4f3ca17aa0a746b7a7909f094d5f58e01ea2ffd86d6cf94d8620712d65fc6038bb5d919560cba479f60a45d03ff56ee85ea69379f1400e9a1f56
SSDEEP

12288:0fOqNTIu2mqow1PIPd8H+sJePZ5R4FuMGod49VoDgRDkf3v4PU3:0fOqhbqowe8H+sM9tMqjg3v4Pq

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/Porthole/AutoItX3.dll	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Porthole/AutoItX3.dll	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack002/out.upx
unpack001/Porthole/Porthole.exe

Files

19d7a983051890920121e5d71dc9e44d
.zip
Porthole/AutoItX3.dll
.dll regsvr32 windows:4 windows x86 arch:x86

Code Sign

01:00:00:00:00:01:09:bb:94:49:48
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

02/03/2006, 15:29

Not After

02/03/2009, 15:29

Subject

CN=Jonathan Bennett,C=GB,1.2.840.113549.1.9.1=#0c18737570706f7274406175746f69747363726970742e636f6d

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageKeyEncipherment
KeyUsageDataEncipherment

02:00:00:00:00:00:d6:78:b7:94:05
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

01/09/1998, 12:00

Not After

28/01/2014, 12:00

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 12:00

Not After

27/01/2014, 11:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

04:00:00:00:00:01:08:d9:61:24:48
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 09:00

Not After

27/01/2014, 10:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

73:cf:13:87:3d:13:3d:dc:9a:d4:60:62:54:4d:ef:0a:34:51:a4:99
Signer

Actual PE Digest

73:cf:13:87:3d:13:3d:dc:9a:d4:60:62:54:4d:ef:0a:34:51:a4:99

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

AU3_AutoItSetOption
AU3_BlockInput
AU3_CDTray
AU3_ClipGet
AU3_ClipPut
AU3_ControlClick
AU3_ControlCommand
AU3_ControlDisable
AU3_ControlEnable
AU3_ControlFocus
AU3_ControlGetFocus
AU3_ControlGetHandle
AU3_ControlGetPosHeight
AU3_ControlGetPosWidth
AU3_ControlGetPosX
AU3_ControlGetPosY
AU3_ControlGetText
AU3_ControlHide
AU3_ControlListView
AU3_ControlMove
AU3_ControlSend
AU3_ControlSetText
AU3_ControlShow
AU3_DriveMapAdd
AU3_DriveMapDel
AU3_DriveMapGet
AU3_IniDelete
AU3_IniRead
AU3_IniWrite
AU3_Init
AU3_IsAdmin
AU3_MouseClick
AU3_MouseClickDrag
AU3_MouseDown
AU3_MouseGetCursor
AU3_MouseGetPosX
AU3_MouseGetPosY
AU3_MouseMove
AU3_MouseUp
AU3_MouseWheel
AU3_Opt
AU3_PixelChecksum
AU3_PixelGetColor
AU3_PixelSearch
AU3_ProcessClose
AU3_ProcessExists
AU3_ProcessSetPriority
AU3_ProcessWait
AU3_ProcessWaitClose
AU3_RegDeleteKey
AU3_RegDeleteVal
AU3_RegEnumKey
AU3_RegEnumVal
AU3_RegRead
AU3_RegWrite
AU3_Run
AU3_RunAsSet
AU3_RunWait
AU3_Send
AU3_Shutdown
AU3_Sleep
AU3_StatusbarGetText
AU3_ToolTip
AU3_WinActivate
AU3_WinActive
AU3_WinClose
AU3_WinExists
AU3_WinGetCaretPosX
AU3_WinGetCaretPosY
AU3_WinGetClassList
AU3_WinGetClientSizeHeight
AU3_WinGetClientSizeWidth
AU3_WinGetHandle
AU3_WinGetPosHeight
AU3_WinGetPosWidth
AU3_WinGetPosX
AU3_WinGetPosY
AU3_WinGetProcess
AU3_WinGetState
AU3_WinGetText
AU3_WinGetTitle
AU3_WinKill
AU3_WinMenuSelectItem
AU3_WinMinimizeAll
AU3_WinMinimizeAllUndo
AU3_WinMove
AU3_WinSetOnTop
AU3_WinSetState
AU3_WinSetTitle
AU3_WinSetTrans
AU3_WinWait
AU3_WinWaitActive
AU3_WinWaitClose
AU3_WinWaitNotActive
AU3_error
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

UPX0
Size: - Virtual size: 180KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 60KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 43B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Porthole/Porthole.exe
.exe windows:4 windows x86 arch:x86

d782c0610fff025c8d2e42d79fae94f1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathRemoveFileSpecW
PathFileExistsW
PathIsDirectoryW
PathGetArgsW
PathStripPathW

kernel32

GetSystemInfo
MultiByteToWideChar
lstrlenA
CreateDirectoryW
lstrcpyW
lstrlenW
CloseHandle
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetFileTime
CreateFileW
lstrcpynW
DeleteFileW
WriteFile
LockResource
LoadResource
SizeofResource
GetTempFileNameW
GetTempPathW
RemoveDirectoryW
FindClose
lstrcmpW
FindNextFileW
FindFirstFileW
SetLastError
Sleep
GetSystemDirectoryW
MoveFileW
lstrcatW
GetModuleFileNameW
GetCommandLineW
VirtualProtect
GetLocaleInfoA
FindResourceW
HeapCreate
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
HeapSize
HeapFree
HeapAlloc
ExitProcess
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersionExA
HeapDestroy
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetLastError
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
ReadFile
SetHandleCount
GetStdHandle
GetFileType
SetFilePointer
GetProcAddress
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
InitializeCriticalSection
RtlUnwind
InterlockedExchange
VirtualQuery
SetStdHandle
FlushFileBuffers
LoadLibraryA
GetACP
GetOEMCP
GetCPInfo
SetEndOfFile

user32

DispatchMessageW
KillTimer
PostQuitMessage
wsprintfW
SetTimer
TranslateMessage
GetMessageW

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW

shell32

ShellExecuteExW

ole32

CoCreateGuid
StringFromGUID2

Sections

.text
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 664KB - Virtual size: 664KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

01:00:00:00:00:01:09:bb:94:49:48Certificate

Key Usages

02:00:00:00:00:00:d6:78:b7:94:05Certificate

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:08:d9:61:1c:d6Certificate

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:08:d9:61:24:48Certificate

Key Usages

73:cf:13:87:3d:13:3d:dc:9a:d4:60:62:54:4d:ef:0a:34:51:a4:99Signer

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 180KB

UPX1 Size: 60KB - Virtual size: 64KB

.rsrc Size: 23KB - Virtual size: 24KB

Headers

File Characteristics

Sections

.text Size: 123KB - Virtual size: 122KB

.orpc Size: 512B - Virtual size: 43B

.rdata Size: 23KB - Virtual size: 23KB

.data Size: 5KB - Virtual size: 43KB

.rsrc Size: 19KB - Virtual size: 19KB

.reloc Size: 8KB - Virtual size: 8KB

d782c0610fff025c8d2e42d79fae94f1

Headers

File Characteristics

Imports

shlwapi

kernel32

user32

advapi32

shell32

ole32

Sections

.text Size: 46KB - Virtual size: 45KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 7KB - Virtual size: 15KB

.rsrc Size: 664KB - Virtual size: 664KB

01:00:00:00:00:01:09:bb:94:49:48
Certificate

02:00:00:00:00:00:d6:78:b7:94:05
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

04:00:00:00:00:01:08:d9:61:24:48
Certificate

73:cf:13:87:3d:13:3d:dc:9a:d4:60:62:54:4d:ef:0a:34:51:a4:99
Signer

UPX0
Size: - Virtual size: 180KB

UPX1
Size: 60KB - Virtual size: 64KB

.rsrc
Size: 23KB - Virtual size: 24KB

.text
Size: 123KB - Virtual size: 122KB

.orpc
Size: 512B - Virtual size: 43B

.rdata
Size: 23KB - Virtual size: 23KB

.data
Size: 5KB - Virtual size: 43KB

.rsrc
Size: 19KB - Virtual size: 19KB

.reloc
Size: 8KB - Virtual size: 8KB

.text
Size: 46KB - Virtual size: 45KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 7KB - Virtual size: 15KB

.rsrc
Size: 664KB - Virtual size: 664KB