4944e66619b29fcbbfa85415f2653f02

Sharing

Copy URL Twitter E-mail

General

Target

4944e66619b29fcbbfa85415f2653f02
Size

141KB
MD5

4944e66619b29fcbbfa85415f2653f02
SHA1

b98ad0e879c717aadf77231bf99bfe522dace1f4
SHA256

1497b0273e1508c980354ee077511fae3d49e3ab3eabe887df940d1f4a170eac
SHA512

508cca236f29abe244a76afcb839ecd93f497ac7819b948d55bef6a7f00d4be22c6ae969e8313f4bcf033dcfaca7253a238d983a2ff99e5d4ab1cfac7c157ac0
SSDEEP

3072:oAWJWfVECxUz1dnMiwTjbW8hsXbedmRxVHVTmH3Vfv/Oh2:0JWp0nMiSbkbedOxpJmHdvl

Score

1^/10

Malware Config

Signatures

Files

4944e66619b29fcbbfa85415f2653f02
.dll regsvr32 windows:5 windows x86 arch:x86

c8920b880faf8fc856359fecb2e6b303

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

43:8d:42:91:e4:3c:2d:ff:ee:aa:ae:e5:b6:c0:70:b5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/04/2015, 00:00

Not After

18/06/2018, 23:59

Subject

CN=Mindspark Interactive Network,O=Mindspark Interactive Network,L=Yonkers,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

29:ba:0a:a3:39:4a:9c:37:41:e3:0f:cf:4b:37:f2:c1:af:ed:0d:da
Signer

Actual PE Digest

29:ba:0a:a3:39:4a:9c:37:41:e3:0f:cf:4b:37:f2:c1:af:ed:0d:da

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetTickCount
DeleteFileA
SetLastError
GetLastError
lstrcpynA
lstrcmpiA
WritePrivateProfileSectionA
LockResource
LoadResource
FindResourceA
LoadLibraryExA
GetModuleFileNameA
GetModuleHandleW
GetProcAddress
lstrlenW
GetModuleHandleA
GetCurrentProcessId
lstrcmpA
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
RaiseException
VirtualQuery
VirtualProtect
CreateDirectoryA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetSystemDirectoryA
MultiByteToWideChar
GetCommandLineA
WideCharToMultiByte
SizeofResource
IsDBCSLeadByte
GetModuleFileNameW
FreeLibrary
InitializeCriticalSectionAndSpinCount
DisableThreadLibraryCalls
lstrcmpiW
GetLocalTime
SystemTimeToFileTime
CompareFileTime
CreateFileA
WriteFile
FlushFileBuffers
CreateMutexA
ResetEvent
SetThreadPriority
ResumeThread
WaitForMultipleObjects
ReleaseMutex
CreateFileMappingA
WaitForSingleObject
MapViewOfFile
WritePrivateProfileStringA
LoadLibraryA
GetNativeSystemInfo
GetDriveTypeA
GetFileAttributesA
GetFileSize
ReadFile
LocalFree
GetStringTypeW
LCMapStringW
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStartupInfoW
GetFileType
SetHandleCount
HeapDestroy
HeapCreate
HeapReAlloc
GetStdHandle
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
RtlUnwind
ExitProcess
HeapSize
Sleep
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
CreateThread
ExitThread
GetSystemInfo
DecodePointer
EncodePointer
GetPrivateProfileStringA
SetEvent
GetPrivateProfileIntA
lstrcatA
LeaveCriticalSection
EnterCriticalSection
lstrcpyA
DeleteCriticalSection
CloseHandle
InitializeCriticalSection
CreateEventA
lstrlenA
VerifyVersionInfoW
VerSetConditionMask
GetConsoleMode
SetStdHandle
WriteConsoleW
UnmapViewOfFile
CreateFileW
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
GetConsoleCP
SetFilePointer
LoadLibraryW
HeapFree
InterlockedPushEntrySList
InterlockedCompareExchange

user32

UnregisterClassA
GetKeyboardType
SetTimer
KillTimer
CharNextA
SetWindowLongW
GetWindowLongA
GetWindowLongW
CreateWindowExA
DefWindowProcA
CallWindowProcW
CallWindowProcA
LoadCursorA
GetClassInfoExA
RegisterClassExA
SetWindowLongA
DestroyWindow
DefWindowProcW
PostMessageA
IsWindow
PeekMessageA
GetClassNameA
GetWindowThreadProcessId
EnumWindows
wsprintfA
MessageBoxA

advapi32

RegQueryInfoKeyA
RegEnumKeyExA
RegQueryInfoKeyW
RegDeleteKeyA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListA

ole32

CoCreateInstance
CoTaskMemFree
StringFromGUID2
CLSIDFromString
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
SysAllocString
SysStringByteLen
SysAllocStringLen
VariantInit
VariantClear
VariantChangeTypeEx
SysStringLen
LoadRegTypeLi
SysFreeString

shlwapi

SHRegQueryUSValueA
SHRegWriteUSValueA
SHRegCreateUSKeyA
SHRegDeleteUSValueA
SHRegCloseUSKey
SHRegOpenUSKeyA
PathAppendA

rpcrt4

UuidFromStringA
UuidFromStringW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c8920b880faf8fc856359fecb2e6b303

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

43:8d:42:91:e4:3c:2d:ff:ee:aa:ae:e5:b6:c0:70:b5Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

29:ba:0a:a3:39:4a:9c:37:41:e3:0f:cf:4b:37:f2:c1:af:ed:0d:daSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

rpcrt4

Exports

Exports

Sections

.text Size: 91KB - Virtual size: 90KB

.rdata Size: 24KB - Virtual size: 24KB

.data Size: 6KB - Virtual size: 14KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 11KB - Virtual size: 10KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

43:8d:42:91:e4:3c:2d:ff:ee:aa:ae:e5:b6:c0:70:b5
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

29:ba:0a:a3:39:4a:9c:37:41:e3:0f:cf:4b:37:f2:c1:af:ed:0d:da
Signer

.text
Size: 91KB - Virtual size: 90KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 6KB - Virtual size: 14KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 11KB - Virtual size: 10KB