4b279b92cb3c3fb501cef12a4a291f41

Sharing

Copy URL Twitter E-mail

General

Target

4b279b92cb3c3fb501cef12a4a291f41
Size

199KB
MD5

4b279b92cb3c3fb501cef12a4a291f41
SHA1

668474e41b4ddc0daa9f92bdf284e562001e98a7
SHA256

22f616534ad291e983bb7d1a3f0cc039093e0dcf9db45dc4a8ecd2fe09fb7601
SHA512

0006256129cf9bec30fafc9587486d29241d8ac560c2f249d15427e1827fe58f6d849cafd068a22a8fe04f532a664bd7d45e43f34b6f4690d6c2717203b19858
SSDEEP

3072:WKSSQUyKFNLvLUttRf8ZMVUdBMcKnBLpWQ6jyeS8vy/Vjy0V:SSQPMNLvL4XU23tnBnV

Score

1^/10

Malware Config

Signatures

Files

4b279b92cb3c3fb501cef12a4a291f41
.dll regsvr32 windows:4 windows x86 arch:x86

a09eab9adf60a4ab17d7bb070a425ac4

Code Sign

01:00:00:00:00:00:fd:fb:81:86:ef
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

26/07/2004, 12:51

Not After

26/07/2005, 12:51

Subject

CN=Firma Informatyczna RoboBAT Joint-Venture Sp. z o.o.,O=Firma Informatyczna RoboBAT Joint-Venture Sp. z o.o.,C=PL,1.2.840.113549.1.9.1=#0c0e675f6740726f626f6261742e706c

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageKeyEncipherment
KeyUsageDataEncipherment

04:00:00:00:00:00:f0:76:03:de:10
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 12:00

Not After

28/01/2009, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:00:fb:59:74:27:74
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 09:00

Not After

28/01/2009, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord5277
ord2982
ord3147
ord2124
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4424
ord818
ord6241
ord3663
ord5290
ord4441
ord3402
ord3567
ord5265
ord4998
ord2514
ord6052
ord1775
ord5241
ord6374
ord5280
ord3749
ord4425
ord3597
ord602
ord641
ord567
ord326
ord6215
ord2169
ord2642
ord3092
ord2370
ord4234
ord1727
ord941
ord2076
ord6880
ord5261
ord2446
ord4224
ord939
ord924
ord6199
ord922
ord926
ord690
ord2652
ord5807
ord5204
ord3229
ord389
ord1669
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord3953
ord1134
ord2725
ord6930
ord3956
ord5207
ord2818
ord860
ord535
ord2864
ord823
ord537
ord6467
ord800
ord540
ord5065
ord6376
ord2055
ord2648
ord4837
ord3798
ord4353
ord5163
ord2385
ord4407
ord1776
ord4078
ord6055
ord6662
ord2614
ord4129
ord5683
ord2763
ord4277
ord6282
ord4278
ord6283
ord4202
ord2764
ord5710
ord858
ord1168
ord4710
ord6334
ord1197
ord1253
ord1255
ord1570
ord1243
ord825
ord269
ord342
ord1578
ord600
ord826
ord1116
ord1176
ord1182
ord1577
ord1575

msvcrt

_purecall
??1type_info@@UAE@XZ
_CxxThrowException
wcslen
_ftol
free
_onexit
atof
_mbsicmp
atol
__dllonexit
_except_handler3
?terminate@@YAXXZ
_initterm
__CxxFrameHandler
_mbscmp
malloc
_adjust_fdiv

kernel32

LoadLibraryA
FreeLibrary
MultiByteToWideChar
lstrcatA
lstrcpyA
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
HeapDestroy
InitializeCriticalSection
DisableThreadLibraryCalls
lstrcmpiA
GetModuleFileNameA
lstrlenW
WideCharToMultiByte
lstrlenA
GetShortPathNameA
GetModuleHandleA
GetFileAttributesA
SetFileAttributesA
DeleteFileA
InterlockedDecrement
InterlockedIncrement
LoadResource
FindResourceA
LocalFree
LocalAlloc
GetLastError
GetProcAddress

user32

LoadStringA
GetSysColor
EnableWindow
GetWindowRect
LoadMenuA
CharNextA
SendMessageA
LoadIconA
LoadBitmapA
RedrawWindow

gdi32

DeleteObject

advapi32

RegCloseKey
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegEnumKeyExA

ole32

CoCreateInstance
CoTaskMemFree
StringFromCLSID

oleaut32

VariantInit
CreateErrorInfo
VariantChangeType
SetErrorInfo
GetErrorInfo
VariantClear
SysFreeString
RegisterTypeLi
SysAllocString
LoadTypeLi
SysStringLen
LoadRegTypeLi

rg70as

ord5744
ord6533
ord6531
ord6522
ord6521
ord6520
ord6518
ord6517
ord6529
ord6526
ord6523
ord6527
ord6530
ord6524
ord6516
ord6515
ord6514
ord6513
ord6512
ord6511
ord6510
ord6509
ord6508
ord3153
ord6538
ord6506
ord6504
ord6499
ord6495
ord6503
ord6494
ord6493
ord3152
ord3150
ord3149
ord6505
ord3151
ord6445
ord6431
ord6477
ord6476
ord6487
ord6486
ord3155
ord6484
ord6483
ord6480
ord6479
ord6482
ord6481
ord3146
ord6475
ord6474
ord6473
ord3148
ord6471
ord6470
ord6460
ord6456
ord6455
ord6454
ord6453
ord6452
ord6451
ord6457
ord6450
ord6464
ord6461
ord6449
ord6448
ord6447
ord6446
ord6430
ord6426
ord3117
ord3118
ord3128
ord3154
ord5246
ord5245
ord5244
ord5243
ord5241
ord5242
ord5240
ord5239
ord5238
ord5567
ord5569
ord5568
ord5565
ord5566
ord5535
ord5563
ord5562
ord5561
ord5560
ord5564
ord5559
ord5538
ord5558
ord5551
ord5550
ord5554
ord5549
ord5548
ord5553
ord5547
ord5546
ord5552
ord5557
ord5542
ord5556
ord5540
ord5539
ord5541
ord5712
ord5713
ord6534
ord6536
ord5139
ord5142
ord5348
ord5367
ord5352
ord5372
ord5371
ord5324
ord5252
ord5040
ord6548
ord6458
ord5374
ord5373
ord5322
ord5321
ord5320
ord5319
ord5313
ord6519
ord5312
ord5314
ord5309
ord5311
ord5308
ord5310
ord5092
ord5086
ord5082
ord5076
ord5093
ord5083
ord5088
ord5077
ord5388
ord5387
ord5386
ord5381
ord5384
ord5380
ord5379
ord5010
ord5001
ord5004
ord5006
ord5005
ord5003
ord5002
ord5007
ord5008
ord5009
ord4999
ord5000
ord5091
ord5052
ord5050
ord5053
ord5051
ord5087
ord5090
ord5089
ord5070
ord5780
ord5071
ord5069
ord5075
ord5095
ord5085
ord5067
ord5074
ord5073
ord5066
ord5079
ord5098
ord5097
ord5096
ord5752
ord5213
ord5250
ord5249
ord5248
ord5251
ord5545
ord5236
ord5235
ord5234
ord5233
ord5232
ord5231
ord5247
ord5207
ord5230
ord5229
ord5228
ord5227
ord6545
ord6544
ord5224
ord5223
ord5222
ord5216
ord5220
ord5219
ord5214
ord5215
ord5218
ord5237
ord5217
ord5206
ord5205
ord5623
ord5622
ord5621
ord5620
ord5630
ord5629
ord5628
ord5627
ord5714
ord3131
ord5625
ord5626
ord5617
ord4976
ord4975
ord4974
ord4973
ord4972
ord4984
ord4978
ord4977
ord4986
ord4985
ord4983
ord4982
ord4981
ord4980
ord4979
ord5503
ord5498
ord5505
ord5502
ord5501
ord5499
ord5389
ord5020
ord5029
ord5028
ord5018
ord5036
ord5038
ord5037
ord5035
ord5034
ord5661
ord5660
ord5659
ord5658
ord5650
ord5649
ord5648
ord5651
ord5647
ord5646
ord5644
ord5643
ord5652
ord5642
ord5641
ord5533
ord5531
ord5530
ord5534
ord5532
ord5462
ord5718
ord5461
ord5717
ord5460
ord5716
ord5459
ord5715
ord5709
ord5708
ord5707
ord5706
ord5705
ord5704
ord5703
ord5702
ord5700
ord5701
ord5699
ord5698
ord5711
ord5710
ord5674
ord5675
ord5672
ord5673
ord5667
ord5666
ord5049
ord5046
ord5043
ord5042
ord5048
ord5045
ord5047
ord5044
ord5669
ord5668
ord5671
ord5670
ord5665
ord5664
ord5663
ord5662
ord5306
ord5305
ord5303
ord5302
ord5300
ord5299
ord5307
ord5304
ord5301
ord5298
ord5274
ord5273
ord4997
ord4998
ord4996
ord4995
ord4994
ord4993
ord4992
ord4991
ord4990
ord4989
ord4988
ord4987
ord5271
ord5272
ord5264
ord5263
ord5268
ord5267
ord5266
ord5265
ord5262
ord5261
ord5295
ord5293
ord5289
ord5287
ord5283
ord5281
ord5294
ord5292
ord5288
ord5286
ord5282
ord5280
ord5285
ord5284
ord5297
ord5296
ord5291
ord5290
ord5260
ord5259
ord5258
ord5257
ord5256
ord5255
ord5254
ord5253
ord5779
ord5778
ord5774
ord5773
ord5772
ord5771
ord5138
ord5127
ord5766
ord5762
ord5767
ord5126
ord5757
ord5763
ord5760
ord5317
ord5537
ord5446
ord5316
ord5536
ord5455
ord5453
ord13542
ord13541
ord13540
ord13468
ord13536
ord13535
ord13534
ord13496
ord13462
ord13471
ord5436
ord12152
ord12093
ord12292
ord12119
ord12129
ord12128
ord12121
ord12133
ord5753
ord10398
ord5751
ord13494
ord12118
ord5452
ord13493
ord12278
ord12284
ord12286
ord12282
ord12281
ord12280
ord12285
ord12275
ord12283
ord12273
ord12279
ord12268
ord12277
ord10976
ord12274
ord12157
ord12271
ord12113
?messageMap@CGXGridWnd@@1UAFX_MSGMAP@@B
ord5221
ord5208
ord13492
ord10974
ord12272
ord93
ord1682
ord6459
ord6488
ord3143
ord3134
ord3133
ord3132
ord3130
ord6467
ord3156
ord6550
ord6551
ord6552
ord6553
ord6540
ord6542
ord6543
ord6546
ord6547
ord5633
ord5618
ord5226
ord5225
ord5041
ord5039
ord5315

msvcirt

?close@ifstream@@QAEXXZ
?open@ifstream@@QAEXPBDHH@Z
?close@ofstream@@QAEXXZ
??0ifstream@@QAE@XZ
??1ios@@UAE@XZ
?openprot@filebuf@@2HB
_mtunlock
?get@istream@@IAEAAV1@PADHH@Z
??1ifstream@@UAE@XZ
?open@ofstream@@QAEXPBDHH@Z
??0ofstream@@QAE@XZ
?endl@@YAAAVostream@@AAV1@@Z
??6ostream@@QAEAAV0@PBD@Z
_mtlock
??1ofstream@@UAE@XZ

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 84KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a09eab9adf60a4ab17d7bb070a425ac4

Code Sign

01:00:00:00:00:00:fd:fb:81:86:efCertificate

Key Usages

04:00:00:00:00:00:f0:76:03:de:10Certificate

Key Usages

04:00:00:00:00:00:fb:59:74:27:74Certificate

Key Usages

Signer

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

ole32

oleaut32

rg70as

msvcirt

Exports

Exports

Sections

.text Size: 84KB - Virtual size: 80KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 8KB - Virtual size: 10KB

.idata Size: 12KB - Virtual size: 9KB

.rsrc Size: 56KB - Virtual size: 54KB

.reloc Size: 12KB - Virtual size: 8KB

01:00:00:00:00:00:fd:fb:81:86:ef
Certificate

04:00:00:00:00:00:f0:76:03:de:10
Certificate

04:00:00:00:00:00:fb:59:74:27:74
Certificate

.text
Size: 84KB - Virtual size: 80KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 8KB - Virtual size: 10KB

.idata
Size: 12KB - Virtual size: 9KB

.rsrc
Size: 56KB - Virtual size: 54KB

.reloc
Size: 12KB - Virtual size: 8KB