541678ab5924749e1bc7abb1e493924e

Sharing

Copy URL Twitter E-mail

General

Target

541678ab5924749e1bc7abb1e493924e
Size

135KB
MD5

541678ab5924749e1bc7abb1e493924e
SHA1

0e94d5ce95d05cc42a84af325d04a4dd2af1c9ee
SHA256

2cd19cd5d9a4e222efde9e338230d1c337cd7c7baf9ea4364d4e7bf56668120b
SHA512

e4c78d0bcaf24fe1f9f7a9f3e5a80a2dc45f6cc236183b8da5fd559cdefb84cd9a85b7243e9bd653f1f14886b7beda285c4bf9623aeb2d6eddfcbf9030a4f376
SSDEEP

1536:ydKaYK2+83nGA5rbdXzTkKt+xssvx6bwMMXCSThFPnrvhc+JBkJFHS0tJdFYiYdp:IKwT8Hr0Kt03MMdbjhVrkrHZD7iu1k

Score

1^/10

Malware Config

Signatures

Files

541678ab5924749e1bc7abb1e493924e
.dll windows:4 windows x86 arch:x86

9cc21db39fb0a3a8da2811833b90cdcd

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:53

Not After

16/09/2011, 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:53

Not After

16/09/2011, 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:02:30:7e:00:00:00:00:00:06
Certificate

Issuer

CN=Microsoft Windows Verification Intermediate PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

10/03/2008, 21:57

Not After

10/06/2009, 22:07

Subject

CN=Microsoft Windows Component Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:1b:ab:11:da:3a:a1:b6:df:ec:88
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

11/10/2005, 21:55

Not After

26/04/2010, 07:00

Subject

CN=Microsoft Windows Verification Intermediate PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

25:b4:96:c4:06:d3:bb:2d:02:11:51:c7:1b:e7:cc:97:f5:8f:a0:58
Signer

Actual PE Digest

25:b4:96:c4:06:d3:bb:2d:02:11:51:c7:1b:e7:cc:97:f5:8f:a0:58

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapFree
GetModuleHandleA
GetProcAddress
VirtualProtect

user32

SetCapture

gdi32

DeleteDC

advapi32

LookupAccountNameA

shell32

SHGetSpecialFolderPathA

shlwapi

SHDeleteKeyA

msvcrt

_strnicmp

winmm

waveOutClose

ws2_32

gethostname

msvcp60

?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z

imm32

ImmReleaseContext

wininet

InternetOpenA

avicap32

capGetDriverDescriptionA

msvfw32

ICSeqCompressFrame

psapi

GetModuleFileNameExA

wtsapi32

WTSFreeMemory

Exports

Exports

ServiceMain

Sections

�H��
Size: - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

�W��
Size: - Virtual size: 960B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

�L��
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

�W��
Size: - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

�X��
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

�X��
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

�K��
Size: 1024B - Virtual size: 948B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9cc21db39fb0a3a8da2811833b90cdcd

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

61:47:52:ba:00:00:00:00:00:04Certificate

Extended Key Usages

Key Usages

61:47:52:ba:00:00:00:00:00:04Certificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

61:02:30:7e:00:00:00:00:00:06Certificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:1b:ab:11:da:3a:a1:b6:df:ec:88Certificate

Extended Key Usages

Key Usages

25:b4:96:c4:06:d3:bb:2d:02:11:51:c7:1b:e7:cc:97:f5:8f:a0:58Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

msvcrt

winmm

ws2_32

msvcp60

imm32

wininet

avicap32

msvfw32

psapi

wtsapi32

Exports

Exports

Sections

�H�� Size: - Virtual size: 87KB

�W�� Size: - Virtual size: 960B

�L�� Size: - Virtual size: 4KB

�W�� Size: - Virtual size: 49KB

�X�� Size: 124KB - Virtual size: 123KB

�X�� Size: 512B - Virtual size: 36B

�K�� Size: 1024B - Virtual size: 948B

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

61:47:52:ba:00:00:00:00:00:04
Certificate

61:47:52:ba:00:00:00:00:00:04
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:02:30:7e:00:00:00:00:00:06
Certificate

6a:0b:99:4f:c0:00:1b:ab:11:da:3a:a1:b6:df:ec:88
Certificate

25:b4:96:c4:06:d3:bb:2d:02:11:51:c7:1b:e7:cc:97:f5:8f:a0:58
Signer

�H��
Size: - Virtual size: 87KB

�W��
Size: - Virtual size: 960B

�L��
Size: - Virtual size: 4KB

�W��
Size: - Virtual size: 49KB

�X��
Size: 124KB - Virtual size: 123KB

�X��
Size: 512B - Virtual size: 36B

�K��
Size: 1024B - Virtual size: 948B