5b2cbc0472d8017784b3fe6db018794c

Sharing

Copy URL Twitter E-mail

General

Target

5b2cbc0472d8017784b3fe6db018794c
Size

52KB
MD5

5b2cbc0472d8017784b3fe6db018794c
SHA1

79e6ea86c8f5fcb6bb13c89b78d4119b24eee23b
SHA256

e1f35a3d007d1c06d9045bac8b0d3cb7baf5e509d9e3d226a3669a212e3c083d
SHA512

ccf98b1787c7c5b12246260272fc6367b80009fef12cfb9286e6354ca5ae26d6497f6381891139302f991fb996be6fe4cc451a62fc88a31417a58b5f7e9cbfd2
SSDEEP

1536:4gUiPCtsvLBpfFoQr1nF2qCO0KxrkQCTQ:4gB7vL5ppnF2qCO0Kxr2Q

Score

1^/10

Malware Config

Signatures

Files

5b2cbc0472d8017784b3fe6db018794c
.dll windows:4 windows x86 arch:x86

77779259f0472548f57a2b3531efda89

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3d:c7:f5:22:0d:b5:cb:6b:79:ea:7e:64:b1:c0:19:97
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

28/01/2010, 00:00

Not After

22/03/2012, 23:59

Subject

CN=OPSWAT\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=OPSWAT\, Inc.,L=San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e2:38:10:eb:9b:a1:ea:c0:a8:e3:62:93:3a:b0:03:33:da:d9:0a:0c
Signer

Actual PE Digest

e2:38:10:eb:9b:a1:ea:c0:a8:e3:62:93:3a:b0:03:33:da:d9:0a:0c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

IsCharAlphaNumericW

coreutils

?GetOSVersion@CWindowsOSUtils@OESIS@@SIHAAH0@Z

oesiscore

OESIS_InvokeMethod

msvcp80

??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z

msvcr80

_wfopen

Exports

Exports

??0CErrorInfoCollection@OESIS@@QAE@ABV01@@Z
??0CFileVersionInfo@OESIS@@QAE@ABV01@@Z
??0CRegKey@OESIS@@QAE@ABV01@@Z
??0typeObject@OESIS@@QAE@ABV01@@Z
??0typeObject@OESIS@@QAE@XZ
??1CSoftwareVersion@OESIS@@QAE@XZ
??1CSoftwareVersionRange@OESIS@@QAE@XZ
??1typeInvocationArgs@OESIS@@QAE@XZ
??4CErrorInfoCollection@OESIS@@QAEAAV01@ABV01@@Z
??4CFileUtils@OESIS@@QAEAAV01@ABV01@@Z
??4CFileVersionInfo@OESIS@@QAEAAV01@ABV01@@Z
??4CFirefoxUtils@OESIS@@QAEAAV01@ABV01@@Z
??4CInternetExplorerUtils@OESIS@@QAEAAV01@ABV01@@Z
??4CProcessUtils@OESIS@@QAEAAV01@ABV01@@Z
??4CRegKey@OESIS@@QAEAAV01@ABV01@@Z
??4CServiceUtils@OESIS@@QAEAAV01@ABV01@@Z
??4CStringUtils@OESIS@@QAEAAV01@ABV01@@Z
??4CWindowsOSUtils@OESIS@@QAEAAV01@ABV01@@Z
??4CXmlUtils@OESIS@@QAEAAV01@ABV01@@Z
??4typeInvocationArgs@OESIS@@QAEAAV01@ABV01@@Z
??4typeObject@OESIS@@QAEAAV01@ABV01@@Z
??_7CFileVersionInfo@OESIS@@6B@
??_7typeObject@OESIS@@6B@
?GetCPByIndex@CFileVersionInfo@OESIS@@QBEGI@Z
?GetCurCP@CFileVersionInfo@OESIS@@QBEGXZ
?GetCurLID@CFileVersionInfo@OESIS@@QBEGXZ
?GetCurTrans@CFileVersionInfo@OESIS@@QBEKXZ
?GetCurTransIndex@CFileVersionInfo@OESIS@@QBEIXZ
?GetFileVersionBuild@CFileVersionInfo@OESIS@@QBEGXZ
?GetFileVersionMajor@CFileVersionInfo@OESIS@@QBEGXZ
?GetFileVersionMinor@CFileVersionInfo@OESIS@@QBEGXZ
?GetFileVersionQFE@CFileVersionInfo@OESIS@@QBEGXZ
?GetLIDByIndex@CFileVersionInfo@OESIS@@QBEGI@Z
?GetProductVersionBuild@CFileVersionInfo@OESIS@@QBEGXZ
?GetProductVersionMajor@CFileVersionInfo@OESIS@@QBEGXZ
?GetProductVersionMinor@CFileVersionInfo@OESIS@@QBEGXZ
?GetProductVersionQFE@CFileVersionInfo@OESIS@@QBEGXZ
?GetTransCount@CFileVersionInfo@OESIS@@QBEIXZ
?GetVSFFI@CFileVersionInfo@OESIS@@QBEABUtagVS_FIXEDFILEINFO@@XZ
?IsValid@CFileVersionInfo@OESIS@@QBEHXZ
?RegUtil_FindSubKeysByFilter_Lua@CRegKey@OESIS@@SAHJABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABVtypeProperty@2@1AAV52@@Z
?RegUtil_ReadMultiStringFromRegistry@CRegKey@OESIS@@SAHJABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0AAVtypeProperty@2@@Z
?RegUtil_ReadStringFromRegistry@CRegKey@OESIS@@SAHJABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0AAV34@@Z
?RegUtil_ReadStringFromRegistry_64Bit@CRegKey@OESIS@@SAHJABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0AAV34@@Z
?SetValueInt_Lua@CRegKey@OESIS@@SAHJABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0ABH@Z
?WindowLIDToOpswatLanguageType_Lua@CFileVersionInfo@OESIS@@SAHJAAJAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?getType@typeTime@OESIS@@UAE?AW4enumObjectType@typeObject@2@XZ
@Kaspersky_CheckAVPStatus@60
@MicroWorld_eScan_Internet_Security_Suite_Helper_GetInstallDir@4
@MicroWorld_eScan_Internet_Security_Suite_Helper_GetSupportedApplications@4
@SiteAdvisorLib_IAntiPhishing_SetEnabled@24
@SiteAdvisorLib_ISoftwareProduct_GetProductVersion_for_IE_SiteADvisor@4
@WebrootSoftwareInc_WebrootInternetSecurityEssentials_AP_IsFirefoxPluginEnabled@4
AVG_LinkScanner_8_X_GetEnabledOnApplications
AVG_LinkScanner_8_X_GetInstallDir
AVG_LinkScanner_8_X_GetInstalledForApplications
AVG_LinkScanner_8_X_GetProductVersion
AVG_LinkScanner_8_X_GetSupportedApplications
AVG_LinkScanner_8_X_GetUpdateURL
AVG_LinkScanner_9_X_GetEnabledOnApplications
AVG_LinkScanner_9_X_GetInstallDir
AVG_LinkScanner_9_X_GetInstalledForApplications
AnonymizerSurfing_IAntiPhishing_GetEnabledForApplications
AnonymizerSurfing_IAntiPhishing_GetSupportedApplications
AnonymizerSurfing_ISotwareProduct_GetProductVersion
AnonymizerSurfing_ISotwareProduct_GetUpdateURL
AviraWebGuard_IAntiPhishing_GetEnabledForApplications
AviraWebGuard_IAntiPhishing_GetInstalledOnApplications
AviraWebGuard_IAntiPhishing_GetSupportedApplications
AviraWebGuard_ISotwareProduct_GetProductVersion
AviraWebGuard_ISotwareProduct_GetUpdateURL
ComodoVerificationEngine_IAntiPhishing_GetInstalledForApplications
ComodoVerificationEngine_IAntiPhishing_GetSupportedApplications
ComodoVerificationEngine_ISotwareProduct_GetProductVersion
ComodoVerificationEngine_ISotwareProduct_GetUpdateURL
DeepnetExplorer_IAntiPhishing_GetEnabledForApplications
DeepnetExplorer_IAntiPhishing_GetInstalledForApplications
DeepnetExplorer_IAntiPhishing_GetSupportedApplications
DeepnetExplorer_ISotwareProduct_GetProductVersion
DeepnetExplorer_ISotwareProduct_GetUpdateURL
EBayLib_IAntiPhishing_GetInstalledOnApplications
EBayLib_IAntiPhishing_GetSupportedApplications
EBayLib_ISoftwareProduct_GetProductVersion
EBayLib_ISoftwareProduct_GetUpdateURL
EEyeDigitalSecurity_IAntiPhishing_GetInstalledForApplications
EEyeDigitalSecurity_IAntiPhishing_GetSupportedApplications
EEyeDigitalSecurity_ISoftwareProduct_GetProductVersion
EarthLinkLib_IAntiPhishing_GetInstalledForApplications
EarthLinkLib_IAntiPhishing_GetSupportedApplications
EarthLinkLib_ISotwareProduct_GetProductVersion
EarthLinkLib_ISotwareProduct_GetUpdateURL
FF_IAntiPhishing_GetEnabledOnApplications
FF_IAntiPhishing_GetSupportedApplications_GetInstalledOnApplications
FF_ISotwareProduct_GetUpdateURL
FinjanSecureBrowsing_IAntiPhishing_GetEnabledForApplications
FinjanSecureBrowsing_IAntiPhishing_GetInstalledOnApplications
FinjanSecureBrowsing_IAntiPhishing_GetSupportedApplications
FinjanSecureBrowsing_ISotwareProduct_GetProductVersion
FinjanSecureBrowsing_ISotwareProduct_GetUpdateURL
GDataAnitphishing_ISotwareProduct_GetEnabledOnApplications
GDataAnitphishing_ISotwareProduct_GetProductVersion
GDataAnitphishing_ISotwareProduct_GetSupportedApplications
GoogleLib_IAntiPhishing_GetInstalledOnApplications
GoogleLib_IAntiPhishing_GetSupportedApplications
GoogleLib_ISoftwareProduct_GetProductVersion
GoogleLib_ISoftwareProduct_GetUpdateURL
HauteSecure_IAntiPhishing_GetInstalledForApplications
HauteSecure_IAntiPhishing_GetSupportedApplications
HauteSecure_ISotwareProduct_GetProductVersion
HauteSecure_ISotwareProduct_GetUpdateURL
IAntiPhishing_GetModuleVersion
IE7_IAntiPhishing_GetEnabledOnApplications
IE7_IAntiPhishing_GetSupportedApplications_GetInstalledOnApplications
IE7_IAntiPhishing_SetEnabled
IE7_ISoftwareProduct_GetProductVersion
IE7_ISoftwareProduct_GetUpdateURL
IE8_IAntiPhishing_GetEnabledOnApplications
Kaspersky_IAntiPhishing_GetEnabledOnApplications
Kaspersky_IAntiPhishing_GetInstallDir
Kaspersky_IAntiPhishing_GetProductVersion
Kaspersky_IAntiPhishing_GetSupportedApplications_GetInstalledOnApplications
Kaspersky_ISoftwareProduct_GetUpdateURL
Kingsoft_IAntiPhishing_GetEnabledOnApplications
Kingsoft_IAntiPhishing_GetProductVersion
Kingsoft_IAntiPhishing_Update
MicroWorld_eScan_Internet_Security_Suite_GetEnabledForApplications
MicroWorld_eScan_Internet_Security_Suite_GetInstalledForApplications
MicroWorld_eScan_Internet_Security_Suite_GetSupportedApplications
NetcraftLib_IAntiPhishing_GetInstalledOnApplications
NetcraftLib_IAntiPhishing_GetSupportedApplications
NetcraftLib_ISoftwareProduct_GetProductVersion
NetcraftLib_ISoftwareProduct_GetUpdateURL
Norman_IAntiPhishing_GetApplications
Norman_IAntiPhishing_GetEnabledOnApplications
Norman_IAntiPhishing_GetProductVersion
Norton360AntiPhishing_ISotwareProduct_GetProductVersion
NortonAntiPhishing_IAntiPhishing_GetInstalledOnApplications
NortonAntiPhishing_IAntiPhishing_GetSupportedApplications
NortonConfidential_IAntiPhishing_GetProductVersion
NortonConfidential_IAntiPhishing_GetSupportedApplications_GetInstalledOnApplications
NortonConfidential_ISoftwareProduct_GetUpdateURL
NortonISAntiPhishing_ISotwareProduct_GetProductVersion
PCSecurityShield_IAntiPhishing_GetEnabledOnApplications
PCSecurityShield_IAntiPhishing_GetInstalledForApplications
PCSecurityShield_IAntiPhishing_GetSupportedApplications
PandaDesktop_IAntiPhishing_GetInstalledForApplications
PandaDesktop_IAntiPhishing_GetSupportedApplications
PandaDesktop_ISotwareProduct_GetProductVersion
PandaDesktop_ISotwareProduct_GetUpdateURL
Panda_IAntiPhishing_GetInstalledForApplications
Panda_IAntiPhishing_GetSupportedApplications
Panda_ISotwareProduct_GetProductVersion
Parallels_IAntiPhishing_GetEnabledOnApplications
Parallels_IAntiPhishing_GetInstallDir
Parallels_IAntiPhishing_GetSupportedApplications_GetInstalledOnApplications
Parallels_ISoftwareProduct_GetProductVersion
Parallels_ISoftwareProduct_GetUpdateURL
QuickHealInternetSecurity_IAntiPhishing_GetInstalledOnApplications
QuickHealInternetSecurity_ISoftwareProduct_GetProductVersion
QuickHealTotalSecurity_12X_IAntiPhishing_GetEnabledForApplications
QuickHealTotalSecurity_IAntiPhishing_GetEnabledOnApplications
QuickHealTotalSecurity_IAntiPhishing_GetInstalledOnApplications
QuickHealTotalSecurity_IAntiPhishing_GetSupportedApplications
QuickHealTotalSecurity_ISoftwareProduct_GetProductVersion
RadialPoint_IAntiPhishing_GetSupportedApplications_GetInstalledApplications
RadialPoint_ISoftwareProduct_GetProductVersion
RadialPoint_ISoftwareProduct_GetUpdateURL
SiteAdvisorLib_IAntiPhishing_GetEnabledOnApplications_PlusEdition
SiteAdvisorLib_IAntiPhishing_GetInstalledOnApplications_FreeEdition
SiteAdvisorLib_IAntiPhishing_GetInstalledOnApplications_PlusEdition
SiteAdvisorLib_IAntiPhishing_GetSupportedApplications_FreeEdition
SiteAdvisorLib_IAntiPhishing_GetSupportedApplications_PlusEdition
SiteAdvisorLib_ISoftwareProduct_GetProductVersion_FreeEdition
SiteAdvisorLib_ISoftwareProduct_GetProductVersion_PlusEdition
SiteAdvisorLib_ISoftwareProduct_GetUpdateURL
SunbeltSoftware_Enterprise_Agent_AP_4_X_ISoftwareProduct_GetProductVersion
SunbeltSoftware_Enterprise_Premium_AP_Agent_4_X_ISoftwareProduct_GetProductVersion
SunbeltSoftware_Vipre_4_X_IAntiPhishing_GetEnabledOnApplications
SunbeltSoftware_Vipre_4_X_IAntiPhishing_GetInstalledOnApplications
SunbeltSoftware_Vipre_4_X_IAntiPhishing_GetSupportedApplications
SunbeltSoftware_Vipre_Antivirus_4_X_ISoftwareProduct_GetProductVersion
SunbeltSoftware_Vipre_Premium_4_X_ISoftwareProduct_GetProductVersion
TrustPort_11_EnableProtection
TrustPort_11_GetInstalledOnApplications
TrustPort_11_GetSupportedOnApplications
TrustPort_11_IsProtectionEnabled
VCOM_IAntiPhishing_GetEnabledOnApplications
VirusBuster_ISS_GetInstallDir
VirusBuster_ISS_GetProductVersion
VirusBuster_ISS_IAntiPhishing_GetEnabledOnApplications
VirusBuster_ISS_IAntiPhishing_GetInstalledForApplications
VirusBuster_ISS_IAntiPhishing_GetSupportedApplications
WebrootSoftwareInc_WebrootInternetSecurityEssentials_AP_GetInstallDir
WebrootSoftwareInc_WebrootInternetSecurityEssentials_AP_GetProductVersion
WebrootSoftwareInc_WebrootInternetSecurityEssentials_AP_GetSupportedApplications
WebrootSoftwareInc_WebrootInternetSecurityEssentials_AP_IsEnabled
ZoneAlarmSecuritySuite_IAntiPhishing_GetEnabledOnApplications
ZoneAlarmSecuritySuite_IAntiPhishing_GetProductVersion
ZoneAlarmSecuritySuite_IAntiPhishing_GetSupportedApplications_GetInstalledApplications
ZoneAlarmSecuritySuite_IAntiPhishing_GetUpdateURL

Sections

.text
Size: 27KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

77779259f0472548f57a2b3531efda89

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

3d:c7:f5:22:0d:b5:cb:6b:79:ea:7e:64:b1:c0:19:97Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

e2:38:10:eb:9b:a1:ea:c0:a8:e3:62:93:3a:b0:03:33:da:d9:0a:0cSigner

Headers

File Characteristics

Imports

kernel32

user32

coreutils

oesiscore

msvcp80

msvcr80

Exports

Exports

Sections

.text Size: 27KB - Virtual size: 124KB

.rsrc Size: 18KB - Virtual size: 20KB

.reloc Size: 512B - Virtual size: 4KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

3d:c7:f5:22:0d:b5:cb:6b:79:ea:7e:64:b1:c0:19:97
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

e2:38:10:eb:9b:a1:ea:c0:a8:e3:62:93:3a:b0:03:33:da:d9:0a:0c
Signer

.text
Size: 27KB - Virtual size: 124KB

.rsrc
Size: 18KB - Virtual size: 20KB

.reloc
Size: 512B - Virtual size: 4KB