f7a2fa4ffbb415ec03aa3922b1b63c1b

Sharing

Copy URL Twitter E-mail

General

Target

f7a2fa4ffbb415ec03aa3922b1b63c1b
Size

512KB
MD5

f7a2fa4ffbb415ec03aa3922b1b63c1b
SHA1

ceaf2f39e9b9e6a3efaab681221e81ce04202b9a
SHA256

e97d3c5c385183508546dc897e60f5400532e5990512cf455de26ac5afb6dd10
SHA512

b6f650267433d0a640ab5409d1b2d5bbabc888fc104d9c966aa5c5fbeece5c8f9c0515ad3e79cf177a302044a7ecae57502cc6b3e575666246203db36c8d1177
SSDEEP

6144:/DndWOG7SCV1eUyq9UEX15Uqeu50Squu:rdCSCVtyu5UqfZ

Score

1^/10

Malware Config

Signatures

Files

f7a2fa4ffbb415ec03aa3922b1b63c1b
.exe windows:4 windows x64 arch:x64

d63f13e778afcb1510a3dcaeb93c577e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3b:e5:4e:ca:3d:ee:b6:3c:a6:f5:b7:63:35:6a:97:78
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

02/01/2008, 00:00

Not After

01/01/2009, 23:59

Subject

CN=EGIS TECHNOLOGY INC.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Development Division,O=EGIS TECHNOLOGY INC.,L=Taipei,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

e6:51:b2:77:8c:bf:25:ed:05:0a:90:e2:e5:14:1b:ab:1e:d3:ab:d7
Signer

Actual PE Digest

e6:51:b2:77:8c:bf:25:ed:05:0a:90:e2:e5:14:1b:ab:1e:d3:ab:d7

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

showerrmsg

ShowErrorMessage

sysenv

HT_WriteINIFileW

shlwapi

PathFileExistsW

admin_class_lib

??0CPSDDevice@@QEAA@IK@Z
?OnNotEnabled@CTPMSimpleExaminer@@UEAAXXZ
?OnNotUserInitialized@CTPMSimpleExaminer@@UEAAXXZ
?OnNotInitialized@CTPMSimpleExaminer@@UEAAXXZ
?OnInitializedAndEnabled@CTPMSimpleExaminer@@UEAAXXZ
??1CLogAppender@@UEAA@XZ
??1CFileLogAppender@@UEAA@XZ
??1CEventLogAppender@@UEAA@XZ
??0CLog@@QEAA@XZ
??0CFileLogAppender@@QEAA@W4eSeverity@nsCLog@@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@1_N@Z
?WriteLog@CFileLogAppender@@UEAA_NW4eSeverity@nsCLog@@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?WriteLog@CEventLogAppender@@UEAA_NW4eSeverity@nsCLog@@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?AddAppender@CLog@@UEAAHPEAVCLogAppender@@@Z
?WriteLog@CLog@@UEAAHV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@W4eSeverity@nsCLog@@0@Z
?WriteLog@CLog@@UEAAHW4eSeverity@nsCLog@@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?WriteLogVariable@CLog@@UEAAHV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@W4eSeverity@nsCLog@@PEB_WZZ
?WriteLogVariable@CLog@@UEAAHW4eSeverity@nsCLog@@PEB_WZZ
?WriteLogHex@CLog@@UEAAHW4eSeverity@nsCLog@@PEAEH@Z
?SetSourceName@CLog@@UEAAAEAV1@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
??1CEDSAppLayer@@UEAA@XZ
??1CEDSException@@UEAA@XZ
??1CETFFrameWindowController@@UEAA@XZ
??0CEDSAppLayer@@QEAA@XZ
?ShowWindow@CETFFrameWindowController@@SAXXZ
?ReportError@CEDSException@@UEAAHIII@Z
?ReportErrorMessage@CEDSException@@UEAAXXZ
??0CCommandLineParameters@@QEAA@PEB_W0@Z
??1CPath@@UEAA@XZ
??1CRecoverable@@UEAA@XZ
??1CIni@@UEAA@XZ
??0CPSDManager@@QEAA@PEB_WI@Z
??1CPSDManager@@UEAA@XZ
??1CTPMExaminer@@UEAA@XZ
??1CTPMSimpleExaminer@@UEAA@XZ
?exam@CTPMExamination@@AEAAHXZ
?examTPMSysKey@CTPMExamination@@AEAAHXZ
??1CTPMExamination@@UEAA@XZ
??1CCommandLineParameters@@QEAA@XZ
?GetSwitchStr@CCommandLineParameters@@QEAA?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PEB_W0H@Z
?GetSwitchInt@CCommandLineParameters@@QEAAHPEB_WHH@Z
??0CTPMSimpleExaminer@@QEAA@XZ
??0CTPMExamination@@QEAA@PEAVCTPMExaminer@@@Z
?Execute@CTPMExamination@@QEAAHXZ
?IsPSDOpen@CPSDManager@@QEAAHXZ
?ClosePSD@CPSDManager@@QEAAHH@Z
?OpenPSD@CPSDManager@@QEAAHH@Z
??0CPath@@QEAA@PEB_WHH@Z
??0CPath@@QEAA@XZ
??YCPath@@QEAAAEBV0@PEB_W@Z
??4CPath@@QEAAAEBV0@AEAV0@@Z
??4CPath@@QEAAAEBV0@PEB_W@Z
??BCPath@@QEAAPEB_WXZ
?SetTimeOut@CPSDDevice@@QEAAHK@Z

mfc80u

ord2565
ord2862
ord2738
ord4338
ord2859
ord2755
ord2562
ord5601
ord5247
ord5264
ord4599
ord3976
ord5260
ord5258
ord2955
ord1938
ord3860
ord5416
ord6258
ord5134
ord1022
ord3834
ord5618
ord2037
ord2082
ord4357
ord6318
ord3829
ord6316
ord2671
ord4067
ord296
ord588
ord280
ord786
ord3283
ord1491
ord2558
ord3746
ord3747
ord3737
ord2669
ord3977
ord4512
ord4292
ord3361
ord1935
ord6011
ord1064
ord3858
ord769
ord577
ord3711
ord4572
ord266
ord265
ord774
ord776
ord1216
ord1095
ord2267
ord4043

msvcr80

__crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_cexit
_exit
_XcptFilter
__C_specific_handler
__wgetmainargs
_amsg_exit
_decode_pointer
wcscpy_s
wcstombs_s
strcpy_s
??4exception@std@@QEAAAEAV01@AEBV01@@Z
_purecall
?what@exception@std@@UEBAPEBDXZ
_invalid_parameter_noinfo
??0exception@std@@QEAA@AEBV01@@Z
??0exception@std@@QEAA@XZ
memmove_s
??1exception@std@@UEAA@XZ
??0exception@std@@QEAA@AEBQEBD@Z
memcpy
_CxxThrowException
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
__set_app_type
memset
__CxxFrameHandler3
_encode_pointer
_fmode
mbstowcs_s
_commode

kernel32

CloseHandle
lstrlenW
CreateMutexW
LoadLibraryW
GetProcAddress
FreeLibrary
LocalFree
FormatMessageW
lstrcmpW
SetCurrentDirectoryW
Sleep
GetStartupInfoW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetLastError
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

user32

MessageBoxW
FindWindowW
SendMessageW

shell32

ShellExecuteW

comctl32

InitCommonControlsEx

ole32

CoInitialize
CoUninitialize
CoCreateInstance
OleRun
CoTaskMemFree
CoTaskMemAlloc

oleaut32

GetErrorInfo

msvcp80

??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@PEB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@AEBV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@PEBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@AEBV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEAV01@AEBV01@@Z

Exports

Exports

??0CEDSAppLayer@@QEAA@AEBV0@@Z
??0CEDSException@@QEAA@AEBV0@@Z
??0CEDSException@@QEAA@II@Z
??0CETFFrameWindowController@@QEAA@AEBV0@@Z
??0CEventLogAppender@@QEAA@AEBV0@@Z
??0CFileLogAppender@@QEAA@AEBV0@@Z
??0CIni@@QEAA@AEBV0@@Z
??0CLog@@QEAA@AEBV0@@Z
??0CLogAppender@@QEAA@AEBV0@@Z
??0CRecoverable@@QEAA@AEBV0@@Z
??0CTPMExamination@@QEAA@AEBV0@@Z
??0CTPMExaminer@@QEAA@AEBV0@@Z
??0CTPMSimpleExaminer@@QEAA@AEBV0@@Z
??0_cochar@@QEAA@PEBDH@Z
??0_cochar@@QEAA@PEB_WH@Z
??0_cotchar@@QEAA@PEBDH@Z
??0_cotchar@@QEAA@PEB_WH@Z
??0_cowchar@@QEAA@PEBDH@Z
??0_cowchar@@QEAA@PEB_WH@Z
??0_tochar@@QEAA@PEBDH@Z
??0_tochar@@QEAA@PEB_WH@Z
??0_totchar@@QEAA@PEBDH@Z
??0_totchar@@QEAA@PEB_WH@Z
??0_towchar@@QEAA@PEBDH@Z
??0_towchar@@QEAA@PEB_WH@Z
??1_cochar@@QEAA@XZ
??1_cotchar@@QEAA@XZ
??1_cowchar@@QEAA@XZ
??1_tochar@@QEAA@XZ
??1_totchar@@QEAA@XZ
??1_towchar@@QEAA@XZ
??4CCommandLineParameters@@QEAAAEAV0@AEBV0@@Z
??4CEDSAppLayer@@QEAAAEAV0@AEBV0@@Z
??4CEDSException@@QEAAAEAV0@AEBV0@@Z
??4CETFFrameWindowController@@QEAAAEAV0@AEBV0@@Z
??4CEventLogAppender@@QEAAAEAV0@AEBV0@@Z
??4CFileLogAppender@@QEAAAEAV0@AEBV0@@Z
??4CIni@@QEAAAEAV0@AEBV0@@Z
??4CLog@@QEAAAEAV0@AEBV0@@Z
??4CLogAppender@@QEAAAEAV0@AEBV0@@Z
??4CRecoverable@@QEAAAEAV0@AEBV0@@Z
??4CTPMExamination@@QEAAAEAV0@AEBV0@@Z
??4CTPMExaminer@@QEAAAEAV0@AEBV0@@Z
??4CTPMSimpleExaminer@@QEAAAEAV0@AEBV0@@Z
??4_cochar@@QEAAAEAV0@AEBV0@@Z
??4_cotchar@@QEAAAEAV0@AEBV0@@Z
??4_cowchar@@QEAAAEAV0@AEBV0@@Z
??4_tochar@@QEAAAEAV0@AEBV0@@Z
??4_totchar@@QEAAAEAV0@AEBV0@@Z
??4_towchar@@QEAAAEAV0@AEBV0@@Z
??B_cochar@@QEAAPEADXZ
??B_cochar@@QEAAPEBDXZ
??B_cotchar@@QEAAPEA_WXZ
??B_cotchar@@QEAAPEB_WXZ
??B_cowchar@@QEAAPEA_WXZ
??B_cowchar@@QEAAPEB_WXZ
??B_tochar@@QEAAPEADXZ
??B_tochar@@QEAAPEBDXZ
??B_totchar@@QEAAPEA_WXZ
??B_totchar@@QEAAPEB_WXZ
??B_towchar@@QEAAPEA_WXZ
??B_towchar@@QEAAPEB_WXZ
??_7CEDSAppLayer@@6B@
??_7CEDSException@@6B@
??_7CETFFrameWindowController@@6B@
??_7CEventLogAppender@@6B@
??_7CFileLogAppender@@6B@
??_7CIni@@6B@
??_7CLog@@6B@
??_7CLogAppender@@6B@
??_7CRecoverable@@6B@
??_7CTPMExamination@@6B@
??_7CTPMExaminer@@6B@
??_7CTPMSimpleExaminer@@6B@
??_FCCommandLineParameters@@QEAAXXZ
??_FCPSDDevice@@QEAAXXZ
??_FCPSDManager@@QEAAXXZ
?CheckCurrentStatus@CRecoverable@@QEAAIXZ
?CheckRecoveryStatus@CRecoverable@@QEAAIXZ
?DoRecovery@CRecoverable@@QEAAHXZ
?DoRecovery@CRecoverable@@UEAAXH@Z
?FILE_LST_COLUMN@CPSDDevice@@0IB
?GetAPErrorCode@CEDSException@@QEAAIXZ
?GetAPIErrorCode@CEDSException@@QEAAIXZ
?GetCurrentTPMStatus@CTPMExamination@@QEAAIH@Z
?GetLastAPIErrorCode@CPSDDevice@@QEAAIXZ
?GetOperationCode@CPSDManager@@QEAAIXZ
?GetPSDCapacity@CPSDDevice@@QEAAIXZ
?IsEnabled@CTPMExamination@@QEAAHXZ
?IsEncWithTPM@CTPMExamination@@QEAAHXZ
?IsInitialized@CTPMExamination@@QEAAHXZ
?IsInstalled@CTPMExamination@@QEAAHXZ
?IsSysKeyAvailable@CTPMExamination@@QEAAHXZ
?IsUserCfgInitialized@CTPMExamination@@QEAAHXZ
?MAX_REPEAT_TIME@CETFFrameWindowController@@0IB
?PLUGIN_ID@CETFFrameWindowController@@0HB
?ParamCount@CCommandLineParameters@@QEAAHXZ
?RefreshStatus@CTPMExamination@@QEAAAEAV1@XZ
?UpdateCurrentStatus@CRecoverable@@UEAAXI@Z
?UpdateRecoveryStatus@CRecoverable@@UEAAXI@Z

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

��c
Size: 424KB - Virtual size: 424KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d63f13e778afcb1510a3dcaeb93c577e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

3b:e5:4e:ca:3d:ee:b6:3c:a6:f5:b7:63:35:6a:97:78Certificate

Extended Key Usages

Key Usages

e6:51:b2:77:8c:bf:25:ed:05:0a:90:e2:e5:14:1b:ab:1e:d3:ab:d7Signer

Headers

DLL Characteristics

File Characteristics

Imports

showerrmsg

sysenv

shlwapi

admin_class_lib

mfc80u

msvcr80

kernel32

user32

shell32

comctl32

ole32

oleaut32

msvcp80

Exports

Exports

Sections

.text Size: 34KB - Virtual size: 33KB

.rdata Size: 28KB - Virtual size: 28KB

.data Size: 1KB - Virtual size: 3KB

.pdata Size: 3KB - Virtual size: 2KB

��c Size: 424KB - Virtual size: 424KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

3b:e5:4e:ca:3d:ee:b6:3c:a6:f5:b7:63:35:6a:97:78
Certificate

e6:51:b2:77:8c:bf:25:ed:05:0a:90:e2:e5:14:1b:ab:1e:d3:ab:d7
Signer

.text
Size: 34KB - Virtual size: 33KB

.rdata
Size: 28KB - Virtual size: 28KB

.data
Size: 1KB - Virtual size: 3KB

.pdata
Size: 3KB - Virtual size: 2KB

��c
Size: 424KB - Virtual size: 424KB