2097e8e113c9f0fcfc0e0540eb3ca246

Sharing

Copy URL Twitter E-mail

General

Target

2097e8e113c9f0fcfc0e0540eb3ca246
Size

1.4MB
MD5

2097e8e113c9f0fcfc0e0540eb3ca246
SHA1

5c48983dd1ef8eafb6d04174d82b7fa8a2f7b7d5
SHA256

27f56ff734f3093102c0d5fd30854e59010610f292e9926258ea102b7857c72e
SHA512

a1a86e51b96bcaa7fcc4fbc0a8e70af42a6f840802e88813f0b3cbc72126ef458661193897ef469c24f76ed1f5fd23e71fdd29785802280c2533f0c97bd5c455
SSDEEP

24576:rcuZPnQ3/ooVKoUFQea1W4kojJSm5d6JGH+6OnN:joVKj2eiW4NnWGeRnN

Score

1^/10

Malware Config

Signatures

Files

2097e8e113c9f0fcfc0e0540eb3ca246
.dll regsvr32 windows:4 windows x86 arch:x86

a758624574c70196436962a6af928241

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:52:2d:eb:7b:7a:c2:73:94:e5:fe:57:32:39:12:cb
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

25/05/2006, 00:00

Not After

03/07/2009, 23:59

Subject

CN=Intervideo\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Head Quarter,O=Intervideo\, Inc.,L=Fremont,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a2:23:3e:d9:32:7f:ff:15:84:2e:3d:23:83:29:c0:cd:46:87:c8:9a
Signer

Actual PE Digest

a2:23:3e:d9:32:7f:ff:15:84:2e:3d:23:83:29:c0:cd:46:87:c8:9a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_itoa
_stat
_mbsrchr
_mbsnbcat
_mbsnbcpy
toupper
_stricmp
_endthread
??1type_info@@UAE@XZ
printf
clock
pow
memset
memcpy
_chkesp
sscanf
_lseeki64
_read
_close
_open
rand
srand
_beginthread
_CxxThrowException
wcscpy
wcscmp
memmove
wcstombs
_beginthreadex
atoi
isdigit
strncmp
_onexit
__dllonexit
_adjust_fdiv
malloc
_initterm
free
?terminate@@YAXXZ
_except_handler3
vsprintf
_ftol
_strcmpi
strstr
wcslen
strchr
_strnicmp
_strlwr
time
atol
swprintf
mbstowcs
sprintf
_purecall
strncpy
_vsnprintf
__CxxFrameHandler
??2@YAPAXI@Z
??3@YAXPAX@Z

kernel32

LeaveCriticalSection
Sleep
EnterCriticalSection
InterlockedDecrement
InterlockedIncrement
WaitForSingleObject
SetEvent
lstrcatA
lstrlenA
MultiByteToWideChar
ReadFile
CreateFileA
FreeLibrary
LoadLibraryA
GetLastError
GetModuleFileNameA
ResetEvent
SystemTimeToFileTime
GetCurrentThreadId
WaitForMultipleObjects
CreateSemaphoreA
ReleaseSemaphore
GetCurrentProcessId
VirtualFree
DisableThreadLibraryCalls
GetProcAddress
SetErrorMode
CreateThread
GetModuleHandleA
WideCharToMultiByte
SetThreadPriority
GetCurrentThread
GetTickCount
SetEnvironmentVariableA
GetVersionExA
OpenMutexA
FindClose
FindFirstFileA
GetVolumeInformationA
WriteFile
GetDriveTypeA
SetFilePointer
ResumeThread
GlobalMemoryStatus
GetFileSize
VirtualProtect
GetFileAttributesA
CloseHandle
DeleteCriticalSection
InterlockedExchange
InitializeCriticalSection
GetEnvironmentVariableA
CreateEventA
HeapAlloc
GetProcessHeap
HeapReAlloc
HeapFree
lstrcatW
lstrlenW
CreateMutexA
VirtualAlloc
ReleaseMutex
FindNextFileA
SetCurrentDirectoryA
GetSystemTime
OutputDebugStringA
GetTimeZoneInformation
GetSystemDirectoryA
GetCurrentProcess
DeviceIoControl
MulDiv
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
GetLocalTime
lstrcpyA
GetFileTime
GetProcessAffinityMask
SetProcessAffinityMask
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile

user32

SetTimer
GetDlgItem
SetWindowTextA
KillTimer
GetWindowTextA
GetWindowRect
SendMessageA
GetMessageA
SetRect
PostMessageA
GetClientRect
GetDC
GetDCEx
EnumDisplaySettingsA
OffsetRect
IntersectRect
EnableWindow
IsWindow
GetWindowTextLengthA
ScreenToClient
SetWindowPos
SetFocus
LoadImageA
LoadBitmapA
GetSystemMetrics
MessageBoxA
ChangeDisplaySettingsA
GetWindowPlacement
IsIconic
SystemParametersInfoA
GetWindowLongA
PostThreadMessageA
PeekMessageA
GetDesktopWindow
LoadStringW
LoadStringA
wsprintfA
DefWindowProcA
DestroyWindow
ShowWindow
InvalidateRect
MoveWindow
CreateDialogParamA
SetWindowLongA

advapi32

RegSetValueA
RegSetValueExA
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey
RegDeleteKeyA
RegCreateKeyExA
RegQueryValueExA
RegEnumValueA
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
RegQueryInfoKeyA
RegCreateKeyA

ole32

CoInitialize
CoCreateInstance
CLSIDFromString
CreateStreamOnHGlobal
CoTaskMemFree
CoFreeUnusedLibraries
CoUninitialize
StringFromGUID2
CoTaskMemAlloc

oleaut32

OleCreatePropertyFrame
SysStringLen
SysAllocString
SysFreeString
SysAllocStringLen

winmm

timeGetTime
timeEndPeriod
timeBeginPeriod
mciSendCommandA

msvcp60

?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@XZ
?open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXPBDH@Z
?is_open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QBE_NXZ
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBDH@Z
?eof@?$char_traits@D@std@@SAHXZ
?ignore@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@HH@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?_Fpz@std@@3_JB
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@XZ
?open@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXPBDH@Z
?is_open@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QBE_NXZ
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@JW4seekdir@ios_base@2@@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@H@2@@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@XZ
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ

gdi32

CreateCompatibleDC
DeleteObject
ExtEscape
SelectObject
GetDeviceCaps
CreateICA
CreateDIBitmap
Rectangle
CreateCompatibleBitmap
CreateDCA
DeleteDC
BitBlt

ddraw

DirectDrawCreate

ws2_32

WSASetEvent
WSAResetEvent
WSASocketA
recvfrom
sendto
__WSAFDIsSet
WSAWaitForMultipleEvents
WSARecvFrom
listen
recv
htons
htonl
WSACleanup
WSAStartup
closesocket
select
getsockname
bind
socket
setsockopt
ntohl
ntohs
WSAEnumNetworkEvents
WSAEventSelect
WSACreateEvent
accept
connect
shutdown
WSACloseEvent
send
WSAGetLastError

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 136KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 176KB - Virtual size: 646KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a758624574c70196436962a6af928241

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

11:52:2d:eb:7b:7a:c2:73:94:e5:fe:57:32:39:12:cbCertificate

Extended Key Usages

Key Usages

a2:23:3e:d9:32:7f:ff:15:84:2e:3d:23:83:29:c0:cd:46:87:c8:9aSigner

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

advapi32

ole32

oleaut32

winmm

msvcp60

gdi32

ddraw

ws2_32

Exports

Exports

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 136KB - Virtual size: 134KB

.data Size: 176KB - Virtual size: 646KB

.rsrc Size: 12KB - Virtual size: 11KB

.reloc Size: 60KB - Virtual size: 59KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

11:52:2d:eb:7b:7a:c2:73:94:e5:fe:57:32:39:12:cb
Certificate

a2:23:3e:d9:32:7f:ff:15:84:2e:3d:23:83:29:c0:cd:46:87:c8:9a
Signer

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 136KB - Virtual size: 134KB

.data
Size: 176KB - Virtual size: 646KB

.rsrc
Size: 12KB - Virtual size: 11KB

.reloc
Size: 60KB - Virtual size: 59KB