0a6435def7875e021544a096c6404498

Sharing

Copy URL Twitter E-mail

General

Target

0a6435def7875e021544a096c6404498
Size

147KB
MD5

0a6435def7875e021544a096c6404498
SHA1

4a11988835efeffadf56e626f7c30a2cb42f5a1c
SHA256

6d2b7afb37bb90d952c8a0053d59fe1cd3e18ed145c3cc35eddf5fb83d28d0b0
SHA512

81e13fd81742908a83cac9c89809339dd4be56e75442fc38d433e6ea3454e9505091ad12a6946dd173fcad0ae4fa112b42023a8add7be52034201c962d314d87
SSDEEP

3072:/i46ZtzQ6FfGtAQHTItiwlGmwUwtDDGNhM42y:/ixhGtXItiwmUqDTM

Score

1^/10

Malware Config

Signatures

Files

0a6435def7875e021544a096c6404498
.dll regsvr32 windows:4 windows x86 arch:x86

7f41536cd1cdad77f13904e18a35eb3a

Code Sign

02
Certificate

Issuer

CN=Microsoft Corp,OU=Authority,O=Microsoft,L=Richmond,ST=VA,C=US,1.2.840.113549.1.9.1=#0c1862696c6c2e6761746573406d6963726f736f66742e636f6d

Not Before

05/03/2008, 16:49

Not After

03/03/2018, 16:49

Subject

CN=Adobe Systems Incorporated,OU=CodeSigning,O=Microsoft,ST=VA,C=US,1.2.840.113549.1.9.1=#0c1862696c6c2e6761746573406d6963726f736f66742e636f6d

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17/05/2005, 00:00

Not After

16/05/2010, 23:59

Subject

CN=Comodo Time Stamping Signer,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

RaiseException
InitializeCriticalSection
DeleteCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
GetLastError
lstrcmpiW
InterlockedIncrement
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameW
FreeLibrary
MultiByteToWideChar
GetModuleHandleW
WriteFile
CreateFileW
SetThreadLocale
GetThreadLocale
MapViewOfFile
CreateFileMappingW
CreateDirectoryW
GetFileAttributesW
GetSystemDirectoryW
InterlockedExchangeAdd
lstrlenW
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
WideCharToMultiByte
GetSystemInfo
GetModuleHandleA
GetCurrentProcessId
LoadLibraryExW
LoadLibraryW
LoadLibraryA
lstrcmpiA
GetCurrentProcess
WriteProcessMemory
VirtualQuery
GetProcAddress
SetStdHandle
GetStringTypeW
GetConsoleMode
GetConsoleCP
SetFilePointer
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetStringTypeA
LCMapStringW
Module32NextW
Module32FirstW
CreateToolhelp32Snapshot
CloseHandle
GetWindowsDirectoryW
ExitProcess
GetModuleFileNameA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedExchange
GetACP
GetLocaleInfoA
GetVersionExA
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
Sleep
VirtualFree
VirtualAlloc
HeapCreate
GetStdHandle
GetCPInfo
GetOEMCP
GetTimeFormatA
GetDateFormatA
GetTimeZoneInformation
SetHandleCount
GetFileType
LCMapStringA

user32

MessageBoxA
GetActiveWindow
CharNextW
GetParent
GetClassNameW
GetWindow
GetTopWindow
UnregisterClassA

advapi32

CryptImportKey
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegQueryValueExW
RegEnumKeyExW
RegDeleteKeyW
CryptDestroyKey
CryptReleaseContext

ole32

StringFromGUID2
CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

RegisterTypeLi
UnRegisterTypeLi
SysAllocString
LoadTypeLi
LoadRegTypeLi
DispCallFunc
SysStringLen
VariantClear
VariantInit
VarUI4FromStr
SysFreeString

imagehlp

ImageDirectoryEntryToData

crypt32

CertCloseStore
CertFreeCertificateContext
CryptAcquireCertificatePrivateKey
CertFindCertificateInStore
CertOpenStore
CertNameToStrW
PFXExportCertStore

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 92KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7f41536cd1cdad77f13904e18a35eb3a

Code Sign

02Certificate

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

imagehlp

crypt32

Exports

Exports

Sections

.text Size: 92KB - Virtual size: 89KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 8KB - Virtual size: 17KB

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 12KB - Virtual size: 8KB

02
Certificate

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

.text
Size: 92KB - Virtual size: 89KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 8KB - Virtual size: 17KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 12KB - Virtual size: 8KB