0e188e354d1988ecba5709cd0d69c9af

Sharing

Copy URL Twitter E-mail

General

Target

0e188e354d1988ecba5709cd0d69c9af
Size

4.7MB
MD5

0e188e354d1988ecba5709cd0d69c9af
SHA1

1fe4369e03ee3c9945d388552b4f27a5c06aa16d
SHA256

829476b6c10f4bf697f6617485c1956370705ccb58da7bdeb6a2b72a2b74e843
SHA512

f6a9ad17190de596c566c3e684312c5cbd7f37594227a1d7ad449bc9ea8847a8ffed1e06d1c5e2092e09c498ef385455f951d46a771d65392507d635b12040d5
SSDEEP

24576:V6v6hAo4kyNPa8bWVGsvzWEXV6b3+kJ+6PIyzIaFHPSa/C2jn3HsHi7gu9zaDWTA:WMAXW5/6b3+kJ+9aFfdXsHI9IgUU4+b0

Score

1^/10

Malware Config

Signatures

Files

0e188e354d1988ecba5709cd0d69c9af
.dll windows:10 windows x64 arch:x64

810ef8ea2f72e8c0e9dad1ea6e4262f9

Code Sign

33:00:00:00:2d:4e:7a:ec:99:b0:f0:5f:73:00:00:00:00:00:2d
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/01/2016, 19:41

Not After

06/04/2017, 19:41

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:2d:4e:7a:ec:99:b0:f0:5f:73:00:00:00:00:00:2d
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/01/2016, 19:41

Not After

06/04/2017, 19:41

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2d:19:64:e2:9e:4b:97:53:83:8b:55:b7:db:97:2f:e4:72:68:f0:5f:3c:16:d7:34:de:97:1c:a6:04:d2:48:a0
Signer

Actual PE Digest

2d:19:64:e2:9e:4b:97:53:83:8b:55:b7:db:97:2f:e4:72:68:f0:5f:3c:16:d7:34:de:97:1c:a6:04:d2:48:a0

Digest Algorithm

sha256

PE Digest Matches

true

2d:19:64:e2:9e:4b:97:53:83:8b:55:b7:db:97:2f:e4:72:68:f0:5f:3c:16:d7:34:de:97:1c:a6:04:d2:48:a0
Signer

Actual PE Digest

2d:19:64:e2:9e:4b:97:53:83:8b:55:b7:db:97:2f:e4:72:68:f0:5f:3c:16:d7:34:de:97:1c:a6:04:d2:48:a0

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

dxgi

CreateDXGIFactory1

user32

EnumDisplayDevicesA

gdi32

CreateDCA
DeleteDC

advapi32

RegQueryValueExW
RegOpenKeyExW
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

opengl32

wglShareLists
wglCreateContext
wglDeleteContext
wglMakeCurrent
wglGetProcAddress
wglGetCurrentDC
wglGetCurrentContext

kernel32

SetEndOfFile
SetEnvironmentVariableA
GetFileAttributesExW
CreateProcessA
GetExitCodeProcess
FreeEnvironmentStringsW
GetEnvironmentStringsW
ReadConsoleW
Sleep
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
CloseHandle
WaitForSingleObject
VirtualFree
SetEvent
CreateEventA
WaitForMultipleObjects
GetProcAddress
LoadLibraryA
VirtualAlloc
QueryPerformanceCounter
SetErrorMode
FreeLibrary
GetStdHandle
GetEnvironmentVariableA
DuplicateHandle
InitializeCriticalSection
GetCurrentProcess
GetCurrentThreadId
GetModuleFileNameA
CreateDirectoryA
OutputDebugStringA
GetLastError
GetCurrentProcessId
GetExitCodeThread
GetSystemInfo
GetNativeSystemInfo
IsWow64Process
GetModuleHandleA
GetSystemWow64DirectoryA
CreateFileW
DeleteFileW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
MultiByteToWideChar
QueryPerformanceFrequency
WideCharToMultiByte
EncodePointer
DecodePointer
GetStringTypeW
RtlPcToFileHeader
RaiseException
RtlLookupFunctionEntry
RtlUnwindEx
HeapFree
GetSystemTimeAsFileTime
HeapAlloc
GetFileType
GetModuleFileNameW
GetModuleHandleExW
WriteConsoleW
CreateThread
ExitThread
LoadLibraryExW
IsDebuggerPresent
IsProcessorFeaturePresent
SetStdHandle
ReadFile
GetLocalTime
GetCommandLineA
GetCPInfo
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ExitProcess
AreFileApisANSI
HeapSize
GetProcessHeap
HeapReAlloc
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
OutputDebugStringW
SetFilePointerEx
IsValidCodePage
GetACP
GetOEMCP

Exports

Exports

clBuildProgram
clCompileProgram
clCreateBuffer
clCreateCommandQueue
clCreateCommandQueueWithProperties
clCreateContext
clCreateContextFromType
clCreateFromGLBuffer
clCreateFromGLRenderbuffer
clCreateFromGLTexture
clCreateFromGLTexture2D
clCreateFromGLTexture3D
clCreateImage
clCreateImage2D
clCreateImage3D
clCreateKernel
clCreateKernelsInProgram
clCreatePipe
clCreateProgramWithBinary
clCreateProgramWithBuiltInKernels
clCreateProgramWithSource
clCreateSampler
clCreateSamplerWithProperties
clCreateSubBuffer
clCreateSubDevices
clCreateUserEvent
clEnqueueAcquireGLObjects
clEnqueueBarrier
clEnqueueBarrierWithWaitList
clEnqueueCopyBuffer
clEnqueueCopyBufferRect
clEnqueueCopyBufferToImage
clEnqueueCopyImage
clEnqueueCopyImageToBuffer
clEnqueueFillBuffer
clEnqueueFillImage
clEnqueueMapBuffer
clEnqueueMapImage
clEnqueueMarker
clEnqueueMarkerWithSyncObjectINTEL
clEnqueueMarkerWithWaitList
clEnqueueMigrateMemObjects
clEnqueueNDRangeKernel
clEnqueueNativeKernel
clEnqueueReadBuffer
clEnqueueReadBufferRect
clEnqueueReadImage
clEnqueueReleaseGLObjects
clEnqueueSVMFree
clEnqueueSVMMap
clEnqueueSVMMemFill
clEnqueueSVMMemcpy
clEnqueueSVMUnmap
clEnqueueTask
clEnqueueUnmapMemObject
clEnqueueWaitForEvents
clEnqueueWriteBuffer
clEnqueueWriteBufferRect
clEnqueueWriteImage
clFinish
clFlush
clGetCLObjectInfoINTEL
clGetCommandQueueInfo
clGetContextInfo
clGetDeviceIDs
clGetDeviceInfo
clGetEventInfo
clGetEventProfilingInfo
clGetExtensionFunctionAddress
clGetExtensionFunctionAddressForPlatform
clGetGLObjectInfo
clGetGLTextureInfo
clGetImageInfo
clGetKernelArgInfo
clGetKernelInfo
clGetKernelWorkGroupInfo
clGetMemObjectInfo
clGetPipeInfo
clGetPlatformIDs
clGetPlatformInfo
clGetProgramBuildInfo
clGetProgramInfo
clGetSamplerInfo
clGetSupportedImageFormats
clLinkProgram
clReleaseCommandQueue
clReleaseContext
clReleaseDevice
clReleaseEvent
clReleaseKernel
clReleaseMemObject
clReleaseProgram
clReleaseSampler
clRetainCommandQueue
clRetainContext
clRetainDevice
clRetainEvent
clRetainKernel
clRetainMemObject
clRetainProgram
clRetainSampler
clSVMAlloc
clSVMFree
clSetCommandQueueProperty
clSetEventCallback
clSetKernelArg
clSetKernelArgSVMPointer
clSetKernelExecInfo
clSetMemObjectDestructorCallback
clSetUserEventStatus
clUnloadCompiler
clUnloadPlatformCompiler
clWaitForEvents

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 78KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

810ef8ea2f72e8c0e9dad1ea6e4262f9

Code Sign

33:00:00:00:2d:4e:7a:ec:99:b0:f0:5f:73:00:00:00:00:00:2dCertificate

Extended Key Usages

61:0b:aa:c1:00:00:00:00:00:09Certificate

Key Usages

33:00:00:00:2d:4e:7a:ec:99:b0:f0:5f:73:00:00:00:00:00:2dCertificate

Extended Key Usages

61:0b:aa:c1:00:00:00:00:00:09Certificate

Key Usages

2d:19:64:e2:9e:4b:97:53:83:8b:55:b7:db:97:2f:e4:72:68:f0:5f:3c:16:d7:34:de:97:1c:a6:04:d2:48:a0Signer

2d:19:64:e2:9e:4b:97:53:83:8b:55:b7:db:97:2f:e4:72:68:f0:5f:3c:16:d7:34:de:97:1c:a6:04:d2:48:a0Signer

Headers

DLL Characteristics

File Characteristics

Imports

dxgi

user32

gdi32

advapi32

opengl32

kernel32

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 3.4MB - Virtual size: 3.4MB

.data Size: 78KB - Virtual size: 133KB

.pdata Size: 56KB - Virtual size: 56KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 7KB - Virtual size: 7KB

33:00:00:00:2d:4e:7a:ec:99:b0:f0:5f:73:00:00:00:00:00:2d
Certificate

61:0b:aa:c1:00:00:00:00:00:09
Certificate

33:00:00:00:2d:4e:7a:ec:99:b0:f0:5f:73:00:00:00:00:00:2d
Certificate

61:0b:aa:c1:00:00:00:00:00:09
Certificate

2d:19:64:e2:9e:4b:97:53:83:8b:55:b7:db:97:2f:e4:72:68:f0:5f:3c:16:d7:34:de:97:1c:a6:04:d2:48:a0
Signer

2d:19:64:e2:9e:4b:97:53:83:8b:55:b7:db:97:2f:e4:72:68:f0:5f:3c:16:d7:34:de:97:1c:a6:04:d2:48:a0
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 3.4MB - Virtual size: 3.4MB

.data
Size: 78KB - Virtual size: 133KB

.pdata
Size: 56KB - Virtual size: 56KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 7KB