0ef3dde5af3e536a679586fba6e094ce

Sharing

Copy URL Twitter E-mail

General

Target

0ef3dde5af3e536a679586fba6e094ce
Size

153KB
MD5

0ef3dde5af3e536a679586fba6e094ce
SHA1

16d3aa0917c872fe3aea60c9122f1b4605597f3e
SHA256

22a4552f262ace02fb09934198b69fb79b4d1daeea52b0ff4422127d1b8165de
SHA512

ef78f5240d7f89761945ee17de28a68d0bf2683d44069800c149a59eda2a66ad6493647866dac863927787b8c5b7deffa7449ee60cae3fa125227e368439b84a
SSDEEP

3072:JeU5bqNvIplsyl5/c9oeGG0im/HQdPVsHB5GifwEJrAWTje:F5GNvIjU96GyIdPVsHB5JfjrAca

Score

1^/10

Malware Config

Signatures

Files

0ef3dde5af3e536a679586fba6e094ce
.dll windows:4 windows x86 arch:x86

ec168346934c17a373ded0320c62c824

Code Sign

02:3a:64
Certificate

Issuer

CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US

Not Before

18/10/2012, 14:38

Not After

20/05/2022, 14:38

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7e:1f:df:72:99:e8:d2:45:a1:5d:0b:a8:e5:b1:59:ba
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

19/05/2022, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

30/09/2010, 00:00

Not After

01/01/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:e2:8b:26:db:59:3e:c4:e7:32:86:b6:64:99:c3:70
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

14/11/2011, 00:00

Not After

13/11/2014, 23:59

Subject

CN=Google Inc,OU=Digital ID Class 3 - Java Object Signing,O=Google Inc,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c2:ef:ce:b1:cd:7f:2f:a4:2a:c7:ba:65:bc:ce:b1:51:0e:c8:97:16
Signer

Actual PE Digest

c2:ef:ce:b1:cd:7f:2f:a4:2a:c7:ba:65:bc:ce:b1:51:0e:c8:97:16

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateFileMappingA
DeleteCriticalSection
EnterCriticalSection
GetConsoleScreenBufferInfo
GetLastError
GetModuleHandleA
GetProcAddress
GetStdHandle
GetSystemTimeAsFileTime
InitializeCriticalSection
InterlockedExchange
IsDBCSLeadByteEx
LeaveCriticalSection
MapViewOfFile
MultiByteToWideChar
SetConsoleTextAttribute
Sleep
TlsGetValue
UnmapViewOfFile
VirtualProtect
VirtualQuery
WideCharToMultiByte

msvcrt

_close
_fstat
_isatty
_open
_read
_tempnam
__dllonexit
__mb_cur_max
_errno
_get_osfhandle
_iob
_isctype
_pctype
_vscprintf
abort
acos
asin
atan
atoi
bsearch
calloc
ceil
clock
cos
cosh
exp
fflush
floor
fputc
fputs
free
frexp
fwrite
getenv
gmtime
ldexp
localeconv
localtime
log
malloc
memcmp
memcpy
memmove
memset
mktime
pow
realloc
setlocale
sin
sinh
sqrt
sscanf
strchr
strcmp
strcpy
strcspn
strlen
strspn
strtod
strtol
strtoul
tan
tanh
time
toupper
vfprintf
wcslen

Exports

Exports

av_add_q
av_adler32_update
av_aes_crypt
av_aes_init
av_aes_size
av_asprintf
av_audio_fifo_alloc
av_audio_fifo_drain
av_audio_fifo_free
av_audio_fifo_read
av_audio_fifo_realloc
av_audio_fifo_reset
av_audio_fifo_size
av_audio_fifo_space
av_audio_fifo_write
av_base64_decode
av_base64_encode
av_blowfish_crypt
av_blowfish_crypt_ecb
av_blowfish_init
av_bmg_get
av_bprint_channel_layout
av_bprint_chars
av_bprint_clear
av_bprint_finalize
av_bprint_init
av_bprint_init_for_buffer
av_bprintf
av_calloc
av_channel_layout_extract_channel
av_compare_mod
av_compare_ts
av_crc
av_crc_get_table
av_crc_init
av_d2q
av_d2str
av_dbl2ext
av_dbl2int
av_default_get_category
av_default_item_name
av_des_crypt
av_des_init
av_des_mac
av_dict_copy
av_dict_free
av_dict_get
av_dict_set
av_div_q
av_dynarray_add
av_eval_expr
av_evaluate_lls
av_expr_eval
av_expr_free
av_expr_parse
av_expr_parse_and_eval
av_ext2dbl
av_fifo_alloc
av_fifo_drain
av_fifo_free
av_fifo_generic_read
av_fifo_generic_write
av_fifo_grow
av_fifo_realloc2
av_fifo_reset
av_fifo_size
av_fifo_space
av_file_map
av_file_unmap
av_find_info_tag
av_find_nearest_q_idx
av_find_opt
av_flt2int
av_force_cpu_flags
av_free
av_free_expr
av_freep
av_gcd
av_get_alt_sample_fmt
av_get_bits_per_pixel
av_get_bits_per_sample_fmt
av_get_bytes_per_sample
av_get_channel_layout
av_get_channel_layout_channel_index
av_get_channel_layout_nb_channels
av_get_channel_layout_string
av_get_channel_name
av_get_cpu_flags
av_get_default_channel_layout
av_get_double
av_get_int
av_get_media_type_string
av_get_packed_sample_fmt
av_get_picture_type_char
av_get_pix_fmt
av_get_pix_fmt_name
av_get_pix_fmt_string
av_get_planar_sample_fmt
av_get_q
av_get_random_seed
av_get_sample_fmt
av_get_sample_fmt_name
av_get_sample_fmt_string
av_get_string
av_get_token
av_gettime
av_image_alloc
av_image_check_size
av_image_copy
av_image_copy_plane
av_image_copy_to_buffer
av_image_fill_arrays
av_image_fill_linesizes
av_image_fill_max_pixsteps
av_image_fill_pointers
av_image_get_buffer_size
av_image_get_linesize
av_init_lls
av_int2dbl
av_int2flt
av_lfg_init
av_log
av_log_default_callback
av_log_format_line
av_log_get_level
av_log_set_callback
av_log_set_flags
av_log_set_level
av_lzo1x_decode
av_malloc
av_mallocz
av_max_alloc
av_md5_final
av_md5_init
av_md5_size
av_md5_sum
av_md5_update
av_memcpy_backptr
av_mul_q
av_nearer_q
av_next_option
av_opt_child_class_next
av_opt_child_next
av_opt_eval_double
av_opt_eval_flags
av_opt_eval_float
av_opt_eval_int
av_opt_eval_int64
av_opt_eval_q
av_opt_find
av_opt_find2
av_opt_flag_is_set
av_opt_free
av_opt_get
av_opt_get_double
av_opt_get_int
av_opt_get_q
av_opt_next
av_opt_ptr
av_opt_set
av_opt_set_bin
av_opt_set_defaults
av_opt_set_defaults2
av_opt_set_dict
av_opt_set_double
av_opt_set_int
av_opt_set_q
av_opt_show2
av_parse_and_eval_expr
av_parse_color
av_parse_cpu_caps
av_parse_cpu_flags
av_parse_expr
av_parse_ratio
av_parse_time
av_parse_video_rate
av_parse_video_size
av_pix_fmt_descriptors
av_rc4_crypt
av_rc4_init
av_read_image_line
av_realloc
av_realloc_f
av_reduce
av_rescale
av_rescale_q
av_rescale_q_rnd
av_rescale_rnd
av_reverse
av_sample_fmt_is_planar
av_samples_alloc
av_samples_copy
av_samples_fill_arrays
av_samples_get_buffer_size
av_samples_set_silence
av_set_cpu_flags_mask
av_set_double
av_set_int
av_set_options_string
av_set_q
av_set_string3
av_sha_final
av_sha_init
av_sha_size
av_sha_update
av_solve_lls
av_strcasecmp
av_strdup
av_strerror
av_stristart
av_stristr
av_strlcat
av_strlcatf
av_strlcpy
av_strncasecmp
av_strstart
av_strtod
av_strtok
av_sub_q
av_tempfile
av_timecode_adjust_ntsc_framenum
av_timecode_get_smpte_from_framenum
av_timecode_init
av_timecode_init_from_string
av_timecode_make_mpeg_tc_string
av_timecode_make_smpte_tc_string
av_timecode_make_string
av_timegm
av_tree_destroy
av_tree_enumerate
av_tree_find
av_tree_insert
av_tree_node_size
av_update_lls
av_usleep
av_vlog
av_write_image_line
av_xtea_crypt
av_xtea_init
avpriv_float_dsp_init
avutil_configuration
avutil_license
avutil_version
ff_float_dsp_init_x86
ff_get_cpu_flags_x86
ff_inverse
ff_log2_tab
ff_set_systematic_pal2
ff_sqrt_tab
ff_vector_fmac_scalar_avx
ff_vector_fmac_scalar_sse
ff_vector_fmul_avx
ff_vector_fmul_sse

Sections

.text
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 19KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ec168346934c17a373ded0320c62c824

Code Sign

02:3a:64Certificate

Extended Key Usages

Key Usages

7e:1f:df:72:99:e8:d2:45:a1:5d:0b:a8:e5:b1:59:baCertificate

Extended Key Usages

Key Usages

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4Certificate

Extended Key Usages

Key Usages

09:e2:8b:26:db:59:3e:c4:e7:32:86:b6:64:99:c3:70Certificate

Extended Key Usages

Key Usages

c2:ef:ce:b1:cd:7f:2f:a4:2a:c7:ba:65:bc:ce:b1:51:0e:c8:97:16Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 90KB - Virtual size: 90KB

.data Size: 512B - Virtual size: 276B

.rdata Size: 27KB - Virtual size: 26KB

/4 Size: 14KB - Virtual size: 14KB

.bss Size: - Virtual size: 19KB

.edata Size: 7KB - Virtual size: 6KB

.idata Size: 2KB - Virtual size: 2KB

.CRT Size: 512B - Virtual size: 24B

.tls Size: 512B - Virtual size: 32B

.reloc Size: 3KB - Virtual size: 3KB

02:3a:64
Certificate

7e:1f:df:72:99:e8:d2:45:a1:5d:0b:a8:e5:b1:59:ba
Certificate

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

09:e2:8b:26:db:59:3e:c4:e7:32:86:b6:64:99:c3:70
Certificate

c2:ef:ce:b1:cd:7f:2f:a4:2a:c7:ba:65:bc:ce:b1:51:0e:c8:97:16
Signer

.text
Size: 90KB - Virtual size: 90KB

.data
Size: 512B - Virtual size: 276B

.rdata
Size: 27KB - Virtual size: 26KB

/4
Size: 14KB - Virtual size: 14KB

.bss
Size: - Virtual size: 19KB

.edata
Size: 7KB - Virtual size: 6KB

.idata
Size: 2KB - Virtual size: 2KB

.CRT
Size: 512B - Virtual size: 24B

.tls
Size: 512B - Virtual size: 32B

.reloc
Size: 3KB - Virtual size: 3KB