16266878bd91f49edf761d24da6ca739

Sharing

Copy URL Twitter E-mail

General

Target

16266878bd91f49edf761d24da6ca739
Size

769KB
MD5

16266878bd91f49edf761d24da6ca739
SHA1

d781313deab4481692d005bf9df7c18bb703bcad
SHA256

158421a4a53f8277a728e41034220665ed27d3368775c50f00293d7164a7700d
SHA512

720e3f76e994f4acb806c982a79ea0f3bd5ea29371a633f28dcf5b321b2f37a4db9cf22692889e21e5b8ac3ae9ae84e26c99106fc38ae49594564edbc7c3191a
SSDEEP

6144:hQ+T/XQzmvuo9XEj5A4/F7yWeOnvlT9f5DJvE7Y0Jr5+W6BO0h9SH1BIKcriV2bD:DzvzWAtWzB2Fjr3+l3a6M4CTLQtmwz

Score

1^/10

Malware Config

Signatures

Files

16266878bd91f49edf761d24da6ca739
.dll regsvr32 windows:5 windows x64 arch:x64

49b9b886e19061c25e8654d3cd41f2a2

Code Sign

12:0b:25:dd:e5:7b:88:63:6a:d4:d9:7d:23:b9:9c:88
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

02/05/2013, 00:00

Not After

02/05/2015, 23:59

Subject

CN=Goobzo LTD,O=Goobzo LTD,L=Haifa,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8c:5b:d5:cc:f4:97:6d:fe:00:3b:a2:f1:7c:d4:6a:17:96:ef:33:0d
Signer

Actual PE Digest

8c:5b:d5:cc:f4:97:6d:fe:00:3b:a2:f1:7c:d4:6a:17:96:ef:33:0d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

urlmon

CoInternetGetSession
URLDownloadToCacheFileA

wininet

HttpSendRequestA
InternetQueryOptionA
HttpOpenRequestA
InternetSetOptionA
InternetReadFile
InternetConnectA
InternetCloseHandle
InternetOpenA
InternetCrackUrlA
HttpQueryInfoA

ws2_32

inet_ntoa
WSAStartup
WSACleanup
gethostbyname

kernel32

WideCharToMultiByte
FlushInstructionCache
GetCurrentProcess
RaiseException
GetCurrentThreadId
SetLastError
EnterCriticalSection
LeaveCriticalSection
GetLastError
GetFileSize
GetFileSizeEx
WriteFile
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
FindClose
CloseHandle
GetSystemTimeAsFileTime
ExpandEnvironmentStringsA
CreateDirectoryA
CreateFileA
FindFirstFileA
LocalFree
GetModuleHandleA
GetCurrentProcessId
CreateThread
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
MultiByteToWideChar
SetEvent
ReleaseMutex
WaitForSingleObject
WaitForMultipleObjects
Sleep
lstrcpyA
lstrlenA
CreateMutexA
OpenMutexA
CreateEventA
DeleteFileA
FindNextFileA
FindFirstChangeNotificationA
LocalAlloc
FreeLibrary
GetProcAddress
OpenProcess
TerminateProcess
LoadLibraryA
GetVersion
GetVersionExA
InitializeCriticalSection
GetACP
DecodePointer
FindResourceExW
lstrcmpiA
LoadLibraryExA
GetModuleFileNameA
GetModuleHandleW
FindResourceA
IsDBCSLeadByte
VirtualProtect
IsValidCodePage
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
GetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
GetCPInfo
GetCommandLineA
VirtualQuery
GetSystemInfo
IsProcessorFeaturePresent
IsDebuggerPresent
AreFileApisANSI
RtlUnwindEx
RtlLookupFunctionEntry
RtlPcToFileHeader
GetStringTypeW
VirtualFree
VirtualAlloc
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetOEMCP
GetConsoleCP
GetConsoleMode
MoveFileExW
GetTimeZoneInformation
FindResourceW
GetTickCount
SizeofResource
LoadResource
DisableThreadLibraryCalls
LockResource
GetFileType
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
OutputDebugStringW
SetEnvironmentVariableA
LoadLibraryExW
LoadLibraryW
SetFilePointerEx
SetStdHandle
WriteConsoleW
CreateFileW
ReadConsoleW
EncodePointer

user32

RegisterClassExA
GetMenuItemInfoA
CreateWindowExA
CallWindowProcA
UnregisterClassA
GetClassNameA
BringWindowToTop
DefWindowProcA
GetWindowLongPtrA
PostMessageA
GetClassInfoExA
keybd_event
GetWindowTextA
SystemParametersInfoA
AllowSetForegroundWindow
SetWindowLongPtrA
GetDesktopWindow
LoadCursorA
GetWindowThreadProcessId
SendMessageA
AttachThreadInput
SetWindowPos
GetForegroundWindow
SetForegroundWindow
GetWindowRect
GetParent
FindWindowA
FindWindowExA
UnhookWindowsHookEx
DestroyIcon
MessageBoxA
SendMessageTimeoutA
CharNextA
CharNextW
SetTimer
KillTimer
RegisterWindowMessageA
IsWindow
IsWindowVisible
CreatePopupMenu
GetMenuItemCount
InsertMenuA
DeleteMenu
TrackPopupMenuEx
GetKeyboardState

advapi32

GetSidSubAuthorityCount
RegOpenKeyExA
RegEnumValueA
RegSetValueExA
RegQueryInfoKeyW
RegQueryInfoKeyA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
LookupPrivilegeValueA
AdjustTokenPrivileges
GetSidSubAuthority
GetTokenInformation
OpenProcessToken
RegQueryValueExA
RegCloseKey

shell32

SHFileOperationA
ShellExecuteA
ShellExecuteExA
SHGetFolderPathA

ole32

CoTaskMemAlloc
StringFromGUID2
CoCreateInstance
CoGetClassObject
CoInitializeEx
CoUninitialize
CoCreateGuid
CLSIDFromProgID
CoTaskMemRealloc
CoTaskMemFree

oleaut32

VariantCopy
VariantChangeType
SysAllocStringLen
DispCallFunc
UnRegisterTypeLi
RegisterTypeLi
LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
VariantClear
VariantInit
SysStringLen
SysAllocString
SysFreeString

shlwapi

UrlEscapeA

gdiplus

GdiplusShutdown

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 502KB - Virtual size: 501KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 192KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 17B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

49b9b886e19061c25e8654d3cd41f2a2

Code Sign

12:0b:25:dd:e5:7b:88:63:6a:d4:d9:7d:23:b9:9c:88Certificate

Extended Key Usages

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6dCertificate

Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

8c:5b:d5:cc:f4:97:6d:fe:00:3b:a2:f1:7c:d4:6a:17:96:ef:33:0dSigner

Headers

DLL Characteristics

File Characteristics

Imports

version

urlmon

wininet

ws2_32

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

gdiplus

Exports

Exports

Sections

.text Size: 502KB - Virtual size: 501KB

.rdata Size: 192KB - Virtual size: 192KB

.data Size: 16KB - Virtual size: 31KB

.pdata Size: 31KB - Virtual size: 31KB

.tls Size: 512B - Virtual size: 17B

.rsrc Size: 12KB - Virtual size: 12KB

.reloc Size: 9KB - Virtual size: 9KB

12:0b:25:dd:e5:7b:88:63:6a:d4:d9:7d:23:b9:9c:88
Certificate

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

8c:5b:d5:cc:f4:97:6d:fe:00:3b:a2:f1:7c:d4:6a:17:96:ef:33:0d
Signer

.text
Size: 502KB - Virtual size: 501KB

.rdata
Size: 192KB - Virtual size: 192KB

.data
Size: 16KB - Virtual size: 31KB

.pdata
Size: 31KB - Virtual size: 31KB

.tls
Size: 512B - Virtual size: 17B

.rsrc
Size: 12KB - Virtual size: 12KB

.reloc
Size: 9KB - Virtual size: 9KB