21d46a7d6924e94653fab4190f32b5b5

Sharing

Copy URL Twitter E-mail

General

Target

21d46a7d6924e94653fab4190f32b5b5
Size

1.5MB
MD5

21d46a7d6924e94653fab4190f32b5b5
SHA1

5874bc7988461ff7c219759f2c5e7d4ff3cad65a
SHA256

06504d782f2791b0595a58cf27b0e2a5862fb84b7c75fe6ad9ad1fa15b2abcf1
SHA512

e83cd7b076b7a1ab62b6c0972ff041882e047aa49a9cdde736a039fb22a460ce5a210d837d6f83fee15ce04fdb0592524ee67fc202dc4ae58e16e39774b96bb8
SSDEEP

12288:K3Ew6VDmua9lsJ8YpEHkDp66P4D6EqY4XISE5HlOJzf4Js1is:K3EbViua92JJoopXPISjBis

Score

1^/10

Malware Config

Signatures

Files

21d46a7d6924e94653fab4190f32b5b5
.dll windows:6 windows x64 arch:x64

dddd41429fe7d7d52430f984dad6fa55

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:31:89:c6:37:e8
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

02/08/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:2c:cb:a9:49:bb:94:24:e9:8f:41:6f:ad:41
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

02/08/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:ad:ec:c1:3b:23:21:78:af:9e:c4:d6:31:5a:dd:de:80
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

21/04/2016, 10:04

Not After

22/04/2017, 10:04

Subject

CN=WinZip Computing LLC,OU=IT Infrastructure,O=WinZip Computing LLC,L=Mansfield,ST=CT,C=US,1.2.840.113549.1.9.1=#0c0f68656c704077696e7a69702e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:37:e8
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

02/08/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:2c:cb:a9:49:bb:94:24:e9:8f:41:6f:ad:41
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

02/08/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:ad:ec:c1:3b:23:21:78:af:9e:c4:d6:31:5a:dd:de:80
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

21/04/2016, 10:04

Not After

22/04/2017, 10:04

Subject

CN=WinZip Computing LLC,OU=IT Infrastructure,O=WinZip Computing LLC,L=Mansfield,ST=CT,C=US,1.2.840.113549.1.9.1=#0c0f68656c704077696e7a69702e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2d:4e:86:50:85:be:e0:0e:13:72:28:b3:d0:b1:32:e9
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 2,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

87:ec:f4:07:1e:4a:cd:21:65:7e:96:be:7d:bd:66:55:49:51:c0:1a:29:23:f0:c4:f7:f0:ef:2f:9b:b2:d2:c2
Signer

Actual PE Digest

87:ec:f4:07:1e:4a:cd:21:65:7e:96:be:7d:bd:66:55:49:51:c0:1a:29:23:f0:c4:f7:f0:ef:2f:9b:b2:d2:c2

Digest Algorithm

sha256

PE Digest Matches

true

6a:10:4a:c4:5a:10:92:4f:57:85:6b:18:09:44:ef:69:b2:ae:33:8d
Signer

Actual PE Digest

6a:10:4a:c4:5a:10:92:4f:57:85:6b:18:09:44:ef:69:b2:ae:33:8d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

comctl32

ImageList_Destroy
ImageList_Create
_TrackMouseEvent
ord413
ord412
ImageList_GetIcon
ord410

kernel32

TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
CreateFileW
FlushFileBuffers
GetFileType
ReadFile
SetFilePointerEx
WriteFile
OutputDebugStringW
Sleep
GetTickCount
LocalFree
FormatMessageW
SystemTimeToFileTime
MultiByteToWideChar
WideCharToMultiByte
SetLastError
GetLocaleInfoW
IsBadReadPtr
IsBadWritePtr
FreeResource
LoadResource
LockResource
SizeofResource
GlobalAlloc
GlobalSize
GetCurrentProcess
GlobalUnlock
GlobalFree
FindResourceW
MulDiv
lstrcmpiW
GetACP
GlobalLock
ReleaseActCtx
SetStdHandle
ReadConsoleW
GetConsoleMode
GetConsoleCP
HeapSize
HeapReAlloc
GetCommandLineW
GetCommandLineA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringW
GetStringTypeW
FreeLibraryAndExitThread
ExitThread
CreateThread
WriteConsoleW
GetStdHandle
GetModuleHandleExW
ExitProcess
InterlockedFlushSList
RtlUnwindEx
EncodePointer
RtlPcToFileHeader
FormatMessageA
CreateWaitableTimerA
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
ResumeThread
SetWaitableTimer
ReleaseSemaphore
WaitForMultipleObjectsEx
GetModuleHandleA
OpenEventA
SearchPathW
MapViewOfFile
UnmapViewOfFile
GetSystemDefaultUILanguage
FindResourceExW
GetVersionExW
CreateFileMappingW
RaiseException
GetLastError
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetProcAddress
GetModuleHandleW
CreateEventW
ResetEvent
LeaveCriticalSection
EnterCriticalSection
SetThreadUILanguage
GetUserDefaultUILanguage
VerifyVersionInfoW
LoadLibraryExW
FreeLibrary
VerSetConditionMask
HeapFree
HeapAlloc
GetProcessHeap
WaitForSingleObjectEx
ActivateActCtx
DeactivateActCtx
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
CreateEventA
CloseHandle
SetEvent
OpenEventW
GetModuleFileNameW
CreateActCtxW

user32

DrawTextExW
MsgWaitForMultipleObjects
GetWindowTextLengthW
GetWindowTextW
GetComboBoxInfo
SetClassLongPtrW
GetClassLongPtrW
GetScrollInfo
SetScrollInfo
LoadCursorW
SetParent
SetWindowLongW
GetWindowLongW
TrackPopupMenu
AppendMenuW
DestroyIcon
CreatePopupMenu
GetClassInfoExW
RegisterClassExW
DefWindowProcW
PostMessageW
ReleaseCapture
SetCapture
IsDlgButtonChecked
MapDialogRect
SetWindowTextW
AnimateWindow
TrackMouseEvent
CharNextW
GetPropW
InflateRect
FrameRect
FillRect
DrawFocusRect
GetClientRect
SetPropW
EndPaint
DrawIconEx
DestroyMenu
BeginPaint
GetWindowDC
UpdateWindow
IsWindowEnabled
KillTimer
SetTimer
GetKeyState
GetFocus
GetMonitorInfoW
MonitorFromRect
MonitorFromPoint
SystemParametersInfoW
LoadImageW
GetDesktopWindow
PtInRect
IsRectEmpty
GetCursorPos
GetSystemMetrics
IsIconic
MoveWindow
MessageBoxW
DialogBoxIndirectParamW
DialogBoxParamW
CreateDialogIndirectParamW
GetWindow
GetClassNameW
GetParent
SetWindowLongPtrW
GetWindowLongPtrW
GetSysColor
ScreenToClient
GetWindowRect
InvalidateRect
ReleaseDC
GetDC
DrawTextW
GetDlgCtrlID
EndDialog
CreateDialogParamW
SetWindowPos
IsWindow
CreateWindowExW
LoadStringW
IsDialogMessageW
EnableWindow
SetFocus
SendDlgItemMessageW
CheckDlgButton
GetDlgItem
IsWindowVisible
ShowWindow
DestroyWindow
WaitMessage
SendMessageW
PeekMessageW
DispatchMessageW
TranslateMessage
SetRectEmpty

advapi32

RegQueryInfoKeyW
RegEnumKeyExW
RegCloseKey
RegOpenKeyW
RegQueryValueExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
RegEnumValueW
RegSetValueExW
SystemFunction036

ole32

OleRun
CoUninitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
CoInitialize

oleaut32

SysStringByteLen
SysFreeString
VarUI4FromStr
SysAllocString
SysAllocStringByteLen
SysStringLen
GetErrorInfo

gdi32

CreateSolidBrush
GetStockObject
SetBkMode
SetTextColor
GetObjectW
CreateFontIndirectW
GetDeviceCaps
BitBlt
CreateCompatibleDC
DeleteDC
GetBkColor
GetDIBits
SelectObject
SetDIBits
CreateCompatibleBitmap
CreatePen
LineTo
MoveToEx
SetBkColor
Ellipse
TextOutW
GetTextExtentPoint32W
SetDCBrushColor
DeleteObject

msimg32

AlphaBlend

Exports

Exports

CreateWzWXFProvider
DllMain
GetInterfaceVersion

Sections

.text
Size: 406KB - Virtual size: 405KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 214KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 878KB - Virtual size: 878KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dddd41429fe7d7d52430f984dad6fa55

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:37:e8Certificate

Extended Key Usages

Key Usages

47:2c:cb:a9:49:bb:94:24:e9:8f:41:6f:ad:41Certificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

11:21:ad:ec:c1:3b:23:21:78:af:9e:c4:d6:31:5a:dd:de:80Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:37:e8Certificate

Extended Key Usages

Key Usages

47:2c:cb:a9:49:bb:94:24:e9:8f:41:6f:ad:41Certificate

Extended Key Usages

Key Usages

11:21:ad:ec:c1:3b:23:21:78:af:9e:c4:d6:31:5a:dd:de:80Certificate

Extended Key Usages

Key Usages

2d:4e:86:50:85:be:e0:0e:13:72:28:b3:d0:b1:32:e9Certificate

Extended Key Usages

Key Usages

Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

87:ec:f4:07:1e:4a:cd:21:65:7e:96:be:7d:bd:66:55:49:51:c0:1a:29:23:f0:c4:f7:f0:ef:2f:9b:b2:d2:c2Signer

6a:10:4a:c4:5a:10:92:4f:57:85:6b:18:09:44:ef:69:b2:ae:33:8dSigner

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

kernel32

user32

advapi32

ole32

oleaut32

gdi32

msimg32

Exports

Exports

Sections

.text Size: 406KB - Virtual size: 405KB

.rdata Size: 214KB - Virtual size: 214KB

.data Size: 13KB - Virtual size: 81KB

.pdata Size: 34KB - Virtual size: 33KB

.tls Size: 512B - Virtual size: 9B

.gfids Size: 512B - Virtual size: 240B

.rsrc Size: 878KB - Virtual size: 878KB

.reloc Size: 7KB - Virtual size: 7KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

04:00:00:00:00:01:31:89:c6:37:e8
Certificate

47:2c:cb:a9:49:bb:94:24:e9:8f:41:6f:ad:41
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

11:21:ad:ec:c1:3b:23:21:78:af:9e:c4:d6:31:5a:dd:de:80
Certificate

04:00:00:00:00:01:31:89:c6:37:e8
Certificate

47:2c:cb:a9:49:bb:94:24:e9:8f:41:6f:ad:41
Certificate

11:21:ad:ec:c1:3b:23:21:78:af:9e:c4:d6:31:5a:dd:de:80
Certificate

2d:4e:86:50:85:be:e0:0e:13:72:28:b3:d0:b1:32:e9
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

87:ec:f4:07:1e:4a:cd:21:65:7e:96:be:7d:bd:66:55:49:51:c0:1a:29:23:f0:c4:f7:f0:ef:2f:9b:b2:d2:c2
Signer

6a:10:4a:c4:5a:10:92:4f:57:85:6b:18:09:44:ef:69:b2:ae:33:8d
Signer

.text
Size: 406KB - Virtual size: 405KB

.rdata
Size: 214KB - Virtual size: 214KB

.data
Size: 13KB - Virtual size: 81KB

.pdata
Size: 34KB - Virtual size: 33KB

.tls
Size: 512B - Virtual size: 9B

.gfids
Size: 512B - Virtual size: 240B

.rsrc
Size: 878KB - Virtual size: 878KB

.reloc
Size: 7KB - Virtual size: 7KB