395568a0d1a49df12291082f15fd189c

Sharing

Copy URL Twitter E-mail

General

Target

395568a0d1a49df12291082f15fd189c
Size

93KB
MD5

395568a0d1a49df12291082f15fd189c
SHA1

bb67bd41c140659b619bd4578c3a57d04ade685c
SHA256

d57feaa87a2b284fbd84b442a161cc46fc945a6458e3723ad928af9c4e8318b4
SHA512

14362ba30757c763626ce4a3356ca4c65e41855d5c8dbf5401c8952d7d9d13bac87b7dadf3371a94527e68118b9e73e14fd4b610458c5592b47fe9dba835f742
SSDEEP

1536:Ta6uvzOehv6rygX2PgAfToYpaVgOAGcF0EAlrKka8TVa7CQ:laaC6RKgALoYpaVgOAGJTAx

Score

1^/10

Malware Config

Signatures

Files

395568a0d1a49df12291082f15fd189c
.dll regsvr32 windows:4 windows x86 arch:x86

f6ed628fc568708348503cc1ccc36ab5

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/01/2010, 00:00

Not After

25/01/2013, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a0:1f:0f:81:a8:10:be:c5:08:57:1e:b5:29:d5:e4:c8:96:a2:f6:08
Signer

Actual PE Digest

a0:1f:0f:81:a8:10:be:c5:08:57:1e:b5:29:d5:e4:c8:96:a2:f6:08

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

common

??M@YA_NABVCTXStringW@@0@Z
?TXLog_DoTXLogVW@@YAXPAUtagLogObj@@PB_W1PAD@Z
??1CTXStringW@@QAE@XZ
??0CTXStringW@@QAE@ABV0@@Z
??BCTXStringW@@QBEPB_WXZ
??H@YA?AVCTXStringW@@ABV0@0@Z
??0CTXStringW@@QAE@PB_W@Z
??4CTXStringW@@QAEAAV0@ABV0@@Z
??H@YA?AVCTXStringW@@ABV0@PB_W@Z
?Left@CTXStringW@@QBE?AV1@H@Z
?ReverseFind@CTXStringW@@QBEH_W@Z
??0CTXStringW@@QAE@PA_W@Z
?CreateTXData@Data@Util@@YAHPAPAUITXData@@@Z
??0CTXStringW@@QAE@XZ
?SetInterval@TXTimer@@YAHIPAUITXTimerCallback@@I@Z
?FlushLog@TXLog@@YAXXZ
?SetAsyncCallback@TXTimer@@YAHPAUITXAsyncCallback@@I@Z
?StopThread@CTXThreadModel@@QAEXK@Z
?WaitThread@CTXThreadModel@@QAEHK@Z
??1CTXThreadModel@@MAE@XZ
?EraseTimerCallback@TXTimer@@YAHPAUITXTimerCallback@@I@Z
?EraseAsyncCallback@TXTimer@@YAHPAUITXAsyncCallback@@I@Z
?StartThread@CTXThreadModel@@QAEHXZ
??0CTXThreadModel@@IAE@XZ
??BCTXBSTR@@QBEPA_WXZ
??1CTXBSTR@@QAE@XZ
?CreateTXBuffer@Data@Util@@YAHPAPAUITXBuffer@@@Z
?Format@CTXStringW@@QAAXPB_WZZ
??0CTXBSTR@@QAE@PB_W@Z

kernel32

InitializeCriticalSection
QueryPerformanceCounter
InterlockedDecrement
GetCurrentThreadId
CreateProcessW
GetModuleFileNameW
CloseHandle
OpenFileMappingW
UnmapViewOfFile
GetLastError
ReleaseMutex
SetEvent
WaitForSingleObject
WaitForMultipleObjects
OpenProcess
GetCurrentProcessId
MapViewOfFile
CreateFileMappingW
CreateEventW
CreateMutexW
OpenEventW
OpenMutexW
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
ResetEvent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InterlockedCompareExchange
GetSystemTimeAsFileTime
Sleep
InterlockedExchange
InterlockedIncrement
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetTickCount

ole32

CoCreateGuid
CoCreateInstance

atl80

ord30
ord64
ord15
ord32

msvcp80

?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

msvcr80

__CppXcptFilter
_crt_debugger_hook
__clean_type_info_names_internal
_amsg_exit
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_time64
??3@YAXPAX@Z
_invalid_parameter_noinfo
_CxxThrowException
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
__CxxFrameHandler3
??_V@YAXPAX@Z
memcpy
memmove
??0exception@std@@QAE@ABV01@@Z
??2@YAPAXI@Z
wcsncpy
_initterm_e
memset
free
?terminate@@YAXXZ
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_except_handler4_common
_malloc_crt
_encoded_null
_initterm
_adjust_fdiv

Exports

Exports

??0CTXOPChannel@@QAE@XZ
??0CTXOPSession@@QAE@XZ
??1CTXOPChannel@@UAE@XZ
??1CTXOPSession@@UAE@XZ
??_7CTXOPChannel@@6B@
??_7CTXOPSession@@6B@
?AddSink@CTXOPChannel@@QAEXPAUITXOPChanelSysSink@@@Z
?AddSink@CTXOPSession@@QAEXPAUITXOPSessionSysSink@@@Z
?Attach@CTXOPSession@@QAEHPAVCTXOPChannel@@KK@Z
?CloseConnect@CTXOPChannel@@QAEHK@Z
?CloseSession@CTXOPSession@@QAEXXZ
?Connect@CTXOPChannel@@QAEKPB_W@Z
?CreateSession@CTXOPSession@@QAEHPB_WW4CONTRAINER_TYPE@@HPBEI@Z
?DestroyContext@CTXOPChannel@@AAEXAAUCONTEXT@1@@Z
?GetChannel@CTXOPSession@@AAEPAVCTXOPChannel@@XZ
?GetConnectCount@CTXOPChannel@@QAEIXZ
?InitNewContext@CTXOPChannel@@AAEHPB_WAAUCONTEXT@1@@Z
?InternalSend@CTXOPChannel@@AAEHAAUCONTEXT@1@PBEII@Z
?InternalSend@CTXOPChannel@@AAEHKPBXIHK@Z
?Listen@CTXOPChannel@@QAEHXZ
?OnAsyncCall@CTXOPChannel@@AAEJI@Z
?OnConnectClose@CTXOPSession@@AAEJKW4CLOSE_REASON@@@Z
?OnPush@CTXOPSession@@AAEJKPBEI@Z
?OnQuery@CTXOPSession@@AAEJKKPBEI@Z
?OnReply@CTXOPSession@@AAEJPBEIPAUITXDataRead@@@Z
?OnTimeOut@CTXOPSession@@AAEJPAUITXDataRead@@@Z
?OnTimer@CTXOPChannel@@AAEJI@Z
?OpenContext@CTXOPChannel@@AAEHPB_WAAUCONTEXT@1@@Z
?PushData@CTXOPChannel@@QAEHKPBEI@Z
?PushData@CTXOPSession@@QAEHPBEI@Z
?RemoveSink@CTXOPChannel@@QAEHPAUITXOPChanelSysSink@@@Z
?RemoveSink@CTXOPSession@@QAEHPAUITXOPSessionSysSink@@@Z
?Run@CTXOPChannel@@EAEIXZ
?SendQuery@CTXOPChannel@@QAEHKPBEIPAUITXOPChanelReplySink@@PAUITXDataRead@@K@Z
?SendQuery@CTXOPSession@@QAEHPBEIPAUITXOPSessionReplySink@@PAUITXDataRead@@K@Z
?SendQueryWaitReply@CTXOPChannel@@QAEHKPBEIAAVCTXBuffer@@I@Z
?SendQueryWaitReply@CTXOPSession@@QAEHPBEIAAVCTXBuffer@@I@Z
?SendReply@CTXOPChannel@@QAEHKKPBEI@Z
?SendReply@CTXOPSession@@QAEHKPBEI@Z
?Start@CTXOPChannel@@QAEHPB_W@Z
?Stop@CTXOPChannel@@QAEXXZ
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f6ed628fc568708348503cc1ccc36ab5

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0Certificate

Extended Key Usages

Key Usages

a0:1f:0f:81:a8:10:be:c5:08:57:1e:b5:29:d5:e4:c8:96:a2:f6:08Signer

Headers

File Characteristics

Imports

common

kernel32

ole32

atl80

msvcp80

msvcr80

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 46KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 5KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

a0:1f:0f:81:a8:10:be:c5:08:57:1e:b5:29:d5:e4:c8:96:a2:f6:08
Signer

.text
Size: 48KB - Virtual size: 46KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 5KB