4328dcbcc8f2752d2ed4bc12cf569c5a

Sharing

Copy URL Twitter E-mail

General

Target

4328dcbcc8f2752d2ed4bc12cf569c5a
Size

212KB
MD5

4328dcbcc8f2752d2ed4bc12cf569c5a
SHA1

a06019c3186aa26df53ec93c8062054ed5b7a447
SHA256

06cdb0fab2b496bebfddf7723862fe89ff2f04a456c9681acba5fadac5b15d02
SHA512

d230f5a4edaaebecc40e1d8cb5a3a84a31649e9fe74ceb003b1868c9a38c652297c034479e7ddb8ab8fc0688149ed9f3542ca5dc6655407da2adf1e09e6071c7
SSDEEP

3072:oO1s6XCqN7iWl9tFQeVOeRG65SmXEwX1c1mvwEdn1W+kZ3roSirbty:v1s8CU7bJZceRnSZ51mvFvEB1

Score

1^/10

Malware Config

Signatures

Files

4328dcbcc8f2752d2ed4bc12cf569c5a
.dll windows:5 windows x86 arch:x86

18e88e564acf4df5fc28a0a56ae6b6e0

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

43:8d:42:91:e4:3c:2d:ff:ee:aa:ae:e5:b6:c0:70:b5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/04/2015, 00:00

Not After

18/06/2018, 23:59

Subject

CN=Mindspark Interactive Network,O=Mindspark Interactive Network,L=Yonkers,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2d:b3:b6:48:70:e9:3d:a6:da:a4:0a:f2:14:dd:81:c3:7f:05:0f:7d
Signer

Actual PE Digest

2d:b3:b6:48:70:e9:3d:a6:da:a4:0a:f2:14:dd:81:c3:7f:05:0f:7d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateProcessW
AssignProcessToJobObject
ResumeThread
TerminateProcess
WaitForSingleObject
GetQueuedCompletionStatus
lstrlenA
MultiByteToWideChar
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
GetModuleFileNameW
LoadLibraryW
RaiseException
EnterCriticalSection
LeaveCriticalSection
SetInformationJobObject
CreateIoCompletionPort
CreateJobObjectW
GetCurrentProcess
IsProcessInJob
CloseHandle
lstrlenW
GetModuleHandleW
InitializeSListHead
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
OutputDebugStringA
GetProcAddress
SetLastError
OutputDebugStringW
GetCurrentThreadId
SwitchToThread
GetFileAttributesW
VerifyVersionInfoW
VerSetConditionMask
CreateDirectoryW
TlsAlloc
TlsGetValue
TlsSetValue
GetCurrentProcessId
GetModuleHandleExW
GetPrivateProfileSectionW
CreateFileW
WriteFile
DecodePointer
EncodePointer
GetCommandLineA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStdHandle
GetLocaleInfoW
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsFree
GetCurrentThread
HeapCreate
ExitProcess
Sleep
SetHandleCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
GetTickCount
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
LCMapStringW
RtlUnwind
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetFilePointer
GetConsoleCP
GetConsoleMode
FreeLibrary
InterlockedExchange
SetStdHandle
WriteConsoleW
FlushFileBuffers
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
QueryPerformanceCounter
GetLastError
LocalAlloc
LoadLibraryA
InterlockedCompareExchange
InitializeCriticalSection
SetEvent
OpenEventA
CreateEventA
ResetEvent
GetThreadTimes

advapi32

GetSidSubAuthorityCount
GetTokenInformation
OpenProcessToken
GetSidSubAuthority
RegQueryValueExW
RegEnumKeyExW
RegDeleteKeyW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey

ole32

CoCreateInstance
CoGetCurrentLogicalThreadId
CoTaskMemFree

oleaut32

SysFreeString
SysStringLen
SysAllocString
VarBstrCat
SysAllocStringByteLen
SysStringByteLen
SysAllocStringLen
VarBstrCmp

shlwapi

PathFindFileNameW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

userenv

UnloadUserProfile

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

18e88e564acf4df5fc28a0a56ae6b6e0

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

43:8d:42:91:e4:3c:2d:ff:ee:aa:ae:e5:b6:c0:70:b5Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

2d:b3:b6:48:70:e9:3d:a6:da:a4:0a:f2:14:dd:81:c3:7f:05:0f:7dSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ole32

oleaut32

shlwapi

version

userenv

Exports

Exports

Sections

.text Size: 137KB - Virtual size: 136KB

.rdata Size: 36KB - Virtual size: 35KB

.data Size: 8KB - Virtual size: 19KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 21KB - Virtual size: 21KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

43:8d:42:91:e4:3c:2d:ff:ee:aa:ae:e5:b6:c0:70:b5
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

2d:b3:b6:48:70:e9:3d:a6:da:a4:0a:f2:14:dd:81:c3:7f:05:0f:7d
Signer

.text
Size: 137KB - Virtual size: 136KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 8KB - Virtual size: 19KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 21KB - Virtual size: 21KB