45dae7e84421a8355d34f6d7d4d8f1d7

Sharing

Copy URL

Twitter E-mail

General

Target

45dae7e84421a8355d34f6d7d4d8f1d7
Size

921KB
MD5

45dae7e84421a8355d34f6d7d4d8f1d7
SHA1

35d155c33046018dc673cf91b055e72ad9eb7ffb
SHA256

57e03405d2803134dfa0a52ad77943c66833d7831b8a793eb1f5c3f8d9e4947c
SHA512

ec52adb7c55bbc97f6546fadb65c39d6a1cca4df9b2c705e02b953ebed6b74843b5a2c34c408e5235719a1bc8e1012b8b57482644fe1327d004ebf9f3957a245
SSDEEP

24576:cob0MfIYtVYT3OUvFQDO8iAXrcL9xuWXtsSE:cob0zVQDO8iYrcLCWXtsSE

Score

1^/10

Malware Config

Signatures

Files

45dae7e84421a8355d34f6d7d4d8f1d7
.dll windows:5 windows x86 arch:x86

faddabceda56dee2089544fda45b7121

Code Sign

02:3a:64
Certificate

Issuer

CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US

Not Before

18-10-2012 14:38

Not After

20-05-2022 14:38

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7e:1f:df:72:99:e8:d2:45:a1:5d:0b:a8:e5:b1:59:ba
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

19-05-2022 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

30-09-2010 00:00

Not After

01-01-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:e2:8b:26:db:59:3e:c4:e7:32:86:b6:64:99:c3:70
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

14-11-2011 00:00

Not After

13-11-2014 23:59

Subject

CN=Google Inc,OU=Digital ID Class 3 - Java Object Signing,O=Google Inc,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

d6:33:32:73:fc:80:de:2b:8f:43:02:62:9e:72:40:b2:b8:41:ca:dd
Signer

Actual PE Digest

d6:33:32:73:fc:80:de:2b:8f:43:02:62:9e:72:40:b2:b8:41:ca:dd

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

d2d1

ord1

d3d11

D3D11CreateDevice

kernel32

GetLastError
CreateThread
LocalFree
WaitForSingleObject
CloseHandle
GetCurrentThreadId
Sleep
lstrcmpiA
GetCurrentProcessId
GetModuleHandleW
GetProcAddress
SetEnvironmentVariableA
CompareStringW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
SetStdHandle
WriteConsoleW
GetEnvironmentStringsW
FreeEnvironmentStringsW
VirtualProtect
VirtualAllocEx
LoadLibraryW
GetModuleHandleExW
GetCurrentProcess
RaiseException
GetModuleFileNameA
GetStartupInfoW
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
HeapSize
HeapDestroy
HeapCreate
GetLocaleInfoW
IsProcessorFeaturePresent
LCMapStringW
GetCPInfo
RtlUnwind
HeapAlloc
HeapReAlloc
ExitProcess
GetConsoleMode
GetConsoleCP
GetCommandLineA
HeapFree
UnhandledExceptionFilter
DecodePointer
LocalAlloc
FreeLibrary
InterlockedExchange
LoadLibraryA
CreateMutexW
SetFilePointer
CreateProcessW
GetTickCount
FormatMessageA
WriteFile
GetModuleFileNameW
CreateFileW
SetLastError
GetModuleHandleA
OutputDebugStringA
ReleaseMutex
DeleteFileW
InterlockedCompareExchange
RtlCaptureStackBackTrace
GetCommandLineW
IsDebuggerPresent
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InterlockedExchangeAdd
SetUnhandledExceptionFilter
SetEvent
CreateEventW
MapViewOfFile
UnmapViewOfFile
ReadFile
GetTempPathW
GetCurrentDirectoryW
CreateFileMappingW
GetModuleHandleExA
EncodePointer
GetSystemTimeAsFileTime
TerminateProcess
GetStdHandle
GetSystemDirectoryW
GetWindowsDirectoryW
TlsGetValue
TlsSetValue
TlsAlloc
TlsFree
QueryPerformanceCounter
QueryPerformanceFrequency
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
FlushFileBuffers
GetNativeSystemInfo
GetVersionExW
InterlockedIncrement
InitializeCriticalSection
InterlockedDecrement
GetThreadLocale
GetACP
CreateFileA
GetTimeZoneInformation
WideCharToMultiByte
MultiByteToWideChar

user32

GetClassNameA
PostMessageW
GetWindowLongW
GetWindowThreadProcessId
IsWindow
EnumWindows
RegisterWindowMessageW
SendInput
MapVirtualKeyW
SetWindowPos
GetWindowRect
CallWindowProcW
GetPropW
SetPropW
SetWindowLongW
SendMessageW
DestroyWindow
SetTimer
PostQuitMessage
EnumThreadWindows
RegisterHotKey
AnimateWindow
ShowWindow
SendMessageTimeoutW
FindWindowW
IsWindowVisible
IsWindowEnabled
GetCursorPos
PtInRect
ReleaseCapture
ScrollWindowEx
GetForegroundWindow
MessageBoxW
DispatchMessageW
DefWindowProcW
CreateWindowExW
MsgWaitForMultipleObjectsEx
PeekMessageW
CallMsgFilterW
RegisterClassExW
TranslateMessage
GetQueueStatus
WaitMessage
KillTimer
UnregisterClassW

ole32

CoTaskMemAlloc
CoCreateFreeThreadedMarshaler
CreateStreamOnHGlobal
CoCreateInstance
CoInitializeEx
CoUninitialize
CoTaskMemFree

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsCompareStringOrdinal
WindowsCreateString
WindowsCreateStringReference
WindowsDuplicateString
WindowsDeleteString

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoInitialize
RoUninitialize
RoGetActivationFactory

winmm

timeEndPeriod
timeGetTime
timeBeginPeriod

advapi32

GetTraceLoggerHandle
GetTraceEnableFlags
UnregisterTraceGuids
GetTraceEnableLevel
RegisterTraceGuidsW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
OpenProcessToken
GetTokenInformation
ConvertSidToStringSidW
TraceEvent

Exports

Exports

ActivateApplication
CancelNotification
CloseFrameWindow
DismissDialogBox
DisplayNotification
FlipFrameWindows
GetInitialSearchString
GetInitialUrl
GetLaunchType
GetMetroCommandLineSwitches
GetRootWindow
InitMetro
MetroEnablePrinting
MetroGetOpenFileName
MetroGetSaveFileName
MetroIsPinnedToStartScreen
MetroPinToStartScreen
MetroSetPrintPageContent
MetroSetPrintPageCount
MetroShowPrintUI
MetroUnPinFromStartScreen
MetroUnsnap
SetFrameWindow
SetFullscreen
ShowDialogBox

Sections

.text
Size: 546KB - Virtual size: 546KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 318KB - Virtual size: 318KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

faddabceda56dee2089544fda45b7121

Code Sign

02:3a:64Certificate

Extended Key Usages

Key Usages

7e:1f:df:72:99:e8:d2:45:a1:5d:0b:a8:e5:b1:59:baCertificate

Extended Key Usages

Key Usages

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4Certificate

Extended Key Usages

Key Usages

09:e2:8b:26:db:59:3e:c4:e7:32:86:b6:64:99:c3:70Certificate

Extended Key Usages

Key Usages

d6:33:32:73:fc:80:de:2b:8f:43:02:62:9e:72:40:b2:b8:41:ca:ddSigner

Headers

DLL Characteristics

File Characteristics

Imports

d2d1

d3d11

kernel32

user32

ole32

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-l1-1-0

winmm

advapi32

Exports

Exports

Sections

.text Size: 546KB - Virtual size: 546KB

.rdata Size: 318KB - Virtual size: 318KB

.data Size: 9KB - Virtual size: 30KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 38KB - Virtual size: 37KB

02:3a:64
Certificate

7e:1f:df:72:99:e8:d2:45:a1:5d:0b:a8:e5:b1:59:ba
Certificate

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

09:e2:8b:26:db:59:3e:c4:e7:32:86:b6:64:99:c3:70
Certificate

d6:33:32:73:fc:80:de:2b:8f:43:02:62:9e:72:40:b2:b8:41:ca:dd
Signer

.text
Size: 546KB - Virtual size: 546KB

.rdata
Size: 318KB - Virtual size: 318KB

.data
Size: 9KB - Virtual size: 30KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 38KB - Virtual size: 37KB