23731d084a2418d4a284a2b70eccf69bd7b1e07d92aaad652ee9653b27affc38

Sharing

Copy URL

Twitter E-mail

General

Target

23731d084a2418d4a284a2b70eccf69bd7b1e07d92aaad652ee9653b27affc38
Size

3.8MB
MD5

1198f58e6ec170af26028143ce0b6b8d
SHA1

a9c72a67e1574b4589aaee146f6251a4488a6c22
SHA256

23731d084a2418d4a284a2b70eccf69bd7b1e07d92aaad652ee9653b27affc38
SHA512

475f01395b52b19269d455bd568e9c3ca75b901d46c9fccbcaa66e5c65c57a3c66ddd7e44fdcb48fc2c216784b124209030786b89de66916ab5f5647dd6aa314
SSDEEP

49152:qhMG0vhGhZSDHFRsTfgeqTIcfPBtroB8qXzjpia:qh0vNFRsTknB+X

Score

1^/10

Malware Config

Signatures

Files

23731d084a2418d4a284a2b70eccf69bd7b1e07d92aaad652ee9653b27affc38
.exe windows:5 windows x86 arch:x86

7777dd0756b67d3a95d8ba4f29225c4b

Code Sign

33:00:00:00:33:e5:27:86:a3:0e:4a:2a:80:00:00:00:00:00:33
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

27-03-2013 20:08

Not After

27-06-2014 20:08

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24-01-2013 22:33

Not After

24-04-2014 22:33

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:3c:da:68:fd:e6:68:e0:da:dc:36:c1:b0:32:47:32:80:da:64:5b
Signer

Actual PE Digest

09:3c:da:68:fd:e6:68:e0:da:dc:36:c1:b0:32:47:32:80:da:64:5b

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLocaleInfoW
IsValidCodePage
QueryPerformanceCounter
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
HeapCreate
HeapAlloc
HeapReAlloc
HeapSize
HeapQueryInformation
HeapFree
IsProcessorFeaturePresent
GetStringTypeW
LCMapStringW
CompareStringW
GetConsoleCP
GetConsoleMode
IsValidLocale
EnumSystemLocalesA
GetTimeZoneInformation
CreateFileW
SetEnvironmentVariableA
OpenEventA
FileTimeToLocalFileTime
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
OutputDebugStringW
WriteConsoleW
OutputDebugStringA
GetStdHandle
GetFileType
SetStdHandle
ExitThread
CreateThread
GetSystemTimeAsFileTime
RaiseException
RtlUnwind
IsBadReadPtr
HeapValidate
GetStartupInfoW
HeapSetInformation
GetCommandLineA
VirtualQuery
GetSystemInfo
VirtualAlloc
DecodePointer
EncodePointer
GetNumberFormatA
GetWindowsDirectoryA
FindResourceExW
GetFileAttributesExA
GetFileSizeEx
lstrcmpiA
GetVolumeInformationA
FindFirstFileA
FindClose
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetCurrentProcess
DuplicateHandle
GetHandleInformation
InitializeCriticalSectionAndSpinCount
IsDebuggerPresent
GetACP
GetOEMCP
GetCPInfo
GetTempPathA
SearchPathA
GetTickCount
GetProfileIntA
VirtualProtect
TlsGetValue
LocalReAlloc
TlsSetValue
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
FileTimeToSystemTime
SetErrorMode
GetModuleFileNameW
ReleaseActCtx
CreateActCtxW
GlobalFlags
GetAtomNameA
GetUserDefaultLCID
GetFullPathNameA
GetTempFileNameA
GetFileTime
SetEvent
WaitForSingleObject
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetModuleHandleW
GetLocaleInfoA
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
InterlockedExchange
EnterCriticalSection
LeaveCriticalSection
GlobalReAlloc
GetModuleFileNameA
GetFileSize
CompareStringA
LoadLibraryW
GetVersionExA
lstrcmpW
FreeLibrary
GlobalFindAtomA
GlobalDeleteAtom
GlobalGetAtomNameA
GlobalAddAtomA
GetCurrentProcessId
ResumeThread
SetThreadPriority
lstrcmpA
lstrcpyA
GetCurrentThreadId
FreeResource
MulDiv
GlobalFree
lstrlenW
CopyFileA
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
ActivateActCtx
GetLastError
DeactivateActCtx
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
LocalFileTimeToFileTime
GetCurrentDirectoryA
ReadFile
GetFileAttributesA
SetFileTime
SystemTimeToFileTime
SetFilePointer
InterlockedIncrement
DeleteFileA
CloseHandle
CreateToolhelp32Snapshot
GetModuleHandleA
Process32Next
LoadLibraryA
GetProcAddress
CreateDirectoryA
MultiByteToWideChar
Sleep
OpenProcess
WriteFile
GetCurrentThread
Process32First
InterlockedDecrement
lstrlenA
FindResourceA
CreateFileA
GetThreadContext
ExitProcess
LockResource
SizeofResource
WideCharToMultiByte
LoadResource
FindResourceW
GetProcessHeap

user32

LoadAcceleratorsW
ToAsciiEx
GetKeyboardLayout
GetKeyboardState
PtInRect
UpdateLayeredWindow
CopyIcon
SetCursorPos
IsRectEmpty
IsClipboardFormatAvailable
WaitMessage
DefFrameProcA
TranslateMDISysAccel
DefMDIChildProcA
GetClipboardFormatNameA
GetDoubleClickTime
EnumChildWindows
UnregisterClassA
IsCharLowerA
MapVirtualKeyExA
SetRect
InflateRect
IntersectRect
UnionRect
SubtractRect
LoadAcceleratorsA
ShowWindow
GetClassLongA
DestroyMenu
LoadIconW
LoadIconA
LoadCursorW
LoadCursorA
PostThreadMessageA
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
GetWindowLongA
EnableWindow
GetForegroundWindow
SetForegroundWindow
HideCaret
OpenClipboard
WindowFromPoint
SetParent
GetLastActivePopup
GetWindow
GetTopWindow
ShowScrollBar
GetNextDlgTabItem
GetNextDlgGroupItem
GetDesktopWindow
SetCapture
GetCapture
SetActiveWindow
GetActiveWindow
KillTimer
SetTimer
EnableScrollBar
RedrawWindow
LockWindowUpdate
ShowOwnedPopups
IsWindowVisible
ValidateRect
InvalidateRect
DestroyCursor
GetUpdateRect
UpdateWindow
ReleaseDC
GetWindowDC
GetDC
EndPaint
BeginPaint
ScreenToClient
ClientToScreen
MapWindowPoints
GetClientRect
GetWindowRect
BringWindowToTop
GetWindowRgn
SetWindowRgn
GetSystemMenu
DrawMenuBar
CopyAcceleratorTableA
GetParent
DestroyWindow
GetKeyState
DestroyIcon
CopyImage
GetIconInfo
GetSystemMetrics
GetMenuCheckMarkDimensions
RegisterWindowMessageA
BeginDeferWindowPos
EndDeferWindowPos
NotifyWinEvent
SetFocus
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
CharUpperA
GetFocus
IsChild
MessageBeep
ReleaseCapture
IsIconic
IsZoomed
SetCursor
GetAsyncKeyState
GetCursorPos
PostMessageA
MapDialogRect
LoadMenuW
LoadMenuA
SetMenuItemBitmaps
RemoveMenu
ModifyMenuA
InsertMenuItemA
InsertMenuA
GetSubMenu
GetMenuItemInfoA
GetMenuStringA
GetMenuState
GetMenuItemID
GetMenuItemCount
GetMenuDefaultItem
SetMenuDefaultItem
EnableMenuItem
CheckMenuItem
AppendMenuA
DeleteMenu
IsMenu
CreatePopupMenu
CreateMenu
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
DrawFocusRect
DrawFrameControl
DrawEdge
DrawStateA
DrawIcon
InvertRect
FrameRect
FillRect
LoadBitmapW
GetSysColorBrush
MapVirtualKeyA
GetKeyNameTextA
SendMessageA
IsWindow
EndDialog
CreateDialogIndirectParamA
GetMessageA
TranslateMessage
PostQuitMessage
MoveWindow
SetWindowTextA
IsDialogMessageA
CheckDlgButton
CharUpperBuffA
MonitorFromPoint
SystemParametersInfoA
OffsetRect
EmptyClipboard
CloseClipboard
SetClipboardData
LoadImageW
DrawIconEx
MessageBoxA
CreateWindowExA
GetClassInfoExA
RegisterClassA
SendDlgItemMessageA
MonitorFromWindow
GetMonitorInfoA
DispatchMessageA
AdjustWindowRectEx
DeferWindowPos
CopyRect
ScrollWindow
GetScrollInfo
SetScrollInfo
CreateAcceleratorTableA
RegisterClipboardFormatA
SetLayeredWindowAttributes
EnumDisplayMonitors
SetClassLongA
TrackPopupMenu
SetWindowPlacement
GetWindowPlacement
GetWindowTextLengthA
GetWindowTextA
SetRectEmpty
DestroyAcceleratorTable
RealChildWindowFromPoint
SetPropA
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetClassInfoA
TranslateAcceleratorA
GetClassNameA
GetSysColor
EqualRect
GetDlgItem
SetWindowLongA
wsprintfA
SetWindowPos
GetDlgCtrlID
UnpackDDElParam
ReuseDDElParam
WinHelpA
SetMenu
GetMenu
GetWindowThreadProcessId
IsWindowEnabled
PeekMessageA
LoadImageA

advapi32

OpenThreadToken
OpenProcessToken
RegCloseKey
LookupPrivilegeValueA
AdjustTokenPrivileges
SetThreadToken
RegEnumValueA
RegEnumKeyExA
RegEnumKeyA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegQueryValueA
RevertToSelf

shell32

ShellExecuteA
DragFinish
DragQueryFileA
SHAppBarMessage
SHGetFileInfoA
SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetSpecialFolderLocation
SHGetDesktopFolder

ole32

OleTranslateAccelerator
IsAccelerator
OleCreateMenuDescriptor
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
OleGetClipboard
CoInitialize
OleLockRunning
DoDragDrop
CoInitializeEx
CoCreateGuid
CreateStreamOnHGlobal
ReleaseStgMedium
CoTaskMemAlloc
StringFromCLSID
CoTaskMemFree
OleDuplicateData
CoUninitialize
OleDestroyMenuDescriptor
CoCreateInstance

oleaut32

VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocString
VariantClear
VariantInit
SysFreeString
VariantChangeType
SysAllocStringLen
SysStringLen
VarBstrFromDate

msimg32

TransparentBlt
AlphaBlend

comctl32

ImageList_GetIconSize

shlwapi

PathIsDirectoryA
PathFindFileNameA
PathRemoveFileSpecW
PathIsUNCA
PathStripToRootA
PathFindExtensionA

gdiplus

GdipGetImageHeight
GdipGetImageWidth
GdipDrawImageI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipAlloc
GdipCloneImage
GdipDisposeImage
GdipGetImagePixelFormat
GdiplusShutdown
GdipCreateBitmapFromStreamICM
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipCreateBitmapFromHBITMAP
GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdiplusStartup
GdipFree
GdipCreateBitmapFromStream

winmm

PlaySoundA

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

oleacc

CreateStdAccessibleObject
LresultFromObject
AccessibleObjectFromWindow

gdi32

CreatePolygonRgn
CreateEllipticRgn
CreateRectRgnIndirect
CreateRectRgn
GetNearestPaletteIndex
SetPaletteEntries
GetPaletteEntries
CreatePalette
CreateCompatibleBitmap
CreateBitmap
CreateFontIndirectA
CreatePatternBrush
CreateHatchBrush
CreateSolidBrush
CreatePen
GetObjectType
GetObjectA
GetSystemPaletteEntries
EnumFontFamiliesExA
CreateDIBitmap
GetTextCharsetInfo
EnumFontFamiliesA
ExtSelectClipRgn
SetLayout
GetLayout
SetTextAlign
LineTo
MoveToEx
IntersectClipRect
ExcludeClipRect
SelectClipRgn
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
CreateRoundRectRgn
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetRectRgn
CombineRgn
OffsetRgn
GetRgnBox
PtInRegion
CreateDCA
CreateCompatibleDC
GetDeviceCaps
SelectObject
RealizePalette
GetBkColor
GetTextColor
GetViewportOrgEx
GetViewportExtEx
GetWindowOrgEx
GetWindowExtEx
DPtoLP
LPtoDP
FillRgn
FrameRgn
PtVisible
RectVisible
Polyline
Ellipse
Polygon
Rectangle
PatBlt
BitBlt
StretchBlt
GetPixel
SetPixel
ExtFloodFill
TextOutA
ExtTextOutA
GetTextExtentPoint32A
GetTextFaceA
GetTextMetricsA
Escape
GetBoundsRect
SetPixelV
GetStockObject
CopyMetaFileA
DeleteObject
SetTextColor
SetBkColor
CreateDIBSection
DeleteDC
GetDIBits
SelectPalette
SetDIBColorTable
SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

comdlg32

GetFileTitleA

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 385KB - Virtual size: 385KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 989KB - Virtual size: 989KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 226KB - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7777dd0756b67d3a95d8ba4f29225c4b

Code Sign

33:00:00:00:33:e5:27:86:a3:0e:4a:2a:80:00:00:00:00:00:33Certificate

Extended Key Usages

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0Certificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

09:3c:da:68:fd:e6:68:e0:da:dc:36:c1:b0:32:47:32:80:da:64:5bSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

msimg32

comctl32

shlwapi

gdiplus

winmm

imm32

oleacc

gdi32

winspool.drv

comdlg32

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 385KB - Virtual size: 385KB

.data Size: 23KB - Virtual size: 54KB

.rsrc Size: 989KB - Virtual size: 989KB

.reloc Size: 226KB - Virtual size: 226KB

33:00:00:00:33:e5:27:86:a3:0e:4a:2a:80:00:00:00:00:00:33
Certificate

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

09:3c:da:68:fd:e6:68:e0:da:dc:36:c1:b0:32:47:32:80:da:64:5b
Signer

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 385KB - Virtual size: 385KB

.data
Size: 23KB - Virtual size: 54KB

.rsrc
Size: 989KB - Virtual size: 989KB

.reloc
Size: 226KB - Virtual size: 226KB