prism[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

prism.exe
Size

20.7MB
MD5

2107b82fde82c955d5a7927bef7cc40b
SHA1

26c02aec16f7a037586b5c1e1f610fc9099b5efa
SHA256

6a9c6cd5250bd152092d6341f8181fe151543f384139b400c6a88e4c52753bb8
SHA512

46dbf478691be7498729a887591bbbbd0ebc9c0609b1ebe076b663c4f6a405375f5504dac96a358c7b676f551c130ce8c604c60f0db84d32d4a830eba52a11d8
SSDEEP

393216:QwoYp40niU8a6/PiViD7NvoIAOuyqlmkSUlN6lbHYCipVC3Xbfrbb2/azSdrDEFr:rpp4fUbi0CR3/Lv6pigyBMC

Score

1^/10

Malware Config

Signatures

Files

prism.exe
.exe windows:4 windows x86 arch:x86

2d8d270ab58d8e39c7deb974c04ee97f

Code Sign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

12:b4:ca:9b:4b:d7:92:2f:84:c0:4d:75:55:8c:0d:f1
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17/05/2010, 00:00

Not After

16/05/2013, 23:59

Subject

CN=GraphPad Software,O=GraphPad Software,POSTALCODE=92037,STREET=2236 Avenida de la Playa,L=La Jolla,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

comctl32

ImageList_DragMove
ImageList_DragLeave
ImageList_EndDrag
ImageList_BeginDrag
ImageList_DragEnter
ImageList_Destroy
ImageList_AddMasked
ord14
ord15
InitCommonControlsEx
ord13
ImageList_Remove
ImageList_Create
_TrackMouseEvent
ord17

oledlg

ord4
ord3
ord5
ord7

kernel32

WritePrivateProfileStringA
GetPrivateProfileIntA
GetPrivateProfileStringA
CreateToolhelp32Snapshot
Process32First
Process32Next
VirtualAlloc
VirtualFree
SetErrorMode
GetShortPathNameA
FindNextFileA
GlobalFlags
GlobalReAlloc
SuspendThread
GetProfileIntA
SetHandleCount
GetWindowsDirectoryA
SearchPathA
RemoveDirectoryA
CopyFileA
SetEndOfFile
OpenMutexA
SetFileAttributesA
TryEnterCriticalSection
OpenProcess
DuplicateHandle
GetSystemDefaultLangID
GetNumberFormatA
ExpandEnvironmentStringsA
GetVolumeInformationA
GetComputerNameA
FreeResource
OutputDebugStringA
CreateEventA
SetEvent
ResetEvent
GetSystemTimeAsFileTime
FileTimeToDosDateTime
CreateFileW
FindFirstChangeNotificationA
FindNextChangeNotification
FindCloseChangeNotification
FlushFileBuffers
OpenFile
FindFirstFileA
GetDriveTypeA
GetCurrentProcess
lstrlenW
GetCurrentThread
InitializeCriticalSectionAndSpinCount
IsDBCSLeadByte
LoadLibraryExA
GetUserDefaultLangID
GetProfileStringA
CreateThread
DeleteCriticalSection
InitializeCriticalSection
GetCurrentProcessId
lstrcpyW
Sleep
GlobalSize
GlobalAlloc
GlobalFree
GetAtomNameA
AddAtomA
DeleteAtom
LoadLibraryA
FreeLibrary
InterlockedIncrement
GetFullPathNameA
LocalAlloc
GlobalHandle
GlobalUnlock
GlobalAddAtomA
EnterCriticalSection
GetCurrentDirectoryA
SetCurrentDirectoryA
FindResourceA
LoadResource
SizeofResource
LockResource
GetDateFormatW
GetTimeFormatW
LeaveCriticalSection
ReleaseMutex
SetThreadPriority
ResumeThread
TerminateThread
FileTimeToLocalFileTime
GetSystemTime
GetLocaleInfoA
GetDateFormatA
GetTimeFormatA
GlobalDeleteAtom
WaitForSingleObject
CreateMutexA
SetLastError
GlobalGetAtomNameA
GetACP
CompareStringA
GetVersionExA
GetModuleHandleA
GetProcAddress
GlobalMemoryStatus
GetSystemDirectoryA
GetDiskFreeSpaceExA
GetFileAttributesExA
GetCurrentThreadId
FindClose
GetFileAttributesA
MulDiv
QueryPerformanceCounter
lstrcatA
lstrcpyA
GetTickCount
GetFileSize
ReadFile
WriteFile
SetFilePointer
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GetTimeZoneInformation
SystemTimeToFileTime
GetLocalTime
FileTimeToSystemTime
GetModuleFileNameA
lstrcpynA
RtlUnwind
GetLocaleInfoW
GetCurrentDirectoryW
SetEnvironmentVariableA
CreateProcessA
GetExitCodeProcess
IsBadCodePtr
GetUserDefaultLCID
EnumSystemLocalesA
IsValidCodePage
IsValidLocale
lstrcmpA
lstrcmpiA
CreateDirectoryA
WideCharToMultiByte
GlobalLock
CreateFileA
CloseHandle
FormatMessageA
LocalFree
InterlockedDecrement
MultiByteToWideChar
lstrlenA
GetTempPathA
GetTempFileNameA
DeleteFileA
GetLastError
GetFullPathNameW
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
SetStdHandle
GetStdHandle
UnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
HeapSize
IsBadWritePtr
HeapCreate
HeapDestroy
GetEnvironmentVariableA
SetUnhandledExceptionFilter
TlsGetValue
TlsAlloc
CompareStringW
LCMapStringW
LCMapStringA
RaiseException
TerminateProcess
FindNextFileW
FindFirstFileW
GetDriveTypeW
ExitProcess
GetVersion
GetCommandLineA
GetStartupInfoA
SetConsoleCtrlHandler
GetOEMCP
GetCPInfo
GetFileType
MoveFileA
ExitThread
TlsSetValue
IsBadReadPtr
HeapReAlloc
HeapAlloc
HeapFree
InterlockedExchange

gdi32

GetTextFaceW
ModifyWorldTransform
GetPixel
GetNearestColor
ExtCreatePen
CreateDCA
CreateICA
Escape
GetEnhMetaFileA
ResetDCA
SetAbortProc
StartDocA
EndDoc
StartPage
EndPage
PlayMetaFileRecord
OffsetClipRgn
PolyPolygon
Chord
Polyline
SetPixel
FloodFill
ExtFloodFill
CopyMetaFileA
EnumMetaFile
CreatePalette
SetDIBits
GetRegionData
ExtCreateRegion
GetWindowOrgEx
StretchDIBits
SetPolyFillMode
CreateEllipticRgn
ScaleWindowExtEx
GetMapMode
Polygon
BeginPath
EndPath
SelectClipPath
Pie
Arc
CreatePenIndirect
GetWindowExtEx
PtInRegion
SetTextJustification
Ellipse
SetTextCharacterExtra
GetTextAlign
SelectPalette
RealizePalette
GetViewportOrgEx
UnrealizeObject
SetBrushOrgEx
PlayEnhMetaFile
GetCharWidthA
GetObjectW
GetGraphicsMode
GetROP2
SetROP2
CreateDIBSection
EnumFontFamiliesExA
CreateEnhMetaFileA
SetWindowExtEx
SetViewportExtEx
CloseEnhMetaFile
StretchBlt
GetViewportExtEx
SetWinMetaFileBits
SetGraphicsMode
CreatePatternBrush
CreateFontIndirectW
OffsetWindowOrgEx
SetStretchBltMode
CreateBitmap
IntersectClipRect
GetRgnBox
OffsetViewportOrgEx
SetViewportOrgEx
CreateRoundRectRgn
FrameRgn
CreateRectRgnIndirect
GetWinMetaFileBits
SetMetaFileBitsEx
CreateMetaFileA
CloseMetaFile
GetMetaFileBitsEx
CreateHatchBrush
GetTextFaceA
CreateFontA
GetBkColor
SetMapMode
PatBlt
CreateBrushIndirect
TextOutA
BitBlt
CreateRectRgn
SetWindowOrgEx
LPtoDP
FillRgn
CombineRgn
ExtSelectClipRgn
SelectClipRgn
DeleteMetaFile
GetDIBits
SetDIBitsToDevice
GetEnhMetaFileHeader
Rectangle
SetTextAlign
DPtoLP
GetTextColor
CreatePolygonRgn
CreateSolidBrush
SaveDC
GetStockObject
RoundRect
RestoreDC
GetCurrentObject
GetTextMetricsA
CreatePen
MoveToEx
LineTo
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
SetEnhMetaFileBits
GetEnhMetaFileBits
DeleteEnhMetaFile
GetTextExtentPointA
SetBkMode
DeleteObject
ExtTextOutA
GetTextExtentPoint32A
SetTextColor
SelectObject
CreateFontIndirectA
GetObjectA
SetBkColor
ExcludeClipRect
CopyEnhMetaFileA
GetDeviceCaps

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

comdlg32

GetOpenFileNameA
ChooseColorA
CommDlgExtendedError
ChooseFontA
PrintDlgA
GetSaveFileNameA

advapi32

RegEnumKeyExA
RegCloseKey
RegEnumValueA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegSetValueA
RegOpenKeyA
RegDeleteKeyA
RegCreateKeyA
RegQueryValueA
RegQueryValueExA
FreeSid
AllocateAndInitializeSid
SetSecurityDescriptorDacl
RegQueryMultipleValuesA
GetUserNameA
SetEntriesInAclA
InitializeSecurityDescriptor

ole32

OleDraw
OleCreateFromData
OleCreateFromFile
OleCreateLinkToFile
OleRegGetUserType
OleFlushClipboard
OleGetIconOfClass
OleRegEnumVerbs
ProgIDFromCLSID
GetHGlobalFromStream
CoSetProxyBlanket
OleCreate
OleQueryCreateFromData
StgOpenStorageOnILockBytes
GetHGlobalFromILockBytes
CLSIDFromProgID
CreateBindCtx
OleLoad
OleRun
OleQueryLinkFromData
OleCreateLinkFromData
OleGetClipboard
CoRevokeClassObject
OleBuildVersion
OleInitialize
CoCreateGuid
CoRegisterClassObject
OleUninitialize
CoGetMalloc
CreateOleAdviseHolder
CreateDataAdviseHolder
ReleaseStgMedium
SetConvertStg
ReadClassStg
GetConvertStg
OleSetClipboard
CreateFileMoniker
CreateItemMoniker
CreateGenericComposite
WriteClassStg
WriteFmtUserTypeStg
GetRunningObjectTable
CoDisconnectObject
CreateStreamOnHGlobal
OleSaveToStream
WriteClassStm
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StringFromCLSID
CoTaskMemFree
CLSIDFromString
CoUninitialize
CoInitialize
CoCreateInstance
OleSave
OleSetContainedObject
CoFreeUnusedLibraries
OleDuplicateData
ReadFmtUserTypeStg
CoTaskMemAlloc
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
CoInitializeSecurity
MkParseDisplayName
OleRegEnumFormatEtc

oleaut32

GetErrorInfo
SafeArrayCreate
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElement
SafeArrayDestroy
RevokeActiveObject
RegisterActiveObject
GetActiveObject
SysAllocString
VariantChangeType
SafeArrayAllocDescriptor
SafeArrayDestroyDescriptor
VariantInit
SafeArrayAccessData
SafeArrayUnaccessData
SysStringLen
SysStringByteLen
SysAllocStringByteLen
VariantClear
SysFreeString

wininet

InternetReadFile
InternetQueryDataAvailable
HttpQueryInfoA
InternetWriteFile
HttpSendRequestExA
InternetErrorDlg
InternetSetOptionA
InternetQueryOptionA
InternetCloseHandle
HttpEndRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetConnectA
InternetOpenA
HttpSendRequestA
FtpOpenFileA
FtpDeleteFileA
FtpSetCurrentDirectoryA
InternetFindNextFileA
FtpFindFirstFileA
FtpCreateDirectoryA
InternetSetStatusCallback
FtpRemoveDirectoryA
InternetGetLastResponseInfoA
InternetOpenUrlA
FtpPutFileA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

shlwapi

StrCmpIW
StrToIntA
PathCombineA
PathUnquoteSpacesA
SHDeleteKeyA
PathParseIconLocationA
PathIsURLA
StrTrimW
PathRemoveFileSpecA
PathRemoveBackslashA
PathFindFileNameA
PathRemoveExtensionA
PathAddBackslashA
PathFindExtensionA
PathAddExtensionA
PathFileExistsA
PathIsDirectoryA
StrTrimA
PathAppendA

Sections

.text
Size: 10.0MB - Virtual size: 10.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 764KB - Virtual size: 762KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 536KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9.4MB - Virtual size: 9.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2d8d270ab58d8e39c7deb974c04ee97f

Code Sign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

12:b4:ca:9b:4b:d7:92:2f:84:c0:4d:75:55:8c:0d:f1Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

comctl32

oledlg

kernel32

gdi32

winspool.drv

comdlg32

advapi32

ole32

oleaut32

wininet

version

shlwapi

Sections

.text Size: 10.0MB - Virtual size: 10.0MB

.rdata Size: 764KB - Virtual size: 762KB

.data Size: 536KB - Virtual size: 1.4MB

.rsrc Size: 9.4MB - Virtual size: 9.4MB

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

12:b4:ca:9b:4b:d7:92:2f:84:c0:4d:75:55:8c:0d:f1
Certificate

.text
Size: 10.0MB - Virtual size: 10.0MB

.rdata
Size: 764KB - Virtual size: 762KB

.data
Size: 536KB - Virtual size: 1.4MB

.rsrc
Size: 9.4MB - Virtual size: 9.4MB