3207d640ac43c378514ee5886c6bec3cfda016c86ba8bcc87431e74e1749143b[.]mal_

Resubmissions

18/01/2024, 03:44

240118-eanj5acbar 1

18/01/2024, 03:40

240118-d77tlacfe9 1

Sharing

Copy URL Twitter E-mail

General

Target

3207d640ac43c378514ee5886c6bec3cfda016c86ba8bcc87431e74e1749143b.mal_
Size

161KB
MD5

cc05b7538ecd91ddf703b6130d83603a
SHA1

6a256027a4b338db5dbc405001dc2d194c4e3a71
SHA256

3207d640ac43c378514ee5886c6bec3cfda016c86ba8bcc87431e74e1749143b
SHA512

127ba66f85008474d28964138f24ff0064825f4b70b95f27c69cccf90ec2b3990bea7fb9e2d6587b40d284611e1dd183bd5f48e0a1fc97913f2f5abfb2d54d0a
SSDEEP

3072:xha0YwrrduIajr5CG9gFMNypUHio6SLqFGdrxGFdzmRd5Wu+:bLrUdDuMoUaIxGPzIgu+

Score

1^/10

Malware Config

Signatures

Files

3207d640ac43c378514ee5886c6bec3cfda016c86ba8bcc87431e74e1749143b.mal_
.dll regsvr32 windows:6 windows x86 arch:x86

19425fa61d9553b4ee5c9fb081e8c928

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6c:59:ef:a9:e1:00:e1:0e:e3:06:ba:8f:e0:29:25:59
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

07/06/2012, 00:00

Not After

06/06/2022, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

75:fb:51:c8:76:8e:f6:92:7b:f4:1d:a1:a2:34:a1:d9
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

30/07/2013, 00:00

Not After

25/07/2015, 23:59

Subject

SERIALNUMBER=2748129,CN=Adobe Systems\, Incorporated,OU=AcrobatXI,O=Adobe Systems\, Incorporated,L=San Jose,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

56:6e:f6:f5:13:09:78:96:be:26:3d:6a:46:ca:4e:7e:3b:10:d5:dc
Signer

Actual PE Digest

56:6e:f6:f5:13:09:78:96:be:26:3d:6a:46:ca:4e:7e:3b:10:d5:dc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

oledlg

ord3
OleUIInsertObjectW

kernel32

MultiByteToWideChar
WideCharToMultiByte
IsValidCodePage
GetACP
CompareStringA
GetConsoleMode
GetConsoleCP
FlushFileBuffers
LCMapStringW
HeapSize
GetStringTypeW
HeapReAlloc
LoadLibraryExW
RaiseException
GetCPInfo
GetOEMCP
GetModuleHandleW
CompareStringW
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
GetCurrentProcess
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
GetFileType
GetStdHandle
GetProcessHeap
GetModuleHandleExW
ExitProcess
DecodePointer
EncodePointer
IsProcessorFeaturePresent
IsDebuggerPresent
GetCommandLineA
RtlUnwind
MoveFileW
MoveFileA
GetTempPathA
LoadLibraryA
lstrcatA
FormatMessageA
MulDiv
GetProcAddress
GetModuleFileNameW
GetModuleFileNameA
HeapFree
HeapAlloc
SetLastError
GetFileAttributesW
GetFileAttributesA
DeleteFileW
DeleteFileA
CreateFileW
CreateFileA
CreateDirectoryA
DisableThreadLibraryCalls
DeleteCriticalSection
InitializeCriticalSection
HeapDestroy
HeapCreate
GetThreadLocale
lstrlenW
GlobalSize
GetTickCount
Sleep
GetLastError
CloseHandle
WriteFile
ReadFile
lstrlenA
WriteConsoleW
lstrcpyA
GlobalUnlock
GlobalLock
GlobalAlloc
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
OutputDebugStringW
SetStdHandle
SetFilePointerEx
TlsFree

user32

GetWindowThreadProcessId
GetParent
SetWindowLongW
SetWindowLongA
GetWindowLongA
PtInRect
EqualRect
OffsetRect
IntersectRect
FrameRect
CopyRect
InflateRect
LoadCursorA
DrawEdge
SendMessageA
PostMessageA
DefWindowProcA
DrawIconEx
CallWindowProcW
RegisterClassA
GetClassInfoA
CreateWindowExA
IsWindow
DestroyWindow
ShowWindow
SetWindowPos
IsWindowVisible
GetKeyState
SetCapture
ReleaseCapture
IsWindowUnicode
GetMenuStringA
CreatePopupMenu
DestroyMenu
EnableMenuItem
wsprintfA
BringWindowToTop
RegisterClipboardFormatA
RemoveMenu
UpdateWindow
SetRectEmpty
LoadImageA
SetRect
SetCursor
GetClientRect
InvalidateRect
SetFocus
wsprintfW
LoadStringA
DrawTextW
GetDC
ReleaseDC
CallWindowProcA
FillRect
GetSysColorBrush
GetSysColor
MapWindowPoints
GetCursorPos
MessageBeep
MessageBoxA
GetWindowRect
RemovePropA
GetPropA
SetPropA
SetWindowRgn
EndPaint
BeginPaint
DrawTextA
TrackPopupMenu
AppendMenuA
InsertMenuA
GetMenuItemCount
GetSubMenu

gdi32

CreateMetaFileW
CreateFontIndirectA
CreateCompatibleDC
CloseMetaFile
GetDeviceCaps
CreateRectRgnIndirect
SetWindowExtEx
SetWindowOrgEx
CreateCompatibleBitmap
CreateSolidBrush
DeleteObject
DeleteDC
DeleteMetaFile
SetViewportOrgEx
GetTextExtentPoint32A
RealizePalette
SaveDC
SelectObject
SelectPalette
SetBkMode
SetMapMode
StretchBlt
SetTextColor
CreateHalftonePalette
GetObjectA
BitBlt
RestoreDC
LPtoDP

winspool.drv

ClosePrinter
OpenPrinterW
GetPrinterA
GetPrinterW
OpenPrinterA

comdlg32

GetOpenFileNameW
GetSaveFileNameW
GetSaveFileNameA
GetOpenFileNameA

advapi32

RegQueryValueExW
RegOpenKeyA
RegEnumKeyA
RegSetValueExA
RegEnumKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
GetUserNameA
RegSetValueExW

ole32

OleGetAutoConvert
OleDoAutoConvert
ReleaseStgMedium
WriteClassStg
CreateFileMoniker
GetClassFile
CreateBindCtx
StgCreateDocfile
CoCreateInstance
CoTaskMemAlloc
OleRegEnumVerbs
OleRegEnumFormatEtc
OleRegGetUserType
CreateOleAdviseHolder
CreateDataAdviseHolder
ReadClassStg
StgIsStorageFile
StgOpenStorage
CLSIDFromProgID
CoTaskMemFree
StringFromCLSID
CLSIDFromString
ProgIDFromCLSID
CoDisconnectObject

oleaut32

SafeArrayGetLBound
CreateErrorInfo
SetErrorInfo
RegisterTypeLi
LoadRegTypeLi
LoadTypeLi
SafeArrayCreateVector
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetElemsize
SafeArrayGetDim
OleTranslateColor
SysStringByteLen
VariantClear
SysStringLen
SysFreeString
SysAllocString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

19425fa61d9553b4ee5c9fb081e8c928

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

6c:59:ef:a9:e1:00:e1:0e:e3:06:ba:8f:e0:29:25:59Certificate

Extended Key Usages

Key Usages

75:fb:51:c8:76:8e:f6:92:7b:f4:1d:a1:a2:34:a1:d9Certificate

Extended Key Usages

Key Usages

56:6e:f6:f5:13:09:78:96:be:26:3d:6a:46:ca:4e:7e:3b:10:d5:dcSigner

Headers

DLL Characteristics

File Characteristics

Imports

oledlg

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 122KB - Virtual size: 122KB

.data Size: 4KB - Virtual size: 11KB

.idata Size: 6KB - Virtual size: 6KB

.rsrc Size: 14KB - Virtual size: 14KB

.reloc Size: 6KB - Virtual size: 6KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

6c:59:ef:a9:e1:00:e1:0e:e3:06:ba:8f:e0:29:25:59
Certificate

75:fb:51:c8:76:8e:f6:92:7b:f4:1d:a1:a2:34:a1:d9
Certificate

56:6e:f6:f5:13:09:78:96:be:26:3d:6a:46:ca:4e:7e:3b:10:d5:dc
Signer

.text
Size: 122KB - Virtual size: 122KB

.data
Size: 4KB - Virtual size: 11KB

.idata
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 14KB - Virtual size: 14KB

.reloc
Size: 6KB - Virtual size: 6KB