65aaf4d903917f2ecdc5b536c3a8ea15

Sharing

Copy URL Twitter E-mail

General

Target

65aaf4d903917f2ecdc5b536c3a8ea15
Size

1.1MB
MD5

65aaf4d903917f2ecdc5b536c3a8ea15
SHA1

dbbb6146387e75e620944ad11635da1addf83778
SHA256

3dc5104c0c650c6a26b3ca49821173e47a77c7139632e1ffc90a3718f44e9466
SHA512

1a6b49a0421d027abd4b6e6d3232019fc5a98adfcac953ea94f8d45c039584c80d3c46a69dcb7dd6dd9c5a1308c61ed07255a541c4d30347bc8a14f74f705e9f
SSDEEP

12288:kT4K0MoY6URHFpRiZELxQW/yzqn7p6w3VpcG9XkowYNqFKo2UGj:kf0MoZGTceLOW/6U/ph9UNR+UGj

Score

1^/10

Malware Config

Signatures

Files

65aaf4d903917f2ecdc5b536c3a8ea15
.dll windows:6 windows x64 arch:x64

d5dce1f69c5b89263c57899d7c514666

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

09:90:fb:6f:d4:13:03:58:16:e4:87:59:da:ee:71:f2
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

05/07/2017, 00:00

Not After

24/09/2019, 23:59

Subject

CN=LULU Software,O=LULU Software,L=Saint-Laurent,ST=Quebec,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:90:fb:6f:d4:13:03:58:16:e4:87:59:da:ee:71:f2
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

05/07/2017, 00:00

Not After

24/09/2019, 23:59

Subject

CN=LULU Software,O=LULU Software,L=Saint-Laurent,ST=Quebec,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

bf:7c:52:ec:2b:63:e1:22:b9:70:25:2d:c4:81:df:00:3d:a0:07:e8:7f:18:32:80:39:1c:c0:90:6b:f0:5d:9e
Signer

Actual PE Digest

bf:7c:52:ec:2b:63:e1:22:b9:70:25:2d:c4:81:df:00:3d:a0:07:e8:7f:18:32:80:39:1c:c0:90:6b:f0:5d:9e

Digest Algorithm

sha256

PE Digest Matches

true

19:99:4d:55:22:53:98:2c:4f:84:2c:a2:6a:f5:d7:86:4f:c0:30:a7
Signer

Actual PE Digest

19:99:4d:55:22:53:98:2c:4f:84:2c:a2:6a:f5:d7:86:4f:c0:30:a7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

gdiplus

GdipSetSmoothingMode
GdipSetInterpolationMode
GdipSetPixelOffsetMode
GdipSetPageUnit
GdipSetCompositingMode
GdipAddPathLine
GdipAddPathBezier
GdipDeletePath
GdipCreatePath
GdipClosePathFigure
GdipStartPathFigure
GdipSetPathFillMode
GdipDeleteBrush
GdipCreateSolidFill
GdipCloneBrush
GdipResetClip
GdipDrawImageRect
GdipDrawImageRectI
GdipCreateMatrix
GdipSetClipPath
GdipSetCompositingQuality
GdipFillPath
GdipMultiplyWorldTransform
GdipResetWorldTransform
GdipGetTextureTransform
GdipGetBrushType
GdipDeleteMatrix
GdipGraphicsClear
GdipReleaseDC
GdipSaveGraphics
GdipFlush
GdipSaveImageToFile
GdipRestoreGraphics
GdipDeleteGraphics
GdiplusStartup
GdiplusShutdown
GdipGetImageHeight
GdipGetImageEncoders
GdipImageGetFrameDimensionsCount
GdipGetImagePaletteSize
GdipCloneImage
GdipBitmapUnlockBits
GdipBitmapSetResolution
GdipSetImagePalette
GdipSetTextureWrapMode
GdipCreateTexture
GdipCreateImageAttributes
GdipSetTextureTransform
GdipDisposeImageAttributes
GdipCreateTextureIA
GdipSetImageAttributesColorMatrix
GdipCreateMatrix2
GdipGetTextureImage
GdipCreateFromHDC
GdipCreateBitmapFromStream
GdipAlloc
GdipDisposeImage
GdipGetImageHorizontalResolution
GdipGetImagePixelFormat
GdipGetImageVerticalResolution
GdipFree
GdipImageSelectActiveFrame
GdipBitmapLockBits
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipGetImageEncodersSize
GdipGetImagePalette
GdipGetImageWidth
GdipCreateBitmapFromFile
GdipCreateBitmapFromScan0

kernel32

RtlLookupFunctionEntry
WriteConsoleW
CreateFileW
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
HeapSize
HeapReAlloc
GetFileType
GetStdHandle
GetACP
HeapFree
HeapAlloc
GetModuleFileNameA
ExitProcess
GetModuleHandleExW
RtlPcToFileHeader
RtlUnwindEx
LoadLibraryW
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
InitializeCriticalSectionEx
GetLastError
RaiseException
DecodePointer
DeleteCriticalSection
LoadLibraryA
GetProcAddress
FreeLibrary
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
GetCurrentThreadId
WideCharToMultiByte
CloseHandle
DuplicateHandle
WaitForSingleObjectEx
Sleep
GetCurrentProcess
SwitchToThread
GetCurrentThread
QueryPerformanceCounter
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
EncodePointer
MultiByteToWideChar
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
SetEvent
ResetEvent
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
OutputDebugStringW
CreateTimerQueue
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualProtect
VirtualFree

user32

DestroyWindow
CreateWindowExW
GetDC
ReleaseDC
IsWindow
GetClientRect
BeginPaint
EndPaint
SetRect

gdi32

CreateCompatibleDC
SetDIBitsToDevice
GetDIBits
GetObjectA
CreateCompatibleBitmap
StretchBlt
BitBlt
CreateDIBSection
SelectObject
GetDeviceCaps
SetGraphicsMode
CreateFontW
GetGlyphIndicesW
GetGlyphOutlineW
DeleteObject
CreateICA
DeleteDC

ole32

CreateStreamOnHGlobal

Exports

Exports

GXBitmapCacheGet
GXBitmapCacheGetMemoryInUse
GXBitmapCacheGetMemoryQuota
GXBitmapCachePut
GXBitmapCacheRemove
GXBitmapCacheSetMemoryQuota
GXBitmapColorFill
GXBitmapCopyFromBitmap
GXBitmapCopyFromMemory
GXBitmapCopyToMemory
GXBitmapGetDpiX
GXBitmapGetDpiY
GXBitmapGetPalette
GXBitmapGetPixelFormat
GXBitmapGetSize
GXBitmapLock
GXBitmapNotifyChanged
GXBitmapSaveToFile
GXBitmapSaveToHBITMAP
GXBitmapSetOffscreenPainting
GXBitmapSetPalette
GXBitmapUnlock
GXCreateBitmap
GXCreateBitmapFromFile
GXCreateBitmapFromFileFrame
GXCreateBitmapFromHBITMAP
GXCreateBitmapFromMemory
GXCreateBrushBitmap
GXCreateBrushGradient
GXCreateBrushSolid
GXCreateBrushSolidARGB
GXCreateFontFace
GXCreateGeometry
GXCreateGradientLinear
GXCreateGradientRadial
GXCreateGradientTriMesh
GXCreatePalette
GXCreateRegion
GXCreateRegionFromRect
GXCreateRenderTargetBitmap
GXCreateRenderTargetHDC
GXCreateRenderTargetHWND
GXCreateRenderTargetPrintDC
GXEnableHWAccelerationForThread
GXFontFaceCalculateTextBound
GXGeometryBeginFigure
GXGeometryCombine
GXGeometryConicCurveTo
GXGeometryCopy
GXGeometryCubicCurveTo
GXGeometryEllipse
GXGeometryEmpty
GXGeometryEndFigure
GXGeometryEndFigureClose
GXGeometryGetBound
GXGeometryGetCurrentPoint
GXGeometryGetFillRule
GXGeometryHitTest
GXGeometryLineTo
GXGeometryPointsEqual
GXGeometryRectangle
GXGeometryRoundRectangle
GXGeometrySendToSink
GXGeometrySetFillRule
GXGeometryTransform
GXGeometryWiden
GXObjectAcquire
GXObjectRelease
GXPaletteGetColor
GXPaletteGetColors
GXPaletteGetNumColors
GXRegionCombine
GXRegionCombineRect
GXRegionContains
GXRegionContainsPoint
GXRegionContainsRect
GXRegionEnumRects
GXRegionGetBound
GXRegionHasIntersection
GXRegionHasIntersectionWithRect
GXRegionIsAreaEmpty
GXRegionOffset
GXRenderTargetBeginLayer
GXRenderTargetBeginPaint
GXRenderTargetClear
GXRenderTargetClipEllipse
GXRenderTargetClipGeometry
GXRenderTargetClipRect
GXRenderTargetConcatCTM
GXRenderTargetDrawBitmap
GXRenderTargetDrawGradient
GXRenderTargetEndLayer
GXRenderTargetEndPaint
GXRenderTargetFillEllipse
GXRenderTargetFillGeometry
GXRenderTargetFillMask
GXRenderTargetFillRect
GXRenderTargetFillText
GXRenderTargetFillTextGeometry
GXRenderTargetGetCTM
GXRenderTargetGetPixelFormat
GXRenderTargetGetSize
GXRenderTargetInvertRect
GXRenderTargetPopState
GXRenderTargetPushState
GXRenderTargetRotateCTM
GXRenderTargetScaleCTM
GXRenderTargetSetBlendMode
GXRenderTargetSetCTM
GXRenderTargetSetOpacityMask
GXRenderTargetSetShapeMask
GXRenderTargetSetStrokeAdjustment
GXRenderTargetStretchBitmap
GXRenderTargetStrokeEllipse
GXRenderTargetStrokeGeometry
GXRenderTargetStrokeLine
GXRenderTargetStrokeRect
GXRenderTargetTranslateCTM

Sections

.text
Size: 746KB - Virtual size: 746KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 314KB - Virtual size: 314KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d5dce1f69c5b89263c57899d7c514666

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

09:90:fb:6f:d4:13:03:58:16:e4:87:59:da:ee:71:f2Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

09:90:fb:6f:d4:13:03:58:16:e4:87:59:da:ee:71:f2Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6Certificate

Extended Key Usages

Key Usages

bf:7c:52:ec:2b:63:e1:22:b9:70:25:2d:c4:81:df:00:3d:a0:07:e8:7f:18:32:80:39:1c:c0:90:6b:f0:5d:9eSigner

19:99:4d:55:22:53:98:2c:4f:84:2c:a2:6a:f5:d7:86:4f:c0:30:a7Signer

Headers

DLL Characteristics

File Characteristics

Imports

gdiplus

kernel32

user32

gdi32

ole32

Exports

Exports

Sections

.text Size: 746KB - Virtual size: 746KB

.rdata Size: 314KB - Virtual size: 314KB

.data Size: 33KB - Virtual size: 41KB

.pdata Size: 42KB - Virtual size: 42KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 8KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

09:90:fb:6f:d4:13:03:58:16:e4:87:59:da:ee:71:f2
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

09:90:fb:6f:d4:13:03:58:16:e4:87:59:da:ee:71:f2
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

bf:7c:52:ec:2b:63:e1:22:b9:70:25:2d:c4:81:df:00:3d:a0:07:e8:7f:18:32:80:39:1c:c0:90:6b:f0:5d:9e
Signer

19:99:4d:55:22:53:98:2c:4f:84:2c:a2:6a:f5:d7:86:4f:c0:30:a7
Signer

.text
Size: 746KB - Virtual size: 746KB

.rdata
Size: 314KB - Virtual size: 314KB

.data
Size: 33KB - Virtual size: 41KB

.pdata
Size: 42KB - Virtual size: 42KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 8KB