SecuriteInfo[.]com[.]Adware[.]Funshion[.]26858[.]3560[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

SecuriteInfo.com.Adware.Funshion.26858.3560.dll
Size

862KB
MD5

eb01cd0387686a5f895897aad01037f7
SHA1

ff6462a2fd371a4276716ae7b5285c03f36f2dc9
SHA256

8b4c5e66e941d6baacd8e0469eed2a34d59d71ed1ef33bda12b84ac2a308d84a
SHA512

32d72aa6fbcb0bf50008bdb709eb29e41bca722f7943cb5e844b5663e338a73d01c71ef3749205e9a2a00651433aada3e211f60d240d8f71fbd03eb612c2dc73
SSDEEP

24576:w0bJ7dNz7Kju5zZNEx4SpxdCh/WuGinMq:wSUUAxbM8Hq

Score

1^/10

Malware Config

Signatures

Files

SecuriteInfo.com.Adware.Funshion.26858.3560.dll
.dll regsvr32 windows:5 windows x86 arch:x86

66d9f9c2a18cd472e6315f7fb6add07f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

72:69:eb:e2:99:6a:28:0c:c4:0d:e7:d2:a7:1b:08:8d
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

23/07/2012, 00:00

Not After

02/08/2014, 23:59

Subject

CN=Beijing Funshion Online Technologies Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Beijing Funshion Online Technologies Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7e:93:26:6c:20:a1:d7:d5:57:6b:04:68:c4:41:ff:9f:ca:25:2d:74
Signer

Actual PE Digest

7e:93:26:6c:20:a1:d7:d5:57:6b:04:68:c4:41:ff:9f:ca:25:2d:74

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ole32

CoInitialize
CoCreateInstance
CoFreeUnusedLibraries
CoTaskMemRealloc
CoTaskMemAlloc
CoUninitialize
StringFromGUID2
CoTaskMemFree

gdi32

GetStockObject

user32

TrackPopupMenu
PostMessageW
DestroyMenu
GetCursorPos
EnumThreadWindows
PostQuitMessage
GetWindowLongW
SetForegroundWindow
GetWindow
SetWindowLongW
RegisterClassExW
DestroyIcon
TranslateMessage
GetMessageW
GetDesktopWindow
SetWindowPos
DispatchMessageW
DestroyWindow
UnregisterClassW
DefWindowProcW
LoadIconW
LoadCursorW
RegisterClassW
CreateWindowExW
GetShellWindow
SetRect
GetWindowRect
SendMessageW
LoadImageW

shlwapi

PathFindFileNameW
PathFindExtensionW

d3d9

Direct3DCreate9

avutil-52

av_reduce
av_frame_unref
av_realloc_f
av_frame_free
av_get_picture_type_char
av_mallocz
av_frame_alloc
av_cpu_count
av_log_set_callback
av_free
av_frame_ref
av_get_cpu_flags
av_buffer_create
av_malloc
av_realloc
av_rescale
av_freep

avcodec-55

av_init_packet
avcodec_close
av_parser_close
av_packet_new_side_data
av_parser_init
avcodec_alloc_context3
avcodec_find_decoder
avcodec_register_all
av_parser_parse2
avcodec_open2
avcodec_decode_video2
ff_cropTbl
avsubtitle_free
avcodec_decode_subtitle2
avcodec_flush_buffers
avpriv_find_start_code

swscale-2

sws_getCoefficients
sws_getColorspaceDetails
sws_scale
sws_getCachedContext
sws_freeContext
sws_setColorspaceDetails

kernel32

LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetFileType
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
HeapSize
HeapReAlloc
WriteFile
GetStdHandle
WideCharToMultiByte
GetModuleHandleExW
ExitProcess
GetProcessHeap
VirtualProtect
GetStartupInfoW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
UnregisterWaitEx
InitializeSListHead
GetCurrentProcessId
QueryPerformanceCounter
ExitThread
RtlUnwind
GetCommandLineA
GetSystemTimeAsFileTime
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
LoadLibraryExW
LoadLibraryW
GetProcAddress
Sleep
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleFileNameW
ResetEvent
CloseHandle
WaitForSingleObject
InterlockedExchange
SetEvent
WaitForMultipleObjects
MultiByteToWideChar
GetLastError
InitializeCriticalSectionAndSpinCount
RaiseException
DecodePointer
InterlockedIncrement
InterlockedDecrement
LocalAlloc
VirtualAlloc
VirtualFree
GetCurrentProcess
GetCurrentThreadId
ReleaseSemaphore
DuplicateHandle
lstrcmpW
CreateEventW
CreateSemaphoreW
CreateThread
GetCurrentThread
SetThreadPriority
GetThreadPriority
GetTickCount
GetModuleHandleW
GetVersionExW
lstrlenA
lstrlenW
GetModuleFileNameA
DisableThreadLibraryCalls
OutputDebugStringW
SetLastError
IsDebuggerPresent
FlushFileBuffers
GetConsoleCP
GetConsoleMode
GetStringTypeW
FreeLibrary
SetFilePointerEx
SetStdHandle
WriteConsoleW
CreateFileW
HeapAlloc
HeapFree
CreateTimerQueue
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
SignalObjectAndWait
WaitForSingleObjectEx
IsProcessorFeaturePresent
EncodePointer

advapi32

RegCreateKeyExW
RegSetValueExW
RegSetValueW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyW
RegCloseKey
RegDeleteValueW

oleaut32

OleCreatePropertyFrame

shell32

Shell_NotifyIconW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
OpenConfiguration

Sections

.text
Size: 719KB - Virtual size: 719KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

66d9f9c2a18cd472e6315f7fb6add07f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

72:69:eb:e2:99:6a:28:0c:c4:0d:e7:d2:a7:1b:08:8dCertificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

7e:93:26:6c:20:a1:d7:d5:57:6b:04:68:c4:41:ff:9f:ca:25:2d:74Signer

Headers

DLL Characteristics

File Characteristics

Imports

ole32

gdi32

user32

shlwapi

d3d9

avutil-52

avcodec-55

swscale-2

kernel32

advapi32

oleaut32

shell32

Exports

Exports

Sections

.text Size: 719KB - Virtual size: 719KB

.rdata Size: 81KB - Virtual size: 81KB

.data Size: 19KB - Virtual size: 27KB

.rsrc Size: 10KB - Virtual size: 9KB

.reloc Size: 25KB - Virtual size: 25KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

72:69:eb:e2:99:6a:28:0c:c4:0d:e7:d2:a7:1b:08:8d
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

7e:93:26:6c:20:a1:d7:d5:57:6b:04:68:c4:41:ff:9f:ca:25:2d:74
Signer

.text
Size: 719KB - Virtual size: 719KB

.rdata
Size: 81KB - Virtual size: 81KB

.data
Size: 19KB - Virtual size: 27KB

.rsrc
Size: 10KB - Virtual size: 9KB

.reloc
Size: 25KB - Virtual size: 25KB