7697771f6f84c63eb75e9c52274cfafc

Sharing

Copy URL Twitter E-mail

General

Target

7697771f6f84c63eb75e9c52274cfafc
Size

282KB
MD5

7697771f6f84c63eb75e9c52274cfafc
SHA1

39de43fd936562ec3fce3f5d5ef2d3ec6de4b3df
SHA256

b7c6f3eed5e59df56e7ad36cb3275180c87b7116de9908b6d217b819a35de110
SHA512

86d8672d66ba2f4d5fa658322812ee171dc31c3d935f5dfe289d2efee1d4339a51e332e36d3e693aa7ad99f869814f15f44515b00c36ce36ac881aca84e2da77
SSDEEP

6144:Aks/l/qRjNt8S4DUR/PsDU8zFb0qI1c/Sud0pC8D++GRc:AqRj/8SkC/CUI0qI1YHkapRc

Score

1^/10

Malware Config

Signatures

Files

7697771f6f84c63eb75e9c52274cfafc
.dll windows:5 windows x86 arch:x86

2188fbd0c221deb2e974aa6fe441011e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:ea:01:ed:9b:78:69:52:ac:30:f0:9d:ac:70:63:08
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/03/2019, 00:00

Not After

16/03/2022, 12:00

Subject

CN=Shanghai Eff-Soft Information Technology Co.\, Ltd,OU=IT,O=Shanghai Eff-Soft Information Technology Co.\, Ltd,L=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a0:a8:21:a1:3e:45:c7:54:6a:02:59:dd:93:bb:a2:cb:a7:33:7b:fc
Signer

Actual PE Digest

a0:a8:21:a1:3e:45:c7:54:6a:02:59:dd:93:bb:a2:cb:a7:33:7b:fc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

gdi32

DeleteObject
CreateCompatibleDC
CreateDIBSection
CreateCompatibleBitmap
SelectObject
GetDIBits
BitBlt
DeleteDC

winmm

waveInGetNumDevs
waveInOpen
waveInPrepareHeader
waveInAddBuffer
waveInStart
waveOutPrepareHeader
waveInUnprepareHeader
waveInClose
waveOutReset
waveOutUnprepareHeader
waveOutClose
waveOutOpen
waveOutGetNumDevs
waveInReset
waveOutWrite
waveInStop

ws2_32

ntohl
gethostname
__WSAFDIsSet
recvfrom
sendto
listen
WSAStartup
WSACleanup
connect
htons
gethostbyname
socket
ntohs
recv
closesocket
select
send
WSAGetLastError
accept
setsockopt
inet_addr
htonl
inet_ntoa
getsockname
bind
getpeername

wininet

InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle

setupapi

SetupDiSetClassInstallParamsA
SetupDiDestroyDeviceInfoList
SetupDiDestroyClassImageList
SetupDiGetDeviceInstanceIdA
SetupDiGetClassDescriptionA
SetupDiGetClassImageIndex
SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiGetClassImageList
SetupDiGetClassDevsA
CM_Get_DevNode_Status
SetupDiGetDeviceInstallParamsA
SetupDiCallClassInstaller

kernel32

CreateEventA
CloseHandle
TerminateThread
WaitForSingleObject
SetEvent
ResumeThread
CreateThread
InitializeCriticalSection
DeleteCriticalSection
VirtualFree
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
ResetEvent
lstrcpyA
InterlockedExchange
CancelIo
Sleep
GetSystemTimes
GetTickCount
GetLogicalDriveStringsA
GetLastError
LocalFree
LocalAlloc
OutputDebugStringA
DeleteFileA
CreateDirectoryA
GetFileAttributesA
lstrlenA
CreateProcessA
lstrcatA
GetDriveTypeA
GetDiskFreeSpaceExA
GetVolumeInformationA
FindClose
FindNextFileA
LocalReAlloc
FindFirstFileA
RemoveDirectoryA
GetFileSize
CreateFileA
ReadFile
SetFilePointer
WriteFile
MoveFileA
GetModuleFileNameA
SetLastError
GetSystemDirectoryA
GetVersionExA
GetCurrentProcess
GetProcAddress
LoadLibraryA
OpenProcess
MultiByteToWideChar
MapViewOfFile
CreateFileMappingA
HeapFree
HeapAlloc
GetProcessHeap
UnmapViewOfFile
GlobalMemoryStatusEx
Process32Next
GetProcessHandleCount
Process32First
CreateToolhelp32Snapshot
LocalSize
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
GetStartupInfoA
CreatePipe
DisconnectNamedPipe
TerminateProcess
PeekNamedPipe
WaitForMultipleObjects
GetSystemInfo
OpenFileMappingA
ReleaseMutex
OpenEventA
SetErrorMode
CreateMutexA
OpenMutexA
SetUnhandledExceptionFilter
GetModuleHandleA
FreeConsole
QueryDosDeviceA
GetWindowsDirectoryA
InterlockedDecrement
WideCharToMultiByte
lstrlenW
lstrcmpiA
GetCurrentThreadId
RtlUnwind
RaiseException
UnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
GetModuleHandleW
ExitProcess
ExitThread
GetCommandLineA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
HeapCreate
HeapDestroy
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
SetHandleCount
GetFileType
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers

user32

CloseDesktop
SetThreadDesktop
OpenInputDesktop
GetUserObjectInformationA
GetThreadDesktop
OpenDesktopA
PostMessageA
CreateWindowExA
CloseWindow
IsWindow
OpenWindowStationA
SetProcessWindowStation
GetCursorInfo
GetCursorPos
ReleaseDC
GetDesktopWindow
GetDC
SetRect
GetSystemMetrics
GetClipboardData
OpenClipboard
EnumWindows
CloseClipboard
IsWindowVisible
GetWindowThreadProcessId
WindowFromPoint
SetCapture
DispatchMessageA
TranslateMessage
GetMessageA
MessageBoxA
mouse_event
CharNextA
SetClipboardData
wsprintfA
GetLastInputInfo
ExitWindowsEx
GetWindowTextA
MapVirtualKeyA
keybd_event
LoadCursorA
SystemParametersInfoA
EmptyClipboard
GetProcessWindowStation
SendMessageA
DestroyCursor
BlockInput
SetCursorPos

advapi32

RegDeleteValueA
RegQueryValueExA
RegOpenKeyExA
RegQueryValueA
CloseServiceHandle
DeleteService
ControlService
QueryServiceStatus
OpenServiceA
OpenSCManagerA
RegSetValueExA
DuplicateTokenEx
SetTokenInformation
CreateProcessAsUserA
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceA
LockServiceDatabase
ChangeServiceConfigA
UnlockServiceDatabase
QueryServiceConfigA
QueryServiceConfig2A
EnumServicesStatusA
RegQueryInfoKeyA
RegDeleteKeyA
RegCloseKey
RegEnumKeyExA
RegEnumValueA
InitializeSecurityDescriptor
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
FreeSid
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenEventLogA
ClearEventLogA
CloseEventLog
RegCreateKeyExA
RegOpenKeyA

ole32

CoUninitialize
CoInitializeSecurity
CoCreateInstance
CoInitializeEx
CoTaskMemFree
CoInitialize

shell32

SHGetFileInfoA

oleaut32

SysAllocStringByteLen
SysFreeString
SysStringByteLen
VariantInit
SysAllocString
SystemTimeToVariantTime
VariantClear

netapi32

NetUserAdd
NetLocalGroupAddMembers

psapi

EnumProcessModules
GetProcessImageFileNameA
GetModuleFileNameExA

avicap32

capCreateCaptureWindowA
capGetDriverDescriptionA

msvfw32

ICSendMessage
ICClose
ICCompressorFree
ICSeqCompressFrame
ICSeqCompressFrameStart
ICSeqCompressFrameEnd
ICOpen

wtsapi32

WTSQueryUserToken

Exports

Exports

ServiceMain
dseMgrMain
dseMgrMain2

Sections

.text
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2188fbd0c221deb2e974aa6fe441011e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

61:1c:b2:8a:00:00:00:00:00:26Certificate

Key Usages

0c:ea:01:ed:9b:78:69:52:ac:30:f0:9d:ac:70:63:08Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

a0:a8:21:a1:3e:45:c7:54:6a:02:59:dd:93:bb:a2:cb:a7:33:7b:fcSigner

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

winmm

ws2_32

wininet

setupapi

kernel32

user32

advapi32

ole32

shell32

oleaut32

netapi32

psapi

avicap32

msvfw32

wtsapi32

Exports

Exports

Sections

.text Size: 204KB - Virtual size: 204KB

.rdata Size: 44KB - Virtual size: 44KB

.data Size: 8KB - Virtual size: 142KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 15KB - Virtual size: 14KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

61:1c:b2:8a:00:00:00:00:00:26
Certificate

0c:ea:01:ed:9b:78:69:52:ac:30:f0:9d:ac:70:63:08
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

a0:a8:21:a1:3e:45:c7:54:6a:02:59:dd:93:bb:a2:cb:a7:33:7b:fc
Signer

.text
Size: 204KB - Virtual size: 204KB

.rdata
Size: 44KB - Virtual size: 44KB

.data
Size: 8KB - Virtual size: 142KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 15KB - Virtual size: 14KB