78c3f27d5607e959146e1303e2f7cfd8

Sharing

Copy URL Twitter E-mail

General

Target

78c3f27d5607e959146e1303e2f7cfd8
Size

332KB
MD5

78c3f27d5607e959146e1303e2f7cfd8
SHA1

ca3569c4d07507e8dcfe889ef763dec811011dd6
SHA256

10a4e0d303dcb8fa31037a57ca28d6499a4fdab9866b7f21dd2c2a1e463d2b8e
SHA512

6e53a580975efb82448d098280ffd73b4a421345a9a804c1042d02c69ec62f25df377baba6927d7c8a46327406b913ff7bf126e93a8c209fe83d85d72717a557
SSDEEP

3072:nomqa7nqv7GKYyP93sGw2gZIt9onV/Vp7gkfDaSdFo+bECV5I9tbaCJwkSVu9w8X:omqa7gvYyP1sGx9w0COad+6i

Score

1^/10

Malware Config

Signatures

Files

78c3f27d5607e959146e1303e2f7cfd8
.dll windows:4 windows x86 arch:x86

3c4b9162da771d9f6084a1d49c4cafd0

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

75:8f:5e:e8:26:3b:66:94:71:9d:84:34:eb:99:86:08
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

31/10/2007, 00:00

Not After

24/11/2010, 23:59

Subject

CN=Symantec Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Symantec Research Labs,O=Symantec Corporation,L=Santa Monica,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:72:ff:a7:06:d7:64:bc:40:f3:dc:bc:9c:42:f1:df:38:4c:b1:93
Signer

Actual PE Digest

08:72:ff:a7:06:d7:64:bc:40:f3:dc:bc:9c:42:f1:df:38:4c:b1:93

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\p4workspaces\COH-r6.1.4\MultiSession\sessionHelper\ccAppPlugin\release\SesHlp.pdb

Imports

kernel32

GetProcAddress
GetFileAttributesW
SetFileAttributesW
FindClose
FindFirstChangeNotificationW
WaitForMultipleObjects
FindNextChangeNotification
FindCloseChangeNotification
FindFirstFileW
FindNextFileW
FreeLibrary
GetModuleFileNameW
LoadLibraryExW
DeleteFileW
VirtualQuery
VirtualProtect
DisableThreadLibraryCalls
CreateEventW
InterlockedDecrement
InterlockedIncrement
GetLastError
MultiByteToWideChar
lstrlenA
HeapFree
HeapReAlloc
HeapAlloc
ExitThread
GetCurrentThreadId
CreateThread
GetCommandLineA
GetVersionExA
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
RaiseException
HeapSize
WriteFile
GetStdHandle
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThread
ExitProcess
GetCPInfo
GetModuleFileNameA
GetOEMCP
IsValidCodePage
LCMapStringA
WideCharToMultiByte
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSection
RtlUnwind
LoadLibraryA
GetLocaleInfoA
InterlockedExchange
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
GetThreadLocale
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
GetLocalTime
CreateFileW
lstrlenW
GetWindowsDirectoryW
GetSystemDirectoryW
GetLongPathNameW
GetShortPathNameW
GetSystemInfo
GetVersionExW
GetModuleHandleW
LoadLibraryW
OpenProcess
GetThreadContext
TryEnterCriticalSection
ReadFile
GetFileSize
SetEndOfFile
CreateDirectoryW
lstrcpyW
DuplicateHandle
lstrcatW
SetEvent
Sleep
CreateSemaphoreW
CreateMutexW
OutputDebugStringW
ReleaseSemaphore
LocalFree
CloseHandle
WaitForSingleObject
GetACP
ReleaseMutex

advapi32

RegOpenKeyExW
RegEnumKeyExW
RegEnumValueW
RegSetValueExW
RegQueryValueExW
RegDeleteValueW
RegCloseKey
FreeSid
EqualSid
GetTokenInformation
OpenProcessToken
RegCreateKeyExW
OpenThreadToken
AllocateAndInitializeSid
CheckTokenMembership
ConvertSidToStringSidW
LookupPrivilegeNameW
LookupPrivilegeValueW
AdjustTokenPrivileges

shlwapi

SHDeleteKeyW
SHDeleteEmptyKeyW
PathAddBackslashW
PathFileExistsW
PathIsUNCW
PathSkipRootW

userenv

UnloadUserProfile

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

user32

CharPrevW
CharNextW
GetSystemMetrics
UnregisterClassA

shell32

SHGetSpecialFolderPathW

Exports

Exports

GetCCAppObjectID
GetFactory
GetObjectCount

Sections

.text
Size: 164KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3c4b9162da771d9f6084a1d49c4cafd0

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

75:8f:5e:e8:26:3b:66:94:71:9d:84:34:eb:99:86:08Certificate

Extended Key Usages

Key Usages

08:72:ff:a7:06:d7:64:bc:40:f3:dc:bc:9c:42:f1:df:38:4c:b1:93Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

advapi32

shlwapi

userenv

version

user32

shell32

Exports

Exports

Sections

.text Size: 164KB - Virtual size: 160KB

.rdata Size: 88KB - Virtual size: 87KB

.data Size: 8KB - Virtual size: 16KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 16KB - Virtual size: 13KB

.rsrc Size: 40KB - Virtual size: 40KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

75:8f:5e:e8:26:3b:66:94:71:9d:84:34:eb:99:86:08
Certificate

08:72:ff:a7:06:d7:64:bc:40:f3:dc:bc:9c:42:f1:df:38:4c:b1:93
Signer

.text
Size: 164KB - Virtual size: 160KB

.rdata
Size: 88KB - Virtual size: 87KB

.data
Size: 8KB - Virtual size: 16KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 16KB - Virtual size: 13KB

.rsrc
Size: 40KB - Virtual size: 40KB