8d246014ff04e775149242de962a8088

Sharing

Copy URL Twitter E-mail

General

Target

8d246014ff04e775149242de962a8088
Size

6.4MB
MD5

8d246014ff04e775149242de962a8088
SHA1

3de000f77f021de48749804d0962604152c1e97a
SHA256

0bc3e5b080a0100fc8e73601b29efed37042668088185df0caa989c29e66d4b3
SHA512

8034b1d896f58ed757b4ef46177ec7401693ecd2ba91aabf3cc35f5c09f8bc1452a393718a61a405753b617406ac9856cef5a216e096dadac15a082e47667048
SSDEEP

49152:a5UhFy1l1pdXF7VhzV8QujbKNmipk6EdZdDvv08nv5sXrQP/iU4Onnxqke7eKAJc:8FvXfNi6EdZdeXruNJnokEeKAJgb

Score

1^/10

Malware Config

Signatures

Files

8d246014ff04e775149242de962a8088
.dll windows:5 windows x64 arch:x64

642715daab25c2ca59acaa9e16081262

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:31:89:c6:37:e8
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

02/08/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:2c:cb:a9:49:bb:94:24:e9:8f:41:6f:ad:41
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

02/08/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:ad:ec:c1:3b:23:21:78:af:9e:c4:d6:31:5a:dd:de:80
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

21/04/2016, 10:04

Not After

22/04/2017, 10:04

Subject

CN=WinZip Computing LLC,OU=IT Infrastructure,O=WinZip Computing LLC,L=Mansfield,ST=CT,C=US,1.2.840.113549.1.9.1=#0c0f68656c704077696e7a69702e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:37:e8
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

02/08/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:2c:cb:a9:49:bb:94:24:e9:8f:41:6f:ad:41
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

02/08/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:ad:ec:c1:3b:23:21:78:af:9e:c4:d6:31:5a:dd:de:80
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

21/04/2016, 10:04

Not After

22/04/2017, 10:04

Subject

CN=WinZip Computing LLC,OU=IT Infrastructure,O=WinZip Computing LLC,L=Mansfield,ST=CT,C=US,1.2.840.113549.1.9.1=#0c0f68656c704077696e7a69702e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2d:4e:86:50:85:be:e0:0e:13:72:28:b3:d0:b1:32:e9
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 2,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2a:e4:44:dd:d4:a4:8f:62:26:3a:8d:2f:1a:08:4d:33:6d:59:d2:44:53:8f:6a:2f:d7:f3:f8:5e:03:9e:4e:a8
Signer

Actual PE Digest

2a:e4:44:dd:d4:a4:8f:62:26:3a:8d:2f:1a:08:4d:33:6d:59:d2:44:53:8f:6a:2f:d7:f3:f8:5e:03:9e:4e:a8

Digest Algorithm

sha256

PE Digest Matches

true

e0:9f:ae:3a:7a:21:91:9f:40:3e:2d:aa:66:84:c8:9a:dc:b8:d5:26
Signer

Actual PE Digest

e0:9f:ae:3a:7a:21:91:9f:40:3e:2d:aa:66:84:c8:9a:dc:b8:d5:26

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

SMProvider64.pdb

Imports

msimg32

AlphaBlend

ws2_32

WSAStartup
gethostname
ioctlsocket
listen
accept
sendto
recvfrom
freeaddrinfo
getaddrinfo
WSAIoctl
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
closesocket
bind
send
recv
WSASetLastError
select
__WSAFDIsSet
WSAGetLastError
WSACleanup
shutdown

wldap32

ord46
ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord60
ord211
ord143

comctl32

ord410
ord412
ord413
_TrackMouseEvent
ImageList_Create
ImageList_Destroy
ImageList_GetIcon
ord17

shlwapi

PathFindFileNameW

kernel32

SetEvent
CreateEventA
OpenEventW
CloseHandle
GetModuleFileNameW
SetThreadUILanguage
GetUserDefaultUILanguage
VerSetConditionMask
FreeLibrary
VerifyVersionInfoW
LoadLibraryExW
HeapFree
HeapAlloc
GetProcessHeap
GetProcAddress
MulDiv
GetCurrentDirectoryW
SetLastError
GetSystemDirectoryW
GetWindowsDirectoryW
GetModuleHandleW
LoadLibraryW
GetLocaleInfoW
WaitForSingleObjectEx
CreateFileW
FlushFileBuffers
GetDriveTypeW
GetFileType
GetFullPathNameW
ReadFile
SetEndOfFile
SetFilePointerEx
WriteFile
OutputDebugStringW
GetLastError
QueryPerformanceCounter
Sleep
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
LocalFree
MapViewOfFile
FormatMessageW
FileTimeToSystemTime
SystemTimeToFileTime
MultiByteToWideChar
WideCharToMultiByte
GetSystemTimeAsFileTime
IsBadReadPtr
IsBadWritePtr
DecodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LoadResource
LockResource
SizeofResource
FindResourceW
FreeResource
GlobalAlloc
GlobalSize
GlobalLock
GlobalUnlock
GlobalFree
EnterCriticalSection
LeaveCriticalSection
lstrcmpiW
GetACP
InitializeCriticalSection
SleepEx
VerifyVersionInfoA
FormatMessageA
WaitForSingleObject
WaitForMultipleObjects
GetStdHandle
PeekNamedPipe
LoadLibraryA
ExpandEnvironmentStringsA
RtlVirtualUnwind
GlobalMemoryStatus
FlushConsoleInputBuffer
FindResourceExW
GetSystemDefaultUILanguage
SearchPathW
UnmapViewOfFile
CreateWaitableTimerA
ResumeThread
SetWaitableTimer
ReleaseSemaphore
WaitForMultipleObjectsEx
GetModuleHandleA
OpenEventA
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlLookupFunctionEntry
RtlCaptureContext
ResetEvent
GetCPInfo
LCMapStringW
CompareStringW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
CreateEventW
EncodePointer
GetStringTypeW
CreateFileMappingW
GetVersionExW
RtlPcToFileHeader
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
SystemTimeToTzSpecificLocalTime
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
WriteConsoleW
SetEnvironmentVariableA
ExitProcess
SetConsoleCtrlHandler
GetConsoleMode
ReadConsoleInputA
SetConsoleMode
GetTimeZoneInformation
HeapReAlloc
ReadConsoleW
GetConsoleCP
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetStdHandle
HeapSize
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetCommandLineA
GetCommandLineW

user32

SetFocus
CreatePopupMenu
DestroyMenu
AppendMenuW
TrackPopupMenu
GetWindowLongW
SetWindowLongW
SetParent
LoadCursorW
SetScrollInfo
GetScrollInfo
GetClassLongPtrW
SetClassLongPtrW
GetComboBoxInfo
DrawTextExW
DestroyIcon
DrawIconEx
GetProcessWindowStation
GetUserObjectInformationW
DefWindowProcW
PostMessageW
ReleaseCapture
SetCapture
IsDlgButtonChecked
CheckDlgButton
MapDialogRect
AnimateWindow
TrackMouseEvent
CharNextW
GetPropW
InflateRect
FrameRect
FillRect
DrawFocusRect
GetClassInfoExW
SetPropW
EndPaint
BeginPaint
GetWindowDC
UpdateWindow
IsWindowEnabled
GetKeyState
GetFocus
MessageBoxW
DialogBoxIndirectParamW
SystemParametersInfoW
LoadImageW
GetDesktopWindow
PtInRect
IsRectEmpty
SetRectEmpty
GetSystemMetrics
IsIconic
GetWindow
GetClassNameW
GetParent
GetSysColor
ScreenToClient
DrawTextW
GetDlgCtrlID
CreateDialogParamW
IsWindowVisible
SetWindowPos
DestroyWindow
IsWindow
GetWindowTextLengthW
GetWindowTextW
GetClientRect
CreateWindowExW
RegisterClassExW
DialogBoxParamW
GetDlgItem
SendDlgItemMessageW
GetSystemMenu
MonitorFromPoint
GetWindowRect
GetDC
MonitorFromRect
SetTimer
GetMonitorInfoW
MapWindowPoints
MoveWindow
KillTimer
EnableMenuItem
InvalidateRect
ReleaseDC
GetCursorPos
EnableWindow
SendMessageW
MsgWaitForMultipleObjects
DispatchMessageW
PeekMessageW
LoadBitmapW
TranslateMessage
LoadIconW
PostQuitMessage
SetWindowLongPtrW
EndDialog
SetWindowTextW
GetWindowLongPtrW
LoadStringW
ShowWindow

gdi32

SetDCBrushColor
GetTextExtentPoint32W
TextOutW
Ellipse
SetBkColor
MoveToEx
LineTo
CreatePen
CreateCompatibleBitmap
BitBlt
CreateFontIndirectW
GetObjectW
SetTextColor
CreateSolidBrush
CreateFontW
SetDIBits
SelectObject
GetDIBits
GetBkColor
DeleteDC
GetDeviceCaps
SetBkMode
DeleteObject
GetStockObject
CreateCompatibleDC

advapi32

RegCreateKeyExW
RegDeleteValueW
RegCloseKey
SystemFunction036
RegOpenKeyExW
RegEnumValueW
RegQueryValueExW
RegDeleteKeyW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegEnumKeyExW
RegQueryInfoKeyW
RegOpenKeyW
RegSetValueExW

ole32

CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc

oleaut32

VarUI4FromStr

Exports

Exports

CreateWzWXFFacebookProvider
CreateWzWXFLinkedInProvider
CreateWzWXFTwitterProvider
CreateWzWXFYoutubeProvider

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 651KB - Virtual size: 651KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 291KB - Virtual size: 428KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 188KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 1024B - Virtual size: 604B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

642715daab25c2ca59acaa9e16081262

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:37:e8Certificate

Extended Key Usages

Key Usages

47:2c:cb:a9:49:bb:94:24:e9:8f:41:6f:ad:41Certificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

11:21:ad:ec:c1:3b:23:21:78:af:9e:c4:d6:31:5a:dd:de:80Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:37:e8Certificate

Extended Key Usages

Key Usages

47:2c:cb:a9:49:bb:94:24:e9:8f:41:6f:ad:41Certificate

Extended Key Usages

Key Usages

11:21:ad:ec:c1:3b:23:21:78:af:9e:c4:d6:31:5a:dd:de:80Certificate

Extended Key Usages

Key Usages

2d:4e:86:50:85:be:e0:0e:13:72:28:b3:d0:b1:32:e9Certificate

Extended Key Usages

Key Usages

Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

2a:e4:44:dd:d4:a4:8f:62:26:3a:8d:2f:1a:08:4d:33:6d:59:d2:44:53:8f:6a:2f:d7:f3:f8:5e:03:9e:4e:a8Signer

e0:9f:ae:3a:7a:21:91:9f:40:3e:2d:aa:66:84:c8:9a:dc:b8:d5:26Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msimg32

ws2_32

wldap32

comctl32

shlwapi

kernel32

user32

gdi32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 651KB - Virtual size: 651KB

.data Size: 291KB - Virtual size: 428KB

.pdata Size: 188KB - Virtual size: 188KB

.gfids Size: 1024B - Virtual size: 604B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 3.1MB - Virtual size: 3.1MB

.reloc Size: 32KB - Virtual size: 31KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

04:00:00:00:00:01:31:89:c6:37:e8
Certificate

47:2c:cb:a9:49:bb:94:24:e9:8f:41:6f:ad:41
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

11:21:ad:ec:c1:3b:23:21:78:af:9e:c4:d6:31:5a:dd:de:80
Certificate

04:00:00:00:00:01:31:89:c6:37:e8
Certificate

47:2c:cb:a9:49:bb:94:24:e9:8f:41:6f:ad:41
Certificate

11:21:ad:ec:c1:3b:23:21:78:af:9e:c4:d6:31:5a:dd:de:80
Certificate

2d:4e:86:50:85:be:e0:0e:13:72:28:b3:d0:b1:32:e9
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

2a:e4:44:dd:d4:a4:8f:62:26:3a:8d:2f:1a:08:4d:33:6d:59:d2:44:53:8f:6a:2f:d7:f3:f8:5e:03:9e:4e:a8
Signer

e0:9f:ae:3a:7a:21:91:9f:40:3e:2d:aa:66:84:c8:9a:dc:b8:d5:26
Signer

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 651KB - Virtual size: 651KB

.data
Size: 291KB - Virtual size: 428KB

.pdata
Size: 188KB - Virtual size: 188KB

.gfids
Size: 1024B - Virtual size: 604B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 3.1MB - Virtual size: 3.1MB

.reloc
Size: 32KB - Virtual size: 31KB