8e3f82b3e0aa12d77a44a77b9ea1782b

Sharing

Copy URL Twitter E-mail

General

Target

8e3f82b3e0aa12d77a44a77b9ea1782b
Size

321KB
MD5

8e3f82b3e0aa12d77a44a77b9ea1782b
SHA1

6527c3b668ac14f6941fff85fed8d8756de71211
SHA256

091a33b86c549b6b1f71d52fc2abff06ab3edf269b2583b289d4d987b87a5b0c
SHA512

aa77ab3da37c5077660314167bd0019122631bce9f69d34be011e9def371fce02c338240b19046aadb125738d298880a92710fc3db5a415256cf4c74d399f5f4
SSDEEP

6144:X6vWVi08iFAaEUTutistugZjAOdt09JzGhF:XKbU2iszvm0hF

Score

1^/10

Malware Config

Signatures

Files

8e3f82b3e0aa12d77a44a77b9ea1782b
.dll windows:4 windows x86 arch:x86

a3c562a180fd7a0992ecf21d1a3cc490

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/01/2010, 00:00

Not After

25/01/2013, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

13:fa:db:30:70:a8:53:5b:32:d1:6f:f1:d9:70:fa:58:a9:d5:79:be
Signer

Actual PE Digest

13:fa:db:30:70:a8:53:5b:32:d1:6f:f1:d9:70:fa:58:a9:d5:79:be

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\QT\Code\AIO\Audio_proj\branches\qt_celt\app\TRAE_QT\release\AudioHook.pdb

Imports

kernel32

GlobalFindAtomW
WritePrivateProfileStringW
GlobalFlags
ReadFile
FlushFileBuffers
HeapFree
HeapAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
CreateThread
GetCommandLineA
GetProcessHeap
RtlUnwind
HeapReAlloc
RaiseException
HeapSize
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
GetStdHandle
GetModuleFileNameA
GetConsoleCP
GetConsoleMode
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
CreateFileA
GetVersionExA
InterlockedIncrement
GetThreadLocale
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GlobalAddAtomW
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
GetLocaleInfoW
InterlockedExchange
lstrcmpW
GetCurrentThreadId
InterlockedDecrement
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
LocalFree
lstrlenW
GetModuleFileNameW
SetEvent
CreateEventA
GetLastError
CreateFileMappingA
CreateMutexA
ReleaseMutex
TerminateProcess
WideCharToMultiByte
WriteFile
UnmapViewOfFile
MapViewOfFile
SetFilePointer
VirtualProtect
LoadLibraryA
SetLastError
GetCurrentProcess
GetModuleHandleA
FlushInstructionCache
WaitForSingleObject
Sleep
DeleteCriticalSection
OutputDebugStringW
LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
VirtualQueryEx
CloseHandle
VirtualProtectEx
GetCurrentProcessId
OpenProcess
OutputDebugStringA
SizeofResource
GetCommandLineW
LoadResource
GetProcAddress
MultiByteToWideChar
FreeLibrary
FindResourceW
GetModuleHandleW
LockResource
LoadLibraryW
ExitProcess
DisableThreadLibraryCalls

user32

ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
ShowWindow
SetWindowTextW
RegisterWindowMessageW
LoadIconW
WinHelpW
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
SetWindowLongW
SetWindowPos
IsIconic
GetWindowPlacement
GetWindowRect
GetWindow
LoadCursorW
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
GetWindowTextW
UnregisterClassW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuW
EnableMenuItem
CheckMenuItem
DestroyMenu
SetCursor
PostMessageW
PostQuitMessage
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
UnhookWindowsHookEx
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetWindowThreadProcessId
SendMessageW
GetParent
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxW
SystemParametersInfoA
UnregisterClassA

gdi32

DeleteDC
GetStockObject
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetDeviceCaps
DeleteObject
SetMapMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
CreateBitmap

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegOpenKeyW
RegCloseKey

shlwapi

PathFindExtensionW
PathFindFileNameW

ole32

StringFromIID

oleaut32

VariantInit
VariantChangeType
VariantClear

winmm

waveOutGetPosition
timeGetTime

Exports

Exports

?AudioHookerExportFunction@@YAXXZ

Sections

.text
Size: 200KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a3c562a180fd7a0992ecf21d1a3cc490

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0Certificate

Extended Key Usages

Key Usages

13:fa:db:30:70:a8:53:5b:32:d1:6f:f1:d9:70:fa:58:a9:d5:79:beSigner

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shlwapi

ole32

oleaut32

winmm

Exports

Exports

Sections

.text Size: 200KB - Virtual size: 196KB

.rdata Size: 56KB - Virtual size: 55KB

.data Size: 12KB - Virtual size: 124KB

.rsrc Size: 16KB - Virtual size: 14KB

.reloc Size: 28KB - Virtual size: 25KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

13:fa:db:30:70:a8:53:5b:32:d1:6f:f1:d9:70:fa:58:a9:d5:79:be
Signer

.text
Size: 200KB - Virtual size: 196KB

.rdata
Size: 56KB - Virtual size: 55KB

.data
Size: 12KB - Virtual size: 124KB

.rsrc
Size: 16KB - Virtual size: 14KB

.reloc
Size: 28KB - Virtual size: 25KB