8f50a7f957e31f68d993917bf132b04e8eb063763ce50302a932c1753a76d251

Sharing

Copy URL Twitter E-mail

General

Target

8f50a7f957e31f68d993917bf132b04e8eb063763ce50302a932c1753a76d251
Size

2.6MB
MD5

736a788d04fbfeafbc76e21ddcafcb4c
SHA1

ac1dbaae053d3d9204fb878546cce87bd39bc26b
SHA256

8f50a7f957e31f68d993917bf132b04e8eb063763ce50302a932c1753a76d251
SHA512

5792dc1bd580e4ace77a98fc74a5496a20787d4179594d543829630159cd1ee70193b2a21b9cf45d491e499933bcc25411b442b9b05fb8f181520ec8f9eef5f2
SSDEEP

49152:pr8DM50KiRb9a3K4Au+WlSOor+B0De35/2TUKzm4imV3Bjne/5yyGAu6MmXYN+/:prQIB6m4hopr/

Score

1^/10

Malware Config

Signatures

Files

8f50a7f957e31f68d993917bf132b04e8eb063763ce50302a932c1753a76d251
.dll windows:6 windows x64 arch:x64

654d46ac2ef87ad2261d7b2a3f91c4ac

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6c:59:ef:a9:e1:00:e1:0e:e3:06:ba:8f:e0:29:25:59
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

07/06/2012, 00:00

Not After

06/06/2022, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

34:5a:31:32:cb:83:af:1c:42:39:0e:30:6a:1d:f4:e5
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

14/01/2014, 00:00

Not After

07/01/2016, 23:59

Subject

SERIALNUMBER=2748129,CN=Adobe Systems Incorporated,OU=Premiere Pro\, AME\, After Effects\, Speedgrade,O=Adobe Systems Incorporated,L=San Jose,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ed:e6:e0:e0:d5:cb:08:e6:32:de:67:71:f2:b3:aa:f0:ad:5c:38:4c
Signer

Actual PE Digest

ed:e6:e0:e0:d5:cb:08:e6:32:de:67:71:f2:b3:aa:f0:ad:5c:38:4c

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

amtlib.pdb

Imports

iphlpapi

GetIfTable

winhttp

WinHttpSendRequest
WinHttpSetStatusCallback
WinHttpCrackUrl
WinHttpOpen
WinHttpCloseHandle
WinHttpConnect
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpQueryHeaders
WinHttpSetCredentials
WinHttpReceiveResponse
WinHttpAddRequestHeaders
WinHttpOpenRequest
WinHttpQueryDataAvailable
WinHttpReadData

setupapi

SetupDiGetDeviceInstanceIdW
CM_Get_DevNode_Status
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW
SetupDiGetDeviceRegistryPropertyW

shlwapi

PathFileExistsW
PathRemoveExtensionW
PathRenameExtensionW
PathAppendW
PathAddExtensionW
PathRemoveFileSpecW
PathFindFileNameW
PathIsFileSpecW
PathIsDirectoryW

kernel32

IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetModuleHandleW
GetStartupInfoW
TlsFree
CloseHandle
GetLastError
GetCurrentProcess
GetCurrentThread
SetLastError
FreeLibrary
GetProcAddress
LocalFree
FormatMessageW
LoadLibraryW
QueryPerformanceCounter
QueryPerformanceFrequency
GetEnvironmentVariableA
GetModuleFileNameW
WideCharToMultiByte
CreateFileW
DeleteFileW
GetFileAttributesW
GetFileSize
LockFileEx
ReadFile
SetEndOfFile
SetFileAttributesW
SetFilePointer
UnlockFileEx
WriteFile
GetSystemTime
SystemTimeToFileTime
DecodePointer
RaiseException
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionAndSpinCount
GetUserDefaultLCID
GetComputerNameExW
MultiByteToWideChar
GetTempPathW
GetLocalTime
GetDateFormatW
GetTimeFormatW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetEvent
ReleaseSemaphore
WaitForSingleObject
OpenEventW
CreateThread
GetTickCount
CreateSemaphoreW
GetTimeZoneInformation
GetVersionExW
OutputDebugStringA
TryEnterCriticalSection
GetCurrentThreadId
SwitchToThread
ResumeThread
lstrlenA
GetFileSizeEx
CreateMutexW
OpenMutexW
ReleaseMutex
CreateProcessW
FindClose
FindFirstFileW
FindNextFileW
CreateEventW
GlobalFree
WaitForMultipleObjects
lstrlenW
CreateDirectoryW
LocalAlloc
IsDBCSLeadByteEx
FlushFileBuffers
TlsSetValue
WriteConsoleW
TlsGetValue
TlsAlloc
EnumSystemLocalesW
ExitProcess
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetStdHandle
GetConsoleMode
ReadConsoleW
GetFileType
GetModuleFileNameA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFilePointerEx
FileTimeToLocalFileTime
GetFileInformationByHandle
PeekNamedPipe
SetCurrentDirectoryW
GetCurrentDirectoryW
SetStdHandle
GetConsoleCP
GetFullPathNameA
SetConsoleCtrlHandler
OutputDebugStringW
SetEnvironmentVariableA
DeleteCriticalSection
TerminateProcess
Sleep
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
GetCPInfo
FatalAppExitA
AreFileApisANSI
LoadLibraryExW
MoveFileExW
GetCurrentProcessId
GetFileAttributesExW
SetFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
FindFirstFileExW
GetCommandLineA
GetFullPathNameW
GetStringTypeW
EncodePointer
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
GetSystemTimeAsFileTime
IsDebuggerPresent
IsProcessorFeaturePresent

user32

MessageBoxW
wsprintfW
UnregisterClassW

advapi32

RegQueryValueExA
RegOpenKeyA
RegDeleteKeyA
RegCreateKeyA
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
SetSecurityInfo
SetNamedSecurityInfoW
GetNamedSecurityInfoW
CreateWellKnownSid
SetTokenInformation
OpenThreadToken
SetEntriesInAclW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetUserNameW
GetTokenInformation
FreeSid
EqualSid
AllocateAndInitializeSid
OpenProcessToken

shell32

SHGetFolderPathW
ShellExecuteA
SHCreateDirectoryExW

ole32

CoCreateInstance
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoUninitialize

oleaut32

CreateErrorInfo
SetErrorInfo
VariantChangeType
VariantInit
GetErrorInfo
VariantClear
SysAllocStringByteLen
SysStringLen
SysAllocString
SysFreeString

Exports

Exports

AMTGetCurrentLicenseState
AMTGetLibVersion
AMTGetParentLEIDLicenseStatus
AMTGetProductClearSerialNumber
AMTGetRoyaltyBearingLEIDs
AMTObtainProductLicense
AMTObtainRunningLicenseRecord
AMTPlugPlugRequest
AMTPreObtainProductLicense
AMTPreValidateProductLicense
AMTRecordCodecInvocation
AMTReleaseProductLicense
AMTRetrieveAdobeID
AMTRetrieveLibraryPath
AMTRetrievePersonGUIDWithAuthSource
AMTValidateProductLicense
GetAsnVersion
asnInst_InstallerProductInfo_constructor
asnInst_getAsnProductInfo
asnInst_getAsnProductInfoInMem
asn_exit
asn_info
asn_init
asn_makePrivate
asn_makePrivateEx

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 530KB - Virtual size: 530KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

654d46ac2ef87ad2261d7b2a3f91c4ac

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

6c:59:ef:a9:e1:00:e1:0e:e3:06:ba:8f:e0:29:25:59Certificate

Extended Key Usages

Key Usages

34:5a:31:32:cb:83:af:1c:42:39:0e:30:6a:1d:f4:e5Certificate

Extended Key Usages

Key Usages

ed:e6:e0:e0:d5:cb:08:e6:32:de:67:71:f2:b3:aa:f0:ad:5c:38:4cSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

iphlpapi

winhttp

setupapi

shlwapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 530KB - Virtual size: 530KB

.data Size: 43KB - Virtual size: 71KB

.pdata Size: 103KB - Virtual size: 102KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 10KB - Virtual size: 9KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

6c:59:ef:a9:e1:00:e1:0e:e3:06:ba:8f:e0:29:25:59
Certificate

34:5a:31:32:cb:83:af:1c:42:39:0e:30:6a:1d:f4:e5
Certificate

ed:e6:e0:e0:d5:cb:08:e6:32:de:67:71:f2:b3:aa:f0:ad:5c:38:4c
Signer

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 530KB - Virtual size: 530KB

.data
Size: 43KB - Virtual size: 71KB

.pdata
Size: 103KB - Virtual size: 102KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 10KB - Virtual size: 9KB