b66b625fac60d06e64a4ad3e4ae1c00d

Sharing

Copy URL

Twitter E-mail

General

Target

b66b625fac60d06e64a4ad3e4ae1c00d
Size

1.4MB
MD5

b66b625fac60d06e64a4ad3e4ae1c00d
SHA1

569cc0cb9477bf2f07e01b27353d20b64c501fa1
SHA256

ebd6f89eb003af3893c5ea11032fac4b58c2837119228db862a92de62241e0e7
SHA512

d08fbb56229432269c878d4bfcce82bf2521a84c1e536862d526235fba842dcc0c79061bbdeb627cf92a8f3989ff7739c944d051b132ecd5c5c4542d8a647caf
SSDEEP

24576:wZ5LzygEGoYkR4HYYAmax3ksunYLw2kXPIShK5TwL6fjjkPPLkDlxpQfjqtd5vYT:wPzygEGRD4YAmKkssePqK1AKjjXCq31i

Score

1^/10

Malware Config

Signatures

Files

b66b625fac60d06e64a4ad3e4ae1c00d
.dll regsvr32 windows:4 windows x86 arch:x86

69c96e0e730cbff282281a184ef6917d

Code Sign

33:00:00:00:99:aa:c5:81:9f:8c:a2:7d:8a:00:00:00:00:00:99
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

30-03-2016 19:21

Not After

30-06-2017 19:21

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:98FD-C61E-E641,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-06-2015 17:42

Not After

04-09-2016 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28-10-2015 20:31

Not After

28-01-2017 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e0:60:7e:13:16:cb:67:8e:c4:14:b4:29:76:45:f2:ca:96:5f:ab:9c:29:e9:1c:e7:02:b1:77:a0:02:a4:36:87
Signer

Actual PE Digest

e0:60:7e:13:16:cb:67:8e:c4:14:b4:29:76:45:f2:ca:96:5f:ab:9c:29:e9:1c:e7:02:b1:77:a0:02:a4:36:87

Digest Algorithm

sha256

PE Digest Matches

false

31:84:57:88:ae:9c:18:ed:21:45:14:9d:9a:86:0d:8b:88:2a:e6:5f
Signer

Actual PE Digest

31:84:57:88:ae:9c:18:ed:21:45:14:9d:9a:86:0d:8b:88:2a:e6:5f

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegDeleteKeyA
OpenProcessToken
OpenSCManagerA
RegEnumKeyA
RegEnumValueA
RegCloseKey
RegQueryInfoKeyA
GetTokenInformation
CloseServiceHandle
EqualSid
ImpersonateLoggedOnUser
AllocateAndInitializeSid
FreeSid
RegQueryValueExA
RegQueryValueA
RegEnumKeyExA
CryptAcquireContextA
RegOpenKeyExA
EnumServicesStatusA
RevertToSelf
RegSetValueExA
RegOpenKeyA
RegCreateKeyExA
RegDeleteValueA
OpenThreadToken

gdi32

SetWindowOrgEx
GetTextMetricsA
BitBlt
SetBkColor
PatBlt
EnumFontFamiliesExA
TextOutA
MoveToEx
DeleteMetaFile
Polyline
CreateRectRgnIndirect
SetTextColor
GetDeviceCaps
StretchBlt
CreateMetaFileA
CreateFontA
Ellipse
CreateCompatibleDC
Rectangle
SetBkMode
CreateCompatibleBitmap
SelectPalette
SetWindowExtEx
DeleteDC
CloseMetaFile
Polygon
ExtTextOutA
SetTextAlign
DeleteObject
RealizePalette
GetTextExtentPointA
LPtoDP
LineTo
SetViewportOrgEx
GetPixel
GetObjectA
GetTextExtentPoint32A
SetMapMode
SaveDC
CreatePen
SelectObject
CreateFontIndirectA
CreateSolidBrush
RestoreDC
TextOutW

inetcomm

CreatePOP3Transport
MimeOleSetBodyPropA
MimeOleGetPropA
HrDoAttachmentVerb
HrGetAttachIcon
HrAttachDataFromBodyPart
CreateRangeList
MimeOleSetDefaultCharset
MimeOleUnEscapeStringInPlace
MimeOleAlgStrengthFromSMimeCap
MimeOleParseRfc822Address
MimeOleGetFileInfoW
CreateSMTPTransport
MimeOleSMimeCapAddCert
MimeOleGetBodyPropA
MimeOleCreateBody
MimeOleGetCertsFromThumbprints
HrFreeAttachData
MimeOleParseRfc822AddressW
MimeOleCreateSecurity
MimeOleSMimeCapGetEncAlg
MimeOleDecodeHeader
MimeOleSetBodyPropW
MimeOleCreatePropertySet
MimeOleCreateVirtualStream
MimeOleGetCodePageCharset
CreateNNTPTransport
MimeOleSetCompatMode
MimeOleGetCharsetInfo
MimeOleClearDirtyTree
MimeOleCreateMessageParts
MimeOleGetPropertySchema
MimeOleGetBodyPropW
HrGetAttachIconByFile
MimeOleInetDateToFileTime
MimeOleSMimeCapsFull
MimeOleGenerateMID
MimeOleCreateHashTable
MimeOleAlgNameFromSMimeCap
MimeOleGetCodePageInfo
MimeEditDocumentFromStream
HrAttachDataFromFile
HrAthGetFileNameW
MimeOleSMimeCapAddSMimeCap
MimeOleGetAllocator
MimeOleSMimeCapGetHashAlg
MimeEditViewSource
HrAthGetFileName
MimeOleStripHeaders
MimeOleFindCharset
MimeOleSMimeCapInit
CreateIMAPTransport2
MimeOleCreateMessage

kernel32

WideCharToMultiByte
VirtualAlloc
GetModuleHandleA
GetCurrentProcess
MoveFileA
VirtualQuery
LockResource
QueryPerformanceCounter
DeleteFileA
HeapFree
GetCPInfo
LCMapStringA
HeapSize
FindClose
MulDiv
FindResourceA
CloseHandle
lstrlenW
InitializeCriticalSectionAndSpinCount
GlobalUnlock
GetExitCodeProcess
LeaveCriticalSection
lstrlenA
FreeEnvironmentStringsA
SizeofResource
lstrcmpiA
IsBadWritePtr
GetStringTypeA
FlushInstructionCache
GetVersion
FlushFileBuffers
GetShortPathNameW
Sleep
GetCurrentThreadId
UnhandledExceptionFilter
GetProfileIntA
ReleaseMutex
SetThreadPriority
FreeEnvironmentStringsW
MultiByteToWideChar
TlsFree
InterlockedExchange
InitializeCriticalSection
GetDiskFreeSpaceA
WaitForSingleObject
TlsAlloc
CreateFileA
GetSystemInfo
HeapCreate
HeapAlloc
GetUserDefaultLCID
GetEnvironmentVariableA
GlobalFree
GlobalLock
OpenFile
GetFileType
LoadResource
SystemTimeToFileTime
RtlUnwind
SetEvent
FileTimeToSystemTime
ExpandEnvironmentStringsA
EnterCriticalSection
GetEnvironmentStrings
CreateMutexA
IsDBCSLeadByteEx
SetHandleCount
GetUserDefaultLangID
HeapDestroy
CreateDirectoryA
GetTempPathA
SetFilePointer
WriteFile
GetProcAddress
GlobalSize
GlobalAlloc
GetLastError
GetEnvironmentStringsW
FormatMessageA
GetOEMCP
IsBadStringPtrA
GetLocaleInfoW
GetSystemDefaultLangID
GetTickCount
IsDBCSLeadByte
GetTempFileNameA
InterlockedDecrement
FindNextFileA
FileTimeToLocalFileTime
ExitProcess
InterlockedIncrement
GetWindowsDirectoryA
LoadLibraryA
VirtualProtect
FormatMessageW
GetStringTypeW
CreateEventA
LocalAlloc
IsBadReadPtr
FindFirstFileA
GetACP
GetSystemDirectoryA
FreeLibrary
GetFileAttributesA
GetSystemTime
TlsSetValue
HeapReAlloc
GetCurrentProcessId
TlsGetValue
GlobalReAlloc
SetErrorMode
LCMapStringW
CompareFileTime
GetStdHandle
RtlMoveMemory
GetStartupInfoA
SetLastError
TerminateProcess
VirtualFree
GetLocaleInfoA
GetDriveTypeA
CreateProcessA
GetProcessHeap
GetModuleFileNameA
GetCurrentThread
GetCommandLineA
CreateThread
GetVersionExA
lstrcpynA
SetStdHandle
LoadLibraryExA
LocalFree
GetShortPathNameA
DeleteCriticalSection
SetUnhandledExceptionFilter
lstrcmpA

msoert2

HrIsStreamUnicode
PszSkipWhiteA
HrStreamToByte
HrSafeGetStreamSize
WriteStreamToFile
HrCheckTridentMenu
PszDupA
DeleteTempFileOnShutdownEx
FIsEmptyA
WriteStreamToFileW
CryptFreeFunc
ReplaceChars
HrGetBodyElement
MessageBoxInst
HrIStreamWToBSTR
HrRewindStream
FBuildTempPath
FIsHTMLFileW
CreateTempFile
CleanupFileNameInPlaceA
FIsEmptyW
IUnknownList_CreateInstance
PszEscapeMenuStringA
GetHtmlCharset
HrGetCertKeyUsage
CreateNotify
FIsSpaceA
fGetBrowserUrlEncoding
StrToUintA
CreateEnumFormatEtc
CreateStreamOnHFile
HrGetElementImpl
GetExePath
MessageBoxInstW
SzGetCertificateEmailAddress
_MSG
HrLPSZToBSTR
UlStripWhitespace
HrLPSZCPToBSTR
UlStripWhitespaceW
CreateDataObject
ReplaceCharsW
WriteStreamToFileHandle
strtrimW
CleanupFileNameInPlaceW
PszDupW
PszToUnicode
FIsValidFileNameCharW
PVGetCertificateParam
CreateLogFile
CchFileTimeToDateTimeSz
CopyRegistry
BrowseForFolder
PszAllocA
HrSetDirtyFlagImpl
HrGetStreamSize
CrackNotificationPackage
PszToANSI
CenterDialog
CchFileTimeToDateTimeW
FIsHTMLFile
HrCreateTridentMenu
GenerateUniqueFileName
HrStreamSeekSet
CryptAllocFunc
IsDigit
FBuildTempPathW
CreateStreamOnHFileW
IDrawText
HrCopyStream
PszFromANSIStreamA
OpenFileStream
FMissingCert
UpdateRebarBandColors

ole32

OleSetClipboard
WriteClassStm
OleRegEnumVerbs
CoGetMalloc
PropVariantCopy
CoTaskMemFree
PropVariantClear
OleRun
OleLoadFromStream
CoLockObjectExternal
CreateStreamOnHGlobal
CoUninitialize
CreateOleAdviseHolder
StringFromGUID2
CoDisconnectObject
CLSIDFromString
DoDragDrop
CoTaskMemAlloc
OleRegGetMiscStatus
ReleaseStgMedium
OleInitialize
RevokeDragDrop
OleRegGetUserType
CoInitialize
OleUninitialize
OleSaveToStream
RegisterDragDrop
CreateDataAdviseHolder
ReadClassStm
CoCreateInstance
CoTaskMemRealloc

shlwapi

SHSetValueA
SHRegGetBoolUSValueA
PathRemoveBackslashW
PathFileExistsW
SHAutoComplete
PathStripPathW
PathRemoveExtensionW
SHDeleteValueA
SHQueryValueExA
SHDeleteKeyA
wvnsprintfA
PathAppendA
StrFormatByteSizeA
wnsprintfA
StrNCatW
PathFileExistsA
PathFindExtensionW
StrDupA
StrStrIA
SHGetValueW
PathCanonicalizeA
PathFindFileNameW
StrCatBuffW
PathGetArgsA
PathUnquoteSpacesA
StrToIntA
SHCopyKeyA
StrToIntExA
PathCompactPathExW
StrStrA
SHCreateShellPalette
PathAddExtensionW
StrDupW
PathIsDirectoryA
UrlEscapeA
StrChrA
StrStrIW
PathAddBackslashA
SHQueryInfoKeyA
PathIsContentTypeW
PathCombineW
PathIsFileSpecW
PathIsDirectoryW
PathFindFileNameA
StrCSpnA
PathIsRootA
SHGetValueA
StrRChrIW
StrCmpW
StrStrW
PathRemoveFileSpecA
PathRemoveBackslashA
StrCmpNIA
wnsprintfW
PathIsURLW
StrCatBuffA
UrlApplySchemeW
StrCmpIW
PathRemoveFileSpecW
StrCpyNW
StrCSpnW
SHEnumKeyExA
UrlUnescapeA
PathFindExtensionA
SHSetValueW
StrCmpNIW
PathCombineA
PathRemoveArgsA

user32

DeleteMenu
GetDC
KillTimer
IsDialogMessageA
ActivateKeyboardLayout
TrackPopupMenu
SetWindowPos
SetMenuItemInfoA
ClientToScreen
EndDeferWindowPos
SetPropA
GetDesktopWindow
RegisterClassA
EndPaint
ShowWindow
SetActiveWindow
IsCharAlphaA
GetMenuItemInfoA
GetMessagePos
CheckMenuItem
GetDoubleClickTime
DestroyMenu
GetWindowPlacement
FindWindowExA
SetWindowLongA
PostQuitMessage
MessageBeep
TranslateAcceleratorA
GetLastActivePopup
GetKeyState
OpenClipboard
ModifyMenuA
GetMenuItemCount
MessageBoxA
SetRect
SetMenuDefaultItem
GetFocus
SetWindowRgn
GetClassNameA
RegisterClipboardFormatA
GetSubMenu
SetForegroundWindow
SetCapture
InvalidateRect
DrawStateA
GetMenuState
GetWindowTextLengthA
DrawIconEx
DrawFocusRect
WindowFromPoint
TrackPopupMenuEx
EnumThreadWindows
AdjustWindowRect
RegisterWindowMessageA
LoadCursorA
CreateWindowExA
GetCapture
LoadAcceleratorsA
GetDlgItemTextW
CheckDlgButton
EmptyClipboard
IsCharAlphaNumericA
IsChild
GetKeyboardLayoutList
PostMessageA
SetDlgItemTextA
CreateDialogParamA
DestroyWindow
PtInRect
DrawTextA
DispatchMessageA
RedrawWindow
GetActiveWindow
FillRect
GetWindow
BeginPaint
GetWindowDC
UnionRect
GetMenuItemID
InflateRect
GetClientRect
SetMenu
SetTimer
AdjustWindowRectEx
RemoveMenu
SetDlgItemInt
IsWindow
RemovePropA
GetWindowTextA
EnumChildWindows
IsZoomed
ReleaseDC
CloseClipboard
OffsetRect
GetSystemMetrics
UpdateWindow
IsIconic
GetForegroundWindow
GetWindowLongA
CharLowerA
GetParent
DefWindowProcA
TranslateMessage
DrawEdge
GetAsyncKeyState
IntersectRect
EnableMenuItem
DestroyIcon
LoadIconA
SetWindowTextA
GetDlgItemTextA
SetParent
WaitForInputIdle
CheckRadioButton
PostThreadMessageA
LoadStringW
IsWindowEnabled
EndDialog
CreatePopupMenu
GetCursorPos
ReleaseCapture
SetCursor
ValidateRect
DeferWindowPos
EqualRect
SetClipboardData
LoadBitmapA
LoadImageA
BeginDeferWindowPos
ScreenToClient
CharNextA
DrawTextExA
IsWindowVisible
GetMenuStringA
GetSysColor
AppendMenuA
GetClassInfoExA
SetWindowPlacement
SystemParametersInfoA
GetWindowRect
IsMenu
CheckMenuRadioItem
DialogBoxParamA
GetMessageA
SetFocus
CharUpperA
RegisterClassExA
CopyRect
EnableWindow
GetPropA
IsWindowUnicode
GetUpdateRect
EnumWindows
GetNextDlgTabItem
GetDlgCtrlID
SetDlgItemTextW
MoveWindow
WinHelpA
LoadMenuA
SendDlgItemMessageA
GetDlgItemInt
CharPrevA
SendMessageA
MapWindowPoints
DrawFrameControl
SendDlgItemMessageW
LoadStringA
GetWindowThreadProcessId
UnregisterClassA
SendMessageW
IsDlgButtonChecked

Exports

Exports

Uncuriously
Foreadvice
Mickle
Cardiological
Mudding
Orally
Galiongee
Penknife
Interdictor
Trachybasalt
Isonomous
Unstubborn
Ustulina
Inhumationist
Adai
Chrysalides
DllRegisterServer
Bijou
Endocannibalism
Homoeomorphous
Desmotrope
Gateado
Amli
Quaker
Landlooker
Interimistic
Chitra
Verticillated
Heterointoxication
Pondo
Corradiate
Galoisian
Infallibilism
Singlestick
Unproduceably
Biquadrantal
Tritylodon
Elfic
Discernibleness
Criteriology
Paraform
Lightfulness
Mellowness
Floppiness
Cryptocrystalline
DllUnregisterServer
Trichiurus

Sections

Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

69c96e0e730cbff282281a184ef6917d

Code Sign

33:00:00:00:99:aa:c5:81:9f:8c:a2:7d:8a:00:00:00:00:00:99Certificate

Extended Key Usages

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0aCertificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

e0:60:7e:13:16:cb:67:8e:c4:14:b4:29:76:45:f2:ca:96:5f:ab:9c:29:e9:1c:e7:02:b1:77:a0:02:a4:36:87Signer

31:84:57:88:ae:9c:18:ed:21:45:14:9d:9a:86:0d:8b:88:2a:e6:5fSigner

Headers

File Characteristics

Imports

advapi32

gdi32

inetcomm

kernel32

msoert2

ole32

shlwapi

user32

Exports

Exports

Sections

Size: 1.4MB - Virtual size: 1.4MB

.reloc Size: 6KB - Virtual size: 6KB

33:00:00:00:99:aa:c5:81:9f:8c:a2:7d:8a:00:00:00:00:00:99
Certificate

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

e0:60:7e:13:16:cb:67:8e:c4:14:b4:29:76:45:f2:ca:96:5f:ab:9c:29:e9:1c:e7:02:b1:77:a0:02:a4:36:87
Signer

31:84:57:88:ae:9c:18:ed:21:45:14:9d:9a:86:0d:8b:88:2a:e6:5f
Signer

.reloc
Size: 6KB - Virtual size: 6KB