c14bf5262374057831444e3e4f7fb705f470dd960e900626faa6493be3a59c00

Sharing

Copy URL Twitter E-mail

General

Target

c14bf5262374057831444e3e4f7fb705f470dd960e900626faa6493be3a59c00
Size

562KB
MD5

d79452c0704c471278cb259a5d976c25
SHA1

796baaf678851110955b9d2eb7f22a5843e03c60
SHA256

c14bf5262374057831444e3e4f7fb705f470dd960e900626faa6493be3a59c00
SHA512

0822a04da0df54f29b966da249ba9533fae41fc1f0cd0098a55496b6426844423905daac40d51fddd2a9593b0a87e9396e192f9ffc1cf3abd8ca1122d65f37f3
SSDEEP

12288:fLIENDZkiLm9/EMBrwPKNvJJGL8REEbTXUm+Ofq:fLIkDCiLm9/baPKbJGL8REYUmlfq

Score

1^/10

Malware Config

Signatures

Files

c14bf5262374057831444e3e4f7fb705f470dd960e900626faa6493be3a59c00
.dll windows:4 windows x86 arch:x86

1690da3fdf05f4d3f7b22a8e49dd3d8a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07
Certificate

Issuer

CN=Starfield Root Certificate Authority - G2,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

03/05/2011, 07:00

Not After

03/05/2031, 07:00

Subject

CN=Starfield Secure Certificate Authority - G2,OU=http://certs.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:29:b7:f3:bd:f9:b1:25
Certificate

Issuer

CN=Starfield Secure Certificate Authority - G2,OU=http://certs.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

25/09/2015, 20:17

Not After

11/07/2016, 21:07

Subject

CN=TRENDnet\, Inc.,O=TRENDnet\, Inc.,L=Torrance,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2b:24:ed:35:6b:93:54:c3:3d:25:1c:90:41:55:39:5e:ec:7c:b1:e4
Signer

Actual PE Digest

2b:24:ed:35:6b:93:54:c3:3d:25:1c:90:41:55:39:5e:ec:7c:b1:e4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

gdi32

SetTextColor
SetBkMode
CreateFontA
SelectObject
CreatePen
GetStockObject
LineTo
MoveToEx
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
StretchBlt
SetStretchBltMode
Polyline
Ellipse
DeleteDC
CreateSolidBrush

shell32

SHGetPathFromIDListA
ShellExecuteA
SHGetSpecialFolderLocation
SHBrowseForFolderA

comdlg32

GetOpenFileNameA
GetSaveFileNameA

user32

KillTimer
SetTimer
SetCursor
EndPaint
DefWindowProcA
RegisterClassA
LoadCursorA
LoadIconA
UnregisterClassA
CreateWindowExA
DestroyWindow
MoveWindow
ShowWindow
SetFocus
SetWindowPos
SetParent
GetWindowPlacement
GetMonitorInfoA
MonitorFromWindow
GetClientRect
SetWindowPlacement
SetWindowLongA
GetWindowLongA
SetClassLongA
DrawTextA
FrameRect
FillRect
MessageBoxA
SendMessageTimeoutA
SendMessageA
GetDC
ReleaseDC
ReleaseCapture
SetCapture
BeginPaint
GetWindowRect
PostMessageA
UpdateWindow
InvalidateRect

advapi32

IsTextUnicode

gdiplus

GdipDeleteBrush
GdipFillPolygonI
GdipSetSolidFillColor
GdipCreateSolidFill
GdipCreateFromHDC
GdipAlloc
GdipCloneBrush
GdipFree
GdipDeletePen
GdipDeleteGraphics
GdipCreatePen1
GdipFillPieI
GdipSetPenColor
GdipDeleteRegion
GdipFillRegion
GdipCombineRegionRectI
GdipCreateRegion
GdipSetPenWidth
GdipDrawPolygonI
GdipDrawLinesI
GdiplusShutdown
GdipDrawLineI
GdiplusStartup
GdipDrawImageRectI
GdipLoadImageFromFile
GdipLoadImageFromFileICM
GdipDisposeImage
GdipCloneImage

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

CompareStringA
GetLocaleInfoW
SetEndOfFile
SetConsoleCtrlHandler
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
GetVersionExA
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
CompareStringW
UnhandledExceptionFilter
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
SetFilePointer
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetOEMCP
GetACP
GetCPInfo
ReadFile
RaiseException
LCMapStringW
LCMapStringA
GetCurrentThread
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetCurrentThreadId
HeapSize
IsBadWritePtr
VirtualAlloc
FatalAppExitA
VirtualFree
SetEnvironmentVariableA
IsValidLocale
HeapCreate
HeapDestroy
GetVersion
GetCommandLineA
HeapReAlloc
GetCurrentProcess
TerminateProcess
ExitProcess
GetSystemTime
GetTimeZoneInformation
InterlockedIncrement
InterlockedDecrement
RtlUnwind
HeapFree
HeapAlloc
LeaveCriticalSection
TryEnterCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetModuleFileNameA
MoveFileA
Sleep
OutputDebugStringA
FreeLibrary
GetProcAddress
LoadLibraryA
CreateFileA
WriteFile
CloseHandle
GetLocalTime
SetFileAttributesA
GetLastError
GetModuleHandleA
WideCharToMultiByte
MultiByteToWideChar
GetEnvironmentVariableA
CreateDirectoryA
GetFileAttributesA
GetDiskFreeSpaceExA
lstrlenA
DeleteFileA
FindClose
FindFirstFileA

Exports

Exports

NP_GetEntryPoints
NP_Initialize
NP_Shutdown

Sections

.text
Size: 400KB - Virtual size: 396KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1690da3fdf05f4d3f7b22a8e49dd3d8a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

07Certificate

Key Usages

14:29:b7:f3:bd:f9:b1:25Certificate

Extended Key Usages

Key Usages

2b:24:ed:35:6b:93:54:c3:3d:25:1c:90:41:55:39:5e:ec:7c:b1:e4Signer

Headers

File Characteristics

Imports

gdi32

shell32

comdlg32

user32

advapi32

gdiplus

version

kernel32

Exports

Exports

Sections

.text Size: 400KB - Virtual size: 396KB

.rdata Size: 32KB - Virtual size: 28KB

.data Size: 28KB - Virtual size: 33KB

.rsrc Size: 72KB - Virtual size: 70KB

.reloc Size: 20KB - Virtual size: 19KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

07
Certificate

14:29:b7:f3:bd:f9:b1:25
Certificate

2b:24:ed:35:6b:93:54:c3:3d:25:1c:90:41:55:39:5e:ec:7c:b1:e4
Signer

.text
Size: 400KB - Virtual size: 396KB

.rdata
Size: 32KB - Virtual size: 28KB

.data
Size: 28KB - Virtual size: 33KB

.rsrc
Size: 72KB - Virtual size: 70KB

.reloc
Size: 20KB - Virtual size: 19KB