e05790a7d8ca6a9b1b475655a59bff59

Sharing

Copy URL Twitter E-mail

General

Target

e05790a7d8ca6a9b1b475655a59bff59
Size

358KB
MD5

e05790a7d8ca6a9b1b475655a59bff59
SHA1

806211af8d2e95f23739338bf0308b2ce690c6da
SHA256

126119ac0a8cbaeb68c6be16b968e410ebc623991f4bf885b672c4740b997af7
SHA512

efb8a10a92b536ad091665f30738ffcf828915f721b9751bcca06e97195b6a11008441c5ae917d52f1de6fb4865eca32788b013ed055e989b01579d5de9a5150
SSDEEP

6144:psqz/ih1SvqpsadXaPeO90b2AUPXX4s+A7k7aUZc68yCqt2kTo:pseKvpsQXJOzNXX4s+A7kdjTjo

Score

1^/10

Malware Config

Signatures

Files

e05790a7d8ca6a9b1b475655a59bff59
.dll windows:5 windows x86 arch:x86

8a8c78002bf1da0185aabaa49f0709d2

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5c:69:50:d0:a0:5a:1c:d6:31:64:d1:e1:eb:1f:fb:8a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/06/2014, 00:00

Not After

20/06/2015, 23:59

Subject

CN=Elex do Brasil Participações Ltda,O=Elex do Brasil Participações Ltda,L=São Paulo,ST=São Paulo,C=BR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

cd:dd:60:f0:f3:bd:47:dc:fb:cb:ac:f6:36:d6:b7:0f:07:0a:ff:d8
Signer

Actual PE Digest

cd:dd:60:f0:f3:bd:47:dc:fb:cb:ac:f6:36:d6:b7:0f:07:0a:ff:d8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Build\isafe\branches\5.9\bin\iSafeCheckEngine.pdb

Imports

iimportlib

?IsNvdVersion@func@elex@@YAHXZ
?getProgramRunDir@filepath@elex@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?DB_GetSqliteDBVersion@uphlp@elex@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@KABV34@@Z
?CFG_UpdateVersion@uphlp@elex@@YAHKABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?VerifyFile@CWinTrustVerifier@@QAEKPB_WPAV?$list@VCWinTrustSignerInfo@@V?$allocator@VCWinTrustSignerInfo@@@std@@@std@@@Z
??0MD5@safe@elex@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?toString@MD5@safe@elex@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?GetInstance@CWinTrustVerifier@@SAPAV1@XZ
?GetRegInstallPath@func@elex@@YAHPA_WK@Z
?RequestURL@LibCurlClient@elex@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV34@K@Z
?GetUserGuid@func@elex@@YAHPA_WKHPAH@Z
?GetProgramVersion@func@elex@@YAHQAK@Z
?GetNationLanguage@ReportUtilities@ReportLog@Utilities@elex@@SAXAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@H@Z
?unZipFile@zipHelper@@QAE_NPB_WPA_W@Z
?Init@zipHelper@@QAE_N_NPB_W0@Z
??1zipHelper@@QAE@XZ
??0zipHelper@@QAE@XZ
?Encode@CeBase64@safe@elex@@SA_NPBEKAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??1CeBase64@safe@elex@@QAE@XZ
??0CeBase64@safe@elex@@QAE@XZ

sqlite3

??1CppSQLite3Query@@UAE@XZ
?eof@CppSQLite3Query@@QAE_NXZ
?getIntField@CppSQLite3Query@@QAEHPBDH@Z
?execQuery@CppSQLite3DB@@QAE?AVCppSQLite3Query@@PBD@Z
??1CppSQLite3DB@@UAE@XZ
?open@CppSQLite3DB@@QAEXPBDPBXH@Z
?close@CppSQLite3DB@@QAEXXZ
??0CppSQLite3DB@@QAE@XZ
?execScalar@CppSQLite3DB@@QAEHPBD@Z
?getStringField@CppSQLite3Query@@QAEPBDPBD0@Z

kernel32

EncodePointer
AreFileApisANSI
DeviceIoControl
RemoveDirectoryW
GetModuleHandleW
LoadLibraryW
GetProcAddress
FreeLibrary
LocalFree
MoveFileExW
GetLastError
GetSystemTimeAsFileTime
WaitForSingleObject
ReleaseSemaphore
GetSystemInfo
CreateEventA
SetEvent
CloseHandle
CreateEventW
ResetEvent
GetModuleFileNameW
FormatMessageA
CreateFileMappingA
OpenFileMappingA
Sleep
SwitchToThread
GetModuleHandleA
MapViewOfFileEx
GetCurrentProcess
DuplicateHandle
DecodePointer
CreateSemaphoreA
GetCurrentThreadId
GetCurrentProcessId
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
WaitForMultipleObjects
CreateFileW
LoadLibraryExW
CreateDirectoryW
GetTickCount
TerminateThread
SetThreadPriority
GetCurrentThread
SetErrorMode
OpenProcess
GetProcessHeap
HeapFree
HeapAlloc
GetLocalTime
SystemTimeToFileTime
FileTimeToSystemTime
FindFirstFileW
FindNextFileW
MultiByteToWideChar
FindClose
GetFileAttributesExW
DeleteFileW
GetFileAttributesW
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
TlsAlloc
TlsFree
WideCharToMultiByte
IsDebuggerPresent
IsProcessorFeaturePresent
QueryPerformanceCounter
OpenEventA
CreateWaitableTimerA
TlsSetValue
TlsGetValue
ResumeThread
SetWaitableTimer
UnmapViewOfFile

advapi32

SetEntriesInAclW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
AllocateAndInitializeSid
SetSecurityDescriptorSacl
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
FreeSid
RegSetValueExW

msvcp110

??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z
?_Locimp_Addfac@_Locimp@locale@std@@CAXPAV123@PAVfacet@23@I@Z
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
??0?$codecvt@_WDH@std@@QAE@I@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
??_7_Facet_base@std@@6B@
??_7facet@locale@std@@6B@
??_7codecvt_base@std@@6B@
??_7?$codecvt@_WDH@std@@6B@
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Winerror_map@std@@YAPBDH@Z
?_Syserror_map@std@@YAPBDH@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??Bid@locale@std@@QAEIXZ
?_BADOFF@std@@3_JB
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
?id@?$codecvt@DDH@std@@2V0locale@2@A
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?_Add_vtordisp2@?$basic_ios@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Add_vtordisp1@?$basic_istream@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@XZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?clear@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
?out@?$codecvt@_WDH@std@@QBEHAAHPB_W1AAPB_WPAD3AAPAD@Z
?_Gninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
?in@?$codecvt@_WDH@std@@QBEHAAHPBD1AAPBDPA_W3AAPA_W@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?unshift@?$codecvt@_WDH@std@@QBEHAAHPAD1AAPAD@Z
?id@?$codecvt@_WDH@std@@2V0locale@2@A
?_Getcat@?$codecvt@_WDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?_Add_vtordisp1@?$basic_istream@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Add_vtordisp2@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Init@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXXZ
?setg@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXPA_W00@Z
?getloc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QBE?AVlocale@2@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?write@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@PB_W_J@Z

shlwapi

PathFileExistsW

ws2_32

WSACleanup
WSAStartup

msvcr110

memset
_except_handler4_common
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
_initterm_e
_initterm
_malloc_crt
??3@YAXPAX@Z
wcscpy_s
??2@YAPAXI@Z
memmove
sprintf_s
sscanf_s
_purecall
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
_gmtime64
tolower
??0exception@std@@QAE@ABQBDH@Z
??_V@YAXPAX@Z
swprintf_s
rand
??0exception@std@@QAE@XZ
??0bad_cast@std@@QAE@ABV01@@Z
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@PBD@Z
_lock_file
_unlock_file
fputc
fwrite
ungetc
fgetc
memcpy_s
_fseeki64
fgetpos
fsetpos
setvbuf
fflush
fclose
_wcsnicmp
fputwc
ungetwc
fgetwc
wcsncpy_s
?name@type_info@@QBEPBDPAU__type_info_node@@@Z
_wfopen_s
fseek
ftell
fread
_beginthreadex
_CxxThrowException
__CxxFrameHandler3
memcpy
strerror
_stricmp
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
__clean_type_info_names_internal
__CppXcptFilter
_amsg_exit
free

isafepxy

ISAFE_WriteProgramLogNoMask

Exports

Exports

CreatCheckEngineModule
CreatCheckVersionModule
CreatHotSpotPath
CreatQuarantineArea
CreatTrustedArea
CreatVirusLibSrvModule

Sections

.text
Size: 223KB - Virtual size: 222KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8a8c78002bf1da0185aabaa49f0709d2

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

5c:69:50:d0:a0:5a:1c:d6:31:64:d1:e1:eb:1f:fb:8aCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

cd:dd:60:f0:f3:bd:47:dc:fb:cb:ac:f6:36:d6:b7:0f:07:0a:ff:d8Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

iimportlib

sqlite3

kernel32

advapi32

msvcp110

shlwapi

ws2_32

msvcr110

isafepxy

Exports

Exports

Sections

.text Size: 223KB - Virtual size: 222KB

.rdata Size: 76KB - Virtual size: 75KB

.data Size: 7KB - Virtual size: 8KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 43KB - Virtual size: 42KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

5c:69:50:d0:a0:5a:1c:d6:31:64:d1:e1:eb:1f:fb:8a
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

cd:dd:60:f0:f3:bd:47:dc:fb:cb:ac:f6:36:d6:b7:0f:07:0a:ff:d8
Signer

.text
Size: 223KB - Virtual size: 222KB

.rdata
Size: 76KB - Virtual size: 75KB

.data
Size: 7KB - Virtual size: 8KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 43KB - Virtual size: 42KB