6659e0ac96ec6b02f9a9d685680b3c08

Sharing

Copy URL Twitter E-mail

General

Target

6659e0ac96ec6b02f9a9d685680b3c08
Size

133KB
MD5

6659e0ac96ec6b02f9a9d685680b3c08
SHA1

1ad340598eb8ff441b28ac1a09b1b8e030bb0796
SHA256

d2eb95b456a912ea4d129e5cd6f09f60f81e807bef6ca2b29823ceacfd9f2d33
SHA512

39c68a55fc72c50b89767dc874142a3146c7eebf6a6cb61135eba5676a9f6f534a9d1e4feeaae512fbc4b721801de1fcd52e2405d879493beae057f5e2b78ed5
SSDEEP

1536:1JrIPCE54jNE+J8i8Ys4KgTvskiulrByyu6PADUVH8GGx+K5ihkgwHZ1W:1JrIAUi8cK0+9y5CYLGx35ihkgsW

Score

1^/10

Malware Config

Signatures

Files

6659e0ac96ec6b02f9a9d685680b3c08
.dll regsvr32 windows:5 windows x86 arch:x86

cc42d8cce50f1ebe448a26ecee35ae4b

Code Sign

Certificate

Issuer

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

Not Before

29/06/2004, 17:06

Not After

29/06/2034, 17:06

Subject

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

03:01
Certificate

Issuer

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

Not Before

16/11/2006, 01:54

Not After

16/11/2026, 01:54

Subject

SERIALNUMBER=07969287,CN=Go Daddy Secure Certification Authority,OU=http://certificates.godaddy.com/repository,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:8a:0b:30:92:3e:95
Certificate

Issuer

SERIALNUMBER=07969287,CN=Go Daddy Secure Certification Authority,OU=http://certificates.godaddy.com/repository,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

14/05/2009, 07:17

Not After

14/05/2011, 07:17

Subject

CN=Mobispine AB,O=Mobispine AB,L=Stockholm,ST=Stockholm,C=SE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

87:7d:bd:ba:b2:01:86:a8:2d:82:79:1c:47:86:db:bd:a2:d7:7b:8b
Signer

Actual PE Digest

87:7d:bd:ba:b2:01:86:a8:2d:82:79:1c:47:86:db:bd:a2:d7:7b:8b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\eSMS\work\bin\Release\miebho.pdb

Imports

kernel32

LoadResource
FindResourceA
FindResourceExA
GetLastError
GetProcAddress
GetModuleHandleA
lstrlenA
lstrcmpiA
GetModuleFileNameA
GetModuleHandleW
IsDBCSLeadByte
InterlockedIncrement
InterlockedDecrement
FreeLibrary
LoadLibraryExA
SetThreadLocale
LockResource
CloseHandle
CreateFileA
WriteFile
GetFileSize
FindClose
FindFirstFileA
DeleteFileA
CopyFileA
CreateDirectoryA
GetTempPathA
GetCurrentProcessId
GetLocalTime
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
WideCharToMultiByte
GetThreadLocale
MultiByteToWideChar
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetConsoleCP
SetFilePointer
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
RtlUnwind
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
VirtualFree
HeapCreate
Sleep
ExitProcess
GetStdHandle
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetLocaleInfoA

user32

CharNextW
CharNextA

advapi32

RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegQueryValueExA

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
StringFromGUID2

oleaut32

LoadRegTypeLi
VariantInit
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
SysStringLen
VariantClear

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cc42d8cce50f1ebe448a26ecee35ae4b

Code Sign

Certificate

03:01Certificate

Key Usages

04:8a:0b:30:92:3e:95Certificate

Extended Key Usages

Key Usages

87:7d:bd:ba:b2:01:86:a8:2d:82:79:1c:47:86:db:bd:a2:d7:7b:8bSigner

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 90KB - Virtual size: 90KB

.rdata Size: 19KB - Virtual size: 18KB

.data Size: 6KB - Virtual size: 13KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 8KB - Virtual size: 8KB

03:01
Certificate

04:8a:0b:30:92:3e:95
Certificate

87:7d:bd:ba:b2:01:86:a8:2d:82:79:1c:47:86:db:bd:a2:d7:7b:8b
Signer

.text
Size: 90KB - Virtual size: 90KB

.rdata
Size: 19KB - Virtual size: 18KB

.data
Size: 6KB - Virtual size: 13KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 8KB - Virtual size: 8KB