a94c87735a243ab3f7803008cb4b3f1d1fc17c6c4e6894c4935886b61bcc2580

Sharing

Copy URL Twitter E-mail

General

Target

a94c87735a243ab3f7803008cb4b3f1d1fc17c6c4e6894c4935886b61bcc2580
Size

1019KB
MD5

d28452f3d85ff1a97fd9177af821f6c5
SHA1

0662692405ba7dcc12dfafbadbfce24ed5623dc5
SHA256

a94c87735a243ab3f7803008cb4b3f1d1fc17c6c4e6894c4935886b61bcc2580
SHA512

149e2e3bedb1328719789068f25d952ebca43d98d17040ffd63bb5e1e55a5ee54f393937d20295d1de1d939029b99de85e7bbe97bb1d6cf9e10807459c321db7
SSDEEP

12288:q2+/hlo9iW6bq1ki8YCJQqn6s7m+ex3JtiIWW5xjKWcIjKWcg:woP6AkpYCW+6s7ze1D/5xjKWjKW

Score

1^/10

Malware Config

Signatures

Files

a94c87735a243ab3f7803008cb4b3f1d1fc17c6c4e6894c4935886b61bcc2580
.dll windows:5 windows x86 arch:x86

e54e78764dcd69e6dd91d2d7f90ba46c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:31:4d:40:b7:bd:b8:b2:1d:0b:04:66:ba:ec:87:42
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

31/01/2013, 00:00

Not After

31/01/2014, 23:59

Subject

CN=AhnLab\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Information System Team,O=AhnLab\, Inc.,L=Seongnam,ST=Gyeounggi,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

aa:31:02:50:ee:39:8a:97:5a:cc:9e:eb:4c:b2:a0:ee:8f:ca:1f:9e
Signer

Actual PE Digest

aa:31:02:50:ee:39:8a:97:5a:cc:9e:eb:4c:b2:a0:ee:8f:ca:1f:9e

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

u:\Project\Medicine\Framework\2.0\Trunk\Build\NT32Release\Av.pdb

Imports

wtsapi32

WTSQueryUserToken

netapi32

NetShareDel
NetShareEnum
NetApiBufferFree

kernel32

SetFilePointer
OutputDebugStringW
GetFileSize
GetModuleFileNameW
WriteConsoleW
GetStdHandle
GetCurrentThreadId
CreateSemaphoreW
ReleaseSemaphore
ReleaseMutex
PulseEvent
CreateProcessW
GetVersionExW
VerifyVersionInfoW
VerSetConditionMask
CompareStringW
GetLongPathNameW
GetUserDefaultUILanguage
SystemTimeToFileTime
FileTimeToSystemTime
GetModuleHandleA
GetVersion
OpenProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
LocalFree
LocalAlloc
GetCurrentProcess
lstrcmpW
GetSystemTime
lstrlenA
lstrcmpA
RemoveDirectoryW
GetLogicalDriveStringsW
GetFileSizeEx
DuplicateHandle
MapViewOfFile
CreateFileMappingW
GetSystemInfo
VirtualAlloc
SetEndOfFile
UnmapViewOfFile
LoadLibraryExW
GetWindowsDirectoryW
DisconnectNamedPipe
GetOverlappedResult
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RaiseException
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
FreeLibrary
GetProcAddress
GetLastError
LoadLibraryW
CloseHandle
OpenFileMappingW
OpenEventW
GetLocalTime
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
CreateFileW
WriteFile
GetExitCodeProcess
SetFileAttributesW
GetPrivateProfileStringW
GetPrivateProfileIntW
WideCharToMultiByte
GetComputerNameW
GetTickCount
GetDriveTypeW
CreateEventW
GetCurrentProcessId
GetModuleHandleW
ReadFile
DeleteFileW
CreateDirectoryW
CopyFileW
OpenMutexW
FindFirstChangeNotificationW
FindNextChangeNotification
FindCloseChangeNotification
lstrlenW
GetSystemDirectoryW
GetSystemWindowsDirectoryW
ResetEvent
CreateMutexW
SetLastError
FindFirstFileW
FindNextFileW
FindClose
Sleep
GetFileAttributesW
QueryPerformanceCounter
QueryPerformanceFrequency
MultiByteToWideChar
GetShortPathNameW
SetThreadPriority
WaitForMultipleObjects
SetEvent
WaitForSingleObject

user32

GetProcessWindowStation
OpenWindowStationW
SetProcessWindowStation
OpenDesktopW
CloseWindowStation
CloseDesktop
GetSystemMetrics
SetUserObjectSecurity
GetDesktopWindow
GetShellWindow
GetForegroundWindow
GetWindowRect
MonitorFromWindow
GetMonitorInfoW
MsgWaitForMultipleObjects
IsWindow
SetTimer
KillTimer
SetWindowLongW
GetWindowLongW
GetUserObjectSecurity
IsCharAlphaW
CopyRect
UnregisterClassW
ShowWindow
CreateWindowExW
RegisterClassW
PostMessageW
DispatchMessageW
PeekMessageW
DestroyWindow
PostQuitMessage
DefWindowProcW

advapi32

GetSecurityDescriptorGroup
LockServiceDatabase
ChangeServiceConfigW
UnlockServiceDatabase
DeleteService
ControlService
StartServiceW
CreateServiceW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
EnumServicesStatusExW
CloseServiceHandle
LookupAccountSidW
EqualSid
GetNamedSecurityInfoW
SetEntriesInAclW
SetNamedSecurityInfoW
RegOpenKeyExA
RegQueryValueExA
LookupPrivilegeValueW
AdjustTokenPrivileges
AddAccessAllowedAce
GetTokenInformation
GetAclInformation
GetLengthSid
InitializeAcl
GetAce
AddAce
CopySid
ImpersonateLoggedOnUser
RevertToSelf
DuplicateTokenEx
SetTokenInformation
LogonUserW
GetUserNameW
OpenProcessToken
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
CreateProcessAsUserW
RegQueryInfoKeyW
RegEnumKeyExW
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegQueryValueExW
GetSecurityDescriptorLength
MakeSelfRelativeSD
InitializeSecurityDescriptor
GetSecurityDescriptorOwner
GetSecurityDescriptorSacl
GetSecurityDescriptorControl
MakeAbsoluteSD
GetSecurityDescriptorDacl
SetSecurityDescriptorDacl
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey

shell32

ShellExecuteExW
SHGetFileInfoW

shlwapi

PathRemoveBackslashW
PathAppendW

msvcr90

wcspbrk
wcsncpy_s
wcsncat_s
_vsnwprintf
_unlock
__dllonexit
_encode_pointer
_onexit
_decode_pointer
_except_handler4_common
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
_lock
wcscspn
wcsspn
_wtoi
swscanf_s
wcsncmp
wcschr
??3@YAXPAX@Z
??2@YAPAXI@Z
__CxxFrameHandler3
wcslen
memcpy
_recalloc
free
_CxxThrowException
memmove_s
memset
_purecall
memcpy_s
memmove
??_V@YAXPAX@Z
calloc
realloc
malloc
??_U@YAPAXI@Z
wcscmp
_vscwprintf
vswprintf_s
_beginthreadex
_endthreadex
_wcsnicmp
wcsnlen
_time64
memcmp
qsort
wcsstr
_wcslwr_s
wcsrchr
_wcsicmp
_wcsupr_s
_mbsstr
strlen
_wmakepath_s
_wsplitpath_s

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

wintrust

CryptCATAdminAcquireContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminEnumCatalogFromHash

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Exports

Exports

A17036AAFB3E48CCB160C5204DE647D3
PlugInMain

Sections

.text
Size: 358KB - Virtual size: 358KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 53KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e54e78764dcd69e6dd91d2d7f90ba46c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

01:31:4d:40:b7:bd:b8:b2:1d:0b:04:66:ba:ec:87:42Certificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

aa:31:02:50:ee:39:8a:97:5a:cc:9e:eb:4c:b2:a0:ee:8f:ca:1f:9eSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wtsapi32

netapi32

kernel32

user32

advapi32

shell32

shlwapi

msvcr90

userenv

wintrust

version

Exports

Exports

Sections

.text Size: 358KB - Virtual size: 358KB

.rdata Size: 144KB - Virtual size: 143KB

.data Size: 53KB - Virtual size: 79KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 23KB - Virtual size: 22KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

01:31:4d:40:b7:bd:b8:b2:1d:0b:04:66:ba:ec:87:42
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

aa:31:02:50:ee:39:8a:97:5a:cc:9e:eb:4c:b2:a0:ee:8f:ca:1f:9e
Signer

.text
Size: 358KB - Virtual size: 358KB

.rdata
Size: 144KB - Virtual size: 143KB

.data
Size: 53KB - Virtual size: 79KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 23KB - Virtual size: 22KB