28a4a582b57695d4640ec0f3a8413c6738c90a66eaf7baa96116e7b38617f89e

Sharing

Copy URL Twitter E-mail

General

Target

28a4a582b57695d4640ec0f3a8413c6738c90a66eaf7baa96116e7b38617f89e
Size

3.3MB
MD5

fea09cc28d835b7ad91da3dff7cc94bb
SHA1

fa1a362a4adf5bf14f900fef64d31225b3a436cb
SHA256

28a4a582b57695d4640ec0f3a8413c6738c90a66eaf7baa96116e7b38617f89e
SHA512

8b9262560fed3984324de4ecd34c915e104fb728f1ba8673cadeb8b8fa6eda41a36b1da77c83b2bfa7e60ce571f185a93381b4d2b99a75730b66b8d3a1d18ee8
SSDEEP

98304:9w/HbRb/w/HbRbww/HbRbHw/HbRb5dARPbRF:9wPh/wPhwwPhHwPhqPbRF

Score

1^/10

Malware Config

Signatures

Files

28a4a582b57695d4640ec0f3a8413c6738c90a66eaf7baa96116e7b38617f89e
.dll windows:5 windows x86 arch:x86

2537ac205c1edc8e714d8ee5f928e30b

Code Sign

07:27:58:3d
Certificate

Issuer

CN=GTE CyberTrust Global Root,OU=GTE CyberTrust Solutions\, Inc.,O=GTE Corporation,C=US

Not Before

13/01/2010, 19:20

Not After

30/09/2015, 18:19

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:09:96:c5:00:00:00:00:00:16
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 16:58

Not After

23/05/2016, 17:08

Subject

CN=GTE CyberTrust Global Root,OU=GTE CyberTrust Solutions\, Inc.,O=GTE Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:26:e6:bd:a7:6d:ae:71:1e:3d:b2:32:1e:3b:53:08
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/02/2013, 00:00

Not After

28/04/2015, 12:00

Subject

CN=Kaspersky Lab,O=Kaspersky Lab,L=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

89:ae:f5:d7:0b:60:a5:9a:8e:55:b5:5b:5f:5d:ff:b0:5f:7d:64:8d
Signer

Actual PE Digest

89:ae:f5:d7:0b:60:a5:9a:8e:55:b5:5b:5f:5d:ff:b0:5f:7d:64:8d

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

r:\207\804\Out\Win32\Release\msi_misc.pdb

Imports

fltlib

FilterReplyMessage
FilterGetDosName
FilterSendMessage
FilterConnectCommunicationPort
FilterGetMessage

ntdll

RtlDosPathNameToNtPathName_U
RtlFreeHeap

msi

ord48
ord171
ord159
ord49
ord74
ord144
ord32
ord118
ord117
ord158
ord160
ord8
ord121
ord145
ord73
ord17
ord92
ord138
ord140
ord57
ord31
ord120
ord50
ord125
ord103

psapi

GetModuleFileNameExW

userenv

GetProfilesDirectoryW

kernel32

WaitForSingleObject
CreateProcessW
FindClose
FindFirstFileW
GetModuleHandleA
DeleteFileW
ExpandEnvironmentStringsW
lstrcpyW
FindNextFileW
lstrcatW
RemoveDirectoryW
MoveFileExW
SetFileAttributesW
RemoveDirectoryA
FindNextFileA
MoveFileExA
SetFileAttributesA
FindFirstFileA
GetCurrentProcess
IsWow64Process
GetModuleHandleW
HeapAlloc
GetProcessHeap
HeapFree
CreateThread
TerminateProcess
WideCharToMultiByte
lstrcpyA
CreateDirectoryA
FormatMessageA
OutputDebugStringA
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetSystemInfo
CopyFileA
LoadLibraryA
LoadLibraryExA
SetEvent
OpenEventW
ReadFile
GetFileSize
GetTickCount
MoveFileW
GetModuleHandleExA
CreateEventA
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
lstrcmpiW
lstrlenW
GetFullPathNameW
GetExitCodeProcess
Module32NextW
Module32FirstW
GetModuleFileNameW
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetWindowsDirectoryA
SetThreadLocale
GetSystemDefaultLCID
GetThreadLocale
OpenMutexW
PostQueuedCompletionStatus
CreateIoCompletionPort
InterlockedIncrement
GetQueuedCompletionStatus
FindFirstFileExW
RtlUnwind
DecodePointer
GetPrivateProfileStringA
GetFileAttributesA
GetCurrentDirectoryW
SetCurrentDirectoryW
InterlockedDecrement
GetFileAttributesExW
OpenMutexA
GetVersion
lstrcmpA
LocalAlloc
LocalFree
GetVersionExA
QueryDosDeviceW
CreateFileW
lstrlenA
GetComputerNameA
GetModuleFileNameA
lstrcpynA
GetShortPathNameA
WriteFile
GetTempPathA
GetTempFileNameA
DeleteFileA
WritePrivateProfileStringA
MultiByteToWideChar
CreateFileA
DeviceIoControl
CloseHandle
GetLocalTime
lstrcmpW
LoadLibraryW
GetProcAddress
FreeLibrary
GetFileAttributesW
CreateDirectoryW
GetLastError
LoadLibraryExW
CopyFileW
WritePrivateProfileStringW
GetTempPathW
SetFilePointer
GetPrivateProfileStringW
GetPrivateProfileSectionNamesW
GetDriveTypeW
GetLongPathNameW
Sleep
SetLastError
OpenProcess
InterlockedPopEntrySList
VirtualFree
InterlockedPushEntrySList
SetEnvironmentVariableA
CompareStringW
WriteConsoleW
SetStdHandle
GetTimeZoneInformation
SetConsoleCtrlHandler
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
HeapReAlloc
HeapSize
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
GetConsoleMode
GetConsoleCP
FatalAppExitA
EncodePointer
GetStartupInfoW
GetFileType
DeleteCriticalSection
InitializeCriticalSection
InterlockedCompareExchange
GetStringTypeW
EnterCriticalSection
SetHandleCount
GetLocaleInfoW
GetStdHandle
ExitProcess
HeapDestroy
HeapCreate
IsValidCodePage
GetOEMCP
GetACP
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCPInfo
LCMapStringW
VirtualQuery
VirtualAlloc
VirtualProtect
GetCommandLineA
GetSystemTimeAsFileTime
FindFirstFileExA
FileTimeToLocalFileTime
InterlockedExchange
RaiseException
LeaveCriticalSection
FlushInstructionCache
FileTimeToSystemTime

user32

wsprintfW
CharUpperBuffA
SendMessageA
ShowWindow
SendMessageW
wsprintfA
EndDialog
UnregisterClassA
CreateDesktopW
DestroyWindow
EnumDisplayMonitors
GetSystemMetrics
FindWindowW
SetWindowPos
GetThreadDesktop
LoadCursorW
CloseDesktop
GetDC
RegisterClassExW
ReleaseDC
SetWindowLongW
GetDlgItem
MonitorFromWindow
GetWindowLongW
LoadIconW
GetMonitorInfoW
SwitchDesktop
SetThreadDesktop
CreateWindowExW
UpdateWindow
EndPaint
ScreenToClient
GetWindowRect
DialogBoxParamW
GetParent
DrawIcon
GetClientRect
GetWindow
DefWindowProcW
MapWindowPoints
SetWindowTextW
BeginPaint

advapi32

OpenSCManagerW
RegQueryValueExA
RegOpenKeyA
GetUserNameW
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegQueryValueExW
RegOpenKeyExA
RegOpenKeyExW
RegSetValueExW
RegEnumKeyExA
RegDeleteKeyA
RegSetValueExA
RegCreateKeyExW
RegDeleteValueA
CreateWellKnownSid
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
LookupPrivilegeValueW
QueryServiceConfigA
DeleteService
CreateServiceW
ChangeServiceConfigW
CreateServiceA
ChangeServiceConfigA
QueryServiceStatusEx
StartServiceA
RegEnumValueW
RegQueryInfoKeyA
RegDeleteValueW
RegUnLoadKeyW
RegLoadKeyW
RegOpenKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteKeyW
RegEnumValueA
RegCreateKeyExA
CloseServiceHandle
OpenServiceW
OpenSCManagerA
OpenServiceA
QueryServiceObjectSecurity
GetSecurityDescriptorDacl
AllocateAndInitializeSid
BuildExplicitAccessWithNameA
BuildTrusteeWithSidA
SetEntriesInAclA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetServiceObjectSecurity
FreeSid
RegCloseKey

shell32

SHGetSpecialFolderLocation
ShellExecuteExW
SHGetPathFromIDListW
ShellExecuteA
SHGetFolderPathW

ole32

CoTaskMemFree
CoSetProxyBlanket
CoInitializeEx
CoCreateInstance
CoUninitialize
CoInitializeSecurity

oleaut32

SysFreeString
SysAllocString
VariantClear
CreateErrorInfo
GetErrorInfo
VariantChangeType
SetErrorInfo
VariantInit

shlwapi

PathFileExistsW
PathIsDirectoryEmptyW

crypt32

CertDuplicateCertificateContext
CertGetNameStringW
CertGetNameStringA
CryptMsgClose
CertCloseStore
CertFreeCertificateContext
CertFindCertificateInStore
CryptMsgGetParam
CryptQueryObject

rpcrt4

UuidCreate

wintrust

WTHelperGetProvCertFromChain
WTHelperProvDataFromStateData
WinVerifyTrustEx
WTHelperGetProvSignerFromChain

wininet

InternetCrackUrlW
HttpQueryInfoW
HttpSendRequestW
HttpOpenRequestW
InternetCloseHandle
InternetConnectW
InternetOpenW

msimg32

AlphaBlend

gdi32

GetStockObject
ExtTextOutW
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
DeleteObject
SetBkMode
SetBkColor
CreateFontIndirectW
DeleteDC
BitBlt
SetLayout
GetDeviceCaps
CreateDIBSection
GetObjectW

Exports

Exports

?SelfProtectionRegImpl@@YGIKPBD0K@Z
AddLicenseFile
ApprovalUninstallOnSecureDesktop
BuildRMLocList
CheckDriver
CheckDriverKlifAvailable
CheckDriverKlim
CheckExecutability
CheckKAVUnPasswd
CheckMinorUpgradeFeaturesState
CheckNetConnections
CheckNetcfgLockDeferred
CheckNetcfgLockImmediate
CheckOSBootMode
CheckObjectsToSave
CheckUpgrade
ClearFile
ClearKAVUnPasswd
ClearKAVUnPasswdArea
ClearListCompetitorsSoftware
DeleteOemInfByContent
DetachKMA
DisableFidbox
DisableFirewall
DisableWinDefender
EnableFullScanCA
EnableProductAutostart
EnableTraceToDebugOutputCA
EnableTraceToFileCA
EnableWinDefender
ExportSettings
ExtractCABDeferred
ExtractCABImmediate
ExtractCleaner
FindApp
FindAppWindow
GetMsiCommandLine
GetNeedReboot
GetSettingsVersion
GetSetupConfiguration
ImportReg
InitCAServerDef
InitKAVUnPasswd
InitKLEANERCAB
InstallDate_Set
InstallGadgetLocalization
LaunchURL
ListCompetitorsSoftware
MakeINSTALLBASESID
MakePCID
OutBinFile
RbClearKAVUnPasswdArea
RbInitCAServerDef
RbRegisterRMLoc
RbSetAllowServiceStop
RbSetAllowServiceStopAVP11
RbSetAllowServiceStopAVP12
RbSetAllowServiceStopAVP13
ReadSetupSetFeaturesState
ReadWindowsImageState
RecoverDriver
RegisterDriver
RegisterRMLoc
RegisterRMLocServer
RegisterRMLocServices
RemoveAllUsersIEMenuExt
RemoveAllUsersRegKey
RemoveDeinstall
RemoveGadget
RemoveProtectionFiles
RemoveRestorePoint
RemoveUpdaterList
RepairAVP12ComponentsRegistration
RepairAVP13ComponentsRegistration
ReportCAError
RestoreDNSCache
RestoreProfiles
ReturnError
ReturnUserExit
RunActiveDisinfection
SaveSettings
SelfRegOnRebootInit
SelfRegOnRebootRun
SendUninstallStatOnFailure
SendUninstallStatOnSuccess
SetAllowServiceStop
SetAllowServiceStopAVP11
SetAllowServiceStopAVP12
SetAllowServiceStopAVP13
SetAllowServiceStopAVP6
SetAllowServiceStopAVP7
SetAllowServiceStopAVP8
SetAllowServiceStopAVP9
SetCustomInstall
SetDeinstall
SetFeaturesState
SetFeaturesStateSetProp
SetFeaturesStateUI
SetINSTALLDIR
SetInsOSVer
SetInstallSupportDir
SetIsInstalled
SetIsInstalledOFFReg
SetIsInstalledOFFRegAVP13
SetIsInstalledONReg
SetIsInstalledONRegAVP13
SetIsKAVUnPasswd
SetKlifParameters
SetKlifParametersOSDependent1
SetKlifSkipOsVersionChecks
SetLSPApplicationCategory
SetNeedReboot
SetOS4Updater
SetPIWInitMode
SetPIWInitModeSetProp
SetProductRoot
SetProductStatus
SetProductStatusSetProp
SetREINSTALLProp
SetSTATUSProp
SetServiceDACL
SetServiceRestart
SetSetupResultSuccess
SetWin81Supported
SignalInstallCompleted
StartDriver
StartDriverEx
StartServiceEx
UninstallCompetitorsSoftwareDeferred
UninstallCompetitorsSoftwareImmediate
UninstallCompetitorsSoftwareList
UnloadApp
UnregisterCAServer
UnregisterDriver
UnregisterRMLocServer
UnregisterRMLocServices
UpgradeGadget
UpgradeKlifParameters
VKeyboardRegistration
VKeyboardUnregistration
VerifyInstallDir
WebToolbarRegistration
WebToolbarUnregistration
WriteBinRegistryKeyFromFile
WriteKleanerSkipAction
WriteZombie

Sections

.text
Size: 543KB - Virtual size: 542KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2537ac205c1edc8e714d8ee5f928e30b

Code Sign

07:27:58:3dCertificate

Key Usages

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

61:09:96:c5:00:00:00:00:00:16Certificate

Key Usages

02:26:e6:bd:a7:6d:ae:71:1e:3d:b2:32:1e:3b:53:08Certificate

Extended Key Usages

Key Usages

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5fCertificate

Extended Key Usages

Key Usages

89:ae:f5:d7:0b:60:a5:9a:8e:55:b5:5b:5f:5d:ff:b0:5f:7d:64:8dSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

fltlib

ntdll

msi

psapi

userenv

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

crypt32

rpcrt4

wintrust

wininet

msimg32

gdi32

Exports

Exports

Sections

.text Size: 543KB - Virtual size: 542KB

.rdata Size: 180KB - Virtual size: 180KB

.data Size: 11KB - Virtual size: 19KB

.rsrc Size: 22KB - Virtual size: 21KB

.reloc Size: 30KB - Virtual size: 29KB

07:27:58:3d
Certificate

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

61:09:96:c5:00:00:00:00:00:16
Certificate

02:26:e6:bd:a7:6d:ae:71:1e:3d:b2:32:1e:3b:53:08
Certificate

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

89:ae:f5:d7:0b:60:a5:9a:8e:55:b5:5b:5f:5d:ff:b0:5f:7d:64:8d
Signer

.text
Size: 543KB - Virtual size: 542KB

.rdata
Size: 180KB - Virtual size: 180KB

.data
Size: 11KB - Virtual size: 19KB

.rsrc
Size: 22KB - Virtual size: 21KB

.reloc
Size: 30KB - Virtual size: 29KB