3b75e0b82f796ba6b102e8c1715bfce0044b98e62a8ff5193c914ea43e063a80

Sharing

Copy URL Twitter E-mail

General

Target

3b75e0b82f796ba6b102e8c1715bfce0044b98e62a8ff5193c914ea43e063a80
Size

376KB
MD5

19be3255a9464564ad92c6f8979a5e89
SHA1

f2d255fd24f00b14ee38a5dc4507fda064ea46b9
SHA256

3b75e0b82f796ba6b102e8c1715bfce0044b98e62a8ff5193c914ea43e063a80
SHA512

69e93ebc3ea157b687813fe0bf77b7c4b330240fd8684e8071bdf06b1c785bb9cbda3bfa178b2f2314e71fba61c290a8d63388071fe2ad82eaa9fd5275c03a5d
SSDEEP

6144:OVfOQzxL+2806o9MX+sQikDYouGgbfbvNluM6k5ztIIrsLUPFwyGZNLqR:OVfOfo9aNGMfblEa5ztpQLUkuR

Score

1^/10

Malware Config

Signatures

Files

3b75e0b82f796ba6b102e8c1715bfce0044b98e62a8ff5193c914ea43e063a80
.dll windows:5 windows x86 arch:x86

707e3a0f62a74d63b137e7e3e0fba91c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

32:1b:7e:59:4f:7f:a5:6e:16:99:f8:b2:7f:12:9c:88
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

09/02/2009, 00:00

Not After

28/02/2012, 23:59

Subject

CN=Zeon Corporation,OU=Digital ID Class 3 - Microsoft VBA Software Validation v2,O=Zeon Corporation,L=Taipei,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:b1:ca:d0:fb:d2:8b:b4:1f:2d:78:c2:ac:b1:70:da:a2:57:af:16
Signer

Actual PE Digest

77:b1:ca:d0:fb:d2:8b:b4:1f:2d:78:c2:ac:b1:70:da:a2:57:af:16

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

crypt32

CryptStringToBinaryA

kernel32

GetFileTime
WritePrivateProfileStringA
GetTickCount
RtlUnwind
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetTimeFormatA
GetDateFormatA
HeapAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetTimeZoneInformation
GetSystemTimeAsFileTime
GetCommandLineA
HeapReAlloc
SetStdHandle
GetFileType
Sleep
ExitProcess
ExitThread
CreateThread
HeapSize
GetStdHandle
HeapCreate
HeapDestroy
VirtualFree
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
GetFileSizeEx
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
MultiByteToWideChar
DeleteFileA
GetTempFileNameA
GetTempPathA
lstrlenA
GetSystemTime
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CopyFileA
FindResourceA
SizeofResource
LockResource
LoadResource
WideCharToMultiByte
OutputDebugStringA
GetModuleFileNameA
GetModuleHandleA
LoadLibraryA
CloseHandle
CreateFileA
GetFileAttributesA
FreeResource
GlobalFree
GlobalUnlock
GlobalLock
GetVersionExA
GetProcAddress
lstrcmpW
FreeLibrary
SetLastError
GetLastError
CompareStringA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetCurrentThreadId
FileTimeToLocalFileTime
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
InterlockedIncrement
GetThreadLocale
GlobalAlloc
MulDiv
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
FileTimeToSystemTime
GetModuleHandleW
GetOEMCP
GetCPInfo
GlobalFlags
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
InterlockedDecrement
GetModuleFileNameW
GetCurrentProcessId
SuspendThread
SetEvent
ResumeThread
SetThreadPriority
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
InterlockedExchange
lstrcmpA
WaitForSingleObject
CreateEventA
FormatMessageA
LocalFree

user32

PostThreadMessageA
ReleaseCapture
SetCapture
InvalidateRgn
InvalidateRect
SetRect
IsRectEmpty
CopyAcceleratorTableA
DestroyMenu
LoadCursorA
GetSysColorBrush
UnregisterClassA
GetWindowThreadProcessId
SetCursor
GetMessageA
TranslateMessage
GetCursorPos
ValidateRect
PostQuitMessage
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
SetWindowContextHelpId
MapDialogRect
CharNextA
MoveWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
GetKeyState
SetMenu
SetForegroundWindow
UpdateWindow
GetSubMenu
GetMenuItemID
GetMenuItemCount
MessageBoxA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
EqualRect
CopyRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
PtInRect
GetMenu
SetWindowPos
RegisterClipboardFormatA
CharUpperA
MessageBeep
GetNextDlgGroupItem
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
GetWindowLongA
SetWindowLongA
SendMessageA
GetDC
LoadIconA
wsprintfA
GetParent
GetClientRect
GetSystemMetrics
PostMessageA
ShowWindow
IsWindowVisible
GetWindowRect
EnableWindow

gdi32

SetMapMode
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
RestoreDC
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreateRectRgnIndirect
GetRgnBox
GetMapMode
SaveDC
GetTextColor
GetBkColor
GetDeviceCaps
GetStockObject
SetBkColor
SetTextColor
GetClipBox
GetObjectA
CreateBitmap
ScaleViewportExtEx
DeleteObject

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegCloseKey
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA

shell32

ShellExecuteA
SHGetFolderPathA

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathAppendA

oledlg

ord8

ole32

OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
OleFlushClipboard
CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
CoRegisterMessageFilter
CoGetClassObject

oleaut32

SafeArrayDestroy
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocStringByteLen
SysStringLen
OleCreateFontIndirect
VariantCopy
VariantChangeType
SysAllocStringLen
VarBstrCmp
SysAllocString
VariantClear
SysFreeString
VariantInit

urlmon

URLDownloadToFileA

Exports

Exports

PlugInMain

Sections

.text
Size: 261KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

707e3a0f62a74d63b137e7e3e0fba91c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

32:1b:7e:59:4f:7f:a5:6e:16:99:f8:b2:7f:12:9c:88Certificate

Extended Key Usages

Key Usages

77:b1:ca:d0:fb:d2:8b:b4:1f:2d:78:c2:ac:b1:70:da:a2:57:af:16Signer

Headers

File Characteristics

Imports

crypt32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

oledlg

ole32

oleaut32

urlmon

Exports

Exports

Sections

.text Size: 261KB - Virtual size: 260KB

.rdata Size: 59KB - Virtual size: 58KB

.data Size: 11KB - Virtual size: 26KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 38KB - Virtual size: 37KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

32:1b:7e:59:4f:7f:a5:6e:16:99:f8:b2:7f:12:9c:88
Certificate

77:b1:ca:d0:fb:d2:8b:b4:1f:2d:78:c2:ac:b1:70:da:a2:57:af:16
Signer

.text
Size: 261KB - Virtual size: 260KB

.rdata
Size: 59KB - Virtual size: 58KB

.data
Size: 11KB - Virtual size: 26KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 38KB - Virtual size: 37KB