4d1518c21b7f872fd7b1f7c450bd9c63fd4e168b77275f47a07f9a3e7fff28a7

Sharing

Copy URL Twitter E-mail

General

Target

4d1518c21b7f872fd7b1f7c450bd9c63fd4e168b77275f47a07f9a3e7fff28a7
Size

297KB
MD5

d805de4dd49646cf136820369a138ecc
SHA1

5c289b0255b48d2ee812c4c8bd6430d69f2811fe
SHA256

4d1518c21b7f872fd7b1f7c450bd9c63fd4e168b77275f47a07f9a3e7fff28a7
SHA512

f2aebb6783aa58b731358b7aa4ebddef5f60eeb0c13846ed36d206443ae9fd56671b2e700c01d0c247a2d0feff938613957139fc54a15242a5e5d73f85404241
SSDEEP

3072:6hBzII9dxk7e6aZDJ4IRWfaJLi9CSav0ibz5vyMju1/2lQBV+UdE+rECWp7hKU5:N7mwSkla8ahzju1DBV+UdvrEFp7hKU5

Score

1^/10

Malware Config

Signatures

Files

4d1518c21b7f872fd7b1f7c450bd9c63fd4e168b77275f47a07f9a3e7fff28a7
.dll windows:4 windows x86 arch:x86

50a3b52fc86acf1030b34623044499fc

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3a:8e:49:11:ea:41:4d:e5:37:bc:ee:2a:aa:b7:4f:c7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

27/02/2009, 00:00

Not After

20/04/2012, 23:59

Subject

CN=Broadcom Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Enterprise Computing,O=Broadcom Corporation,L=Irvine,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b9:56:38:1f:23:7b:8b:9b:ce:b3:b4:b4:b2:39:45:61:b1:ee:71:5c
Signer

Actual PE Digest

b9:56:38:1f:23:7b:8b:9b:ce:b3:b4:b4:b2:39:45:61:b1:ee:71:5c

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

v:\BTW\btw1.2\temp\BtMmHook\Release\BtMmHook.pdb

Imports

kernel32

WaitForSingleObject
ReleaseMutex
GetCurrentProcess
GetProcAddress
GetModuleHandleA
GetCurrentProcessId
GetModuleFileNameA
Sleep
CloseHandle
SetEvent
GetLastError
OpenEventA
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
lstrlenA
lstrcmpiA
CreateEventA
IsDBCSLeadByte
FreeLibrary
SizeofResource
CreateMutexA
FindResourceA
LoadLibraryExA
OpenProcess
LoadLibraryA
GetVersionExA
ReadFile
SetEndOfFile
SetConsoleCtrlHandler
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetFilePointer
FlushFileBuffers
SetStdHandle
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
GetTickCount
GetLocalTime
GetDateFormatA
GetTimeFormatA
GetCurrentThreadId
OutputDebugStringA
DeleteCriticalSection
InitializeCriticalSection
LoadResource
RaiseException
FreeEnvironmentStringsW
GetTimeZoneInformation
SetEnvironmentVariableA
CompareStringW
GetEnvironmentStrings
CompareStringA
GetLocaleInfoW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
RtlUnwind
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetProcessHeap
WriteFile
GetConsoleCP
GetConsoleMode
GetCPInfo
GetOEMCP
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThread
FatalAppExitA
VirtualFree
HeapDestroy
HeapCreate
ExitProcess
GetStdHandle
HeapSize
LCMapStringA
LCMapStringW
SetHandleCount

user32

GetDesktopWindow
GetWindow
GetWindowLongA
EnumWindows
GetWindowThreadProcessId
IsWindow
UnregisterClassA
PeekMessageA
DispatchMessageA
MsgWaitForMultipleObjects
SetWindowsHookExA
CharNextA
UnhookWindowsHookEx
GetForegroundWindow
CallNextHookEx
keybd_event
PostMessageA
wvsprintfA
GetWindowTextA

advapi32

RegQueryInfoKeyA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegEnumKeyExA

shell32

ShellExecuteA

ole32

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance

oleaut32

VarUI4FromStr
SysFreeString

Exports

Exports

FinishBtMmHook
SetAndWaitBtMmHook
SetBtMmHook
UnSetBtMmHook

Sections

.text
Size: 160KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

50a3b52fc86acf1030b34623044499fc

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

3a:8e:49:11:ea:41:4d:e5:37:bc:ee:2a:aa:b7:4f:c7Certificate

Extended Key Usages

Key Usages

b9:56:38:1f:23:7b:8b:9b:ce:b3:b4:b4:b2:39:45:61:b1:ee:71:5cSigner

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 160KB - Virtual size: 158KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 8KB - Virtual size: 12KB

.shared Size: 4KB - Virtual size: 4B

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 7KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

3a:8e:49:11:ea:41:4d:e5:37:bc:ee:2a:aa:b7:4f:c7
Certificate

b9:56:38:1f:23:7b:8b:9b:ce:b3:b4:b4:b2:39:45:61:b1:ee:71:5c
Signer

.text
Size: 160KB - Virtual size: 158KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 8KB - Virtual size: 12KB

.shared
Size: 4KB - Virtual size: 4B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 7KB