4e827fe46a4c2d628985695dfafb3ff665493516f0ec397cfceaec1d201ae80c

Sharing

Copy URL Twitter E-mail

General

Target

4e827fe46a4c2d628985695dfafb3ff665493516f0ec397cfceaec1d201ae80c
Size

523KB
MD5

d2f362112bb795f603aa732bb19ddbc5
SHA1

17c24be4e526e3372c218cfee8a85787709a9f7c
SHA256

4e827fe46a4c2d628985695dfafb3ff665493516f0ec397cfceaec1d201ae80c
SHA512

5d9080d59f7fae09317aada41fba23bc7b8cb4fd3f7e695f634a237ac88e69edb14c3cb61083be95b0d52819909de8c024d05a5d61f78dea7e4cdf00eab8edae
SSDEEP

12288:STyu1dr5J7RpUVV+VbA0fU9nwRS4fwvP:edrnR1e9wRPfK

Score

1^/10

Malware Config

Signatures

Files

4e827fe46a4c2d628985695dfafb3ff665493516f0ec397cfceaec1d201ae80c
.dll windows:4 windows x86 arch:x86

e078da951033f1e3e6c2464689ffef3a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

62:8d:42:d9:9b:0e:99:6f:0a:dc:5a:ad:72:b2:0e:5e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

09/08/2013, 00:00

Not After

08/08/2016, 23:59

Subject

CN=JiranJikyosoft co.\, ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Management Dept.,O=JiranJikyosoft co.\, ltd.,L=Gangnam Gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7a:5d:88:d2:33:2f:6f:95:0c:aa:31:92:97:24:16:60:31:40:c5:1a
Signer

Actual PE Digest

7a:5d:88:d2:33:2f:6f:95:0c:aa:31:92:97:24:16:60:31:40:c5:1a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\PF\PCFILTER V2.0\CUSTOM ver\PCFILTER Agent V2.0(전남대학교)\release\PCFILTEREraser.pdb

Imports

kernel32

TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GetModuleHandleA
InterlockedIncrement
SetErrorMode
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
GetCommandLineA
RtlUnwind
RaiseException
ExitProcess
ExitThread
CreateThread
HeapSize
GetCPInfo
IsValidCodePage
LCMapStringA
LCMapStringW
GlobalHandle
HeapCreate
GetConsoleCP
GetConsoleMode
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
SetEnvironmentVariableA
GlobalReAlloc
TlsGetValue
LocalAlloc
GlobalFlags
GetPrivateProfileStringW
GetPrivateProfileIntW
InterlockedDecrement
SuspendThread
ResumeThread
SetThreadPriority
GetFullPathNameW
DuplicateHandle
UnlockFile
LockFile
GetThreadLocale
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
GetLocaleInfoW
LoadLibraryExW
CompareStringA
InterlockedExchange
ReleaseMutex
WideCharToMultiByte
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LoadLibraryA
lstrcmpW
GetModuleHandleW
GetVersionExA
WritePrivateProfileStringW
VirtualLock
GetUserDefaultLCID
GetSystemTime
GetUserDefaultLangID
GetProcessTimes
GetThreadTimes
GlobalMemoryStatus
CreateEventW
GetProcessHeap
QueryPerformanceCounter
GetStartupInfoW
GetCurrentThread
GetSystemInfo
GetCurrentProcessId
GetLogicalDrives
GetACP
GetOEMCP
GetSystemDefaultLCID
GetSystemDefaultLangID
GetTimeZoneInformation
VirtualUnlock
lstrlenW
CreateDirectoryW
GetFileTime
GetVolumeInformationW
GetModuleFileNameW
GetFileAttributesW
SetLastError
SetEndOfFile
GetFileSize
SetFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
LocalFree
FormatMessageW
InterlockedCompareExchange
DeviceIoControl
ReadFile
GetLastError
CloseHandle
CreateFileW
VirtualAlloc
FreeLibrary
GetDiskFreeSpaceW
CreateMutexW
GetProcAddress
LoadLibraryW
RemoveDirectoryW
MultiByteToWideChar
DeleteFileW
SetFileAttributesW
GetWindowsDirectoryW
GetCurrentThreadId
FindClose
SetEvent
SetSystemPowerState
FindNextFileW
TerminateThread
FindFirstFileW
Sleep
MoveFileW
GetCurrentProcess
GetExitCodeThread
lstrcpynW
VirtualFree
GetVersionExW
GetShortPathNameW
ResetEvent
FlushFileBuffers
WriteFile
WaitForSingleObject
SetFilePointer
GetTickCount
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
FindResourceW
LoadResource
LockResource
HeapDestroy
SizeofResource

user32

DrawTextW
TabbedTextOutW
DestroyMenu
LoadCursorW
GetDC
ReleaseDC
GetSysColorBrush
ClientToScreen
GetWindowThreadProcessId
SetCursor
GetMessageW
TranslateMessage
ValidateRect
CharUpperW
PostQuitMessage
RegisterWindowMessageW
LoadIconW
WinHelpW
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetLastActivePopup
DispatchMessageW
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
PeekMessageW
MapWindowPoints
GetKeyState
DrawTextExW
SetForegroundWindow
IsWindowVisible
GetClientRect
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
MessageBoxW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CopyRect
PtInRect
DefWindowProcW
CallWindowProcW
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
GetWindowTextW
GetParent
SetWindowPos
IsWindowEnabled
ShowWindow
SetWindowLongW
GetDlgCtrlID
SetWindowTextW
GetWindowLongW
GrayStringW
UnregisterClassW
GetDlgItem
GetWindow
wsprintfW
GetSystemMetrics
GetProcessWindowStation
GetOpenClipboardWindow
GetMessageTime
GetMessagePos
GetInputState
GetForegroundWindow
GetFocus
GetDesktopWindow
GetClipboardViewer
GetCaretBlinkTime
GetClipboardOwner
GetDoubleClickTime
GetCapture
GetKeyboardType
GetActiveWindow
GetKeyboardLayout
GetCursorPos
GetCaretPos
GetDialogBaseUnits
GetSysColor
ExitWindowsEx
IsWindow
PostMessageW
SendMessageW
EnableWindow
AdjustWindowRectEx
UnregisterClassA

gdi32

GetStockObject
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutW
RectVisible
PtVisible
ExtTextOutW
SetMapMode
RestoreDC
SaveDC
CreateBitmap
GetClipBox
SetTextColor
SetBkColor
GetDeviceCaps
DeleteObject

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegQueryValueW
RegEnumKeyW
RegOpenKeyW
LookupAccountSidW
OpenThreadToken
GetSidSubAuthorityCount
GetSidIdentifierAuthority
RegEnumKeyExW
RegDeleteValueW
RegEnumValueW
RegDeleteKeyW
GetAclInformation
AddAce
InitializeAcl
MakeAbsoluteSD
GetSecurityDescriptorControl
GetSecurityDescriptorLength
MakeSelfRelativeSD
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetUserNameW
GetSecurityDescriptorGroup
IsValidSid
RegSetValueExW
GetSecurityDescriptorOwner
GetLengthSid
LookupAccountNameW
RegCreateKeyExW
CopySid
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
GetTokenInformation
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
DecryptFileW
FileEncryptionStatusW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken

shlwapi

PathFindFileNameW
PathStripToRootW
PathRemoveFileSpecW
PathAppendW
PathIsUNCW
PathStripPathW
PathFindExtensionW

oleaut32

VariantClear
VariantChangeType
VariantInit

crypt32

CryptProtectData
CryptUnprotectData

Exports

Exports

??0CFileLockResolver@@AAE@KH@Z
??0CFileLockResolver@@QAE@ABV0@@Z
??0CFileLockResolver@@QAE@H@Z
??0CSecurityManager@@AAE@XZ
??1CFileLockResolver@@QAE@XZ
??1CSecurityManager@@AAE@XZ
??4CFileLockResolver@@QAEAAV0@ABV0@@Z
??4CSecurityManager@@QAEAAV0@ABV0@@Z
??_FCFileLockResolver@@QAEXXZ
?AskUser@CFileLockResolver@@AAEXH@Z
?Check@CSecurityManager@@SA_NPB_W@Z
?CheckAccess@@YA_NK@Z
?ClearProtection@@YA_NXZ
?Close@CFileLockResolver@@QAEXXZ
?ErrorHandler@CFileLockResolver@@CAKPB_WKPAX1@Z
?GetBMethods@@YAPBV_MethodBase@@XZ
?GetLockFilePath@CFileLockResolver@@CA?AV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@_N@Z
?HandleError@CFileLockResolver@@AAEXPB_WKHI@Z
?IsProcessElevated@@YA_NPAX@Z
?IsProtected@CSecurityManager@@SA_NXZ
?IsWindowsNT@@YA_NXZ
?Protect@CSecurityManager@@SAXPB_W@Z
?Resolve@CFileLockResolver@@SAXPB_WAAVCStringArray@@@Z
?SetHandle@CFileLockResolver@@QAEXK@Z
?SetProtection@@YA_NXZ
?Unprotect@CSecurityManager@@SAXXZ
?loadLibrarySettings@@YA_NPAULibrarySettings@@@Z
?no_registry@@3_NA
?saveLibrarySettings@@YA_NPAULibrarySettings@@@Z
?setLibraryDefaults@@YAXPAULibrarySettings@@@Z
_eraserAddItem@12
_eraserClearItems@4
_eraserCompleted@8
_eraserCreateContext@4
_eraserCreateContextEx@16
_eraserDestroyContext@4
_eraserDispFlags@8
_eraserEnd@0
_eraserErrorString@16
_eraserErrorStringCount@8
_eraserFailed@8
_eraserFailedCount@8
_eraserFailedString@16
_eraserGetClusterSize@12
_eraserGetDataType@8
_eraserGetFreeDiskSpace@12
_eraserGetWindow@8
_eraserGetWindowMessage@8
_eraserInit@0
_eraserIsRunning@8
_eraserIsValidContext@4
_eraserProgGetCurrentDataString@12
_eraserProgGetCurrentPass@8
_eraserProgGetMessage@12
_eraserProgGetPasses@8
_eraserProgGetPercent@8
_eraserProgGetTimeLeft@8
_eraserProgGetTotalPercent@8
_eraserRemoveFile@8
_eraserRemoveFolder@12
_eraserSetDataType@8
_eraserSetErrorHandler@12
_eraserSetFinishAction@8
_eraserSetWindow@8
_eraserSetWindowMessage@8
_eraserShowOptions@8
_eraserShowReport@8
_eraserStart@4
_eraserStartSync@4
_eraserStatGetArea@8
_eraserStatGetTime@8
_eraserStatGetTips@8
_eraserStatGetWiped@8
_eraserStop@4
_eraserTerminated@8
_eraserTestContinueProcess@4
_eraserTestEnable@4
convEraseMethod

Sections

.text
Size: 348KB - Virtual size: 346KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e078da951033f1e3e6c2464689ffef3a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

62:8d:42:d9:9b:0e:99:6f:0a:dc:5a:ad:72:b2:0e:5eCertificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

7a:5d:88:d2:33:2f:6f:95:0c:aa:31:92:97:24:16:60:31:40:c5:1aSigner

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shlwapi

oleaut32

crypt32

Exports

Exports

Sections

.text Size: 348KB - Virtual size: 346KB

.rdata Size: 72KB - Virtual size: 69KB

.data Size: 20KB - Virtual size: 35KB

.rsrc Size: 36KB - Virtual size: 32KB

.reloc Size: 36KB - Virtual size: 32KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

62:8d:42:d9:9b:0e:99:6f:0a:dc:5a:ad:72:b2:0e:5e
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

7a:5d:88:d2:33:2f:6f:95:0c:aa:31:92:97:24:16:60:31:40:c5:1a
Signer

.text
Size: 348KB - Virtual size: 346KB

.rdata
Size: 72KB - Virtual size: 69KB

.data
Size: 20KB - Virtual size: 35KB

.rsrc
Size: 36KB - Virtual size: 32KB

.reloc
Size: 36KB - Virtual size: 32KB