a752b4253f9f31042219c34c568ee60acffa1bffab162ca37455152842237f12

Sharing

Copy URL Twitter E-mail

General

Target

a752b4253f9f31042219c34c568ee60acffa1bffab162ca37455152842237f12
Size

725KB
MD5

74df4b40acb6d4c118305985d4c9079f
SHA1

095e08b98f95c0aff6b8ae05f6a3afc57eac7d23
SHA256

a752b4253f9f31042219c34c568ee60acffa1bffab162ca37455152842237f12
SHA512

f002fe76ac6250f64d6af9abfdac23e74f21b3ffe339226848e5b91f2629788bdfce297311d88a6f8c45d02ffa19215d2bfb5371a8e3f738aa49838ab70ea355
SSDEEP

12288:xXdw1+fO2nbrsCJEQ2rLadbHVo5mlK6TDeZoexvrcaBjvrEH7S:x9OQicsrEH7S

Score

1^/10

Malware Config

Signatures

Files

a752b4253f9f31042219c34c568ee60acffa1bffab162ca37455152842237f12
.exe windows:6 windows x86 arch:x86

1f9023b0cd7a757a5aad6d510715e7d7

Code Sign

33:00:00:00:35:d8:d5:59:5b:06:71:41:2b:00:00:00:00:00:35
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/08/2013, 20:26

Not After

15/08/2023, 20:36

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

17:4a:0b:23:6d:1c:7a:c9:38:4e:7b:9d:9b:61:39:84
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

29/05/2015, 00:00

Not After

28/05/2016, 23:59

Subject

CN=Hewlett-Packard Company,OU=HP Cyber Security,O=Hewlett-Packard Company,POSTALCODE=94304,STREET=3000 Hanover Street,L=Palo Alto,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

11:21:45:02:eb:63:15:0c:a5:b1:95:23:f1:53:56:91:2f:e5
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

03/02/2015, 00:00

Not After

03/03/2026, 00:00

Subject

CN=GlobalSign TSA for Standard - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ca:af:5a:10:e2:5e:40:ef:85:3d:b5:0a:90:99:12:fa:44:f4:a7:bc
Signer

Actual PE Digest

ca:af:5a:10:e2:5e:40:ef:85:3d:b5:0a:90:99:12:fa:44:f4:a7:bc

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\changcal\Desktop\source\HPSystemEventUtility\trunk\Release\HPMSGSVC.pdb

Imports

kernel32

WriteFile
ExitThread
lstrlenW
FreeLibrary
RtlUnwind
InitializeSListHead
Sleep
SetEndOfFile
WriteConsoleW
ReadConsoleW
SetStdHandle
FindNextFileW
FindFirstFileExW
FindClose
GetCommandLineW
GetLocalTime
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
GetProcessHeap
HeapSize
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetSystemTime
CreateProcessW
CreateDirectoryW
lstrcmpW
GetCurrentThreadId
ReadFile
GetFileSize
CreateThread
CreateFileW
CloseHandle
MultiByteToWideChar
DecodePointer
DeleteCriticalSection
InitializeCriticalSectionEx
GetLastError
RaiseException
GetCommandLineA
GetFileType
GetACP
GetStdHandle
GetModuleHandleExW
ExitProcess
HeapFree
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapAlloc
SetUnhandledExceptionFilter
GetModuleFileNameW
UnhandledExceptionFilter
WaitForSingleObjectEx
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
LocalFree
WideCharToMultiByte
GetStringTypeW
EncodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
LCMapStringW
GetLocaleInfoW
GetCPInfo
SetEvent
ResetEvent
LoadLibraryExW

user32

LoadStringW
DispatchMessageW
TranslateMessage
FindWindowW
GetMessageW
BeginPaint
SetForegroundWindow
SetWindowPos
AttachThreadInput
GetWindowThreadProcessId
wsprintfW
GetWindowTextW
GetForegroundWindow
RegisterRawInputDevices
PostQuitMessage
EndPaint
TranslateAcceleratorW
DefWindowProcW
GetKeyState
GetRawInputData
MoveWindow
SendMessageW
GetWindowRect
PostMessageW
RegisterWindowMessageW
UpdateWindow
ShowWindow
SetLayeredWindowAttributes
CreateWindowExW
RegisterClassExW
LoadCursorW
LoadIconW
LoadAcceleratorsW

gdi32

CreateFontW
DeleteObject

advapi32

OpenServiceW
StartServiceW
ControlService
RegGetValueW
QueryServiceStatus
CloseServiceHandle
OpenSCManagerW
RegCreateKeyW
GetUserNameW
RegSetValueExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
SystemFunction036

shell32

SHGetSpecialFolderPathW

ole32

CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoUninitialize
CoCreateInstance

oleaut32

VariantClear
VariantInit
SysFreeString
SysAllocStringLen
SysAllocString

shlwapi

PathAppendW
PathFileExistsW
StrCmpW

wtsapi32

WTSRegisterSessionNotification

netapi32

NetUserGetInfo

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 403KB - Virtual size: 402KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1f9023b0cd7a757a5aad6d510715e7d7

Code Sign

33:00:00:00:35:d8:d5:59:5b:06:71:41:2b:00:00:00:00:00:35Certificate

Extended Key Usages

Key Usages

17:4a:0b:23:6d:1c:7a:c9:38:4e:7b:9d:9b:61:39:84Certificate

Extended Key Usages

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

11:21:45:02:eb:63:15:0c:a5:b1:95:23:f1:53:56:91:2f:e5Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

ca:af:5a:10:e2:5e:40:ef:85:3d:b5:0a:90:99:12:fa:44:f4:a7:bcSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

wtsapi32

netapi32

Sections

.text Size: 159KB - Virtual size: 158KB

.rdata Size: 60KB - Virtual size: 60KB

.data Size: 4KB - Virtual size: 12KB

.gfids Size: 1024B - Virtual size: 536B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 403KB - Virtual size: 402KB

.reloc Size: 10KB - Virtual size: 10KB

33:00:00:00:35:d8:d5:59:5b:06:71:41:2b:00:00:00:00:00:35
Certificate

17:4a:0b:23:6d:1c:7a:c9:38:4e:7b:9d:9b:61:39:84
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

11:21:45:02:eb:63:15:0c:a5:b1:95:23:f1:53:56:91:2f:e5
Certificate

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

ca:af:5a:10:e2:5e:40:ef:85:3d:b5:0a:90:99:12:fa:44:f4:a7:bc
Signer

.text
Size: 159KB - Virtual size: 158KB

.rdata
Size: 60KB - Virtual size: 60KB

.data
Size: 4KB - Virtual size: 12KB

.gfids
Size: 1024B - Virtual size: 536B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 403KB - Virtual size: 402KB

.reloc
Size: 10KB - Virtual size: 10KB