e98d8ae395ec7d2bbc29c21fa2bf79e26ada9d8bd5098487027b32aeae8b03b7

Sharing

Copy URL

Twitter E-mail

General

Target

e98d8ae395ec7d2bbc29c21fa2bf79e26ada9d8bd5098487027b32aeae8b03b7
Size

199KB
MD5

213968cd30fd6811d8c5a530d326e03f
SHA1

ca4f01f99f96cc62e495957fd13a35a7f8cf38b2
SHA256

e98d8ae395ec7d2bbc29c21fa2bf79e26ada9d8bd5098487027b32aeae8b03b7
SHA512

24af2aa4c75d560427ad0253753c56da29845d5aabb360452cfd8485d047a25817ef2d8d32b58ef337e36ad969d5b5e36cca604313de17f9316089d31e440892
SSDEEP

6144:oN/CFTJsu5TMvj04Z/X0dTcDoRTe4ohfc5SUk:oNmiugfPoRdoa5A

Score

1^/10

Malware Config

Signatures

Files

e98d8ae395ec7d2bbc29c21fa2bf79e26ada9d8bd5098487027b32aeae8b03b7
.dll windows:6 windows x64 arch:x64

314b8119241c4e5c4eaacf822b193292

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01-08-1996 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

4e:eb:08:05:55:f1:ab:f7:09:bb:a9:ca:e3:2f:13:cd
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

19-06-2009 00:00

Not After

19-06-2011 23:59

Subject

CN=MGAME Corp.,OU=Web Dev Team,O=MGAME Corp.,L=Geumcheon-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

36:12:22:96:c5:e3:38:a5:20:a1:d2:5f:4c:d7:09:54
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01-08-1996 00:00

Not After

01-01-2021 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e6:47:24:0a:d4:6f:77:72:1b:44:a1:a5:7c:c4:f7:21:5b:2c:18:bc
Signer

Actual PE Digest

e6:47:24:0a:d4:6f:77:72:1b:44:a1:a5:7c:c4:f7:21:5b:2c:18:bc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

ProcessIdToSessionId
CreateProcessA
GetStartupInfoA
CreateThread
ExitThread
WaitForMultipleObjects
GetStdHandle
ReadFile
CreatePipe
DisconnectNamedPipe
PeekNamedPipe
GetSystemDirectoryA
WriteConsoleInputA
ReadConsoleOutputCharacterA
FillConsoleOutputCharacterA
FillConsoleOutputAttribute
GetConsoleScreenBufferInfo
SetConsoleActiveScreenBuffer
SetConsoleScreenBufferSize
SetConsoleCursorPosition
AllocConsole
FreeConsole
CreateConsoleScreenBuffer
GetTempPathA
CreateFileW
ReadConsoleW
WriteConsoleW
LocalFree
FileTimeToSystemTime
FindNextFileA
FindFirstFileA
SetFileAttributesA
lstrcpynA
FindClose
Process32Next
Process32First
CreateToolhelp32Snapshot
GetVersionExA
GetComputerNameA
MoveFileExA
MoveFileA
DeleteFileA
CreateFileA
GetWindowsDirectoryA
GetModuleHandleA
GetModuleFileNameA
LoadLibraryA
CreateEventA
lstrcatA
lstrcpyA
lstrcmpiA
CloseHandle
SetFilePointer
WideCharToMultiByte
Sleep
WaitForSingleObject
SetErrorMode
GetLastError
TerminateThread
GetCurrentThreadId
TerminateProcess
ExitProcess
GetCurrentProcessId
GetCurrentProcess
lstrlenA
OpenProcess
GetProcessHeap
HeapFree
HeapAlloc
VirtualProtect
GetProcAddress
FreeLibrary
SetStdHandle
HeapSize
FlushFileBuffers
RaiseException
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetStringTypeW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
OutputDebugStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetFileType
DeleteCriticalSection
GetTimeZoneInformation
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetModuleHandleW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
MultiByteToWideChar
WriteFile
GetCurrentDirectoryA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
ResumeThread
EncodePointer
DecodePointer
LoadLibraryExW
GetSystemTimeAsFileTime
RtlUnwindEx
HeapReAlloc
IsDebuggerPresent
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
GetCommandLineA
GetModuleHandleExW
GetModuleFileNameW
SetLastError
RtlCaptureContext
RtlLookupFunctionEntry
SetEnvironmentVariableA

user32

wsprintfA
MapVirtualKeyA

advapi32

RegisterServiceCtrlHandlerW
GetTokenInformation
BuildExplicitAccessWithNameA
SetEntriesInAclA
SetServiceStatus
OpenServiceA
OpenSCManagerA
EnumServicesStatusExA
DeleteService
ControlService
CloseServiceHandle
RegSetValueExA
RegSetKeySecurity
RegSaveKeyA
RegRestoreKeyA
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
RegGetKeySecurity
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCreateKeyA
RegCloseKey
DuplicateTokenEx
CreateProcessAsUserA
ImpersonateLoggedOnUser
LookupPrivilegeValueA
LookupAccountSidA
SetKernelObjectSecurity
MakeAbsoluteSD
GetSecurityDescriptorDacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetAce
DeleteAce
GetAclInformation
AdjustTokenPrivileges
OpenProcessToken
GetKernelObjectSecurity

shell32

ShellExecuteA
CommandLineToArgvW

ole32

CoCreateGuid
CoUninitialize
CoInitialize

ws2_32

select
recv
listen
inet_ntoa
inet_addr
htons
ioctlsocket
closesocket
bind
accept
send
gethostbyname
gethostname
WSAStartup
socket
shutdown

shlwapi

StrCmpNIA
SHDeleteKeyA
PathFileExistsA

wininet

HttpOpenRequestA
InternetOpenA
InternetReadFile
InternetQueryDataAvailable
HttpSendRequestA
InternetCloseHandle
InternetGetConnectedState
HttpQueryInfoA
InternetConnectA

dnsapi

DnsFree
DnsQuery_A

psapi

GetModuleFileNameExA
EnumProcessModules

Exports

Exports

Run
ServiceMain
StartMain

Sections

.text
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

314b8119241c4e5c4eaacf822b193292

Code Sign

01Certificate

4e:eb:08:05:55:f1:ab:f7:09:bb:a9:ca:e3:2f:13:cdCertificate

Extended Key Usages

36:12:22:96:c5:e3:38:a5:20:a1:d2:5f:4c:d7:09:54Certificate

0aCertificate

Extended Key Usages

Key Usages

e6:47:24:0a:d4:6f:77:72:1b:44:a1:a5:7c:c4:f7:21:5b:2c:18:bcSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

ws2_32

shlwapi

wininet

dnsapi

psapi

Exports

Exports

Sections

.text Size: 127KB - Virtual size: 127KB

.rdata Size: 52KB - Virtual size: 51KB

.data Size: 7KB - Virtual size: 17KB

.pdata Size: 6KB - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 1KB - Virtual size: 1KB

01
Certificate

4e:eb:08:05:55:f1:ab:f7:09:bb:a9:ca:e3:2f:13:cd
Certificate

36:12:22:96:c5:e3:38:a5:20:a1:d2:5f:4c:d7:09:54
Certificate

0a
Certificate

e6:47:24:0a:d4:6f:77:72:1b:44:a1:a5:7c:c4:f7:21:5b:2c:18:bc
Signer

.text
Size: 127KB - Virtual size: 127KB

.rdata
Size: 52KB - Virtual size: 51KB

.data
Size: 7KB - Virtual size: 17KB

.pdata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 1KB - Virtual size: 1KB