f4080f0ea8f17f9dd8c67b52086ef2903e980afd226d713e817d94294c086f55

Sharing

Copy URL Twitter E-mail

General

Target

f4080f0ea8f17f9dd8c67b52086ef2903e980afd226d713e817d94294c086f55
Size

608KB
MD5

150b217756830f97b1481723f8454943
SHA1

f3d6b1f05515d5321c1337bae145f8d059d13b4d
SHA256

f4080f0ea8f17f9dd8c67b52086ef2903e980afd226d713e817d94294c086f55
SHA512

21cdc7828c089b4377ee2355be2706aad89813e4f01cd3eadc97d85e7f0096b35ac20108bdda518a677d0c36e7c72cb7975abcf553b4fe4c51641f42d01b3c8e
SSDEEP

6144:goKgAot1IbnNCSqYq9Tbp0TBEvOmsv+iusP18y5ec:rK1bnNCSqYuTN0TqvOmsvGy5D

Score

1^/10

Malware Config

Signatures

Files

f4080f0ea8f17f9dd8c67b52086ef2903e980afd226d713e817d94294c086f55
.dll regsvr32 windows:4 windows x86 arch:x86

011b1805416947883202d5582f18aa29

Code Sign

3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:be
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

02/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:06:a0:81:d3:3f:d8:7a:e5:82:4c:c1:6b:52:09:4e:03
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

03/02/2015, 00:00

Not After

03/03/2026, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

06:4d:f5:38:cf:03:00:68:9d:ee:d6:03:d1:0f:7a:00
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

31/01/2013, 00:00

Not After

31/03/2016, 23:59

Subject

CN=MarkAny Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=MarkAny Inc.,L=Jung-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
GetWindowsDirectoryA
Module32Next
Module32First
lstrcmpA
CreateEventA
SetEvent
WaitForMultipleObjects
WaitForSingleObject
ResetEvent
GetCurrentProcessId
DeviceIoControl
SetFileAttributesA
GetEnvironmentVariableA
GetVersion
GetStringTypeW
GetStringTypeA
IsBadReadPtr
SetUnhandledExceptionFilter
GetEnvironmentStringsW
GetEnvironmentStrings
GlobalReAlloc
FreeEnvironmentStringsA
SetStdHandle
UnhandledExceptionFilter
GetOEMCP
GetACP
GetCPInfo
HeapSize
FlushFileBuffers
WriteFile
SetFilePointer
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
LCMapStringW
LCMapStringA
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
TlsFree
TlsAlloc
GetCommandLineA
TerminateProcess
ExitThread
TlsGetValue
TlsSetValue
ResumeThread
HeapReAlloc
RtlUnwind
GetComputerNameA
FormatMessageA
ExitProcess
IsBadCodePtr
GlobalLock
GlobalUnlock
WriteProfileStringA
SetLastError
GetProcessHeap
HeapAlloc
HeapFree
LocalAlloc
LocalFree
GetCurrentProcess
FlushInstructionCache
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
LoadLibraryA
lstrcatA
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
HeapDestroy
InitializeCriticalSection
DisableThreadLibraryCalls
IsDBCSLeadByte
lstrcpynA
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
FreeLibrary
GetModuleFileNameA
GetShortPathNameA
MultiByteToWideChar
CreateToolhelp32Snapshot
Process32First
Process32Next
GetModuleHandleA
GetProcAddress
GetLastError
GetVersionExA
GetProfileStringA
GlobalAlloc
GlobalFree
lstrlenW
WideCharToMultiByte
DefineDosDeviceA
VirtualProtect
OutputDebugStringA
CreateFileA
ReadFile
lstrcmpiA
CloseHandle
GetSystemDirectoryA
lstrlenA
lstrcpyA
QueryDosDeviceA
FreeEnvironmentStringsW
RaiseException

user32

GetMenuItemID
GetMenuStringA
AppendMenuA
GetMenuItemCount
TrackPopupMenu
DestroyMenu
GetAsyncKeyState
GetClientRect
BeginPaint
DestroyWindow
IsWindow
SetFocus
ShowWindow
GetParent
InvalidateRect
PtInRect
UnionRect
SetWindowLongA
DefWindowProcA
GetWindowLongA
CallWindowProcA
CreateWindowExA
GetSubMenu
SetWindowRgn
GetActiveWindow
SetWindowPos
MoveWindow
LoadBitmapA
EqualRect
IntersectRect
GetSysColor
FillRect
RedrawWindow
CreateAcceleratorTableA
ReleaseCapture
EndPaint
GetFocus
IsChild
GetClassInfoExA
LoadCursorA
RegisterClassExA
GetDC
ReleaseDC
CharNextA
SetTimer
LoadMenuA
CreatePopupMenu
KillTimer
MessageBoxA
GetKeyState
OffsetRect
CopyRect
GetWindowRect
GetDesktopWindow
EndDialog
EnableWindow
SetWindowTextA
SendMessageA
GetDlgItem
SendMessageTimeoutA
ValidateRect
RegisterWindowMessageA
GetWindow
GetWindowTextA
GetWindowTextLengthA
GetClassNameA
CharLowerA
UnhookWindowsHookEx
GetForegroundWindow
SetWindowsHookExA
GetMessageA
wsprintfA
SetCapture
InvalidateRgn
DrawTextA
DialogBoxParamA
CallNextHookEx

gdi32

SetWindowOrgEx
SetViewportOrgEx
RestoreDC
GetDeviceCaps
CreateFontA
GetTextMetricsA
TextOutA
DeleteObject
SetStretchBltMode
SetMapMode
StretchDIBits
CreateDCA
CreateCompatibleDC
SelectObject
GetDIBits
DeleteDC
CreateFontIndirectA
LineTo
MoveToEx
SaveDC
LPtoDP
SetBkMode
GetClipBox
BitBlt
CreateSolidBrush
GetObjectA
GetStockObject
StartDocA
StartDocW
StartPage
EndPage
EndDoc
CreateRectRgnIndirect
CreateCompatibleBitmap
SetTextColor
SetPixel
CreatePen
SetBkColor
Rectangle

winspool.drv

EnumPrintersA
EnumJobsA
FindFirstPrinterChangeNotification
FindNextPrinterChangeNotification
FreePrinterNotifyInfo
FindClosePrinterChangeNotification
SetJobA
EnumPortsA
SetPrinterA
ClosePrinter
DocumentPropertiesA
GetPrinterA
OpenPrinterA

advapi32

DeleteService
ControlService
OpenServiceA
StartServiceA
CreateServiceA
CloseServiceHandle
RegOpenKeyA
RegEnumKeyA
RegEnumValueA
RegQueryInfoKeyA
RegEnumKeyExA
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCloseKey
OpenSCManagerA

ole32

OleSaveToStream
WriteClassStm
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CreateStreamOnHGlobal
OleRegEnumVerbs
OleUninitialize
CoGetObject
OleRegGetUserType
CLSIDFromProgID
CLSIDFromString
StringFromCLSID
OleLockRunning
OleLoadFromStream
OleInitialize
OleRegGetMiscStatus
CreateOleAdviseHolder
StringFromGUID2

oleaut32

VarUI4FromStr
RegisterTypeLi
SysAllocString
LoadTypeLi
VariantCopy
OleCreateFontIndirect
SysAllocStringLen
VariantInit
SysAllocStringByteLen
OleCreatePropertyFrame
SysStringByteLen
VariantChangeType
VariantClear
SysStringLen
LoadRegTypeLi
SysFreeString

shlwapi

StrStrIA
PathAppendA
PathFileExistsA
PathFindFileNameA

wininet

InternetReadFile
FindCloseUrlCache
FindNextUrlCacheEntryA
FindFirstUrlCacheEntryA
InternetCloseHandle
InternetQueryDataAvailable
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenA

wsock32

gethostbyname
inet_addr
WSACleanup
ntohl
WSAStartup

iphlpapi

GetAdaptersInfo

dbghelp

ImageDirectoryEntryToData

setupapi

SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiGetDeviceInstanceIdA
SetupDiDestroyDeviceInfoList

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 160KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 324KB - Virtual size: 321KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

011b1805416947883202d5582f18aa29

Code Sign

3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:beCertificate

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

11:21:06:a0:81:d3:3f:d8:7a:e5:82:4c:c1:6b:52:09:4e:03Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

06:4d:f5:38:cf:03:00:68:9d:ee:d6:03:d1:0f:7a:00Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

ole32

oleaut32

shlwapi

wininet

wsock32

iphlpapi

dbghelp

setupapi

version

Exports

Exports

Sections

.text Size: 160KB - Virtual size: 157KB

.rdata Size: 60KB - Virtual size: 57KB

.data Size: 36KB - Virtual size: 64KB

.rsrc Size: 324KB - Virtual size: 321KB

.reloc Size: 16KB - Virtual size: 15KB

3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:be
Certificate

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:06:a0:81:d3:3f:d8:7a:e5:82:4c:c1:6b:52:09:4e:03
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

06:4d:f5:38:cf:03:00:68:9d:ee:d6:03:d1:0f:7a:00
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

.text
Size: 160KB - Virtual size: 157KB

.rdata
Size: 60KB - Virtual size: 57KB

.data
Size: 36KB - Virtual size: 64KB

.rsrc
Size: 324KB - Virtual size: 321KB

.reloc
Size: 16KB - Virtual size: 15KB