128ad8b4b8f5975ab122564f726a2449e24a043021d2a671750312636a18a358

Sharing

Copy URL Twitter E-mail

General

Target

128ad8b4b8f5975ab122564f726a2449e24a043021d2a671750312636a18a358
Size

3.3MB
MD5

df45089846f1fcbe66491ff76cf9fc6d
SHA1

b3a888033434ef712f3acc11612e8eec41b82d91
SHA256

128ad8b4b8f5975ab122564f726a2449e24a043021d2a671750312636a18a358
SHA512

30fbeea89e1f0e931a3e53252de12b31da478e61b101173c9819c8d3968bf44672b98c449b07c0728cb25b08e3a879ac146c6950eeec6fc62dfb53f809c95495
SSDEEP

49152:BWMA61yiaB6FnebgvDYUEuyiN1MpwYSNGrUqZ9AtXFshTIwiasclST3/:BKCyipe0/hyiN1MpjWWmtXXeSj

Score

1^/10

Malware Config

Signatures

Files

128ad8b4b8f5975ab122564f726a2449e24a043021d2a671750312636a18a358
.dll windows:5 windows x86 arch:x86

0de3116f37952b12be5406ecef730227

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

29:47:c5:9f:3a:9d:70:5c:58:91:06:b8:79:3f:de
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/06/2014, 00:00

Not After

21/09/2017, 23:59

Subject

CN=NetSupport Ltd,O=NetSupport Ltd,L=Peterborough,ST=Cambridgeshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\nsmsrc\nsm\1201\1201F2\client32\Release\PCICL32.pdb

Imports

shfolder

SHGetFolderPathA

pcichek

IsILS
CheckLicenseString

pcicapi

CapiListen
CapiOpen
CapiClose
CapiHangup

mpr

WNetCancelConnection2A
WNetGetConnectionA
WNetAddConnection2A

comctl32

ImageList_Draw
ImageList_LoadImageA
ImageList_Destroy
ImageList_ReplaceIcon
ImageList_AddMasked
ImageList_GetImageCount
ord17
ImageList_DrawEx
ImageList_GetIconSize
ImageList_GetIcon
ImageList_Create

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

winmm

waveOutClose
waveOutReset
waveInClose
waveInUnprepareHeader
waveInReset
waveInStop
waveInAddBuffer
waveInPrepareHeader
waveOutSetVolume
waveOutOpen
waveInStart
waveInOpen
waveOutWrite
waveOutPrepareHeader
timeGetTime
timeEndPeriod
timeBeginPeriod
PlaySoundA
waveOutUnprepareHeader

wsock32

send
bind
listen
accept
htons
socket
connect
getpeername
gethostbyname
recv
shutdown
closesocket
WSACleanup
WSAStartup
WSAGetLastError
gethostname
htonl
ioctlsocket
inet_addr
setsockopt

kernel32

CreateDirectoryA
RemoveDirectoryA
MoveFileA
MulDiv
GetDiskFreeSpaceA
GetCurrentDirectoryA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetVolumeInformationA
FileTimeToDosDateTime
FileTimeToLocalFileTime
OpenEventA
MultiByteToWideChar
OutputDebugStringA
SetCurrentDirectoryA
LocalAlloc
SizeofResource
GetDateFormatW
RaiseException
InitializeCriticalSectionAndSpinCount
WideCharToMultiByte
lstrlenW
lstrlenA
lstrcmpiA
FlushInstructionCache
lstrcmpA
FindResourceExA
TerminateThread
ReleaseMutex
WaitForSingleObjectEx
GlobalReAlloc
CreateNamedPipeA
ConnectNamedPipe
SetProcessShutdownParameters
SetConsoleCtrlHandler
IsDBCSLeadByteEx
DisconnectNamedPipe
WriteProfileStringA
DefineDosDeviceA
QueryDosDeviceA
ResumeThread
VirtualQueryEx
GetThreadContext
ReadProcessMemory
PulseEvent
CreateRemoteThread
SetThreadContext
PostQueuedCompletionStatus
CreateIoCompletionPort
GetQueuedCompletionStatus
Beep
GetSystemDefaultLangID
GetSystemInfo
SuspendThread
GetCurrentThread
GetProcessVersion
GlobalGetAtomNameA
VirtualQuery
GetModuleHandleW
VirtualAlloc
VirtualProtect
GetSystemTimeAsFileTime
HeapReAlloc
RtlUnwind
DecodePointer
EncodePointer
InterlockedCompareExchange
IsBadReadPtr
GetProcessHeap
HeapAlloc
HeapFree
FindResourceA
LoadResource
LockResource
VirtualProtectEx
WriteProcessMemory
GetExitCodeThread
CompareStringA
SetFilePointer
GetProfileStringA
GetOEMCP
GetShortPathNameA
TerminateProcess
SystemTimeToFileTime
CreateFileMappingA
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
CreatePipe
DuplicateHandle
SetHandleInformation
FormatMessageA
LocalFree
SetNamedPipeHandleState
GetPriorityClass
WinExec
ExpandEnvironmentStringsA
SearchPathA
IsValidCodePage
SetSystemTime
_lopen
_lclose
DeleteFileA
SetFileAttributesA
GetSystemDirectoryA
GetDateFormatA
GetTimeFormatA
GlobalSize
SetUnhandledExceptionFilter
OpenMutexA
CreateMutexA
GetModuleHandleA
SetErrorMode
GetACP
SetPriorityClass
GetFileAttributesA
GetTempFileNameA
CopyFileA
FileTimeToSystemTime
GetComputerNameA
ExitProcess
GetExitCodeProcess
GetCurrentProcess
LoadLibraryExA
ExitThread
GetDriveTypeA
GetWindowsDirectoryA
IsDBCSLeadByte
GetLocalTime
GetFileSize
GlobalAlloc
GlobalLock
ReadFile
GlobalUnlock
GlobalFree
GetSystemPowerStatus
FindFirstFileA
FindNextFileA
FindClose
GetModuleFileNameA
GetCurrentProcessId
CreateProcessA
DeleteCriticalSection
InitializeCriticalSection
GetVersion
CreateThread
SetThreadPriority
InterlockedIncrement
WaitForMultipleObjects
GetOverlappedResult
ResetEvent
InterlockedDecrement
LeaveCriticalSection
EnterCriticalSection
GetLastError
DeviceIoControl
InterlockedExchange
SetLastError
GetProcAddress
FreeLibrary
LoadLibraryA
CreateFileA
GetTempPathA
WriteFile
GetCurrentThreadId
CreateEventA
WaitForSingleObject
SetEvent
GlobalDeleteAtom
Sleep
GlobalAddAtomA
OpenProcess
GetVersionExA
GetTickCount
CloseHandle
GetConsoleMode
GetCommandLineA
LCMapStringW
GetCPInfo
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapCreate
HeapDestroy
GetStdHandle
GetModuleFileNameW
HeapSize
GetLocaleInfoW
SetHandleCount
GetFileType
GetStartupInfoW
GetConsoleCP
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
GetTimeZoneInformation
CreateFileW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
FlushFileBuffers
LoadLibraryW
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
SetEndOfFile
InterlockedPushEntrySList
VirtualFree
InterlockedPopEntrySList
GetTimeFormatW

user32

RemoveMenu
SetActiveWindow
AdjustWindowRectEx
GetCursorInfo
TrackPopupMenuEx
SetMenuDefaultItem
InsertMenuItemA
SetClassLongA
EndMenu
GetScrollInfo
SetScrollInfo
TileWindows
DrawIconEx
ClipCursor
SetScrollRange
SetScrollPos
ScrollWindow
OemToCharBuffA
HideCaret
CreateCursor
GetScrollRange
GetWindowRgn
GetAsyncKeyState
EnumThreadWindows
EnumDisplaySettingsA
CreateDesktopA
wsprintfW
PostMessageW
OpenInputDesktop
GetMenuItemRect
mouse_event
MapVirtualKeyA
CharLowerBuffA
ShowCursor
SwitchDesktop
GetIconInfo
AttachThreadInput
GetCursor
CreateDialogIndirectParamA
DialogBoxIndirectParamA
DialogBoxParamA
CreateAcceleratorTableA
DestroyAcceleratorTable
RedrawWindow
InvalidateRgn
CharNextA
LoadAcceleratorsA
ScreenToClient
ModifyMenuA
CreateMenu
MoveWindow
SetCursorPos
DrawTextW
IsDialogMessageA
UnionRect
DrawFocusRect
EndDialog
OpenWindowStationA
GetProcessWindowStation
SetProcessWindowStation
CloseWindowStation
MsgWaitForMultipleObjects
GetUserObjectSecurity
SetUserObjectSecurity
MessageBoxIndirectA
WinHelpA
UnhookWindowsHookEx
SetWindowsHookExA
CreateDialogParamA
GetLastActivePopup
CallNextHookEx
GetUpdateRect
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyCursor
SystemParametersInfoA
GetActiveWindow
IsZoomed
CreatePopupMenu
AppendMenuA
WindowFromPoint
EqualRect
LoadStringA
ClientToScreen
DeferWindowPos
IsChild
GetWindowPlacement
TranslateAcceleratorA
SetRectEmpty
SetMenu
SetWindowPlacement
GetForegroundWindow
CharUpperBuffA
WaitForInputIdle
OpenDesktopA
EnumDesktopWindows
GetUserObjectInformationA
GetCursorPos
IntersectRect
CheckDlgButton
SetForegroundWindow
EnumChildWindows
RegisterClipboardFormatA
CountClipboardFormats
EnumClipboardFormats
GetClipboardData
IsClipboardFormatAvailable
GetClipboardFormatNameA
RegisterWindowMessageA
UnregisterClassA
SetTimer
KillTimer
SetDlgItemTextA
SendMessageA
SendDlgItemMessageA
PostMessageA
ShowWindow
DefWindowProcA
CallWindowProcA
PostThreadMessageA
GetQueueStatus
GetDlgItem
GetDlgCtrlID
GetDC
ReleaseDC
InvalidateRect
DestroyIcon
CharUpperA
ExitWindowsEx
GetDesktopWindow
MessageBoxA
keybd_event
GetThreadDesktop
SetThreadDesktop
CloseDesktop
wvsprintfA
CreateCaret
ShowCaret
DestroyCaret
GetKeyState
PeekMessageA
SetCaretPos
DrawMenuBar
GetSystemMenu
OpenClipboard
EmptyClipboard
SetClipboardData
MessageBeep
CloseClipboard
FindWindowExA
DeleteMenu
GetWindowTextLengthA
GetFocus
GetClassInfoExA
DestroyWindow
DefDlgProcA
RegisterClassExA
IsDlgButtonChecked
GetDlgItemTextA
IsIconic
GetMenu
EnumWindows
IsWindowVisible
GetWindow
GetClassNameA
SendMessageTimeoutA
GetClassLongA
CopyIcon
CopyImage
LoadImageA
GetClassInfoA
LoadIconA
RegisterClassA
BringWindowToTop
GetMessageA
TranslateMessage
DispatchMessageA
SetPropA
GetPropA
RemovePropA
GetCapture
SetCapture
ReleaseCapture
CreateWindowExA
BeginPaint
EndPaint
wsprintfA
PostQuitMessage
GetMenuItemID
CheckMenuItem
EnableMenuItem
GetMenuItemInfoA
SetMenuItemInfoA
PtInRect
GetWindowDC
LoadMenuA
GetSubMenu
GetMenuItemCount
DestroyMenu
InflateRect
GetSystemMetrics
FindWindowA
GetWindowThreadProcessId
IsWindow
SetFocus
SetWindowPos
MapWindowPoints
GetClientRect
DrawTextA
OffsetRect
IsWindowEnabled
SetRect
GetWindowRect
FillRect
LoadBitmapA
GetSysColor
SetCursor
LoadCursorA
UpdateWindow
EnableWindow
SetWindowLongA
GetWindowLongA
SetWindowTextA
GetWindowTextA
GetParent
CopyRect

gdi32

RemoveFontResourceA
AddFontResourceA
SetTextCharacterExtra
EndPage
CombineRgn
StartPage
ExtEscape
GetBitmapBits
CreateDIBitmap
GetSystemPaletteEntries
SelectPalette
RealizePalette
CreateBrushIndirect
EqualRgn
GetDCOrgEx
SetBrushOrgEx
PatBlt
CreatePatternBrush
GetTextMetricsA
StretchBlt
GetDIBits
CreateDIBSection
GetNearestPaletteIndex
GetBkMode
CreateFontIndirectW
GetTextColor
GetBkColor
SetBitmapBits
UnrealizeObject
SetTextJustification
SetWindowOrgEx
SetRectRgn
CreatePenIndirect
GetClipRgn
GetWindowOrgEx
IntersectClipRect
Arc
Chord
Pie
Polyline
RoundRect
ExtTextOutA
SetPolyFillMode
GetStockObject
CreatePen
CreateSolidBrush
GetTextExtentPointA
SetBkMode
SetTextColor
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
GetObjectA
GdiFlush
BitBlt
DeleteDC
RectVisible
SetDIBits
DeleteObject
CreateRectRgn
CreateRectRgnIndirect
PtInRegion
RectInRegion
CreatePalette
GetPaletteEntries
GetTextExtentPoint32A
GetMapMode
SetMapMode
GetStretchBltMode
SetStretchBltMode
BeginPath
TextOutA
EndPath
PathToRegion
GetRgnBox
OffsetRgn
FillRgn
FrameRgn
CreateBitmap
CreateDCA
SelectClipRgn
LineDDA
Polygon
CreateFontIndirectA
CreateHatchBrush
GetDeviceCaps
SetBkColor
ExtFloodFill
GetPixel
SetPixel
SetPixelV
Ellipse
Rectangle
SetROP2
MoveToEx
LineTo
GetRegionData

winspool.drv

DeletePrinter
AddPrinterA
EnumPrintersA
ord201
ord202
EnumPrinterDriversA
ClosePrinter
EnumJobsA
SetJobA
StartPagePrinter
WritePrinter
StartDocPrinterA
EndPagePrinter
EndDocPrinter
OpenPrinterA
GetPrinterA
AbortPrinter

comdlg32

ChooseFontA
PageSetupDlgA
GetOpenFileNameA
GetSaveFileNameA

advapi32

EnumServicesStatusA
RegisterServiceCtrlHandlerA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegCreateKeyA
SetTokenInformation
SetServiceStatus
StartServiceCtrlDispatcherA
LogonUserA
ControlService
StartServiceA
RegQueryInfoKeyW
CryptGetProvParam
CryptReleaseContext
AllocateLocallyUniqueId
FreeSid
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
LookupPrivilegeValueA
AdjustTokenPrivileges
QueryServiceConfigA
RegQueryValueExA
LookupAccountSidA
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
AllocateAndInitializeSid
CreateProcessAsUserA
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetAclInformation
InitializeAcl
GetAce
EqualSid
AddAce
AddAccessAllowedAce
IsValidSid
GetLengthSid
CopySid
RegQueryInfoKeyA
RegDeleteKeyA
RegEnumKeyExA
RegEnumValueA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegEnumKeyA
RegFlushKey
RegOpenKeyExA
RegCloseKey
OpenSCManagerA
OpenServiceA
QueryServiceStatus
CloseServiceHandle
GetUserNameA
GetTokenInformation
LookupPrivilegeNameA
RevertToSelf
OpenProcessToken
ImpersonateLoggedOnUser
GetUserNameW

shell32

SHGetPathFromIDListA
SHGetDesktopFolder
ExtractIconA
SHGetMalloc
SHGetFileInfoA
SHGetSpecialFolderPathA
ExtractIconExA
FindExecutableA
Shell_NotifyIconA
ShellExecuteA

ole32

CreateStreamOnHGlobal
StringFromGUID2
CoUninitialize
CoCreateInstance
CoInitialize
ReleaseStgMedium
OleDuplicateData
CreateDataAdviseHolder
CoTaskMemFree
CLSIDFromProgID
OleInitialize
OleUninitialize
CoTaskMemAlloc
CoTaskMemRealloc
OleLockRunning
CoGetClassObject
CLSIDFromString
OleSetContainedObject
CoInitializeSecurity
OleCreateStaticFromData
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes

oleaut32

SafeArrayUnaccessData
VariantCopy
OleLoadPicture
SysFreeString
SysAllocString
VariantClear
VariantInit
SysStringLen
SysAllocStringLen
VarUI4FromStr
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
OleCreatePictureIndirect
SysStringByteLen
VariantChangeType
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayCreate

netapi32

NetApiBufferFree
NetUserEnum

wininet

InternetCrackUrlA

Exports

Exports

_GetWMIStringW@16
_IsAcerA@8
_NSMClient32@8
_NSMFindClass@12
br_close
br_open
br_poll
br_status

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 305KB - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 21B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hhshare
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0de3116f37952b12be5406ecef730227

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

29:47:c5:9f:3a:9d:70:5c:58:91:06:b8:79:3f:deCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shfolder

pcichek

pcicapi

mpr

comctl32

version

winmm

wsock32

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

netapi32

wininet

Exports

Exports

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 305KB - Virtual size: 304KB

.data Size: 46KB - Virtual size: 72KB

.tls Size: 512B - Virtual size: 21B

.hhshare Size: 512B - Virtual size: 28B

.rsrc Size: 1.3MB - Virtual size: 1.3MB

.reloc Size: 136KB - Virtual size: 136KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

29:47:c5:9f:3a:9d:70:5c:58:91:06:b8:79:3f:de
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 305KB - Virtual size: 304KB

.data
Size: 46KB - Virtual size: 72KB

.tls
Size: 512B - Virtual size: 21B

.hhshare
Size: 512B - Virtual size: 28B

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 136KB - Virtual size: 136KB