82bb5ec67cd9749c7ce44c03b974c017369d5474922e8402f100a26405e91448

Sharing

Copy URL Twitter E-mail

General

Target

82bb5ec67cd9749c7ce44c03b974c017369d5474922e8402f100a26405e91448
Size

4.3MB
MD5

e8a716de5023148f99cf895a8d37fe38
SHA1

561804928245d416e25b9e615105bd5a4321bcb4
SHA256

82bb5ec67cd9749c7ce44c03b974c017369d5474922e8402f100a26405e91448
SHA512

4b64c04672ad2cbafc95c47cc70380b308cd3350ff6b43c826dda038365407f3311f259d6a07abe66c5d58453ab96ea5ccb82ce79c07a01cbc45ca229c2a99f9
SSDEEP

98304:/eeKejib6KYYRzl1rYBrAWpTmms3Ctm8oVXK0na6g3QAt1zHoN1R4FLOAkGkzdnU:/dNpL84qN1eFLOyomFHKnPAu4

Score

1^/10

Malware Config

Signatures

Files

82bb5ec67cd9749c7ce44c03b974c017369d5474922e8402f100a26405e91448
.dll windows:5 windows x86 arch:x86

6ecbd31f78660e8af99e665d8a5ae336

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:b2:9b:00:00:00:00:00:15
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

21/02/2011, 20:53

Not After

21/05/2012, 20:53

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:a2:30:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:01

Not After

25/07/2013, 19:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5b:33:66:86:34:26:cc:dd:b4:42:8a:a6:11:ed:0d:38:29:ca:5f:45
Signer

Actual PE Digest

5b:33:66:86:34:26:cc:dd:b4:42:8a:a6:11:ed:0d:38:29:ca:5f:45

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

mfc100u.i386.pdb

Imports

kernel32

LoadLibraryA
EncodePointer
DecodePointer
InterlockedCompareExchange
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
ExpandEnvironmentStringsA
GetEnvironmentVariableA
FormatMessageA
GetEnvironmentVariableW
GlobalFlags
GlobalFindAtomW
GetSystemTime
LocalUnlock
LocalLock
GlobalGetAtomNameW
GetAtomNameW
SuspendThread
ResumeThread
SetEvent
CopyFileW
WaitForMultipleObjects
CreateEventW
ReleaseMutex
CreateMutexW
ReleaseSemaphore
CreateSemaphoreW
WaitForSingleObject
FormatMessageW
SetFileAttributesW
LocalFileTimeToFileTime
GetFileAttributesExW
GetFileSizeEx
FindNextFileW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetShortPathNameW
GetStringTypeExW
GetThreadLocale
FindClose
FindFirstFileW
GetVolumeInformationW
MoveFileW
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
WriteFile
ReadFile
GetCurrentProcess
DuplicateHandle
GetProfileIntW
SystemTimeToFileTime
ReplaceFileW
SetFileTime
GetFileTime
GetFullPathNameW
GetDiskFreeSpaceW
VirtualProtect
RaiseException
lstrcpyA
GetVersion
CompareStringW
IsDBCSLeadByte
GetUserDefaultLCID
FindResourceExW
lstrlenA
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
GlobalAddAtomW
GetCurrentProcessId
SetErrorMode
GlobalDeleteAtom
CompareStringA
lstrcmpA
WideCharToMultiByte
GetCurrentThread
GetSystemDefaultUILanguage
ConvertDefaultLocale
GetUserDefaultUILanguage
LoadLibraryExW
SearchPathW
GlobalSize
GetFileAttributesW
GetFileSize
TlsSetValue
LocalReAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsFree
TlsAlloc
LocalFree
LocalAlloc
GetModuleFileNameW
ReleaseActCtx
CreateActCtxW
SetThreadPriority
GetLocaleInfoW
GetNumberFormatW
lstrcmpiW
GetWindowsDirectoryW
GetTickCount
GlobalFree
lstrcmpW
GetCurrentDirectoryW
Sleep
InterlockedDecrement
InterlockedIncrement
SetFilePointer
CreateFileW
GetTempFileNameW
GetTempPathW
CloseHandle
InterlockedExchange
FreeLibrary
GetVersionExW
GetSystemDirectoryW
MulDiv
lstrlenW
DeleteFileW
InitializeCriticalSection
GetCurrentThreadId
GlobalUnlock
GlobalLock
GlobalAlloc
lstrcpyW
MultiByteToWideChar
ActivateActCtx
GetProcAddress
GetModuleHandleW
LoadLibraryW
DeactivateActCtx
SetLastError
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetLastError
InitializeCriticalSectionAndSpinCount
FindResourceW
LoadResource
LockResource
SizeofResource
IsProcessorFeaturePresent

msvcr100

memmove_s
wcslen
memset
_wcslwr_s
memcpy_s
wcsnlen
_purecall
wmemcpy_s
wcscspn
abort
toupper
__CxxFrameHandler3
wcsspn
_wcsicmp
wcscmp
vswprintf_s
_vscwprintf
wcschr
iswspace
wcsstr
free
malloc
labs
ldiv
_wtoi
_wcsupr_s
calloc
sqrt
atan2
wcspbrk
wcsrchr
clock
memcpy
abs
cos
sin
floor
fabs
ceil
exp
_wsplitpath_s
wcscoll
_wcsicoll
wcscat_s
wcsncmp
wcscpy_s
iswdigit
iswalpha
iswalnum
iswprint
towupper
towlower
_wtol
memcmp
swscanf_s
_localtime64_s
_endthread
_beginthread
_wcsdup
strlen
_wmakepath_s
_time64
wcstod
_resetstkoflw
_recalloc
_errno
_snwprintf_s
wcstoul
__argc
__wargv
_strnicmp
wcsncpy_s
swprintf_s
_itow_s
_ltow_s
_wcsnicmp
strnlen
_mktime64
_mbscmp
_snwscanf_s
_vsnwprintf_s
wcstol
realloc
_wfullpath
_get_osfhandle
_fileno
_open_osfhandle
_fdopen
__doserrno
fread
feof
ferror
clearerr_s
fwrite
fputws
fgetws
fseek
ftell
fflush
fclose
_ultow_s
strcpy_s
_endthreadex
_beginthreadex
_msize
_expand
_mbspbrk
_mbslwr_s
_mbsicmp
memmove
_mbsrev
_mbsicoll
_mbsstr
_ismbcspace
vsprintf_s
_mbschr
_mbsrchr
_mbscoll
_mbsspn
_wcsrev
_mbsupr_s
_mbsinc
_vscprintf
_mbscspn
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__clean_type_info_names_internal
_CxxThrowException

user32

GetDlgItem
CreateDialogIndirectParamW
EndDialog
GetPropW
RemovePropW
SetPropW
MapDialogRect
GetMessageTime
GetMessagePos
GetDialogBaseUnits
GetDCEx
RemoveMenu
MsgWaitForMultipleObjectsEx
CharNextW
SetWindowContextHelpId
IsDialogMessageW
ClipCursor
SendNotifyMessageW
InSendMessage
GetMenuStringW
WindowFromDC
SetScrollRange
AdjustWindowRectEx
CountClipboardFormats
GetMenu
SetMenu
GetClassInfoExW
CreateWindowExW
SetWindowPlacement
TrackPopupMenuEx
RegisterClassW
WinHelpW
GetScrollRange
SetScrollInfo
GetScrollInfo
ScrollWindow
MonitorFromWindow
SendDlgItemMessageW
SendDlgItemMessageA
UnpackDDElParam
ReuseDDElParam
InsertMenuItemW
GetMenuBarInfo
SetActiveWindow
BeginPaint
EndPaint
DefFrameProcW
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcW
CheckDlgButton
CheckRadioButton
GetDlgItemInt
GetDlgItemTextW
SetDlgItemInt
SetDlgItemTextW
IsDlgButtonChecked
ScrollWindowEx
RealChildWindowFromPoint
OemToCharBuffA
CharToOemBuffA
GetSysColorBrush
SetClassLongW
GetParent
DrawIconEx
InflateRect
OffsetRect
PtInRect
UpdateWindow
SetTimer
ScreenToClient
GetCursorPos
IsWindowVisible
GetClientRect
KillTimer
SetRectEmpty
GetWindowRect
SendMessageW
InvalidateRect
RedrawWindow
IsWindow
SetRect
EnableWindow
IsCharLowerW
GetKeyNameTextW
GetKeyboardLayout
MapVirtualKeyExW
CallWindowProcW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
SetWindowLongW
MessageBoxW
GetWindowThreadProcessId
ShowOwnedPopups
UnregisterClassW
PostQuitMessage
DrawEdge
CharUpperBuffW
RegisterClipboardFormatW
GetActiveWindow
InsertMenuW
GetTabbedTextExtentW
ShowScrollBar
FrameRect
GetWindowRgn
ReleaseDC
GetDC
GetDoubleClickTime
GetWindowTextW
EnumChildWindows
InvertRect
HideCaret
SetMenuDefaultItem
GetMenuDefaultItem
GetScrollPos
EnableScrollBar
UpdateLayeredWindow
SetFocus
GetMessageW
GetLastActivePopup
SubtractRect
DrawFrameControl
GetMenuItemInfoW
CheckMenuItem
GetMenuState
SetWindowTextW
CharUpperW
MapVirtualKeyW
ToUnicodeEx
GetKeyboardState
CopyAcceleratorTableW
CreateAcceleratorTableW
DestroyCursor
IsClipboardFormatAvailable
GetClassLongW
GetSysColor
EnumDisplayMonitors
DestroyWindow
GetTopWindow
DestroyAcceleratorTable
NotifyWinEvent
SetWindowRgn
DeleteMenu
ModifyMenuW
IsZoomed
IsMenu
GetSystemMenu
GetNextDlgTabItem
EnableMenuItem
SetScrollPos
IntersectRect
CreatePopupMenu
AppendMenuW
EndDeferWindowPos
BeginDeferWindowPos
GetKeyState
LockWindowUpdate
SetWindowPos
UnionRect
GetUpdateRect
UnhookWindowsHookEx
SetWindowsHookExW
CallNextHookEx
SetLayeredWindowAttributes
ValidateRect
SystemParametersInfoW
MonitorFromPoint
GetMonitorInfoW
DrawIcon
GetForegroundWindow
IsIconic
GetMenuItemID
GetMenuItemCount
GetWindow
DefWindowProcW
GetClassInfoW
PostThreadMessageW
GetSubMenu
LoadMenuW
DestroyMenu
GetSystemMetrics
TranslateAcceleratorW
LoadAcceleratorsW
GetCapture
EqualRect
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetAsyncKeyState
GetDesktopWindow
WaitMessage
DispatchMessageW
TranslateMessage
PeekMessageW
SetForegroundWindow
LoadCursorW
GetFocus
IsChild
TrackPopupMenu
LoadIconW
GetNextDlgGroupItem
DrawFocusRect
SetCursor
GetWindowLongW
GetWindowTextLengthW
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
InvalidateRgn
MoveWindow
IsWindowEnabled
CreateMenu
CopyImage
GetIconInfo
FillRect
LoadImageW
CopyRect
LoadBitmapW
MapWindowPoints
MessageBeep
SetCursorPos
WindowFromPoint
ClientToScreen
SetCapture
ReleaseCapture
CopyIcon
BringWindowToTop
RegisterWindowMessageW
DestroyIcon
GetClassNameW
SetParent
ShowWindow
GetWindowPlacement
IsRectEmpty
GetDlgCtrlID
PostMessageW
GetWindowDC
DeferWindowPos
DrawStateW

gdi32

Rectangle
GetStockObject
GetPaletteEntries
CreatePalette
RealizePalette
GetNearestPaletteIndex
GetSystemPaletteEntries
GetPixel
CreatePolygonRgn
PtInRegion
FrameRgn
CreateCompatibleBitmap
SetPixelV
BitBlt
GetRgnBox
CreateRectRgnIndirect
OffsetRgn
CreateDIBSection
SetPixel
Ellipse
GetBkColor
CreateFontIndirectW
GetDeviceCaps
GetTextCharsetInfo
EnumFontFamiliesW
CreatePen
CreatePatternBrush
CreateDIBitmap
SetPaletteEntries
ExtFloodFill
StartPage
EndPage
EndDoc
DeleteDC
GetCurrentObject
PatBlt
CreateRectRgn
CombineRgn
GetBoundsRect
FillRgn
SetRectRgn
CreateRoundRectRgn
EnumFontFamiliesExW
StretchBlt
SetDIBColorTable
CreateBitmap
SetBkColor
SelectPalette
GetDIBits
Polyline
ExtTextOutW
CreateHatchBrush
CreateEllipticRgn
RoundRect
StretchDIBits
CreateFontW
GetCharWidthW
LPtoDP
CreateMetaFileW
CloseMetaFile
DeleteMetaFile
GetViewportOrgEx
PtVisible
RectVisible
TextOutW
Escape
GetClipBox
Polygon
GetCurrentPositionEx
MoveToEx
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SaveDC
RestoreDC
GetROP2
GetBkMode
GetPolyFillMode
GetStretchBltMode
GetNearestColor
GetTextFaceW
GetWindowExtEx
GetViewportExtEx
SetTextColor
SetMapMode
SetWindowExtEx
ScaleWindowExtEx
GetWindowOrgEx
SetWindowOrgEx
IntersectClipRect
CreateDCW
SetBrushOrgEx
SetAbortProc
StartDocW
DPtoLP
AbortDoc
CopyMetaFileW
UnrealizeObject
SetBkMode
SetPolyFillMode
SetROP2
SetStretchBltMode
SetGraphicsMode
SetWorldTransform
ModifyWorldTransform
OffsetWindowOrgEx
SelectClipRgn
ExcludeClipRect
OffsetClipRgn
LineTo
SetTextAlign
SetTextJustification
SetTextCharacterExtra
SetMapperFlags
GetLayout
SetLayout
ArcTo
SetArcDirection
PolyDraw
PolylineTo
SetColorAdjustment
PolyBezierTo
SelectClipPath
GetClipRgn
ExtSelectClipRgn
PlayMetaFileRecord
PlayMetaFile
EnumMetaFile
ExtCreatePen
CreateDIBPatternBrushPt
GetMapMode
GetTextColor
GetObjectType
SelectObject
DeleteObject
CreateCompatibleDC
CreateSolidBrush
GetObjectW
GetTextExtentPoint32W
GetTextMetricsW
GetTextAlign

shlwapi

PathStripToRootW
PathIsUNCW
PathRemoveFileSpecW
PathRemoveExtensionW
PathFindFileNameW
PathFindExtensionW
SHStrDupW
UrlUnescapeW

comctl32

ImageList_GetIcon
ImageList_DrawEx
ImageList_AddMasked
ImageList_Remove
ImageList_ReplaceIcon
ImageList_Create
ImageList_Destroy
ImageList_GetIconSize
ImageList_GetImageCount

msimg32

AlphaBlend
TransparentBlt

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 217KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6ecbd31f78660e8af99e665d8a5ae336

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:01:b2:9b:00:00:00:00:00:15Certificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

61:05:a2:30:00:00:00:00:00:08Certificate

Extended Key Usages

Key Usages

5b:33:66:86:34:26:cc:dd:b4:42:8a:a6:11:ed:0d:38:29:ca:5f:45Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcr100

user32

gdi32

shlwapi

comctl32

msimg32

Sections

.text Size: 2.7MB - Virtual size: 2.7MB

.data Size: 43KB - Virtual size: 64KB

.rsrc Size: 1.3MB - Virtual size: 1.3MB

.reloc Size: 217KB - Virtual size: 216KB

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:01:b2:9b:00:00:00:00:00:15
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:05:a2:30:00:00:00:00:00:08
Certificate

5b:33:66:86:34:26:cc:dd:b4:42:8a:a6:11:ed:0d:38:29:ca:5f:45
Signer

.text
Size: 2.7MB - Virtual size: 2.7MB

.data
Size: 43KB - Virtual size: 64KB

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 217KB - Virtual size: 216KB