35f0bbfc4c6016a6f1af5e8bea0c0727234859646a8ed113cce7add4d9d83b1f

Sharing

Copy URL Twitter E-mail

General

Target

35f0bbfc4c6016a6f1af5e8bea0c0727234859646a8ed113cce7add4d9d83b1f
Size

1.4MB
MD5

d9e7ebe5e537373cb2333acda3dca86d
SHA1

94564cf20dfbb5fcbe55118ea81fb7426ffc2bdb
SHA256

35f0bbfc4c6016a6f1af5e8bea0c0727234859646a8ed113cce7add4d9d83b1f
SHA512

bac318200224deb09a91752a3595ab22449af1923ddb692d7e579d7a3e761a5a27c3c17edf76736c7ed63cfa6e0d2c605bc5e2bff4141d65a22943a4629fa51a
SSDEEP

24576:BZaLP5RNXNW2al4HNNFmjtDewieZ+z1x93sok8jwby4AN1kOQtuKoBUqkKSXEEWF:ME6TF2ueZwx93sok8jwby4rEKoRkKSXK

Score

1^/10

Malware Config

Signatures

Files

35f0bbfc4c6016a6f1af5e8bea0c0727234859646a8ed113cce7add4d9d83b1f
.dll windows:6 windows x86 arch:x86

dcac73d7804315b4269bf68c9d621b3b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

14:78:1b:c8:62:e8:dc:50:3a:55:93:46:f5:dc:c5:18
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28/07/2015, 00:00

Not After

26/07/2018, 23:59

Subject

CN=NVIDIA Corporation,O=NVIDIA Corporation,L=SANTA CLARA,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:c1:5a:f2:13:67:d0:75:8b:ed:dc:ca:11:86:42:de
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

13/07/2015, 00:00

Not After

13/07/2018, 23:59

Subject

CN=NVIDIA Corporation,OU=IT MIIS,O=NVIDIA Corporation,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

19/02/2018, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign TSA for Advanced - G2

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

dc:e5:5b:29:4d:d6:ad:18:33:ac:a5:a8:2d:81:ed:2b:40:73:46:97:19:fd:3d:a8:3b:62:e5:62:ce:a4:b5:75
Signer

Actual PE Digest

dc:e5:5b:29:4d:d6:ad:18:33:ac:a5:a8:2d:81:ed:2b:40:73:46:97:19:fd:3d:a8:3b:62:e5:62:ce:a4:b5:75

Digest Algorithm

sha256

PE Digest Matches

false

86:d8:64:a4:b7:75:8d:0e:f3:4d:58:86:f1:81:71:38:f2:99:07:a0
Signer

Actual PE Digest

86:d8:64:a4:b7:75:8d:0e:f3:4d:58:86:f1:81:71:38:f2:99:07:a0

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\dvs\p4\build\sw\gcomp\rel\src\NvTelemetry\build\bin\Win32\Release\NvTelemetry.pdb

Imports

kernel32

MapViewOfFile
AreFileApisANSI
TryEnterCriticalSection
HeapCreate
HeapFree
EnterCriticalSection
GetFullPathNameW
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
LeaveCriticalSection
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
GetFileAttributesW
GetCurrentThreadId
HeapValidate
HeapSize
MultiByteToWideChar
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
CreateFileA
LoadLibraryA
WaitForSingleObjectEx
DeleteFileA
DeleteFileW
HeapReAlloc
GetSystemInfo
FlushFileBuffers
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
GetProcAddress
LockFileEx
GetFileSize
CreateFileMappingW
GetCurrentProcessId
GetProcessHeap
SystemTimeToFileTime
FreeLibrary
WideCharToMultiByte
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
QueryPerformanceCounter
GetTickCount
WritePrivateProfileStringW
GetPrivateProfileStringW
ConnectNamedPipe
LocalFree
GetOverlappedResult
Sleep
DisconnectNamedPipe
CreateFileW
WaitForSingleObject
WaitForMultipleObjects
CreateNamedPipeW
ExpandEnvironmentStringsW
WriteFile
CancelIo
ReadFile
ResetEvent
CloseHandle
SetEvent
GetLastError
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
ReadConsoleW
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
DeleteCriticalSection
UnmapViewOfFile
LoadLibraryW
CreateEventW
InitializeCriticalSectionEx
RaiseException
DecodePointer
VerSetConditionMask
VerifyVersionInfoW
GetVolumePathNameW
DuplicateHandle
GetCurrentProcess
GetCurrentThread
GetExitCodeThread
CreateDirectoryW
FindClose
FindFirstFileExW
FindNextFileW
GetFileInformationByHandle
SetFilePointerEx
EncodePointer
GetStringTypeW
QueryPerformanceFrequency
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualFree
VirtualProtect
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
RtlUnwind
MoveFileExW
ExitThread
GetModuleHandleExW
GetStdHandle
GetFileType
GetModuleFileNameA
WriteConsoleW
SetEnvironmentVariableA
RemoveDirectoryW
ExitProcess
GetACP
GetConsoleCP
GetConsoleMode
GetDateFormatW

advapi32

SetNamedSecurityInfoW
CryptReleaseContext
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptAcquireContextW
GetSecurityDescriptorDacl
RegQueryValueExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
RegCloseKey
SetEntriesInAclW
ConvertStringSidToSidW
InitializeSecurityDescriptor
RegOpenKeyExW

rpcrt4

UuidToStringA
UuidToStringW
RpcStringFreeW
RpcStringFreeA
UuidCreate

winhttp

WinHttpReceiveResponse
WinHttpOpen
WinHttpAddRequestHeaders
WinHttpQueryHeaders
WinHttpReadData
WinHttpOpenRequest
WinHttpSetOption
WinHttpQueryDataAvailable
WinHttpCrackUrl
WinHttpConnect
WinHttpSetStatusCallback
WinHttpSendRequest
WinHttpCloseHandle

iphlpapi

GetAdaptersAddresses

shell32

SHGetKnownFolderPath

ole32

CoSetProxyBlanket
CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemFree
CoInitializeSecurity

oleaut32

SysStringLen
VariantInit
SysFreeString
SysAllocString
VariantClear

Exports

Exports

DeviceId
DeviceIdFree
InitializeTelemetry
NvPluginGetInfo
SendFeedback
ShutdownTelemetry

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 193KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dcac73d7804315b4269bf68c9d621b3b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

14:78:1b:c8:62:e8:dc:50:3a:55:93:46:f5:dc:c5:18Certificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

7b:c1:5a:f2:13:67:d0:75:8b:ed:dc:ca:11:86:42:deCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3aCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

dc:e5:5b:29:4d:d6:ad:18:33:ac:a5:a8:2d:81:ed:2b:40:73:46:97:19:fd:3d:a8:3b:62:e5:62:ce:a4:b5:75Signer

86:d8:64:a4:b7:75:8d:0e:f3:4d:58:86:f1:81:71:38:f2:99:07:a0Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

rpcrt4

winhttp

iphlpapi

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 193KB - Virtual size: 193KB

.data Size: 19KB - Virtual size: 25KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 45KB - Virtual size: 44KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

14:78:1b:c8:62:e8:dc:50:3a:55:93:46:f5:dc:c5:18
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

7b:c1:5a:f2:13:67:d0:75:8b:ed:dc:ca:11:86:42:de
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

dc:e5:5b:29:4d:d6:ad:18:33:ac:a5:a8:2d:81:ed:2b:40:73:46:97:19:fd:3d:a8:3b:62:e5:62:ce:a4:b5:75
Signer

86:d8:64:a4:b7:75:8d:0e:f3:4d:58:86:f1:81:71:38:f2:99:07:a0
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 193KB - Virtual size: 193KB

.data
Size: 19KB - Virtual size: 25KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 45KB - Virtual size: 44KB