4a6834cc53b184664ff0acb7c1f3025ace3f5d0dccf1e136e341aa0d88c61cef

Sharing

Copy URL Twitter E-mail

General

Target

4a6834cc53b184664ff0acb7c1f3025ace3f5d0dccf1e136e341aa0d88c61cef
Size

1.0MB
MD5

1052bd15dd871e608e2cae11222a52b1
SHA1

c29ced6c76079325997de4b97bd284b5cb87fb48
SHA256

4a6834cc53b184664ff0acb7c1f3025ace3f5d0dccf1e136e341aa0d88c61cef
SHA512

7d23586c2ba145b66266efbcf6b5a136d5d2ec1ed7019350f5351a88a2cb1dac428ec9cbb4d29c455e6b9bc5137010d0710876d03dcd96d0cfaf8cc1506a4b14
SSDEEP

24576:vesi4PPQ7BG8Xtkf2VeGB9HCb5ajdWkyRTn41A:FiAP5Ytkf2kGB9HljdVYTnL

Score

1^/10

Malware Config

Signatures

Files

4a6834cc53b184664ff0acb7c1f3025ace3f5d0dccf1e136e341aa0d88c61cef
.dll windows:6 windows x64 arch:x64

343d0abd42ee3d6e57fddac132c214d7

Code Sign

03:c6:ab:dd:e7:aa:44:0b:c1:99:0a:06:d5:34:89:db
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

15/03/2017, 00:00

Not After

20/03/2019, 12:00

Subject

SERIALNUMBER=2748129,CN=Adobe Systems Incorporated,OU=Photoshop\, Bridge,O=Adobe Systems Incorporated,POSTALCODE=95110,STREET=345 Park Avenue,L=San Jose,ST=California,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

68:de:a6:b1:81:8e:a4:df:fa:23:b0:d8:87:27:df:f5:00:75:77:98:4b:28:66:02:5d:f6:68:ca:d3:d6:3e:70
Signer

Actual PE Digest

68:de:a6:b1:81:8e:a4:df:fa:23:b0:d8:87:27:df:f5:00:75:77:98:4b:28:66:02:5d:f6:68:ca:d3:d6:3e:70

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\builds\RIBS\10.0\source\public\caps\libraries\windows_x64\Release\dynamic\adobe_caps.pdb

Imports

msi

ord113
ord70

kernel32

LocalAlloc
LocalFree
GetLastError
SetLastError
GetFileSize
ReadFile
FindClose
CloseHandle
FormatMessageW
lstrcmpW
lstrlenW
GetModuleFileNameW
GetTempPathW
GetCurrentDirectoryW
CreateFileW
SetFileAttributesW
GetFileAttributesW
DeleteFileW
FindFirstFileW
FindNextFileW
CopyFileW
GetCurrentProcess
GetProcAddress
GetExitCodeProcess
WaitForSingleObject
GetModuleHandleW
CreateProcessW
GetACP
MultiByteToWideChar
WideCharToMultiByte
GetFileSizeEx
FlushFileBuffers
SystemTimeToFileTime
GetFileAttributesExW
AreFileApisANSI
HeapCreate
HeapFree
EnterCriticalSection
GetFullPathNameW
WriteFile
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
LeaveCriticalSection
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
CreateMutexW
GetVersionExW
UnmapViewOfFile
HeapValidate
HeapSize
Sleep
GetTempPathA
GetOEMCP
GetFileAttributesA
OutputDebugStringW
CreateFileA
LoadLibraryA
GetVersionExA
DeleteFileA
HeapReAlloc
GetSystemInfo
LoadLibraryW
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
CreateFileMappingA
LockFileEx
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
FreeLibrary
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
GetTickCount
InitializeCriticalSectionAndSpinCount
RaiseException
DecodePointer
LCMapStringW
TerminateProcess
CreateEventW
GetFileType
LoadLibraryExW
InterlockedFlushSList
RtlUnwindEx
RtlPcToFileHeader
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetConsoleCP
WriteConsoleW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
GetStdHandle
GetDiskFreeSpaceA
InitializeSListHead
GetCurrentThreadId
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
IsValidCodePage
FindNextFileA
FindFirstFileExA
GetTimeZoneInformation
SetFilePointerEx
ReadConsoleW
GetConsoleMode
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
CompareStringW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
GetStringTypeW
SetStdHandle

advapi32

SystemFunction036
FreeSid
AllocateAndInitializeSid
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetEntriesInAclW
CreateWellKnownSid

shell32

SHCreateDirectoryExW
SHGetPathFromIDListW
SHGetFolderPathW
SHGetFolderLocation
SHGetSpecialFolderPathW

ole32

CoTaskMemFree
CoCreateGuid
StringFromGUID2

shlwapi

PathStripToRootW
PathStripPathW
PathRemoveBackslashW
PathAppendW
PathRemoveFileSpecW
PathFileExistsW
PathIsRelativeW
PathIsDirectoryW
PathFileExistsA
PathIsUNCW

Exports

Exports

GetSetupManifest
capsBackup
capsCloseSession
capsGetCollection
capsGetCollectionData
capsGetCollectionDataKeys
capsGetCollectionDataKeysAndValues
capsGetCollectionPayloads
capsGetCollections
capsGetInstallState
capsGetLastModTime
capsGetPayload
capsGetPayloadCollections
capsGetPayloadCollectionsAcrossUpgrades
capsGetPayloadConstraint
capsGetPayloadData
capsGetPayloadDataKeys
capsGetPayloadDataKeysAndValues
capsGetPayloads
capsGetUpgradedPayloadsKeysAndValues
capsOpenSession
capsOpenSessionNoCreate
capsRemoveCollectionData
capsRemoveCollectionDomainData
capsRemovePayloadData
capsRemovePayloadDomainData
capsSessionCommit
capsSessionRollback
capsSetCollectionData
capsSetPayloadData
mdbCloseSession
mdbGetBrandingData
mdbGetDependencyData
mdbGetDependencyDataEx
mdbGetEulaData
mdbGetEulaLanguageList
mdbGetPayload
mdbGetPayloadData
mdbGetProduct
mdbGetProductIDList
mdbGetProductPayloads
mdbOpenSession
mdbOpenSessionNoCreate
mdbOpenSessionWithPath
mdbSessionRollback
pcdCacheGetLastModTime
pcdCloseSession
pcdGetDomainData
pcdGetDomainDataKeys
pcdGetDomainDataSubdomains
pcdGetLastModTime
pcdOpenCacheSession
pcdOpenCacheSessionNoCreate
pcdOpenSession
pcdOpenSessionNoCreate
pcdRemoveDomainData
pcdSessionCommit
pcdSessionRollback
pcdSetDomainData
pdbCloseSession
pdbGetAppLaunchPath
pdbGetInstallState
pdbGetLastModTime
pdbGetPayload
pdbGetPayloadData
pdbGetPayloadDataKeys
pdbGetPayloadDataKeysAndValues
pdbGetPayloadDependency
pdbGetPayloadDependencyKeysAndValues
pdbGetPayloadDependencyReverse
pdbGetPayloads
pdbGetUpgradedPayloadsKeysAndValues
pdbGetUserAction
pdbOpenSession
pdbOpenSessionNoCreate
pdbSessionRollback

Sections

.text
Size: 752KB - Virtual size: 751KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 212KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

343d0abd42ee3d6e57fddac132c214d7

Code Sign

03:c6:ab:dd:e7:aa:44:0b:c1:99:0a:06:d5:34:89:dbCertificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

68:de:a6:b1:81:8e:a4:df:fa:23:b0:d8:87:27:df:f5:00:75:77:98:4b:28:66:02:5d:f6:68:ca:d3:d6:3e:70Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msi

kernel32

advapi32

shell32

ole32

shlwapi

Exports

Exports

Sections

.text Size: 752KB - Virtual size: 751KB

.rdata Size: 212KB - Virtual size: 212KB

.data Size: 13KB - Virtual size: 21KB

.pdata Size: 40KB - Virtual size: 40KB

.gfids Size: 512B - Virtual size: 280B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 16KB - Virtual size: 16KB

.reloc Size: 5KB - Virtual size: 4KB

03:c6:ab:dd:e7:aa:44:0b:c1:99:0a:06:d5:34:89:db
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

68:de:a6:b1:81:8e:a4:df:fa:23:b0:d8:87:27:df:f5:00:75:77:98:4b:28:66:02:5d:f6:68:ca:d3:d6:3e:70
Signer

.text
Size: 752KB - Virtual size: 751KB

.rdata
Size: 212KB - Virtual size: 212KB

.data
Size: 13KB - Virtual size: 21KB

.pdata
Size: 40KB - Virtual size: 40KB

.gfids
Size: 512B - Virtual size: 280B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 16KB - Virtual size: 16KB

.reloc
Size: 5KB - Virtual size: 4KB