midas[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

midas.dll
Size

427KB
MD5

8b305a5f4e2176257c8e8186055aad08
SHA1

9828ce15f3ef2fb7649ca16b2171ad1fc36d5c8b
SHA256

075c5fbdea1148fba6af176631029aeef8ca948d0684d1fdffe39baf7b4a24c5
SHA512

746e828f80cf7d6acea1cba9585efee30022c89f38d1bc0c99e15cb3404387d7981da2506982b45eed6935d22d77eed5014cc3416fd96b5ae829ad048948771b
SSDEEP

6144:qEDQ/wNHFf14B5/kV9jNgBoY2qjvryselpdlnrGJzzQZ+0JST8WARC5Ucb1uRpX:jNH914W9jpmDryplpdlnrGJzzHAFDX

Score

1^/10

Malware Config

Signatures

Files

midas.dll
.dll regsvr32 windows:4 windows x86 arch:x86

095f07894c895b0ede3fbb1649c2e511

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:17:85:f6:b6:bc:98:c1:4a:5f:0b:89:76:96:f8:a8
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/07/2013, 00:00

Not After

09/08/2016, 23:59

Subject

CN=Embarcadero Technologies Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Embarcadero Technologies Inc.,L=San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

29:99:9f:d6:3b:df:de:ce:31:e9:23:83:ed:48:80:4c:67:eb:bc:32
Signer

Actual PE Digest

29:99:9f:d6:3b:df:de:ce:31:e9:23:83:ed:48:80:4c:67:eb:bc:32

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

kernel32

CloseHandle
CompareStringA
CompareStringW
CreateFileA
CreateFileMappingA
DeleteCriticalSection
DeleteFileA
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileA
FreeEnvironmentStringsA
GetACP
GetCPInfo
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStrings
GetFileAttributesA
GetFileType
GetLastError
GetLocalTime
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDefaultLangID
GetThreadLocale
GetUserDefaultLCID
GetVersion
GetVersionExA
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsDBCSLeadByte
IsDBCSLeadByteEx
IsDebuggerPresent
IsValidLocale
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
MapViewOfFile
MultiByteToWideChar
OpenFileMappingA
OutputDebugStringA
RaiseException
ReadFile
RtlUnwind
SetConsoleCtrlHandler
SetFilePointer
SetHandleCount
SetLastError
SetThreadLocale
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualQuery
WideCharToMultiByte
WriteFile
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA

user32

CharLowerA
CharNextA
CharUpperA
EnumThreadWindows
LoadStringA
LoadStringW
MessageBoxA
wsprintfA

ole32

IsEqualGUID
StringFromGUID2

oleaut32

LoadTypeLi
RegisterTypeLi
SafeArrayAccessData
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayDestroyDescriptor
SafeArrayRedim
SafeArrayUnaccessData
UnRegisterTypeLi

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllGetDataSnapClassObject
DllRegisterServer
DllUnregisterServer
ExitAlchemy
InitAlchemy
WEP
___CPPdebugHook
__dbk_fcall_wrapper
__dbk_fcall_wrapper_addr

Sections

.text
Size: 341KB - Virtual size: 344KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 54KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

095f07894c895b0ede3fbb1649c2e511

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

42:17:85:f6:b6:bc:98:c1:4a:5f:0b:89:76:96:f8:a8Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

29:99:9f:d6:3b:df:de:ce:31:e9:23:83:ed:48:80:4c:67:eb:bc:32Signer

Headers

File Characteristics

Imports

advapi32

kernel32

user32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 341KB - Virtual size: 344KB

.data Size: 54KB - Virtual size: 80KB

.tls Size: 512B - Virtual size: 4KB

.idata Size: 3KB - Virtual size: 4KB

.edata Size: 512B - Virtual size: 4KB

.rsrc Size: 7KB - Virtual size: 8KB

.reloc Size: 13KB - Virtual size: 16KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

42:17:85:f6:b6:bc:98:c1:4a:5f:0b:89:76:96:f8:a8
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

29:99:9f:d6:3b:df:de:ce:31:e9:23:83:ed:48:80:4c:67:eb:bc:32
Signer

.text
Size: 341KB - Virtual size: 344KB

.data
Size: 54KB - Virtual size: 80KB

.tls
Size: 512B - Virtual size: 4KB

.idata
Size: 3KB - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 7KB - Virtual size: 8KB

.reloc
Size: 13KB - Virtual size: 16KB