0948570c2875f02d91333979b52827be368fecc33cd69319f5c25ecf6210e0d2

Sharing

Copy URL Twitter E-mail

General

Target

0948570c2875f02d91333979b52827be368fecc33cd69319f5c25ecf6210e0d2
Size

544KB
MD5

9087ec6b4df235cb2cd201bc88b68839
SHA1

b282a91af293154e1550d899fcda33d6b989b5bf
SHA256

0948570c2875f02d91333979b52827be368fecc33cd69319f5c25ecf6210e0d2
SHA512

27606004e597537bafadbdfec3e5e972d48463f49a7f005652fb17478d931b7a07fe6924e04a90e54e8dd8ed59549430bbcef4ca29f00c8b7a97ee53f1e5c44b
SSDEEP

12288:d6SGkpf0ANvpSnzUbYoZJvITsawb+b6BBjvrEH7AV:d6SGkxBMgbYY/yb6frEH76

Score

1^/10

Malware Config

Signatures

Files

0948570c2875f02d91333979b52827be368fecc33cd69319f5c25ecf6210e0d2
.dll windows:5 windows x86 arch:x86

c021b801622dbfbb27edbd7631f12c3e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1f:8d:07:d8:de:aa:af:83:25:d5:2a:b0:59:5b:ba:3f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

19/10/2017, 00:00

Not After

18/01/2019, 23:59

Subject

CN=Kings Information & Network Co.\, Ltd.,O=Kings Information & Network Co.\, Ltd.,L=Hanamsi,ST=Gyeonggido,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

19:53:60:96:ed:fe:27:fc:ec:06:df:59:29:d3:9a:62
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

21/09/2017, 00:00

Not After

21/09/2018, 23:59

Subject

SERIALNUMBER=220-81-63160,CN=Kings Information & Network Co.\, Ltd.,O=Kings Information & Network Co.\, Ltd.,L=Hanam-si,ST=Gyeonggi-do,C=KR,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#130848616e616d2d7369,1.3.6.1.4.1.311.60.2.1.2=#130b4779656f6e6767692d646f,1.3.6.1.4.1.311.60.2.1.3=#13024b52

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

4d:10:ef:83:e8:7a:6d:e2:fa:ca:12:83:f9:41:c3:17:5e:32:52:d6:f1:d4:9a:07:cb:39:67:f2:39:19:61:46
Signer

Actual PE Digest

4d:10:ef:83:e8:7a:6d:e2:fa:ca:12:83:f9:41:c3:17:5e:32:52:d6:f1:d4:9a:07:cb:39:67:f2:39:19:61:46

Digest Algorithm

sha256

PE Digest Matches

false

96:e7:71:7a:89:34:1f:87:03:e0:72:ed:f8:dd:4a:b8:96:76:f0:6a
Signer

Actual PE Digest

96:e7:71:7a:89:34:1f:87:03:e0:72:ed:f8:dd:4a:b8:96:76:f0:6a

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\main\32. KOSBridge\Release\KOSBridge.pdb

Imports

ws2_32

shutdown
htons
listen
WSAGetLastError
bind
accept
socket
WSAStartup
closesocket
htonl

wininet

HttpOpenRequestW
InternetCloseHandle
InternetReadFile
HttpSendRequestW
InternetConnectW
InternetOpenW

crypt32

CertAddEncodedCertificateToStore
CertDeleteCertificateFromStore
CertNameToStrW
CertEnumCertificatesInStore
CertOpenStore
CertCloseStore

libeay32

ord857
ord298
ord283
ord150
ord161
ord486
ord3686
ord129
ord279
ord281
ord664
ord673
ord670
ord8
ord656
ord658
ord657
ord1912
ord667
ord1177
ord633
ord541
ord674
ord641
ord653
ord3315
ord333
ord197
ord3212
ord2604
ord224
ord196
ord1804

ssleay32

ord48
ord87
ord35
ord58
ord78
ord108
ord183
ord74
ord12
ord112
ord28
ord22
ord5
ord75

nss3

CERT_DestroyCertList
NSS_InitWithMerge
NSS_Shutdown
PK11_FreeSlot
CERT_ChangeCertTrust
PK11_ImportCert
CERT_DecodeTrustString
PORT_ZAlloc
PORT_ZFree
CERT_DestroyCertificate
SEC_DeletePermCertificate
PK11_FindCertsFromNickname
PK11_Authenticate
PK11_GetInternalKeySlot
CERT_GetDefaultCertDB

smime3

CERT_DecodeCertFromPackage

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
RegisterWaitForSingleObject
GetNumaHighestNodeNumber
GetThreadPriority
UnregisterWait
SetStdHandle
WriteConsoleW
LoadLibraryW
ChangeTimerQueueTimer
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
ReleaseSemaphore
VirtualProtect
VirtualFree
VirtualAlloc
GetVersionExW
SetThreadPriority
GetModuleHandleA
FreeLibraryAndExitThread
FreeLibrary
GetThreadTimes
SwitchToThread
SetThreadAffinityMask
GetProcessAffinityMask
DeleteTimerQueueTimer
HeapReAlloc
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
QueryPerformanceCounter
GetModuleFileNameA
GetOEMCP
GetACP
IsValidCodePage
GetProcessHeap
HeapSize
GetModuleHandleExW
GetFileType
WriteFile
GetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CreateTimerQueue
CreateSemaphoreW
GetModuleHandleW
GetStartupInfoW
TlsFree
TlsSetValue
TlsAlloc
TerminateProcess
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExW
GetProcAddress
ExitThread
CreateThread
CreateTimerQueueTimer
TlsGetValue
GetCPInfo
InitializeCriticalSectionAndSpinCount
RtlUnwind
RaiseException
GetCommandLineA
HeapFree
GetLastError
Sleep
GetTickCount
VerSetConditionMask
VerifyVersionInfoW
WideCharToMultiByte
MultiByteToWideChar
CreateMutexW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
CloseHandle
IsDebuggerPresent
OutputDebugStringA
OutputDebugStringW
CreateEventW
SetEvent
ExitProcess
ExpandEnvironmentStringsA
GetPrivateProfileStringA
LoadResource
LockResource
SizeofResource
SignalObjectAndWait
CreateFileW
GetModuleFileNameW
FindResourceW
HeapAlloc
IsProcessorFeaturePresent
InterlockedIncrement
InterlockedDecrement
DuplicateHandle
GetCurrentProcess
GetCurrentThread
GetExitCodeThread
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InterlockedExchange
GetSystemTimeAsFileTime
GetStringTypeW

shell32

SHGetFolderPathW

Exports

Exports

GetLibraryVersion
StartKOSBridge
StopKOSBridge

Sections

.text
Size: 286KB - Virtual size: 285KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c021b801622dbfbb27edbd7631f12c3e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

1f:8d:07:d8:de:aa:af:83:25:d5:2a:b0:59:5b:ba:3fCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49Certificate

Extended Key Usages

Key Usages

19:53:60:96:ed:fe:27:fc:ec:06:df:59:29:d3:9a:62Certificate

Extended Key Usages

Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

4d:10:ef:83:e8:7a:6d:e2:fa:ca:12:83:f9:41:c3:17:5e:32:52:d6:f1:d4:9a:07:cb:39:67:f2:39:19:61:46Signer

96:e7:71:7a:89:34:1f:87:03:e0:72:ed:f8:dd:4a:b8:96:76:f0:6aSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

wininet

crypt32

libeay32

ssleay32

nss3

smime3

version

kernel32

shell32

Exports

Exports

Sections

.text Size: 286KB - Virtual size: 285KB

.rdata Size: 68KB - Virtual size: 67KB

.data Size: 12KB - Virtual size: 29KB

.rsrc Size: 23KB - Virtual size: 23KB

.reloc Size: 63KB - Virtual size: 62KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

1f:8d:07:d8:de:aa:af:83:25:d5:2a:b0:59:5b:ba:3f
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

19:53:60:96:ed:fe:27:fc:ec:06:df:59:29:d3:9a:62
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

4d:10:ef:83:e8:7a:6d:e2:fa:ca:12:83:f9:41:c3:17:5e:32:52:d6:f1:d4:9a:07:cb:39:67:f2:39:19:61:46
Signer

96:e7:71:7a:89:34:1f:87:03:e0:72:ed:f8:dd:4a:b8:96:76:f0:6a
Signer

.text
Size: 286KB - Virtual size: 285KB

.rdata
Size: 68KB - Virtual size: 67KB

.data
Size: 12KB - Virtual size: 29KB

.rsrc
Size: 23KB - Virtual size: 23KB

.reloc
Size: 63KB - Virtual size: 62KB