c909174520f600031467fab3d376c1d56eaa1918b8e6c6130ff1aceb1688c082

Sharing

Copy URL Twitter E-mail

General

Target

c909174520f600031467fab3d376c1d56eaa1918b8e6c6130ff1aceb1688c082
Size

4.3MB
MD5

1072498e830c54fcd0a91d9c6efe5ec8
SHA1

c6fbc14a5450e620324c33caf5a4e213348090e3
SHA256

c909174520f600031467fab3d376c1d56eaa1918b8e6c6130ff1aceb1688c082
SHA512

d29a299212322086101d3f3010bcaf529f016b03b8ca10ee5ae796690582bdfd8499905b8a893799bf9b1a403cad6afeb7fd98a73028f74994df458ed9ace26f
SSDEEP

49152:B1BZJRIFfbyRd8l4ZANzNZ34TQeY9IyOY9md1uahBrT8TLHXVIDSOWy2XocgWF6o:+fGRdKNpx48ssLHlD5O/i

Score

1^/10

Malware Config

Signatures

Files

c909174520f600031467fab3d376c1d56eaa1918b8e6c6130ff1aceb1688c082
.exe windows:5 windows x64 arch:x64

b9db08193c6e048cb56d0122d11be542

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1e:fd:c2:c4:9f:98:02:20:6f:c4:a6:84:b9:09:d9:f7
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/02/2016, 00:00

Not After

24/02/2017, 23:59

Subject

CN=DSP Development Corporation,O=DSP Development Corporation,POSTALCODE=02458,STREET=1 Bridge Street,L=Newton,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

89:36:04:14:9b:54:83:ec:89:12:46:6e:33:80:47:b9:b7:e5:d8:35
Signer

Actual PE Digest

89:36:04:14:9b:54:83:ec:89:12:46:6e:33:80:47:b9:b7:e5:d8:35

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\fuse67\Release\dadispnt.pdb

Imports

comctl32

PropertySheetA
ord17

shlwapi

PathIsUNCA

mpr

WNetGetUniversalNameA

usp10

ScriptStringAnalyse
ScriptStringOut
ScriptStringFree

kernel32

GetStartupInfoW
GetCommandLineA
SetCurrentDirectoryW
GetCurrentDirectoryW
GetFileType
PeekNamedPipe
GetFileInformationByHandle
HeapCompact
HeapSize
GetSystemTimeAsFileTime
GetTimeFormatA
HeapSetInformation
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
HeapAlloc
DeleteFileA
DecodePointer
ExitProcess
GetModuleHandleW
MoveFileA
SetFilePointer
HeapReAlloc
LeaveCriticalSection
EnterCriticalSection
HeapFree
HeapCreate
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
EncodePointer
TerminateProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FlsGetValue
FlsSetValue
FlsFree
SetLastError
FlsAlloc
RtlUnwindEx
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
SetHandleCount
GetStdHandle
DeleteCriticalSection
LCMapStringW
LoadLibraryW
GetLocaleInfoW
GetModuleFileNameW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
FlushFileBuffers
GetFullPathNameA
RaiseException
GetTimeZoneInformation
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
ExpandEnvironmentStringsA
QueryPerformanceFrequency
GetModuleHandleA
GetSystemInfo
CreateProcessA
GetExitCodeProcess
GetProcessHeap
QueryPerformanceCounter
GetCurrentProcess
VirtualProtect
LockResource
SizeofResource
LoadResource
FreeResource
FindResourceA
WriteFile
lstrcmpiA
GetCurrentThreadId
SetUnhandledExceptionFilter
SetEnvironmentVariableA
LoadLibraryA
GetEnvironmentVariableA
SetErrorMode
GetSystemDirectoryA
ReadFile
GetFileSize
CreateFileA
GlobalSize
GetLocalTime
FindFirstFileExA
Sleep
GetTickCount
LocalFree
LocalAlloc
GetVersion
GetLastError
MulDiv
GetProfileStringA
GetWindowsDirectoryA
CloseHandle
WaitForSingleObject
lstrcpyA
FindNextFileA
FindClose
lstrcatA
GetFileAttributesA
lstrlenA
GetVersionExA
WinExec
GlobalFree
GetTempPathA
GetTempFileNameA
FormatMessageA
GetModuleFileNameA
GetProcAddress
WideCharToMultiByte
FreeLibrary
GlobalUnlock
lstrlenW
GlobalAlloc
GlobalLock
MultiByteToWideChar
WriteConsoleW
GetDriveTypeW
SetEndOfFile
CreateFileW
CompareStringW
RemoveDirectoryA
CreateDirectoryA
GetCurrentDirectoryA
GetDateFormatA
SetCurrentDirectoryA

user32

SetWindowsHookExA
LoadAcceleratorsA
SetMenu
DispatchMessageA
UnhookWindowsHookEx
FindWindowA
SetClipboardViewer
VkKeyScanA
GetWindowThreadProcessId
SetSysColors
EnableMenuItem
CheckMenuItem
SetClassLongPtrA
GetPropA
CopyImage
RemovePropA
ShowCursor
SetPropA
FrameRect
GetCursor
LoadImageA
IsClipboardFormatAvailable
EmptyClipboard
SetClipboardData
MessageBeep
SetScrollPos
ScrollWindow
ValidateRect
SetScrollRange
EnableScrollBar
ShowScrollBar
CheckRadioButton
GetDlgItemInt
SetDlgItemInt
SetCursor
InflateRect
CopyIcon
DestroyCursor
TrackPopupMenu
IsIconic
MenuItemFromPoint
ChangeClipboardChain
WinHelpA
CreateWindowExA
EndDialog
GetCursorPos
GetCaretPos
GetActiveWindow
DeferWindowPos
SystemParametersInfoA
BeginDeferWindowPos
UpdateWindow
GetDlgCtrlID
DialogBoxParamA
LoadIconA
MoveWindow
DdeGetLastError
DdeClientTransaction
DdePostAdvise
DdeConnect
DdeDisconnect
DdeFreeDataHandle
CloseClipboard
DdeCreateStringHandleA
DdeAccessData
DdeInitializeA
DdeUnaccessData
DdeFreeStringHandle
DdeUninitialize
DdeCreateDataHandle
GetClipboardData
DdeAddData
DdeCmpStringHandles
DdeQueryStringA
OpenClipboard
DdeNameService
DlgDirListComboBoxA
DlgDirSelectComboBoxExA
SetDlgItemTextA
EnumChildWindows
GetClassNameA
PtInRect
DrawFocusRect
TranslateAcceleratorA
PeekMessageA
UnregisterClassA
GetAsyncKeyState
GetWindowPlacement
GetForegroundWindow
ChildWindowFromPoint
TranslateMessage
IsWindowEnabled
SubtractRect
CharNextA
DrawIconEx
CallNextHookEx
SetForegroundWindow
GetKeyState
IsWindowVisible
GetWindow
LoadCursorA
CallWindowProcA
SetWindowTextA
GetSystemMetrics
ReleaseCapture
IsWindow
SetWindowLongPtrA
SetWindowPos
GetSysColor
RedrawWindow
DefWindowProcA
GetDlgItem
ReleaseDC
GetWindowLongA
InvalidateRect
GetWindowTextA
GetDC
BeginPaint
SendMessageA
GetWindowTextLengthA
SetFocus
GetClientRect
InvalidateRgn
GetParent
GetFocus
KillTimer
ShowWindowAsync
PostQuitMessage
SetTimer
GetMessageA
wsprintfA
LoadBitmapA
MapDialogRect
SetActiveWindow
CreatePopupMenu
BringWindowToTop
DrawTextA
CreateDialogParamA
GetMenuState
DeleteMenu
GetScrollPos
SetScrollInfo
DialogBoxIndirectParamA
GetScrollInfo
CreateDialogIndirectParamA
IsDialogMessageA
IsZoomed
GetWindowDC
DrawEdge
GetClassLongPtrA
EndDeferWindowPos
AdjustWindowRectEx
GetDlgItemTextA
DrawFrameControl
CopyRect
SendDlgItemMessageA
LoadStringA
CheckDlgButton
IsDlgButtonChecked
MessageBoxA
ClientToScreen
ScreenToClient
GetMenuItemID
GetSubMenu
LoadMenuA
CreateMenu
SetRect
GetMenuItemInfoA
WindowFromDC
AppendMenuA
GetMenuItemCount
RemoveMenu
InsertMenuA
EnableWindow
DestroyMenu
SetWindowRgn
SetParent
GetMenu
OffsetRect
RegisterClipboardFormatA
IntersectRect
GetDesktopWindow
ShowWindow
PostMessageA
EqualRect
ModifyMenuA
IsRectEmpty
EndPaint
DestroyWindow
GetWindowRect
GetWindowLongPtrA
RegisterClassExA
FillRect
IsChild
GetClassInfoExA
SetCapture

gdi32

StretchDIBits
RealizePalette
CreatePalette
GetDIBits
GetDeviceCaps
ExtEscape
GetStockObject
SetBkMode
CreateDCA
CreateFontIndirectA
GetTextExtentPoint32A
RestoreDC
CloseEnhMetaFile
EndDoc
SetTextAlign
SetROP2
SetViewportExtEx
Polyline
CreateRectRgn
GetTextAlign
EndPath
SaveDC
Ellipse
StartDocA
Rectangle
SetMapMode
SelectClipRgn
SetPixel
GetWinMetaFileBits
CopyEnhMetaFileA
SetBrushOrgEx
Polygon
StartPage
CreateEnhMetaFileA
FloodFill
SetWindowExtEx
CopyMetaFileA
DeleteEnhMetaFile
GetTextMetricsA
SelectPalette
SetMetaFileBitsEx
Pie
GetViewportOrgEx
Arc
GetWindowOrgEx
EndPage
SetWindowOrgEx
MoveToEx
StrokePath
BeginPath
GetTextFaceA
GetGlyphOutlineA
GetPixel
CreatePen
GetCurrentPositionEx
GetMapMode
CombineRgn
DPtoLP
StretchBlt
GetROP2
CreateDIBPatternBrush
PatBlt
SetBitmapBits
ExtCreatePen
GetBitmapBits
GetClipRgn
EnumObjects
GetEnhMetaFileHeader
GetTextExtentPointA
SetRectRgn
SetDCBrushColor
PlayEnhMetaFile
GetCurrentObject
TextOutW
GetCharABCWidthsA
TextOutA
PaintRgn
RectInRegion
SetStretchBltMode
GetSystemPaletteEntries
Escape
CreateDIBitmap
GetObjectA
SetTextColor
SetViewportOrgEx
SetBkColor
ExtTextOutA
CreateRectRgnIndirect
DeleteMetaFile
BitBlt
DeleteDC
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
LineTo
CreateSolidBrush

comdlg32

GetOpenFileNameA
ChooseColorA
GetSaveFileNameA
GetFileTitleA
PrintDlgA
ChooseFontA
CommDlgExtendedError

advapi32

RegOpenKeyExA
RegCloseKey
RegEnumKeyExA
RegDeleteKeyA
RegQueryValueA
GetUserNameA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA

shell32

ShellExecuteA
SHGetMalloc
SHBrowseForFolderA
ShellExecuteExA
SHGetDesktopFolder
FindExecutableA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHChangeNotify

ole32

StgCreateDocfile
ReadClassStg
StgIsStorageFile
StgOpenStorageEx
CreateFileMoniker
CoRegisterClassObject
CoRevokeClassObject
StringFromIID
OleUninitialize
OleInitialize
CoDisconnectObject
WriteClassStg
OleDestroyMenuDescriptor
CreateDataAdviseHolder
CreateOleAdviseHolder
CoLockObjectExternal
CreateStreamOnHGlobal
OleLockRunning
CoTaskMemAlloc
CoGetClassObject
CLSIDFromProgID
MkParseDisplayName
CreateBindCtx
StgOpenStorage
StgCreateStorageEx
OleCreateMenuDescriptor
CoCreateInstance
CoTaskMemFree
CLSIDFromString
CoGetMalloc
StringFromCLSID

oleaut32

SafeArrayGetDim
VariantCopy
SafeArrayGetUBound
SafeArrayUnaccessData
SafeArrayCreate
SafeArrayAccessData
VariantClear
SafeArrayGetLBound
RegisterTypeLi
RegisterActiveObject
LoadTypeLi
RevokeActiveObject
SafeArrayGetVartype
SetErrorInfo
SafeArrayGetElement
DispInvoke
SafeArrayDestroy
DispGetIDsOfNames
SysStringLen
SysStringByteLen
VariantChangeType
GetActiveObject
SysAllocString
LoadRegTypeLi
SysFreeString
VariantInit
CreateErrorInfo
OleLoadPicture

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 321KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 501KB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 155KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b9db08193c6e048cb56d0122d11be542

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

1e:fd:c2:c4:9f:98:02:20:6f:c4:a6:84:b9:09:d9:f7Certificate

Extended Key Usages

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

89:36:04:14:9b:54:83:ec:89:12:46:6e:33:80:47:b9:b7:e5:d8:35Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

shlwapi

mpr

usp10

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 3.1MB - Virtual size: 3.1MB

.rdata Size: 321KB - Virtual size: 320KB

.data Size: 501KB - Virtual size: 2.9MB

.pdata Size: 155KB - Virtual size: 155KB

text Size: 7KB - Virtual size: 7KB

data Size: 25KB - Virtual size: 24KB

.rsrc Size: 150KB - Virtual size: 149KB

.reloc Size: 40KB - Virtual size: 40KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

1e:fd:c2:c4:9f:98:02:20:6f:c4:a6:84:b9:09:d9:f7
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

89:36:04:14:9b:54:83:ec:89:12:46:6e:33:80:47:b9:b7:e5:d8:35
Signer

.text
Size: 3.1MB - Virtual size: 3.1MB

.rdata
Size: 321KB - Virtual size: 320KB

.data
Size: 501KB - Virtual size: 2.9MB

.pdata
Size: 155KB - Virtual size: 155KB

text
Size: 7KB - Virtual size: 7KB

data
Size: 25KB - Virtual size: 24KB

.rsrc
Size: 150KB - Virtual size: 149KB

.reloc
Size: 40KB - Virtual size: 40KB