f620247532f4fbc02f8f4947563a1d74a9c184b105f85102f8cce318b7951851

Sharing

Copy URL Twitter E-mail

General

Target

f620247532f4fbc02f8f4947563a1d74a9c184b105f85102f8cce318b7951851
Size

240KB
MD5

a2ba61eabcce13a4fb8c564709ff639a
SHA1

cb011820275e1f265b7df4cf0e88c1f6d8fbb100
SHA256

f620247532f4fbc02f8f4947563a1d74a9c184b105f85102f8cce318b7951851
SHA512

819930494ffda061af7c7034672d4d80cf7e4b9e06ea5fe90fb10e811af668e459d6bae8222d790790a000c3695590e5ecfa80a4205d0a6782e08da018965e31
SSDEEP

3072:MnTWHvq7EhniCjdNGrWdtt03tJzPM9I7mOIB0+RVCD1+sNDXiWTzfpNpG6wljpxL:AqgWNUT49I7JIJPWdiW7jMVjpuYnh4zq

Score

1^/10

Malware Config

Signatures

Files

f620247532f4fbc02f8f4947563a1d74a9c184b105f85102f8cce318b7951851
.dll windows:5 windows x86 arch:x86

b7bde60c872aa91b1a67a71380f66fdd

Code Sign

6f:53:b3:fa:97:d5:1f:a1:81:fb:88:62:fd:ab:f6:31
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

03/12/2009, 00:00

Not After

03/12/2011, 23:59

Subject

CN=axissoft\, Inc.,O=axissoft\, Inc.,L=Gangnam-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Program Files\Axissoft\StarPlayer\StarPlayerUI.pdb

Imports

kernel32

FreeLibrary
LoadLibraryExW
InterlockedIncrement
InterlockedDecrement
GetModuleHandleW
InitializeCriticalSection
GetModuleFileNameW
MultiByteToWideChar
lstrlenW
GetLastError
GetProcAddress
lstrcmpiW
DeleteCriticalSection
SetLastError
FlushFileBuffers
CloseHandle
CreateFileA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetCurrentThreadId
RaiseException
lstrcpyW
GetUserDefaultLangID
SizeofResource
GlobalUnlock
LockResource
GlobalLock
LeaveCriticalSection
EnterCriticalSection
LoadResource
FindResourceW
GlobalAlloc
GetCurrentProcess
FlushInstructionCache
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetConsoleMode
GetConsoleCP
SetFilePointer
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
ExitProcess
Sleep
HeapCreate
GetModuleHandleA
GetModuleFileNameA
GetStdHandle
WriteFile
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
RtlUnwind
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
LoadLibraryA
IsProcessorFeaturePresent

user32

DefWindowProcW
GetClassInfoExW
LoadCursorW
RegisterClassExW
wsprintfW
SetCursor
TrackMouseEvent
ReleaseCapture
CharNextW
GetClientRect
DestroyWindow
CreateWindowExW
GetWindowLongW
SetWindowLongW
UnregisterClassA
IsWindow
SetCapture
InvalidateRect
EndPaint
CallWindowProcW
BeginPaint

gdi32

SetBkMode
GetObjectA
GetStockObject
DeleteObject
CreateFontIndirectW
SetTextColor

advapi32

RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW
RegCreateKeyExW
RegSetValueExW

ole32

CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CreateStreamOnHGlobal

oleaut32

VariantInit
VariantClear
VariantCopy
VarUI4FromStr

gdiplus

GdipDeleteBrush
GdipSetImageAttributesWrapMode
GdipDisposeImageAttributes
GdipCloneBrush
GdipAlloc
GdipFree
GdipCreateSolidFill
GdipDisposeImage
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipCreateFromHDC
GdipGetImageGraphicsContext
GdipSetInterpolationMode
GdipSetPixelOffsetMode
GdipSetPageUnit
GdipDrawString
GdipDrawImageI
GdipDrawImageRectRectI
GdipSetClipRectI
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipLoadImageFromStream
GdipCloneImage
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromScan0
GdiplusStartup
GdiplusShutdown
GdipCreateImageAttributes
GdipDeleteGraphics

Exports

Exports

spc_call
spc_create_controller
spc_destroy_controller
spc_get_hwnd
spc_get_ideal_height
spc_update_duration
spc_update_fullscreen
spc_update_mute
spc_update_openstate
spc_update_playhead
spc_update_playstate
spc_update_rate
spc_update_repeat
spc_update_repeat_end
spc_update_repeat_start
spc_update_volume

Sections

.text
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b7bde60c872aa91b1a67a71380f66fdd

Code Sign

6f:53:b3:fa:97:d5:1f:a1:81:fb:88:62:fd:ab:f6:31Certificate

Extended Key Usages

01Certificate

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

gdiplus

Exports

Exports

Sections

.text Size: 99KB - Virtual size: 99KB

.rdata Size: 22KB - Virtual size: 21KB

.data Size: 7KB - Virtual size: 14KB

.rsrc Size: 96KB - Virtual size: 95KB

.reloc Size: 10KB - Virtual size: 9KB

6f:53:b3:fa:97:d5:1f:a1:81:fb:88:62:fd:ab:f6:31
Certificate

01
Certificate

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

.text
Size: 99KB - Virtual size: 99KB

.rdata
Size: 22KB - Virtual size: 21KB

.data
Size: 7KB - Virtual size: 14KB

.rsrc
Size: 96KB - Virtual size: 95KB

.reloc
Size: 10KB - Virtual size: 9KB