3100b24007cf7dced07eb7f754f7e66bc74c2a9e0002406f58db02e52af595a0

Sharing

Copy URL

Twitter E-mail

General

Target

3100b24007cf7dced07eb7f754f7e66bc74c2a9e0002406f58db02e52af595a0
Size

2.1MB
MD5

e3a187781388e8fb5a9f0a9275c42d3c
SHA1

78808a38e0471ab00072adca37af31f5cc4ff9f5
SHA256

3100b24007cf7dced07eb7f754f7e66bc74c2a9e0002406f58db02e52af595a0
SHA512

877604fdd1c4a681973bc2b547001d05e65b00927906eb5c34c1a215a0bf23872e91182298a7ef2e5a5d7c68e1bd4d0aa6871facb1e0cf4826b5347e3acba52f
SSDEEP

49152:yS0HTnERpcVMRAdmD6TBTN3qyin3joC29nVfcWHk41hbcgD5je6g:UzgpcVMR9D6BTN3qyin3jYnWWHk4Xcge

Score

1^/10

Malware Config

Signatures

Files

3100b24007cf7dced07eb7f754f7e66bc74c2a9e0002406f58db02e52af595a0
.exe windows:5 windows x86 arch:x86

edd2b8c0cb637dca02f2941f247f999d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

50:b4:e4:f2:16:1d:a9:cc:19:80:a0:43:90:34:35:cd
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

01-10-2012 00:00

Not After

05-10-2013 23:59

Subject

CN=CANON INC.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Office Imaging Products,O=CANON INC.,L=Kawasaki,ST=Kanagawa,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

16:0e:cb:71:c7:bf:f1:98:e5:39:35:ec:df:14:5d:c8:57:2a:29:f6
Signer

Actual PE Digest

16:0e:cb:71:c7:bf:f1:98:e5:39:35:ec:df:14:5d:c8:57:2a:29:f6

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

I:\dds\INSTALLER\TBIst\TBIst\Win32\Release\Setup.pdb

Imports

kernel32

lstrcmpW
InterlockedDecrement
GetModuleFileNameW
ReleaseActCtx
CreateActCtxW
InitializeCriticalSectionAndSpinCount
FreeResource
GlobalSize
GlobalLock
GlobalUnlock
lstrlenW
DeleteCriticalSection
EnterCriticalSection
CompareStringW
LeaveCriticalSection
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
GetCurrentThreadId
FindNextFileW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetThreadLocale
lstrcmpiW
CreateFileW
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
GetVolumeInformationW
GetFullPathNameW
GetCurrentProcessId
InterlockedExchange
LoadLibraryExW
GetLocaleInfoW
GetSystemDefaultUILanguage
ConvertDefaultLocale
GetUserDefaultUILanguage
GetCurrentThread
lstrcmpA
SetThreadPriority
ResumeThread
WaitForSingleObject
WritePrivateProfileStringW
InterlockedIncrement
LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
GlobalGetAtomNameW
lstrlenA
GetSystemDirectoryW
lstrcpyW
SizeofResource
SetErrorMode
GetFileAttributesExW
GetFileSizeEx
GetFileTime
GetWindowsDirectoryW
GetNumberFormatW
GetTempFileNameW
GetTempPathW
GetProfileIntW
SearchPathW
VirtualProtect
FindResourceExW
GetCommandLineW
HeapSetInformation
GetStartupInfoW
RemoveDirectoryW
CreateDirectoryW
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
HeapFree
HeapAlloc
RtlUnwind
RaiseException
HeapReAlloc
ExitProcess
ExitThread
CreateThread
HeapQueryInformation
HeapSize
VirtualAlloc
GetSystemInfo
VirtualQuery
SetStdHandle
GetFileType
SetUnhandledExceptionFilter
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
HeapCreate
QueryPerformanceCounter
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetStringTypeW
LCMapStringW
IsProcessorFeaturePresent
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
WriteConsoleW
MulDiv
FindClose
FindFirstFileW
OpenMutexW
GetTickCount
DeleteFileW
GlobalFree
GlobalAlloc
GetVersionExW
GetFileAttributesW
SetFileAttributesW
CopyFileW
GetCurrentDirectoryW
GetExitCodeProcess
GetExitCodeThread
Sleep
CreateProcessW
ReleaseMutex
CreateMutexW
OutputDebugStringW
GetDriveTypeW
GetDiskFreeSpaceExW
ActivateActCtx
GetModuleHandleW
DeactivateActCtx
MultiByteToWideChar
LocalFree
FormatMessageW
SetLastError
GetLastError
CloseHandle
GetCurrentProcess
GetPrivateProfileIntW
GetPrivateProfileStringW
FreeLibrary
GetProcAddress
LoadLibraryW
FindResourceW
LoadResource
LockResource
WideCharToMultiByte
SetEnvironmentVariableA

setupapi

SetupIterateCabinetW

user32

SetCapture
InvalidateRgn
CopyAcceleratorTableW
OffsetRect
CharNextW
PostThreadMessageW
DeleteMenu
InvalidateRect
SetRect
MessageBeep
ReleaseCapture
SetLayeredWindowAttributes
EnumDisplayMonitors
GetNextDlgGroupItem
IsIconic
GetMenuDefaultItem
EnableWindow
SendMessageW
LoadIconW
CreatePopupMenu
GetAsyncKeyState
SetClassLongW
WindowFromPoint
DestroyAcceleratorTable
InvertRect
DrawFocusRect
HideCaret
CopyImage
IntersectRect
UnregisterClassW
RealChildWindowFromPoint
LoadCursorW
GetSysColorBrush
ShowOwnedPopups
SetCursor
GetMessageW
GetCursorPos
EnableScrollBar
NotifyWinEvent
GetIconInfo
LoadImageW
DrawIconEx
IsZoomed
SetWindowRgn
IsClipboardFormatAvailable
SetParent
SetRectEmpty
PeekMessageW
TranslateMessage
DispatchMessageW
GetWindowRect
CopyRect
IsRectEmpty
GetClientRect
ClientToScreen
ExitWindowsEx
GetDesktopWindow
MessageBoxW
SetForegroundWindow
GetDC
ReleaseDC
GetSysColor
DestroyIcon
GetSystemMenu
EnableMenuItem
SetTimer
KillTimer
FindWindowW
WaitForInputIdle
UpdateWindow
GetParent
RedrawWindow
LoadBitmapW
PostMessageW
RemoveMenu
GetSubMenu
GetMenuItemCount
InsertMenuW
GetMenuItemID
AppendMenuW
GetMenuStringW
GetMenuState
EndDialog
GetNextDlgTabItem
IsWindowEnabled
GetDlgItem
GetWindowLongW
IsWindow
DestroyWindow
CreateDialogIndirectParamW
SetActiveWindow
GetActiveWindow
UnhookWindowsHookEx
GetKeyNameTextW
MapVirtualKeyW
GetWindow
PtInRect
SetWindowPos
SetWindowLongW
GetMenu
CallWindowProcW
DefWindowProcW
GetDlgCtrlID
GetWindowPlacement
SetWindowPlacement
SetScrollInfo
GetScrollInfo
DeferWindowPos
EqualRect
ScreenToClient
AdjustWindowRectEx
RegisterClassW
GetClassInfoW
GetClassInfoExW
CreateWindowExW
ValidateRect
IsWindowVisible
ShowScrollBar
GetScrollPos
SetScrollPos
GetScrollRange
SetScrollRange
SetMenu
GetKeyState
DrawStateW
DrawEdge
DrawFrameControl
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
LoadAcceleratorsW
CreateAcceleratorTableW
SetCursorPos
BringWindowToTop
LockWindowUpdate
TranslateAcceleratorW
InsertMenuItemW
ReuseDDElParam
UnpackDDElParam
OpenClipboard
SetClipboardData
CloseClipboard
EmptyClipboard
IsCharLowerW
MapVirtualKeyExW
UnionRect
UpdateLayeredWindow
MonitorFromPoint
IsMenu
WaitMessage
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
CreateMenu
SetMenuDefaultItem
FrameRect
GetUpdateRect
CopyIcon
CharUpperBuffW
GetDoubleClickTime
SubtractRect
DrawIcon
TrackPopupMenu
DestroyCursor
GetWindowRgn
ScrollWindow
MapWindowPoints
GetMonitorInfoW
MonitorFromWindow
GetMessagePos
GetMessageTime
GetTopWindow
EndDeferWindowPos
BeginDeferWindowPos
GetLastActivePopup
GetForegroundWindow
GetWindowTextW
GetWindowTextLengthW
SetFocus
GetFocus
RemovePropW
GetPropW
SetPropW
GetClassNameW
GetClassLongW
CallNextHookEx
SetWindowsHookExW
GetCapture
IsChild
WinHelpW
SendDlgItemMessageA
SetWindowContextHelpId
MapDialogRect
RegisterClipboardFormatW
PostQuitMessage
SendDlgItemMessageW
RegisterWindowMessageW
GetWindowThreadProcessId
EndPaint
BeginPaint
GetWindowDC
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
SystemParametersInfoW
DestroyMenu
GetMenuItemInfoW
InflateRect
CharUpperW
GetSystemMetrics
LoadMenuW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
CheckMenuItem
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
CheckDlgButton

gdi32

GetWindowExtEx
GetViewportExtEx
CreateRectRgn
SelectClipRgn
SetLayout
GetLayout
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
GetTextExtentPoint32W
ExtTextOutW
BitBlt
CreateBitmap
SetBkColor
SetTextColor
PatBlt
CreateRectRgnIndirect
CreateDCW
CopyMetaFileW
StretchBlt
CreateCompatibleDC
CreateFontIndirectW
GetObjectW
GetStockObject
CreateSolidBrush
DeleteObject
GetDeviceCaps
CreateHatchBrush
GetTextMetricsW
SetRectRgn
CombineRgn
GetMapMode
DPtoLP
GetPixel
CreateCompatibleBitmap
EnumFontFamiliesW
GetTextCharsetInfo
GetBkColor
GetTextColor
GetRgnBox
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
CreateDIBSection
CreateRoundRectRgn
CreatePolygonRgn
CreateEllipticRgn
Polyline
Ellipse
Polygon
SetDIBColorTable
SetPixel
Rectangle
OffsetRgn
EnumFontFamiliesExW
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
SetPixelV
GetTextFaceW
PtVisible
RectVisible
TextOutW
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreatePatternBrush
SelectPalette
GetObjectType
CreatePen
CreateDIBitmap

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegEnumKeyW
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCreateKeyExW
RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegEnumKeyExW
RegEnumValueW
RegQueryValueW
OpenProcessToken
RegDeleteValueW
RegDeleteKeyW

shell32

SHGetDesktopFolder
SHGetFileInfoW
SHGetPathFromIDListW
DragQueryFileW
SHAppBarMessage
SHBrowseForFolderW
DragFinish
ShellExecuteW
SHGetSpecialFolderLocation

comctl32

InitCommonControlsEx
ImageList_GetIconSize

shlwapi

SHDeleteKeyW
PathStripToRootW
PathIsUNCW
PathFindExtensionW
PathFindFileNameW
PathFileExistsW
PathRemoveFileSpecW

ole32

RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleGetClipboard
DoDragDrop
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CreateStreamOnHGlobal
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
CoGetClassObject
CoInitialize
CLSIDFromString
CLSIDFromProgID
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CoCreateGuid
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoUninitialize
CoCreateInstance
CoInitializeEx
CoTaskMemFree

oleaut32

SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VarBstrFromDate
OleCreateFontIndirect
VariantCopy
SysAllocString
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SysFreeString

oledlg

OleUIBusyW

oleacc

CreateStdAccessibleObject
LresultFromObject
AccessibleObjectFromWindow

gdiplus

GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCreateBitmapFromScan0
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipGetImageGraphicsContext
GdipCloneImage
GdipDrawImageI

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundW

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 299KB - Virtual size: 299KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 310KB - Virtual size: 310KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 173KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

edd2b8c0cb637dca02f2941f247f999d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

50:b4:e4:f2:16:1d:a9:cc:19:80:a0:43:90:34:35:cdCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

16:0e:cb:71:c7:bf:f1:98:e5:39:35:ec:df:14:5d:c8:57:2a:29:f6Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

setupapi

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

oleacc

gdiplus

imm32

winmm

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 299KB - Virtual size: 299KB

.data Size: 25KB - Virtual size: 57KB

.rsrc Size: 310KB - Virtual size: 310KB

.reloc Size: 173KB - Virtual size: 172KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

50:b4:e4:f2:16:1d:a9:cc:19:80:a0:43:90:34:35:cd
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

16:0e:cb:71:c7:bf:f1:98:e5:39:35:ec:df:14:5d:c8:57:2a:29:f6
Signer

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 299KB - Virtual size: 299KB

.data
Size: 25KB - Virtual size: 57KB

.rsrc
Size: 310KB - Virtual size: 310KB

.reloc
Size: 173KB - Virtual size: 172KB