1923dae6b9bcd99d3ad2468d53c4cc854d166b8b31d987e746a8504f5022ec76

Sharing

Copy URL

Twitter E-mail

General

Target

1923dae6b9bcd99d3ad2468d53c4cc854d166b8b31d987e746a8504f5022ec76
Size

7.8MB
MD5

d1a3ab4e2052f2609c65b6916806134a
SHA1

65958853ae0df505aba5b4ac85645b28f4809cf2
SHA256

1923dae6b9bcd99d3ad2468d53c4cc854d166b8b31d987e746a8504f5022ec76
SHA512

7ea3a6d27270a1b6db52e0e344956917cc4f392701a58dad4e607ade0642d288532922112ef658ad63f72fcdb23d3303b56d4fef976684687a05b064bbc4bc61
SSDEEP

6144:dtyZZlWcE7gSZwyi6fBaFN7bW28Ha6vXkGMUHVw:uLlkZwyiGkFN7bXua2nHV

Score

1^/10

Malware Config

Signatures

Files

1923dae6b9bcd99d3ad2468d53c4cc854d166b8b31d987e746a8504f5022ec76
.exe windows:6 windows x86 arch:x86

0089e03f423ff16b826c702fe4870d6d

Code Sign

33:00:00:00:34:24:31:40:c9:a0:c1:79:8d:00:00:00:00:00:34
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

27-03-2013 20:08

Not After

27-06-2014 20:08

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24-01-2013 22:33

Not After

24-04-2014 22:33

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:1a:77:bb:74:b3:07:d1:16:b8:00:00:00:00:00:1a
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24-09-2013 17:41

Not After

24-12-2014 17:41

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6d:86:92:f3:af:29:d0:48:63:f1:29:8b:8d:fb:7d:86:76:14:62:6b:28:b1:af:2f:1e:84:9e:ee:8a:26:b8:4b
Signer

Actual PE Digest

6d:86:92:f3:af:29:d0:48:63:f1:29:8b:8d:fb:7d:86:76:14:62:6b:28:b1:af:2f:1e:84:9e:ee:8a:26:b8:4b

Digest Algorithm

sha256

PE Digest Matches

false

ef:f4:8a:d0:b8:07:5c:0d:ab:8d:11:b4:c6:72:df:27:58:19:f8:71
Signer

Actual PE Digest

ef:f4:8a:d0:b8:07:5c:0d:ab:8d:11:b4:c6:72:df:27:58:19:f8:71

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

LangSelector.pdb

Imports

advapi32

RegCloseKey
RegOpenCurrentUser
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
GetSecurityDescriptorOwner
SetNamedSecurityInfoW
ImpersonateLoggedOnUser
RevertToSelf
RegQueryInfoKeyW
RegEnumValueW
GetSecurityDescriptorDacl
RegDeleteValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
GetTokenInformation
OpenProcessToken
GetUserNameW
RegGetValueW
GetTraceLoggerHandle
UnregisterTraceGuids
RegisterTraceGuidsW
TraceEvent

kernel32

SizeofResource
LoadResource
LockResource
FreeResource
GetThreadPriority
SetThreadPriority
ResetEvent
FileTimeToSystemTime
GlobalFree
WaitForMultipleObjects
GetLongPathNameW
ExpandEnvironmentStringsW
VirtualFree
OpenFileMappingW
VirtualAlloc
GetCurrentThread
lstrlenW
SetFilePointerEx
GetProcessHeap
HeapFree
HeapAlloc
GetUserDefaultLocaleName
GetProductInfo
GetNativeSystemInfo
ReleaseMutex
GetExitCodeThread
CreateThread
SetEvent
GetFileAttributesExW
LocalAlloc
DeleteTimerQueueTimer
CreateTimerQueueTimer
RaiseException
UnlockFileEx
LockFileEx
CompareStringEx
SystemTimeToFileTime
CreateHardLinkTransactedW
MoveFileExW
DeleteFileTransactedW
GetSystemTime
SetFileTime
RemoveDirectoryA
GetTempPathA
FileTimeToDosDateTime
GetFullPathNameA
GetFileInformationByHandle
GetFileAttributesA
FileTimeToLocalFileTime
DeleteFileA
CreateFileA
CreateEventW
CreateMutexW
InterlockedCompareExchange
GetCommandLineW
GetLocaleInfoEx
LocalFree
GetTickCount
FindResourceW
Sleep
GetTempPathW
RemoveDirectoryW
GetNamedPipeServerProcessId
QueryFullProcessImageNameW
OpenProcess
WaitForSingleObject
CreateNamedPipeW
GetTempFileNameW
GetComputerNameExW
GetModuleFileNameW
GetLocalTime
GetCurrentProcessId
GetFileAttributesW
FlushFileBuffers
GetSystemDefaultLocaleName
MultiByteToWideChar
GetComputerNameW
UnmapViewOfFile
MapViewOfFile
LoadLibraryExW
DuplicateHandle
CreateFileMappingW
GetFileSize
CopyFileW
WerRegisterFile
GetSystemDefaultLCID
GetSystemDefaultUILanguage
WideCharToMultiByte
InterlockedIncrement
CloseHandle
WriteFile
SetFilePointer
SetFileAttributesW
ReadFile
GetFullPathNameW
GetFileSizeEx
CreateFileW
CreateDirectoryW
CompareFileTime
GetEnvironmentVariableW
GetVersionExW
GetSystemInfo
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
GetTickCount64
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
EncodePointer
FreeLibrary
GetProcAddress
LoadLibraryW
FindAtomW
CompareStringW
GetThreadUILanguage
DeleteCriticalSection
GetModuleHandleW
SetDllDirectoryW
GlobalMemoryStatusEx
FreeLibraryAndExitThread
OpenMutexW
InterlockedExchange
InterlockedDecrement
SetLastError
GetLastError
GetCurrentProcess

user32

DispatchMessageW
GetSystemMetrics
TranslateMessage
MsgWaitForMultipleObjects
PostMessageW
SetProcessDefaultLayout
SendMessageW
LoadStringW
PeekMessageW

msvcr110

ceil
??_V@YAXPAX@Z
_XcptFilter
_calloc_crt
__dllonexit
_onexit
_invoke_watson
_controlfp_s
_except_handler4_common
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
_lock
__crtSetUnhandledExceptionFilter
?terminate@@YAXXZ
??1type_info@@UAE@XZ
??2@YAPAXI@Z
_commode
wcsstr
rand_s
_wcsnicmp
_wcsicmp
wcsrchr
towupper
_CxxThrowException
_purecall
memset
memcpy
__CxxFrameHandler3
_vsnwprintf
_vsnprintf
realloc
malloc
free
??3@YAXPAX@Z
_fmode
_acmdln
_initterm
_initterm_e
__setusermatherr
sprintf_s
strcpy_s
isspace
isprint
wcstoul
wcschr
wcstok_s
qsort
_wtoi
memcmp
memmove
iswspace
??_U@YAPAXI@Z
towlower
_configthreadlocale
_ismbblead
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__crtGetShowWindowMode
_unlock

shell32

SHCreateDirectoryExW
ord165
SHGetKnownFolderPath
ShellExecuteW
SHGetFolderPathAndSubDirW
CommandLineToArgvW
ord43
SHGetSpecialFolderPathW

ole32

CoTaskMemFree
CoInitializeEx
StringFromGUID2
CoCreateGuid
CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

SysFreeString
SysAllocString
SysStringLen

uxcore

?Click@Button@DirectUI@@2PAEA
?Class@HWNDElement@DirectUI@@2PAUIClassInfo@2@A
?IDProp@Element@DirectUI@@2PAUPropertyInfo@2@A
?LayoutPosProp@Element@DirectUI@@2PAUPropertyInfo@2@A
?ParentProp@Element@DirectUI@@2PAUPropertyInfo@2@A
?GetTopHWNDParent@DirectUI@@YGPAUHWND__@@PAU2@H@Z
?GetSelectedString@Combobox@DirectUI@@QAEPA_WPAPAVValue@2@@Z
?FindDescendent@Element@DirectUI@@QAEPAV12@G@Z
?CreateInt@Value@DirectUI@@SGPAV12@W4Flags@DuiValueFlags@@H@Z
?_ZeroRelease@Value@DirectUI@@AAEXXZ
?StrToID@DirectUI@@YGGPB_W@Z
??0CDUIDialog@@QAE@XZ
??1CDUIDialog@@UAE@XZ
?InsertString@Combobox@DirectUI@@QAEHHPB_W@Z
?ResetContent@Combobox@DirectUI@@QAEHXZ
?RMLoadStringBSTR@@YGPA_WPBDIK@Z
?SelectionProp@Combobox@DirectUI@@2PAUPropertyInfo@2@A
?CreateBool@Value@DirectUI@@SGPAV12@W4Flags@DuiValueFlags@@_N@Z
?SetValue@Element@DirectUI@@QAEJPBUPropertyInfo@2@HPAVValue@2@@Z
?RMLoadString@@YGIPBDIPA_WIK@Z
?EnabledProp@Element@DirectUI@@2PAUPropertyInfo@2@A
?Class@Combobox@DirectUI@@2PAUIClassInfo@2@A
?SelectionChange@Combobox@DirectUI@@2PAEA
DuiCreateObject
?RMUpdateResourceSet@@YG_NPBDPB_WK11PAUHINSTANCE__@@@Z
UXCoreInitProcess
UXCoreInitThread
UXCoreUnInitProcess
?GetValue@Element@DirectUI@@QBEPAVValue@2@PBUPropertyInfo@2@H@Z
UXCoreUnInitThread
?DoModal@CDUIDialog@@QAEHPBDGPB_WPAUHWND__@@PAUtagPOINT@@1_N1@Z

wintrust

WTHelperProvDataFromStateData
WinVerifyTrustEx
WTHelperGetProvSignerFromChain

secur32

GetUserNameExW

crypt32

CryptBinaryToStringW
CryptStringToBinaryW
CertVerifyCertificateChainPolicy

shlwapi

PathRemoveArgsW
PathFindFileNameA
StrRChrW
StrCmpNW
ord437
PathAppendW
PathCombineW
PathIsDirectoryW
PathRemoveFileSpecW
PathFileExistsW
PathFindExtensionW
PathFindFileNameW
PathIsRelativeW
PathStripPathW
StrStrIW
PathFileExistsA
PathUnquoteSpacesW
SHGetValueW

winhttp

WinHttpAddRequestHeaders
WinHttpWriteData
WinHttpCrackUrl
WinHttpGetDefaultProxyConfiguration
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpQueryHeaders
WinHttpSetOption
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpOpenRequest
WinHttpSetTimeouts
WinHttpQueryDataAvailable
WinHttpSetStatusCallback
WinHttpTimeFromSystemTime
WinHttpReadData
WinHttpSetCredentials
WinHttpConnect
WinHttpCloseHandle
WinHttpOpen

cabinet

ord20
ord10
ord23
ord11
ord14
ord22
ord13

ntdll

NtQuerySystemTime
RtlAllocateHeap
RtlFreeHeap

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

wer

WerReportCloseHandle
WerReportAddFile
WerReportSetParameter
WerReportCreate
WerReportSubmit
WerReportSetUIOption

ktmw32

CreateTransaction
RollbackTransaction
CommitTransaction

pdh

PdhGetFormattedCounterValue
PdhOpenQueryW
PdhAddEnglishCounterW
PdhCollectQueryData
PdhCloseQuery

Sections

.text
Size: 231KB - Virtual size: 230KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0089e03f423ff16b826c702fe4870d6d

Code Sign

33:00:00:00:34:24:31:40:c9:a0:c1:79:8d:00:00:00:00:00:34Certificate

Extended Key Usages

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0Certificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

33:00:00:00:1a:77:bb:74:b3:07:d1:16:b8:00:00:00:00:00:1aCertificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

6d:86:92:f3:af:29:d0:48:63:f1:29:8b:8d:fb:7d:86:76:14:62:6b:28:b1:af:2f:1e:84:9e:ee:8a:26:b8:4bSigner

ef:f4:8a:d0:b8:07:5c:0d:ab:8d:11:b4:c6:72:df:27:58:19:f8:71Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

msvcr110

shell32

ole32

oleaut32

uxcore

wintrust

secur32

crypt32

shlwapi

winhttp

cabinet

ntdll

version

wer

ktmw32

pdh

Sections

.text Size: 231KB - Virtual size: 230KB

.data Size: 3KB - Virtual size: 12KB

.rsrc Size: 49KB - Virtual size: 48KB

.reloc Size: 22KB - Virtual size: 21KB

33:00:00:00:34:24:31:40:c9:a0:c1:79:8d:00:00:00:00:00:34
Certificate

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:00:1a:77:bb:74:b3:07:d1:16:b8:00:00:00:00:00:1a
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

6d:86:92:f3:af:29:d0:48:63:f1:29:8b:8d:fb:7d:86:76:14:62:6b:28:b1:af:2f:1e:84:9e:ee:8a:26:b8:4b
Signer

ef:f4:8a:d0:b8:07:5c:0d:ab:8d:11:b4:c6:72:df:27:58:19:f8:71
Signer

.text
Size: 231KB - Virtual size: 230KB

.data
Size: 3KB - Virtual size: 12KB

.rsrc
Size: 49KB - Virtual size: 48KB

.reloc
Size: 22KB - Virtual size: 21KB