3b8e7226cf7eb40f11174fc47a322e3322f5fc4137f10cbda5e9fb2bf500365d

Sharing

Copy URL Twitter E-mail

General

Target

3b8e7226cf7eb40f11174fc47a322e3322f5fc4137f10cbda5e9fb2bf500365d
Size

858KB
MD5

68a42bbe105e3ea5e955f734fa5fcf66
SHA1

6ebe4f78c90ab7b9e341b0c5106e6e67210fa645
SHA256

3b8e7226cf7eb40f11174fc47a322e3322f5fc4137f10cbda5e9fb2bf500365d
SHA512

f1a75b5c68b0f9742e223a91da7035ccd10cd03559aec9354ae02e75019a886340858843ea5e0db8f5d61ad8721cf9a12bceba679b281004484be1dac83e0053
SSDEEP

24576:KW+uW+VHe6WwN7+mB1kNJAmHelgOTc3Xl3cyDNsE/HyRUl0yxbT6:KxwW+7+mB1kNJAmHelgOTc3XlMWd/Ljw

Score

1^/10

Malware Config

Signatures

Files

3b8e7226cf7eb40f11174fc47a322e3322f5fc4137f10cbda5e9fb2bf500365d
.dll windows:6 windows x86 arch:x86

2522ebd9710cdf8dd16a4ef98c82209a

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:64:0f:00:00:00:00:00:0b
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/01/2009, 01:58

Not After

20/03/2010, 02:08

Subject

CN=Microsoft Corporation,OU=AOC,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:02

Not After

25/07/2013, 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

f5:64:11:49:27:b4:f0:be:8b:d1:6a:b7:a0:71:49:a3:9e:b3:f4:80
Signer

Actual PE Digest

f5:64:11:49:27:b4:f0:be:8b:d1:6a:b7:a0:71:49:a3:9e:b3:f4:80

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

MCEWMDRMNDBridge.pdb

Imports

kernel32

DeviceIoControl
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetDiskFreeSpaceW
GlobalMemoryStatus
GetLocalTime
GetProcAddress
LoadLibraryW
FreeLibrary
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameA
IsDebuggerPresent
GetCurrentProcess
GetSystemTimeAsFileTime
GetTickCount
GetSystemTime
SystemTimeToFileTime
QueryPerformanceCounter
GetSystemDirectoryW
CreateFileW
WriteFile
ReadFile
SetFilePointer
FlushFileBuffers
GlobalMemoryStatusEx
CloseHandle
GetCurrentProcessId
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
LocalAlloc
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
MultiByteToWideChar
WideCharToMultiByte
Sleep
DeleteCriticalSection
OutputDebugStringA
ReleaseSemaphore
LocalFree
SetEvent
CreateEventW
GetVersionExW
GetLastError
InterlockedCompareExchange
EnterCriticalSection
LeaveCriticalSection
DisableThreadLibraryCalls
InitializeCriticalSection
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
VirtualQuery
GetConsoleMode
GetConsoleCP
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetOEMCP
GetACP
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
VirtualAlloc
VirtualFree
InitializeCriticalSectionAndSpinCount
VirtualProtect
GetSystemInfo
GetVersion
SetLastError
WaitForSingleObject
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateSemaphoreW
CreateThread
LoadLibraryA
GetSystemDirectoryA
GetCommandLineA
GetVersionExA
RaiseException
RtlUnwind
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
HeapDestroy
HeapCreate
HeapSize
GetCPInfo

advapi32

RegCloseKey
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
GetCurrentHwProfileW
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
TraceMessage

wmdrmsdk

WMDRMShutdown
WMDRMStartup
WMDRMCreateProvider

ole32

CoInitializeSecurity
CoUninitialize
CoInitializeEx
CoTaskMemAlloc
CoTaskMemFree
PropVariantClear
CoCreateInstance

oleaut32

VariantClear
VariantInit
SysFreeString
SysAllocString
SysStringLen
SysStringByteLen

mfplat

MFShutdown
MFCreateMediaBufferWrapper
MFCreateMemoryBuffer
MFCreateSample
MFCreateMediaEvent
MFCreateEventQueue
MFStartup
MFScheduleWorkItem
MFCancelWorkItem
MFUnlockPlatform
MFLockPlatform
MFPutWorkItemEx
MFCreateLegacyMediaBufferOnMFMediaBuffer

ws2_32

WSAGetLastError
getsockname
getpeername
bind
socket
closesocket
ioctlsocket
ntohl
inet_addr
gethostbyname
inet_ntoa
htonl
getservbyname
gethostbyaddr
getservbyport
WSASetLastError
WSAEnumNetworkEvents
WSAEventSelect
WSAStartup
ntohs
setsockopt
htons
shutdown

rpcrt4

UuidFromStringW
I_RpcMapWin32Status

setupapi

SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW

Exports

Exports

CreateMCENDBridge
GetMCENDBridgeSecurityVersion
ShutdownMCENDBridge
StartupMCENDBridge

Sections

.text
Size: 697KB - Virtual size: 696KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2522ebd9710cdf8dd16a4ef98c82209a

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:01:64:0f:00:00:00:00:00:0bCertificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

61:06:94:2d:00:00:00:00:00:09Certificate

Extended Key Usages

Key Usages

f5:64:11:49:27:b4:f0:be:8b:d1:6a:b7:a0:71:49:a3:9e:b3:f4:80Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

wmdrmsdk

ole32

oleaut32

mfplat

ws2_32

rpcrt4

setupapi

Exports

Exports

Sections

.text Size: 697KB - Virtual size: 696KB

.data Size: 123KB - Virtual size: 122KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 17KB - Virtual size: 16KB

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:01:64:0f:00:00:00:00:00:0b
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:06:94:2d:00:00:00:00:00:09
Certificate

f5:64:11:49:27:b4:f0:be:8b:d1:6a:b7:a0:71:49:a3:9e:b3:f4:80
Signer

.text
Size: 697KB - Virtual size: 696KB

.data
Size: 123KB - Virtual size: 122KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 17KB - Virtual size: 16KB