05978f4b874657b4287fe4bcd6670fa0[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

05978f4b874657b4287fe4bcd6670fa0.exe
Size

1.3MB
MD5

05978f4b874657b4287fe4bcd6670fa0
SHA1

34531e5631d467b2ccec96ee3c462fc834468b9a
SHA256

a82e029e0ab2129c5b0261e7f83a1a245ffaf98371b06972c18862608f57461f
SHA512

a10006f6a9b39c67bbd0bc4f6b2c2a2bb6f1a2d8fbb05e34293d1ddc84a28ccbf713874f0dec0ca6fdedfa8e8c2d320cf66ab1322f41cb77fabc708d9c4a354c
SSDEEP

12288:aqZiPPFxlqn6c45caHXoJtiVKyiipmyCZsA3IoGGLhpJjoXloSfEvtO:tZiPN+6z5NYJbeEPZsA8/XqSfmw

Score

1^/10

Malware Config

Signatures

Files

05978f4b874657b4287fe4bcd6670fa0.exe
.dll windows:5 windows x86 arch:x86

45bb4140e0b84298f51a09daec90770a

Code Sign

11:21:35:2e:0b:20:23:d1:a7:51:88:6d:cb:e9:7d:37:79:5e
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

21/02/2014, 16:58

Not After

30/05/2015, 17:52

Subject

CN=Disc Soft Ltd,O=Disc Soft Ltd,L=Belize city,ST=Belize,C=BZ,1.2.840.113549.1.9.1=#0c1366696e707240646973632d736f66742e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

23/08/2013, 00:00

Not After

23/09/2024, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G1,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2f:6b:87:e7:78:88:6b:a6:cf:52:c3:09:a8:e2:12:9d:8e:33:23:8c
Signer

Actual PE Digest

2f:6b:87:e7:78:88:6b:a6:cf:52:c3:09:a8:e2:12:9d:8e:33:23:8c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\Projects\dtpro\setup\plugin\SetupHlp\ReleaseUninstaller\UninstHlp.pdb

Imports

comctl32

ImageList_Destroy
ImageList_ReplaceIcon
ImageList_Create

ole32

CoCreateInstance

user32

IsWindow
ScreenToClient
GetWindowRect
ReleaseDC
GetDC
GetSystemMetrics
LoadStringW
FindWindowExW
RegisterWindowMessageW
wsprintfW
GetParent
PostMessageW
SendMessageTimeoutW
SetWindowTextW
GetDlgItem
EndDialog
DialogBoxParamW
SetFocus
SetWindowPos
SendMessageW
GetWindowThreadProcessId
GetShellWindow
MessageBoxW
SetWindowLongW
EnumWindows
GetWindowLongW
GetClientRect
CreateWindowExW
SetTimer

advapi32

RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueA
RegCreateKeyA
SetEntriesInAclW
SetNamedSecurityInfoW
RegDeleteValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegSetValueExA
RegDeleteKeyA
RegCreateKeyExA
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
FreeSid
AllocateAndInitializeSid
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
UnregisterTraceGuids
RegisterTraceGuidsW
TraceEvent
SaferComputeTokenFromLevel
SaferCloseLevel
SaferCreateLevel
DuplicateTokenEx
CreateProcessAsUserW
CopySid
GetLengthSid
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
IsValidSid
SetTokenInformation
OpenProcessToken
RegSetValueExW
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExW
RegOpenKeyExA
RegCloseKey

shell32

SHGetFolderPathW
ShellExecuteExW
SHGetFileInfoW
ShellExecuteW
SHGetDesktopFolder
SHChangeNotify

kernel32

GetCommandLineA
GetFileAttributesExW
LoadLibraryExW
ExitThread
CreateThread
EncodePointer
GlobalAddAtomW
DeleteAtom
GetPrivateProfileStringW
WritePrivateProfileStringW
GetStdHandle
GetFileType
GetStartupInfoW
SetFilePointerEx
IsDebuggerPresent
GetACP
GetOEMCP
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleFileNameA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
LCMapStringW
EnumSystemLocalesW
SetStdHandle
WriteConsoleW
OutputDebugStringW
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleExW
FlushFileBuffers
GetConsoleCP
IsValidCodePage
GetConsoleMode
LoadLibraryExA
RtlUnwind
WideCharToMultiByte
GetSystemTimeAsFileTime
GetUserDefaultLCID
GlobalAlloc
GlobalFree
LockResource
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
RaiseException
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LoadResource
SizeofResource
FindResourceW
FindResourceExW
CreateDirectoryW
MultiByteToWideChar
GetProcAddress
OpenProcess
CloseHandle
GetModuleHandleW
SetEnvironmentVariableW
FreeLibrary
LocalAlloc
LocalFree
LoadLibraryW
InterlockedExchange
TerminateProcess
WaitForSingleObject
DeleteFileW
Sleep
GetWindowsDirectoryW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
Module32FirstW
Module32NextW
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateMutexW
DecodePointer
VirtualAlloc
VirtualFree
GetCurrentProcessId
SetEvent
lstrcpyA
lstrcatA
CreateMutexA
CreateEventA
CreateEventW
GetModuleFileNameW
FindClose
FindFirstFileW
FindNextFileW
GetLocaleInfoW
IsValidLocale
ReadFile
CreateFileW
GetVersionExW
GetCurrentProcess
GetCurrentThreadId
SetLastError
EnterCriticalSection
LeaveCriticalSection
WriteFile

oleaut32

VariantClear
SysFreeString
SysAllocStringByteLen
SysStringByteLen
SysAllocString

shlwapi

PathFindFileNameW
PathFileExistsW

Exports

Exports

A0DB34FC6FE35D429A28ADDE5467D4D7
CheckGUIStarted
CloseGadget
GetAccountLink
GetBuyNowLink
GetFileVersionHlp
GetFinishStr
GetOSInfo
GetParamStr
GetStr
Hlp11
InitInstance
InitLang
IsAdmin
IsNeedGadget
LoadRTFToReachEdit
QuoteStr
RemoveCommonCompDT
RemoveFileAssociations
RestartManagerRemove
SetupFreeDT
SetupFreeDefault
SetupInitDT
SetupInitDefault
UninstallFinishPageFree
UninstallFinishPageInit
UnpinProgram
checkNETFrameworkInstalled

Sections

.text
Size: 199KB - Virtual size: 198KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text0
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 923KB - Virtual size: 923KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

45bb4140e0b84298f51a09daec90770a

Code Sign

11:21:35:2e:0b:20:23:d1:a7:51:88:6d:cb:e9:7d:37:79:5eCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:2f:4e:e1:35:5cCertificate

Extended Key Usages

Key Usages

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

2f:6b:87:e7:78:88:6b:a6:cf:52:c3:09:a8:e2:12:9d:8e:33:23:8cSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

ole32

user32

advapi32

shell32

kernel32

oleaut32

shlwapi

Exports

Exports

Sections

.text Size: 199KB - Virtual size: 198KB

.rdata Size: 100KB - Virtual size: 100KB

.data Size: 23KB - Virtual size: 37KB

.text0 Size: 17KB - Virtual size: 16KB

.reloc Size: 12KB - Virtual size: 11KB

.rsrc Size: 923KB - Virtual size: 923KB

11:21:35:2e:0b:20:23:d1:a7:51:88:6d:cb:e9:7d:37:79:5e
Certificate

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

2f:6b:87:e7:78:88:6b:a6:cf:52:c3:09:a8:e2:12:9d:8e:33:23:8c
Signer

.text
Size: 199KB - Virtual size: 198KB

.rdata
Size: 100KB - Virtual size: 100KB

.data
Size: 23KB - Virtual size: 37KB

.text0
Size: 17KB - Virtual size: 16KB

.reloc
Size: 12KB - Virtual size: 11KB

.rsrc
Size: 923KB - Virtual size: 923KB