1c9d880884b41120faf019ec68cf78c0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

1c9d880884b41120faf019ec68cf78c0N.exe
Size

240KB
MD5

1c9d880884b41120faf019ec68cf78c0
SHA1

5022a206d0e092f2e33724ecab4a140fe346131a
SHA256

d9154f6e155a2b5555efe271abcdf1a665ad59130876668dcc60485f481625f9
SHA512

ff29c597b5cbc7916bcecf7cd1a86cc6051a9fe507fd00166a6fdb753640bed764820e4c22177ccdbaa18278e251bd97d8915ead0fd03c263cf9a7a1e0dccc9e
SSDEEP

3072:MnTWHvq7EhniCjdNGrWdtt03tJzP/r9I7mOIB0+RVCD1+sNDXiWTzyNpG6wljpxL:AqgWNUTTr9I7JIJPWdiWAMVjpuYnh4zq

Score

1^/10

Malware Config

Signatures

Files

1c9d880884b41120faf019ec68cf78c0N.exe
.dll windows:5 windows x86 arch:x86

b7bde60c872aa91b1a67a71380f66fdd

Code Sign

6f:53:b3:fa:97:d5:1f:a1:81:fb:88:62:fd:ab:f6:31
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

03/12/2009, 00:00

Not After

03/12/2011, 23:59

Subject

CN=axissoft\, Inc.,O=axissoft\, Inc.,L=Gangnam-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Program Files\Axissoft\StarPlayer\StarPlayerUI.pdb

Imports

kernel32

FreeLibrary
LoadLibraryExW
InterlockedIncrement
InterlockedDecrement
GetModuleHandleW
InitializeCriticalSection
GetModuleFileNameW
MultiByteToWideChar
lstrlenW
GetLastError
GetProcAddress
lstrcmpiW
DeleteCriticalSection
SetLastError
FlushFileBuffers
CloseHandle
CreateFileA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetCurrentThreadId
RaiseException
lstrcpyW
GetUserDefaultLangID
SizeofResource
GlobalUnlock
LockResource
GlobalLock
LeaveCriticalSection
EnterCriticalSection
LoadResource
FindResourceW
GlobalAlloc
GetCurrentProcess
FlushInstructionCache
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetConsoleMode
GetConsoleCP
SetFilePointer
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
ExitProcess
Sleep
HeapCreate
GetModuleHandleA
GetModuleFileNameA
GetStdHandle
WriteFile
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
RtlUnwind
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
LoadLibraryA
IsProcessorFeaturePresent

user32

DefWindowProcW
GetClassInfoExW
LoadCursorW
RegisterClassExW
wsprintfW
SetCursor
TrackMouseEvent
ReleaseCapture
CharNextW
GetClientRect
DestroyWindow
CreateWindowExW
GetWindowLongW
SetWindowLongW
UnregisterClassA
IsWindow
SetCapture
InvalidateRect
EndPaint
CallWindowProcW
BeginPaint

gdi32

SetBkMode
GetObjectA
GetStockObject
DeleteObject
CreateFontIndirectW
SetTextColor

advapi32

RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW
RegCreateKeyExW
RegSetValueExW

ole32

CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CreateStreamOnHGlobal

oleaut32

VariantInit
VariantClear
VariantCopy
VarUI4FromStr

gdiplus

GdipDeleteBrush
GdipSetImageAttributesWrapMode
GdipDisposeImageAttributes
GdipCloneBrush
GdipAlloc
GdipFree
GdipCreateSolidFill
GdipDisposeImage
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipCreateFromHDC
GdipGetImageGraphicsContext
GdipSetInterpolationMode
GdipSetPixelOffsetMode
GdipSetPageUnit
GdipDrawString
GdipDrawImageI
GdipDrawImageRectRectI
GdipSetClipRectI
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipLoadImageFromStream
GdipCloneImage
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromScan0
GdiplusStartup
GdiplusShutdown
GdipCreateImageAttributes
GdipDeleteGraphics

Exports

Exports

spc_call
spc_create_controller
spc_destroy_controller
spc_get_hwnd
spc_get_ideal_height
spc_update_duration
spc_update_fullscreen
spc_update_mute
spc_update_openstate
spc_update_playhead
spc_update_playstate
spc_update_rate
spc_update_repeat
spc_update_repeat_end
spc_update_repeat_start
spc_update_volume

Sections

.text
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b7bde60c872aa91b1a67a71380f66fdd

Code Sign

6f:53:b3:fa:97:d5:1f:a1:81:fb:88:62:fd:ab:f6:31Certificate

Extended Key Usages

01Certificate

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

gdiplus

Exports

Exports

Sections

.text Size: 99KB - Virtual size: 99KB

.rdata Size: 22KB - Virtual size: 21KB

.data Size: 7KB - Virtual size: 14KB

.rsrc Size: 96KB - Virtual size: 95KB

.reloc Size: 10KB - Virtual size: 9KB

6f:53:b3:fa:97:d5:1f:a1:81:fb:88:62:fd:ab:f6:31
Certificate

01
Certificate

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

.text
Size: 99KB - Virtual size: 99KB

.rdata
Size: 22KB - Virtual size: 21KB

.data
Size: 7KB - Virtual size: 14KB

.rsrc
Size: 96KB - Virtual size: 95KB

.reloc
Size: 10KB - Virtual size: 9KB