2472fe355d3b892ff43537461614d18208830e8c827dc8a43e7463938e6fc0c3

Sharing

Copy URL

Twitter E-mail

General

Target

2472fe355d3b892ff43537461614d18208830e8c827dc8a43e7463938e6fc0c3
Size

595KB
MD5

a5ae41f5dcd02c79f201046200cd6887
SHA1

881a62cceb045da8178e205536dce0743420dedb
SHA256

2472fe355d3b892ff43537461614d18208830e8c827dc8a43e7463938e6fc0c3
SHA512

7e49d90efda6aecb6274c7e434d7e468ad663fc0014b22741d934f61b944a81e9ac8adc11e6d8285487e435ace8e00f37d21db82bf1aee8d88d1503e04510680
SSDEEP

12288:69D5XnxqG21JyQj8ZmAOMNHoPCjR5N1Xa0WeyDkdBr7Jtg:6N5XxFYAQfAtHooNsenBr7Jtg

Score

1^/10

Malware Config

Signatures

Files

2472fe355d3b892ff43537461614d18208830e8c827dc8a43e7463938e6fc0c3
.dll regsvr32 windows:5 windows x86 arch:x86

8672c373c0c769ed8705d20aff50852e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:31:4d:40:b7:bd:b8:b2:1d:0b:04:66:ba:ec:87:42
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

31-01-2013 00:00

Not After

31-01-2014 23:59

Subject

CN=AhnLab\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Information System Team,O=AhnLab\, Inc.,L=Seongnam,ST=Gyeounggi,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

57:46:a5:cd:1c:2c:ca:f8:57:d2:d2:0c:08:b4:f7:b3:01:7d:c4:fb
Signer

Actual PE Digest

57:46:a5:cd:1c:2c:ca:f8:57:d2:d2:0c:08:b4:f7:b3:01:7d:c4:fb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Build\Product\SiteGuard\2.0\Client\building\build\Product\SiteGuard\2.0\Client\Trunk\Build\NT32Release\SGagenti.pdb

Imports

shlwapi

PathIsURLW
StrRStrIA
PathFindFileNameW
PathFindFileNameA
PathAppendA
PathFileExistsA
PathAddBackslashA
PathFindExtensionA
PathRemoveExtensionA
PathFileExistsW
PathRemoveExtensionW
PathAddBackslashW
PathRemoveBackslashW
UrlUnescapeA
PathStripPathW
PathFindExtensionW
UrlCombineW
PathIsURLA
StrStrIW
StrStrIA
StrStrW
PathIsDirectoryW
PathAppendW
PathRemoveFileSpecW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

urlmon

CoInternetCombineUrl
URLDownloadToFileA
CoInternetGetSession
URLDownloadToCacheFileW

wininet

InternetCrackUrlA
InternetCanonicalizeUrlA
InternetCrackUrlW
GetUrlCacheEntryInfoW
InternetOpenA
InternetConnectA
HttpSendRequestA
InternetSetOptionA
HttpAddRequestHeadersA
InternetSetOptionW
HttpOpenRequestA
GetUrlCacheEntryInfoA
HttpQueryInfoW
HttpQueryInfoA
InternetQueryDataAvailable
InternetReadFile
InternetErrorDlg
InternetCloseHandle
InternetSetCookieW
CommitUrlCacheEntryW
DeleteUrlCacheEntryW
CreateUrlCacheEntryW
InternetCanonicalizeUrlW
InternetGetCookieA

iphlpapi

GetAdaptersInfo

kernel32

ReleaseSemaphore
WaitNamedPipeW
SetNamedPipeHandleState
GetSystemTimeAsFileTime
QueryPerformanceCounter
CreateSemaphoreW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
TerminateThread
WaitForMultipleObjects
GetOverlappedResult
CancelIo
GetLocalTime
GetCurrentProcessId
GetPrivateProfileIntW
GetSystemDirectoryW
WaitForSingleObject
SetEndOfFile
SetEvent
CreateEventW
lstrcmpA
GetFullPathNameW
GetVolumeInformationW
SetFileAttributesW
IsDebuggerPresent
GetModuleFileNameW
GetModuleHandleW
lstrlenW
GetProcAddress
SetLastError
GetLastError
LoadLibraryW
OutputDebugStringA
GetModuleHandleA
GetFileAttributesW
GetVersion
FreeLibrary
GetEnvironmentVariableW
DisableThreadLibraryCalls
InitializeCriticalSection
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
InterlockedIncrement
InterlockedDecrement
MultiByteToWideChar
LoadLibraryExW
lstrcmpiW
DeleteCriticalSection
RaiseException
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
Sleep
GetUserDefaultUILanguage
GetCurrentProcess
CloseHandle
IsBadStringPtrW
WideCharToMultiByte
lstrlenA
IsBadStringPtrA
ReadFile
GetFileSize
CreateFileW
VirtualProtect
VirtualQuery
GetTickCount
ReadProcessMemory
IsBadReadPtr
MoveFileW
SystemTimeToFileTime
GetSystemTime
CreateDirectoryW
WriteFile
SetFilePointer
DeleteFileW
CreateFileA
FindClose
FindNextFileW
FindFirstFileW
WritePrivateProfileStringW
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesW
WritePrivateProfileSectionW
GetPrivateProfileStringW
LocalFree
LocalAlloc
GetSystemDirectoryA
LoadLibraryA
DeleteFileA
GetTempFileNameA
GetTempPathA
GetVersionExW
CreateMutexW
OpenMutexW
GetLongPathNameW
InterlockedExchange
InterlockedCompareExchange
SwitchToThread
GetTempFileNameW
GetTempPathW
RemoveDirectoryW
GetCurrentDirectoryW
lstrcpynW

user32

CharLowerBuffW
CharNextW
IsWindow
IsWindowVisible
PostMessageW
GetClassNameW
GetParent
GetSystemMetrics
GetWindowRect
CharUpperW
MonitorFromRect
GetMonitorInfoW
SetWindowPos
GetDesktopWindow
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
CharUpperBuffW
EnableWindow
FindWindowExW
GetWindowThreadProcessId
LoadStringW

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyA
RegQueryValueExA
OpenProcessToken
GetTokenInformation
ConvertSidToStringSidW
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegEnumKeyExW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shell32

SHGetFolderPathW
SHGetSpecialFolderPathW

ole32

CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
StringFromCLSID
ProgIDFromCLSID
CoGetClassObject
StringFromGUID2

oleaut32

LoadTypeLi
RegisterTypeLi
UnRegisterTypeLi
VarBstrCat
VarBstrCmp
VariantInit
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreateVector
LoadRegTypeLi
VarUI4FromStr
SysAllocStringLen
SysStringLen
SysStringByteLen
SysAllocStringByteLen
SysFreeString
VariantClear
SysAllocString

msvcr90

_stricmp
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_except_handler4_common
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
wcscmp
wcsncat_s
_wcslwr_s
wcsstr
??2@YAPAXI@Z
_purecall
??_U@YAPAXI@Z
memcmp
wcscpy_s
_beginthreadex
_vsnprintf
_wsplitpath_s
_wmkdir
toupper
wcscspn
sprintf_s
strcmp
strtoul
strcat_s
_wcsrev
wcstod
free
wcstoul
_vsnwprintf
_wcsdup
strcpy_s
strtok_s
_wtoi64
_vsnprintf_s
strchr
wcstok_s
_snprintf_s
wcscat_s
wcsnlen
malloc
_wcsnicmp
clock
memcpy
_wtoi
_snwprintf_s
_wcsicmp
calloc
strncmp
_strlwr_s
_ultoa_s
_vscwprintf
vswprintf_s
strlen
strncat_s
strstr
?terminate@@YAXXZ
wcsncpy_s
memmove_s
wcslen
wcstol
tolower
isxdigit
wcschr
_strnicmp
_time64
_localtime64_s
wcsncmp
strncpy_s
memcpy_s
_vsnwprintf_s
_recalloc
wcsrchr
??_V@YAXPAX@Z
_CxxThrowException
memset
__CxxFrameHandler3
??3@YAXPAX@Z

ws2_32

htonl
getservbyname
htons
inet_addr
WSAGetLastError
gethostbyname
gethostbyaddr
getservbyport
ntohs
gethostname
inet_ntoa
WSASetLastError

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 380KB - Virtual size: 379KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 171KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8672c373c0c769ed8705d20aff50852e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

01:31:4d:40:b7:bd:b8:b2:1d:0b:04:66:ba:ec:87:42Certificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

57:46:a5:cd:1c:2c:ca:f8:57:d2:d2:0c:08:b4:f7:b3:01:7d:c4:fbSigner

Headers

File Characteristics

PDB Paths

Imports

shlwapi

version

urlmon

wininet

iphlpapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

msvcr90

ws2_32

Exports

Exports

Sections

.text Size: 380KB - Virtual size: 379KB

.rdata Size: 171KB - Virtual size: 170KB

.data Size: 7KB - Virtual size: 15KB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 22KB - Virtual size: 21KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

01:31:4d:40:b7:bd:b8:b2:1d:0b:04:66:ba:ec:87:42
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

57:46:a5:cd:1c:2c:ca:f8:57:d2:d2:0c:08:b4:f7:b3:01:7d:c4:fb
Signer

.text
Size: 380KB - Virtual size: 379KB

.rdata
Size: 171KB - Virtual size: 170KB

.data
Size: 7KB - Virtual size: 15KB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 22KB - Virtual size: 21KB