ae1be987876e921500384c5a2703fee1f82847d7c8adcbf76953f57ac0498468

Sharing

Copy URL Twitter E-mail

General

Target

ae1be987876e921500384c5a2703fee1f82847d7c8adcbf76953f57ac0498468
Size

2.0MB
MD5

47f2bddc6bfb9c66fe55f260bad964a2
SHA1

f355a875c561f025eef9735352435f3aa942ca15
SHA256

ae1be987876e921500384c5a2703fee1f82847d7c8adcbf76953f57ac0498468
SHA512

f9db9695027975e4db8c18e0a792b694daf1588152728cb12ba54b6d8e5ed1c16dd619fad4e340b982a99c7bd42e6237e504e46e3cfcd1492dc88f0e8876f549
SSDEEP

49152:wXETgdzvHRPVhxuJL20FKY9RR5fGI7qqJ1YG:wXXpVhgL20FPOI7D

Score

1^/10

Malware Config

Signatures

Files

ae1be987876e921500384c5a2703fee1f82847d7c8adcbf76953f57ac0498468
.dll windows:4 windows x86 arch:x86

44bb1f89b9ef87bf8a406ff79a5a4531

Code Sign

36:12:22:96:c5:e3:38:a5:20:a1:d2:5f:4c:d7:09:54
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

01/01/2021, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

36:77:2b:ec:1c:e9:c7:89:62:f2:67:d9:37:73:c8:20
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

15/03/2012, 00:00

Not After

14/05/2014, 23:59

Subject

CN=Dreamsecurity Co.\, Ltd.,O=Dreamsecurity Co.\, Ltd.,L=Songpa,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wsock32

gethostbyname
inet_addr
ntohl
htonl
select
__WSAFDIsSet
recv
send
WSAStartup
socket
WSAGetLastError
ioctlsocket
htons
connect
closesocket

crypt32

CertDuplicateStore
CertFindCertificateInStore
CertGetIssuerCertificateFromStore
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CryptDecodeObjectEx
CertFreeCertificateContext
CertCreateCertificateContext
CertCloseStore
CertAddCertificateContextToStore
CertOpenSystemStoreA
CertEnumCertificatesInStore
PFXImportCertStore

nsldap32v50

ord22
ord13
ord418
ord85
ord41
ord79
ord200
ord127
ord35
ord32
ord26
ord51

shlwapi

PathFileExistsA

kernel32

QueryPerformanceCounter
GlobalMemoryStatus
LoadLibraryA
LocalAlloc
GetCurrentProcessId
GetCurrentThreadId
FreeLibrary
GetProcAddress
LocalFree
GetLastError
ReadFile
GetTickCount
CreateMutexA
CloseHandle
WaitForSingleObject
ReleaseMutex
WriteFile
CreateDirectoryA
CreateFileA
GetFileSize

user32

GetFocus
GetCursorPos
GetMessageTime

advapi32

CryptReleaseContext
CryptDestroyKey
CryptExportKey
CryptGetUserKey
CryptAcquireContextA

mfc42

ord1116
ord825
ord800
ord535
ord860
ord540
ord1601
ord537
ord539
ord269
ord826
ord600
ord1578
ord6467
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1168
ord1575
ord1176
ord823

msvcrt

vfprintf
vsprintf
realloc
??1type_info@@UAE@XZ
_onexit
__dllonexit
sscanf
_getpid
rand
_ftime
mktime
gmtime
isdigit
strlen
memcpy
memset
_adjust_fdiv
_initterm
?terminate@@YAXXZ
_except_handler3
strftime
_unlink
__CxxFrameHandler
malloc
atol
atoi
free
_memicmp
strncmp
tolower
strncpy
_vsnprintf
fopen
clock
strstr
fclose
fprintf
localtime
time
_iob
_EH_prolog
calloc
sprintf
isalnum
strtok

Exports

Exports

DSTK_API_Finish
DSTK_API_GetErrInfo
DSTK_API_GetInfo
DSTK_API_Init
DSTK_API_SetConfFile
DSTK_API_SetHashAlgo
DSTK_BASE64_Decode
DSTK_BASE64_Encode
DSTK_BINSTR_Create
DSTK_BINSTR_Delete
DSTK_BINSTR_SetData
DSTK_CERT_AddTrustedCert
DSTK_CERT_CheckStatByCRL
DSTK_CERT_FreeCaPubs
DSTK_CERT_GetAIA
DSTK_CERT_GetAuthKeyID
DSTK_CERT_GetBasicConstraints
DSTK_CERT_GetCRLDP
DSTK_CERT_GetCRLDP_URL
DSTK_CERT_GetCertPolicy
DSTK_CERT_GetCertPolicy_PolicyID
DSTK_CERT_GetExtKeyUsage
DSTK_CERT_GetIssuerAltName
DSTK_CERT_GetIssuerName
DSTK_CERT_GetKeyUsage
DSTK_CERT_GetPolicyConstraints
DSTK_CERT_GetPubKey
DSTK_CERT_GetPubKey2
DSTK_CERT_GetRemainDays
DSTK_CERT_GetSerialNum
DSTK_CERT_GetSerialNum2
DSTK_CERT_GetSignature
DSTK_CERT_GetSignature2
DSTK_CERT_GetSignatureAlgorithm
DSTK_CERT_GetSubKeyID
DSTK_CERT_GetSubjectAltName
DSTK_CERT_GetSubjectName
DSTK_CERT_GetSubjectName_DERFormat
DSTK_CERT_GetUID
DSTK_CERT_GetValidity
DSTK_CERT_GetValidity2
DSTK_CERT_GetVersion
DSTK_CERT_Load
DSTK_CERT_SetCaPubs
DSTK_CERT_SetVerifyEnv1
DSTK_CERT_SetVerifyEnv2
DSTK_CERT_Unload
DSTK_CERT_Verify
DSTK_CERT_Verify2
DSTK_CMP_CertRecovery
DSTK_CMP_CertRequest
DSTK_CMP_CertRequest2
DSTK_CMP_CertRevoke
DSTK_CMP_CertRevoke2
DSTK_CMP_CertUpdate
DSTK_CMP_CertUpdate2
DSTK_CMP_SetCA
DSTK_CMP_SetProtocol
DSTK_CMS_AddSigner
DSTK_CMS_ComposeSignedData
DSTK_CMS_DecryptData
DSTK_CMS_DecryptFile
DSTK_CMS_DecryptFile_WithContent
DSTK_CMS_EncryptData
DSTK_CMS_EncryptDataWithMultiReps
DSTK_CMS_EncryptFile
DSTK_CMS_EncryptFile_WithContent
DSTK_CMS_GetEnvDataRecipCnt
DSTK_CMS_GetEnvDataRecipInfo
DSTK_CMS_GetSignerCert
DSTK_CMS_GetSignerCert1
DSTK_CMS_MakeEncryptedData
DSTK_CMS_MakeEnvelopedData
DSTK_CMS_MakeEnvelopedDataWithMultiRecipients
DSTK_CMS_MakeEnvelopedData_File
DSTK_CMS_MakeEnvelopedData_WithContent_File
DSTK_CMS_MakeSignedAndEnvData
DSTK_CMS_MakeSignedData
DSTK_CMS_MakeSignedDataWithAddSigner
DSTK_CMS_MakeSignedData_File
DSTK_CMS_MakeSignedData_WithContent_File
DSTK_CMS_MakeTBSData
DSTK_CMS_ProcessEncryptedData
DSTK_CMS_ProcessEnvelopedData
DSTK_CMS_ProcessEnvelopedData_File
DSTK_CMS_ProcessEnvelopedData_WithContent_File
DSTK_CMS_ProcessSignedAndEnvData
DSTK_CMS_ProcessSignedData
DSTK_CMS_ProcessSignedData_File
DSTK_CMS_ProcessSignedData_File2
DSTK_CMS_ProcessSignedData_WithContent_File
DSTK_CMS_SetOption
DSTK_CMS_SignAndEncData
DSTK_CMS_SignData
DSTK_CMS_SignFile
DSTK_CMS_SignFile_WithContent
DSTK_CMS_VerifyAndDecData
DSTK_CMS_VerifyData
DSTK_CMS_VerifyFile
DSTK_CMS_VerifyFile_WithContent
DSTK_CMS_VerifyFile_WithContent2
DSTK_CRYPT_AsymDecrypt
DSTK_CRYPT_AsymEncrypt
DSTK_CRYPT_ClearKeyAndIV
DSTK_CRYPT_Decrypt
DSTK_CRYPT_DecryptFile
DSTK_CRYPT_Encrypt
DSTK_CRYPT_EncryptFile
DSTK_CRYPT_GenKeyAndIV
DSTK_CRYPT_GenKeyPair
DSTK_CRYPT_GenMAC
DSTK_CRYPT_GenMAC2
DSTK_CRYPT_GenMACFile
DSTK_CRYPT_GenRandom
DSTK_CRYPT_GenSharedKey
DSTK_CRYPT_GetChangedKeyAndIV
DSTK_CRYPT_GetKeyAndIV
DSTK_CRYPT_Hash
DSTK_CRYPT_HashFile
DSTK_CRYPT_SetChangedKeyAndIV
DSTK_CRYPT_SetEnvChangeIV
DSTK_CRYPT_SetKeyAndIV
DSTK_CRYPT_SetPaddingType
DSTK_CRYPT_SetRSAVersion
DSTK_CRYPT_Sign
DSTK_CRYPT_SignFile
DSTK_CRYPT_SignFile2
DSTK_CRYPT_Verify
DSTK_CRYPT_VerifyFile
DSTK_CRYPT_VerifyFile2
DSTK_CRYPT_VerifyMAC
DSTK_CRYPT_VerifyMAC2
DSTK_CRYPT_VerifyMACFile
DSTK_DSAP_GetCRLByCert
DSTK_DSAP_GetDataByURL
DSTK_MEDIA_CARD_DeleteCert
DSTK_MEDIA_CARD_DeletePriKey
DSTK_MEDIA_CARD_ReadCert
DSTK_MEDIA_CARD_ReadPriKey
DSTK_MEDIA_CARD_WriteCert
DSTK_MEDIA_CARD_WritePriKey
DSTK_MEDIA_DISK_DeleteCert
DSTK_MEDIA_DISK_DeletePriKey
DSTK_MEDIA_DISK_ReadCert
DSTK_MEDIA_DISK_ReadFile
DSTK_MEDIA_DISK_ReadPriKey
DSTK_MEDIA_DISK_WriteCert
DSTK_MEDIA_DISK_WriteFile
DSTK_MEDIA_DISK_WritePriKey
DSTK_MEDIA_Load
DSTK_MEDIA_Unload
DSTK_MEDIA_WINS_GetCertCnt
DSTK_MEDIA_WINS_GetCertDN
DSTK_MEDIA_WINS_ReadCaPubs
DSTK_MEDIA_WINS_ReadCert
DSTK_MEDIA_WINS_ReadPriKey
DSTK_MEDIA_WINS_WriteCert
DSTK_MEDIA_WINS_WriteCertAndPriKey
DSTK_OCSP_CheckCertStatus
DSTK_OCSP_MakeOCSPReq
DSTK_OCSP_SendAndRecv
DSTK_OCSP_VerifyResMsg
DSTK_PEM_Decode
DSTK_PEM_Encode
DSTK_PFX_Export
DSTK_PFX_Export2
DSTK_PFX_ExportMultiPair
DSTK_PFX_ExportMultiPair2
DSTK_PFX_Import
DSTK_PFX_ImportMultiPair
DSTK_PFX_ImportMultiPair2
DSTK_PKCS11_CMP_CertRequest
DSTK_PKCS11_CMP_CertRevoke
DSTK_PKCS11_CMP_CertUpdate
DSTK_PKCS11_CMP_CertUpdate2
DSTK_PKCS11_ChangePIN
DSTK_PKCS11_CloseSession
DSTK_PKCS11_Decrypt
DSTK_PKCS11_DecryptData
DSTK_PKCS11_DeleteCertAndPriKey
DSTK_PKCS11_Encrypt
DSTK_PKCS11_GenKeyPair
DSTK_PKCS11_GetCertCnt
DSTK_PKCS11_GetCertInfo
DSTK_PKCS11_GetSlotList
DSTK_PKCS11_GetTokenInfo
DSTK_PKCS11_InitToken
DSTK_PKCS11_InitTokenWithSlotID
DSTK_PKCS11_Login
DSTK_PKCS11_Logout
DSTK_PKCS11_OpenSession
DSTK_PKCS11_OpenSessionWithSlotID
DSTK_PKCS11_OpenSessionWithTokenName
DSTK_PKCS11_ReadCert
DSTK_PKCS11_ReadRandomForVID
DSTK_PKCS11_SetInitArgs
DSTK_PKCS11_Sign
DSTK_PKCS11_SignAndEnvData
DSTK_PKCS11_SignData
DSTK_PKCS11_SignData_NoContent
DSTK_PKCS11_Verify
DSTK_PKCS11_VerifyAndDecData
DSTK_PKCS11_VerifySignatureValue
DSTK_PKCS11_WriteCertAndPriKey
DSTK_PRIKEY_ChangePasswd
DSTK_PRIKEY_CheckKeyPair
DSTK_PRIKEY_Decrypt
DSTK_PRIKEY_Encrypt
DSTK_PRIKEY_GetPriKeyInfo
DSTK_TSP_GetTokenInfo
DSTK_TSP_GetTokenInfo2
DSTK_TSP_MakeReqMsg
DSTK_TSP_SendAndRecv
DSTK_TSP_TimeStampData
DSTK_TSP_TimeStampFile
DSTK_TSP_VerifyResMsg
DSTK_TSP_VerifyToken
DSTK_TSP_VerifyToken2
DSTK_UNI_DecryptEnvData
DSTK_UNI_VerifySignData
DSTK_UNI_ViewCert
DSTK_UTIL_AddObject
DSTK_UTIL_CompareDN
DSTK_UTIL_GetCertPath
DSTK_UTIL_GetObject
DSTK_UTIL_GetObjectCount
DSTK_UTIL_GetRootCert
DSTK_UTIL_IsTrustCert
DSTK_VID_GetRandomFromPriKey
DSTK_VID_HashOfIDN_R
DSTK_VID_Verify
DSTK_WPKI_DecryptData
DSTK_WPKI_EncryptData
DSTK_WPKI_SignData
DSTK_WPKI_VerifyCert
DSTK_WPKI_VerifyData

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 236KB - Virtual size: 241KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

44bb1f89b9ef87bf8a406ff79a5a4531

Code Sign

36:12:22:96:c5:e3:38:a5:20:a1:d2:5f:4c:d7:09:54Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

36:77:2b:ec:1c:e9:c7:89:62:f2:67:d9:37:73:c8:20Certificate

Extended Key Usages

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91Certificate

Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

wsock32

crypt32

nsldap32v50

shlwapi

kernel32

user32

advapi32

mfc42

msvcrt

Exports

Exports

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 116KB - Virtual size: 113KB

.data Size: 236KB - Virtual size: 241KB

.rsrc Size: 4KB - Virtual size: 1008B

.reloc Size: 104KB - Virtual size: 103KB

36:12:22:96:c5:e3:38:a5:20:a1:d2:5f:4c:d7:09:54
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

36:77:2b:ec:1c:e9:c7:89:62:f2:67:d9:37:73:c8:20
Certificate

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 116KB - Virtual size: 113KB

.data
Size: 236KB - Virtual size: 241KB

.rsrc
Size: 4KB - Virtual size: 1008B

.reloc
Size: 104KB - Virtual size: 103KB