ADM[.]zip | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

ADM.zip
Size

13.8MB
MD5

955d31030b2019137cf365acce432b8b
SHA1

fef538a74bb9bf76b2f6b7892182ee91e2a07e9f
SHA256

06d79cc67a492aaae645a78bc306d5f1e093624f40b4cc91f86fe0241b8f34ed
SHA512

921afcd118aea1844c8735ed7cf2577eb8860e0ff193a384ef8963e01c368881eb280091ad60aa37f10b7de8effabef6ea1eefbe24dd043171a517a1ebddd221
SSDEEP

393216:Jed0QGRyG0fiJfKoAG77vN6QccrAnKXZZS6ht2:MtyR0fiZKoR7DNQcknn6D2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ADM/QuantumModule.dll

Files

ADM.zip
.zip
ADM/Module
ADM/QuantumModule.dll
.dll windows:5 windows x86 arch:x86

54c314c54e817dbac9648b7b5d2f5d40

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryA
FindFirstFileW
FreeLibrary
SystemTimeToFileTime
GetCurrentProcess
GetConsoleCP
WideCharToMultiByte
LoadLibraryW
GetConsoleMode
CreateFileW
GetEnvironmentVariableA
GetStdHandle
IsValidCodePage
FindClose
GetFileType
CloseHandle
GetCurrentProcessId
GetSystemTime
GetFullPathNameW
GetFullPathNameA
HeapReAlloc
CreateFileA
GetFileSize
CreateMutexW
HeapCompact
SetFilePointer
TryEnterCriticalSection
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
HeapAlloc
QueryPerformanceCounter
HeapFree
WaitForSingleObject
InterlockedCompareExchange
UnlockFile
FlushViewOfFile
LockFile
WaitForSingleObjectEx
OutputDebugStringW
GetTickCount
UnlockFileEx
GetProcessHeap
GetSystemTimeAsFileTime
FormatMessageA
WriteFile
InitializeCriticalSection
Sleep
FormatMessageW
GetVersionExW
HeapDestroy
LeaveCriticalSection
GetFileAttributesA
HeapCreate
HeapValidate
GetFileAttributesW
ReadFile
MultiByteToWideChar
FlushFileBuffers
GetTempPathW
GetLastError
HeapSize
LockFileEx
EnterCriticalSection
GetDiskFreeSpaceW
CreateFileMappingA
CreateFileMappingW
GetDiskFreeSpaceA
GetSystemInfo
GetFileAttributesExW
DeleteCriticalSection
GetCurrentThreadId
OutputDebugStringA
GetVersionExA
DeleteFileW
GetTempPathA
LocalFree
AreFileApisANSI
DeleteFileA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileInformationByHandle
PeekNamedPipe
EncodePointer
DecodePointer
FindFirstFileExA
FindNextFileA
GetModuleHandleW
ExitProcess
GetDriveTypeA
ExitThread
CreateThread
GetCommandLineA
RaiseException
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetStartupInfoW
SetStdHandle
GetModuleFileNameW
LCMapStringW
RtlUnwind
GetCurrentDirectoryW
GetTimeZoneInformation
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStringTypeW
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
GetDriveTypeW

Exports

Exports

sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_auto_extension
sqlite3_autovacuum_pages
sqlite3_backup_finish
sqlite3_backup_init
sqlite3_backup_pagecount
sqlite3_backup_remaining
sqlite3_backup_step
sqlite3_bind_blob
sqlite3_bind_blob64
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_pointer
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_bind_text64
sqlite3_bind_value
sqlite3_bind_zeroblob
sqlite3_bind_zeroblob64
sqlite3_blob_bytes
sqlite3_blob_close
sqlite3_blob_open
sqlite3_blob_read
sqlite3_blob_reopen
sqlite3_blob_write
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_cancel_auto_extension
sqlite3_changes
sqlite3_changes64
sqlite3_clear_bindings
sqlite3_close
sqlite3_close_v2
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_database_name
sqlite3_column_database_name16
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_origin_name
sqlite3_column_origin_name16
sqlite3_column_table_name
sqlite3_column_table_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_value
sqlite3_commit_hook
sqlite3_compileoption_get
sqlite3_compileoption_used
sqlite3_complete
sqlite3_complete16
sqlite3_config
sqlite3_context_db_handle
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_collation_v2
sqlite3_create_filename
sqlite3_create_function
sqlite3_create_function16
sqlite3_create_function_v2
sqlite3_create_module
sqlite3_create_module_v2
sqlite3_create_window_function
sqlite3_data_count
sqlite3_database_file_object
sqlite3_db_cacheflush
sqlite3_db_config
sqlite3_db_filename
sqlite3_db_handle
sqlite3_db_mutex
sqlite3_db_name
sqlite3_db_readonly
sqlite3_db_release_memory
sqlite3_db_status
sqlite3_declare_vtab
sqlite3_deserialize
sqlite3_drop_modules
sqlite3_enable_load_extension
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_error_offset
sqlite3_errstr
sqlite3_exec
sqlite3_expanded_sql
sqlite3_expired
sqlite3_extended_errcode
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_filename_database
sqlite3_filename_journal
sqlite3_filename_wal
sqlite3_finalize
sqlite3_free
sqlite3_free_filename
sqlite3_free_table
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_hard_heap_limit64
sqlite3_initialize
sqlite3_interrupt
sqlite3_is_interrupted
sqlite3_keyword_check
sqlite3_keyword_count
sqlite3_keyword_name
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_limit
sqlite3_load_extension
sqlite3_log
sqlite3_malloc
sqlite3_malloc64
sqlite3_memory_alarm
sqlite3_memory_highwater
sqlite3_memory_used
sqlite3_mprintf
sqlite3_msize
sqlite3_mutex_alloc
sqlite3_mutex_enter
sqlite3_mutex_free
sqlite3_mutex_leave
sqlite3_mutex_try
sqlite3_next_stmt
sqlite3_open
sqlite3_open16
sqlite3_open_v2
sqlite3_os_end
sqlite3_os_init
sqlite3_overload_function
sqlite3_prepare
sqlite3_prepare16
sqlite3_prepare16_v2
sqlite3_prepare16_v3
sqlite3_prepare_v2
sqlite3_prepare_v3
sqlite3_preupdate_blobwrite
sqlite3_preupdate_count
sqlite3_preupdate_depth
sqlite3_preupdate_hook
sqlite3_preupdate_new
sqlite3_preupdate_old
sqlite3_profile
sqlite3_progress_handler
sqlite3_randomness
sqlite3_realloc
sqlite3_realloc64
sqlite3_release_memory
sqlite3_reset
sqlite3_reset_auto_extension
sqlite3_result_blob
sqlite3_result_blob64
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_error_nomem
sqlite3_result_error_toobig
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_pointer
sqlite3_result_subtype
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_text64
sqlite3_result_value
sqlite3_result_zeroblob
sqlite3_result_zeroblob64
sqlite3_rollback_hook
sqlite3_rtree_geometry_callback
sqlite3_rtree_query_callback
sqlite3_serialize
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_set_last_insert_rowid
sqlite3_shutdown
sqlite3_sleep
sqlite3_snprintf
sqlite3_soft_heap_limit
sqlite3_soft_heap_limit64
sqlite3_sourceid
sqlite3_sql
sqlite3_status
sqlite3_status64
sqlite3_step
sqlite3_stmt_busy
sqlite3_stmt_explain
sqlite3_stmt_isexplain
sqlite3_stmt_readonly
sqlite3_stmt_status
sqlite3_str_append
sqlite3_str_appendall
sqlite3_str_appendchar
sqlite3_str_appendf
sqlite3_str_errcode
sqlite3_str_finish
sqlite3_str_length
sqlite3_str_new
sqlite3_str_reset
sqlite3_str_value
sqlite3_str_vappendf
sqlite3_strglob
sqlite3_stricmp
sqlite3_strlike
sqlite3_strnicmp
sqlite3_system_errno
sqlite3_table_column_metadata
sqlite3_test_control
sqlite3_thread_cleanup
sqlite3_threadsafe
sqlite3_total_changes
sqlite3_total_changes64
sqlite3_trace
sqlite3_trace_v2
sqlite3_transfer_bindings
sqlite3_txn_state
sqlite3_update_hook
sqlite3_uri_boolean
sqlite3_uri_int64
sqlite3_uri_key
sqlite3_uri_parameter
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_dup
sqlite3_value_encoding
sqlite3_value_free
sqlite3_value_frombind
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_nochange
sqlite3_value_numeric_type
sqlite3_value_pointer
sqlite3_value_subtype
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_vfs_find
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_vmprintf
sqlite3_vsnprintf
sqlite3_vtab_collation
sqlite3_vtab_config
sqlite3_vtab_distinct
sqlite3_vtab_in
sqlite3_vtab_in_first
sqlite3_vtab_in_next
sqlite3_vtab_nochange
sqlite3_vtab_on_conflict
sqlite3_vtab_rhs_value
sqlite3_wal_autocheckpoint
sqlite3_wal_checkpoint
sqlite3_wal_checkpoint_v2
sqlite3_wal_hook
sqlite3_win32_is_nt
sqlite3_win32_mbcs_to_utf8
sqlite3_win32_mbcs_to_utf8_v2
sqlite3_win32_service
sqlite3_win32_set_directory
sqlite3_win32_set_directory16
sqlite3_win32_set_directory8
sqlite3_win32_sleep
sqlite3_win32_unicode_to_utf8
sqlite3_win32_utf8_to_mbcs
sqlite3_win32_utf8_to_mbcs_v2
sqlite3_win32_utf8_to_unicode
sqlite3_win32_write_debug
sqlite3changegroup_add
sqlite3changegroup_add_strm
sqlite3changegroup_delete
sqlite3changegroup_new
sqlite3changegroup_output
sqlite3changegroup_output_strm
sqlite3changeset_apply
sqlite3changeset_apply_strm
sqlite3changeset_apply_v2
sqlite3changeset_apply_v2_strm
sqlite3changeset_concat
sqlite3changeset_concat_strm
sqlite3changeset_conflict
sqlite3changeset_finalize
sqlite3changeset_fk_conflicts
sqlite3changeset_invert
sqlite3changeset_invert_strm
sqlite3changeset_new
sqlite3changeset_next
sqlite3changeset_old
sqlite3changeset_op
sqlite3changeset_pk
sqlite3changeset_start
sqlite3changeset_start_strm
sqlite3changeset_start_v2
sqlite3changeset_start_v2_strm
sqlite3rebaser_configure
sqlite3rebaser_create
sqlite3rebaser_delete
sqlite3rebaser_rebase
sqlite3rebaser_rebase_strm
sqlite3session_attach
sqlite3session_changeset
sqlite3session_changeset_size
sqlite3session_changeset_strm
sqlite3session_config
sqlite3session_create
sqlite3session_delete
sqlite3session_diff
sqlite3session_enable
sqlite3session_indirect
sqlite3session_isempty
sqlite3session_memory_used
sqlite3session_object_config
sqlite3session_patchset
sqlite3session_patchset_strm
sqlite3session_table_filter

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text0
Size: 433KB - Virtual size: 432KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 434B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ADM/chrome_frame_helper.dll
.dll windows:5 windows x86 arch:x86

ccbebedc471ffc9a6ed5bc4de16da797

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

30/09/2010, 00:00

Not After

01/01/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:e2:8b:26:db:59:3e:c4:e7:32:86:b6:64:99:c3:70
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

14/11/2011, 00:00

Not After

13/11/2014, 23:59

Subject

CN=Google Inc,OU=Digital ID Class 3 - Java Object Signing,O=Google Inc,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b2:a7:39:37:8a:48:51:2c:87:9d:df:2d:56:12:ab:0f:da:06:cd:c0
Signer

Actual PE Digest

b2:a7:39:37:8a:48:51:2c:87:9d:df:2d:56:12:ab:0f:da:06:cd:c0

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

PathIsDirectoryW

kernel32

SetLastError
ExitProcess
CreateProcessW
CreateDirectoryW
WaitForSingleObject
Sleep
CopyFileW
GetFileAttributesW
GetModuleFileNameW
GetLastError
GetProcAddress
LoadLibraryA
CloseHandle
SetFileAttributesW
ExpandEnvironmentStringsW
HeapFree
HeapAlloc
GetCurrentThreadId
DecodePointer
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapCreate
HeapDestroy
GetModuleHandleW
WriteFile
GetStdHandle
EncodePointer
RaiseException
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
LoadLibraryW
RtlUnwind
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
LCMapStringW
MultiByteToWideChar
GetStringTypeW

Exports

Exports

StartUserModeBrowserInjection
StopUserModeBrowserInjection

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text0
Size: 709KB - Virtual size: 709KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ADM/chromeframe.exe
.exe windows:5 windows x86 arch:x86

96c995cdfd7bb49e723aeecefa202113

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

30/09/2010, 00:00

Not After

01/01/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:e2:8b:26:db:59:3e:c4:e7:32:86:b6:64:99:c3:70
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

14/11/2011, 00:00

Not After

13/11/2014, 23:59

Subject

CN=Google Inc,OU=Digital ID Class 3 - Java Object Signing,O=Google Inc,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

99:ef:58:c5:92:57:cc:b0:13:14:a0:27:19:98:56:3b:4d:ef:68:87
Signer

Actual PE Digest

99:ef:58:c5:92:57:cc:b0:13:14:a0:27:19:98:56:3b:4d:ef:68:87

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\b\build\slave\win\build\src\build\Release\chrome_frame_helper.exe.pdb

Imports

kernel32

CloseHandle
lstrcmpiW
GetProcAddress
LocalAlloc
LoadLibraryW
GetModuleHandleW
CreateProcessW
FreeLibrary
GetCommandLineW
GetStringTypeW
LCMapStringW
WriteConsoleW
SetStdHandle
FlushFileBuffers
WaitForSingleObject
ReleaseSemaphore
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
SetUnhandledExceptionFilter
GetProcessId
VirtualQueryEx
CreateFileW
GetCurrentProcess
InterlockedDecrement
DeleteCriticalSection
RtlCaptureContext
CreateThread
CreateSemaphoreW
InitializeCriticalSection
InterlockedIncrement
WaitNamedPipeW
GetLastError
WaitForMultipleObjects
SetEvent
ResetEvent
WriteFile
TransactNamedPipe
GetCurrentProcessId
SetNamedPipeHandleState
GetModuleFileNameW
LocalFree
GetTempPathW
RegisterWaitForSingleObject
CreateEventW
UnregisterWaitEx
HeapSetInformation
GetStartupInfoW
UnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
DecodePointer
TerminateProcess
ExitProcess
RaiseException
HeapFree
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
HeapCreate
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
HeapAlloc
Sleep
InterlockedExchange
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
RtlUnwind
HeapSize
HeapReAlloc
LoadLibraryA

advapi32

RegOpenKeyExW
GetTokenInformation
OpenProcessToken
RegQueryValueExW
RegNotifyChangeKeyValue
RegCloseKey
ConvertSidToStringSidW

user32

GetMessageW
PostQuitMessage
UnregisterClassW
PostMessageW
EnumWindows
TranslateMessage
RegisterClassExW
GetWindowTextW
CreateWindowExW
DefWindowProcW
DispatchMessageW
GetClassNameW

ole32

StringFromGUID2

Sections

.text
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ADM/data.dat
ADM/service.dll
.dll windows:5 windows x86 arch:x86

cffd4718bc4c191b5b3747405622ed13

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

30/09/2010, 00:00

Not After

01/01/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:e2:8b:26:db:59:3e:c4:e7:32:86:b6:64:99:c3:70
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

14/11/2011, 00:00

Not After

13/11/2014, 23:59

Subject

CN=Google Inc,OU=Digital ID Class 3 - Java Object Signing,O=Google Inc,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

19:87:14:eb:90:03:48:14:90:4d:7b:46:fe:02:57:86:d3:4d:a8:1e
Signer

Actual PE Digest

19:87:14:eb:90:03:48:14:90:4d:7b:46:fe:02:57:86:d3:4d:a8:1e

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FindResourceW
LoadResource
SizeofResource
GetModuleFileNameW
GetLastError
GetProcAddress
LoadLibraryA
LockResource
HeapAlloc
HeapFree
SetLastError
ExitThread
CloseHandle
ResumeThread
CreateThread
EncodePointer
DecodePointer
HeapReAlloc
GetCurrentThreadId
GetCommandLineA
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapCreate
HeapDestroy
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
Sleep
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetStringTypeW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
LoadLibraryW
RtlUnwind
LCMapStringW
MultiByteToWideChar

Exports

Exports

Main

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data0
Size: 613KB - Virtual size: 613KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ADM/ulog.dat

Sharing

General

Malware Config

Signatures

Files

54c314c54e817dbac9648b7b5d2f5d40

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 116KB - Virtual size: 116KB

.data Size: 28KB - Virtual size: 68KB

.text0 Size: 433KB - Virtual size: 432KB

.reloc Size: 31KB - Virtual size: 31KB

.rsrc Size: 512B - Virtual size: 434B

ccbebedc471ffc9a6ed5bc4de16da797

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4Certificate

Extended Key Usages

Key Usages

09:e2:8b:26:db:59:3e:c4:e7:32:86:b6:64:99:c3:70Certificate

Extended Key Usages

Key Usages

b2:a7:39:37:8a:48:51:2c:87:9d:df:2d:56:12:ab:0f:da:06:cd:c0Signer

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

Exports

Exports

Sections

.text Size: 31KB - Virtual size: 31KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 7KB - Virtual size: 10KB

.text0 Size: 709KB - Virtual size: 709KB

.reloc Size: 3KB - Virtual size: 2KB

.rsrc Size: 62KB - Virtual size: 61KB

96c995cdfd7bb49e723aeecefa202113

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4Certificate

Extended Key Usages

Key Usages

09:e2:8b:26:db:59:3e:c4:e7:32:86:b6:64:99:c3:70Certificate

Extended Key Usages

Key Usages

99:ef:58:c5:92:57:cc:b0:13:14:a0:27:19:98:56:3b:4d:ef:68:87Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

user32

ole32

Sections

.text Size: 47KB - Virtual size: 46KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 4KB - Virtual size: 13KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 116KB - Virtual size: 116KB

.data
Size: 28KB - Virtual size: 68KB

.text0
Size: 433KB - Virtual size: 432KB

.reloc
Size: 31KB - Virtual size: 31KB

.rsrc
Size: 512B - Virtual size: 434B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

09:e2:8b:26:db:59:3e:c4:e7:32:86:b6:64:99:c3:70
Certificate

b2:a7:39:37:8a:48:51:2c:87:9d:df:2d:56:12:ab:0f:da:06:cd:c0
Signer

.text
Size: 31KB - Virtual size: 31KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 7KB - Virtual size: 10KB

.text0
Size: 709KB - Virtual size: 709KB

.reloc
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 62KB - Virtual size: 61KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

09:e2:8b:26:db:59:3e:c4:e7:32:86:b6:64:99:c3:70
Certificate

99:ef:58:c5:92:57:cc:b0:13:14:a0:27:19:98:56:3b:4d:ef:68:87
Signer

.text
Size: 47KB - Virtual size: 46KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 4KB - Virtual size: 13KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 5KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

09:e2:8b:26:db:59:3e:c4:e7:32:86:b6:64:99:c3:70
Certificate

19:87:14:eb:90:03:48:14:90:4d:7b:46:fe:02:57:86:d3:4d:a8:1e
Signer

.text
Size: 27KB - Virtual size: 27KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 3KB - Virtual size: 6KB

.data0
Size: 613KB - Virtual size: 613KB

.reloc
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 62KB - Virtual size: 61KB