isrt[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

isrt.dll
Size

425KB
MD5

7918d6b9f03c614a76c041c9b6e7fd24
SHA1

55490154d83ae60f953860c953291bd2728b2d2c
SHA256

379176a5ecde21f492dcc719250d47c368ae039eb9e549da8e300e6d69be6d72
SHA512

02dfee9452b3132a69818c151b57762611f92f9408e03597484e2672610128d187ec61d4d822e0182c66dc9364f5a6bed35ed7641eba0c9da3adedae2d4dc901
SSDEEP

12288:TNy24DFVZf+o0jTrrKoT6t7ylDVBSk3YgN8CWAiote/+k:TNy/EoaTfFT6Ry/wCDWAiCe/+k

Score

1^/10

Malware Config

Signatures

Files

isrt.dll
.dll windows:6 windows x86 arch:x86

70e6f936533c7955651d5628edf897c3

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

67:b0:d5:bf:60:0e:df:b3:87:48:71:69:ea:9d:1f:a0
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

06/10/2017, 00:00

Not After

21/11/2018, 23:59

Subject

CN=Flexera Software LLC,O=Flexera Software LLC,L=Itasca,ST=Illinois,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

45:2b:65:0f:42:46:1c:f6:84:89:35:05:f5:18:de:13:39:94:d9:63:95:a9:66:9d:7b:07:65:11:a4:f9:b7:b8
Signer

Actual PE Digest

45:2b:65:0f:42:46:1c:f6:84:89:35:05:f5:18:de:13:39:94:d9:63:95:a9:66:9d:7b:07:65:11:a4:f9:b7:b8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

comctl32

ImageList_Draw

gdiplus

GdipGetImageHeight

user32

ScreenToClient

gdi32

MoveToEx

comdlg32

PrintDlgW

advapi32

RegOpenKeyExW

shell32

SHBrowseForFolderW

ole32

OleUninitialize

oleaut32

VariantInit

rpcrt4

UuidCreate

Exports

Exports

AddIcon
CallDLLFn
ComponentViewCreateWindow
ComponentViewDestroy
ComponentViewRefresh
ComponentViewSelectAll
ComponentViewSetInfo
ComponentViewSetInfoEx
CreateFolder
DeleteFolder
DeleteIcon
EnableHourGlass
EnumFoldersItems
GetCPUType
GetFontSub
GetHandle
GetPorts
GetSelectedItemState
IsEmpty
IsNTAdmin
IsOSTypeNT
IsObject
IsPowerUser
LangLoadString
MessageBeepP
PathCompactPathPixel
PathCrackUrl
PathGetDir
PathGetDrive
PathGetFile
PathGetFileExt
PathGetFileName
PathGetLongFromShort
PathGetPath
PathIsValidSyntax
QueryIcon
ReadArrayProperty
ReadBoolProperty
ReadNumberProperty
ReplaceIcon
ShowFolder
TextSubSubstitute
VerGetFileVersion
WriteArrayProperty
WriteBoolProperty
WriteNumberProperty
WriteStringProperty
_AppSearch
_BrowseForFolder
_CCPSearch
_CHARArrayToWCHARArray
_CalculateAndAddFileCost
_CleanupInet
_CloseFile
_CmdGetHwndDlg
_CmdGetMsg
_CmdGetParam1
_CmdGetParam2
_CoGetObject
_CompareDWORD
_ComponentAddItem
_ComponentCompareSizeRequired
_ComponentError
_ComponentErrorInfo
_ComponentFileEnum
_ComponentFileInfo
_ComponentFilterLanguage
_ComponentFilterOS
_ComponentGetCost
_ComponentGetCostEx
_ComponentGetData
_ComponentGetItemSize
_ComponentGetTotalCost
_ComponentGetTotalCostEx
_ComponentInitialize
_ComponentIsItemSelected
_ComponentListItems
_ComponentLoadTarget
_ComponentMoveData
_ComponentPatch
_ComponentReinstall
_ComponentRemoveAll
_ComponentRemoveAllInLogOnly
_ComponentSaveTarget
_ComponentSelectItem
_ComponentSelectNew
_ComponentSetData
_ComponentSetupTypeEnum
_ComponentSetupTypeGetData
_ComponentSetupTypeSet
_ComponentTotalSize
_ComponentTransferData
_ComponentUpdate
_ComponentValidate
_ComponentViewCreate
_ComponentViewQueryInfo
_CopyBytes
_CreateDir
_CreateObject
_CreateRegistrySet
_CreateShellObjects
_CtrlGetNotificationCode
_CtrlGetParentWindowHelper
_CtrlGetSubCommand
_CtrlGetUrlForLinkClicked
_CtrlSetHtmlContent
_CtrlSetMLERichText
_DIFxDriverPackageGetPath
_DIFxDriverPackageInstall
_DIFxDriverPackagePreinstall
_DIFxDriverPackageUninstall
_DefineDialog
_DeleteCHARArray
_DialogSetFont
_DisableBranding
_DisableStatus
_Divide
_DoInstall
_DoSprintf
_DotNetCoCreateObject
_DotNetUnloadAppDomain
_EnableDialogCache
_EnablePrevDialog
_EnableSkins
_EnableStatus
_EnableWow64FsRedirection
_EndDialog
_ExistsDir
_ExistsDisk
_ExistsFile
_ExitInstall
_FeatureAddCost
_FeatureAddUninstallCost
_FeatureGetCost
_FeatureInitialize
_FeatureSpendCost
_FeatureSpendUninstallCost
_FileCopy
_FloatingPointOperation
_GenerateFileMD5SignatureHex
_GetByte
_GetCurrentDialogName
_GetDiskInfo
_GetDiskSpaceEx
_GetDiskSpaceExEx
_GetFont
_GetGlobalFlags
_GetGlobalMemorySize
_GetInetFileSize
_GetInetFileTime
_GetLine
_GetLineSize
_GetObject
_GetObjectByIndex
_GetObjectCount
_GetProcessorInfo
_GetRunningChildProcess
_GetRunningChildProcessEx
_GetRunningChildProcessEx2
_GetSelectedTreeComponent
_GetStandardLangId
_GetSupportDir
_GetSystemDpi
_GetTrueTypeFontFileInfo
_GetVirtualMachineType
_InetEndofTransfer
_InetGetLastError
_InetGetNextDisk
_InitInstall
_IsFontTypefaceNameAvailable
_IsInAdminGroup
_IsLangSupported
_IsSkinLoaded
_IsVirtualMachine
_IsWindowsME
_IsWow64
_KillProcesses
_ListAddItem
_ListAddString
_ListCount
_ListCreate
_ListCurrentItem
_ListCurrentString
_ListDeleteAll
_ListDeleteItem
_ListDeleteString
_ListDestroy
_ListFindItem
_ListFindString
_ListGetFirstItem
_ListGetFirstString
_ListGetIndex
_ListGetNextItem
_ListGetNextString
_ListGetType
_ListReadFromFile
_ListSetCurrentItem
_ListSetCurrentString
_ListSetIndex
_ListWriteToFile
_MediaGetFilteringInfo
_MediaGetInfo
_OnUninstPriv
_OpenFile
_PlaceBitmap
_Postprogram
_Preprogram
_PrintFile
_ReadBytes
_ReadStringProperty
_RebootPutString
_Rebooted
_RegConnectRegistry
_RegCreateKey
_RegDeleteKey
_RegDeleteValue
_RegDisConnectRegistry
_RegEnableTextSubs
_RegEnum
_RegExistsKey
_RegGetOptions
_RegIsRemoteRegConnected
_RegQueryKeyBinaryValue
_RegQueryKeyValue
_RegSetKeyBinaryValue
_RegSetKeyValue
_RegSetOptions
_ReleaseDialog
_SdShowMsg
_SeekBytes
_SendRequest
_ServiceStopDependentServices
_SetAltMainImage
_SetAltMainImageEx
_SetByte
_SetColor
_SetDisplayEffect
_SetDllDirectory
_SetFont
_SetGlobalFlags
_SetObjectPermissions
_SetPaletteFile
_SetShortcutProperty
_SetSilentSdShowMsg
_SetTitle
_SetupInet
_SetupTraceWrite
_ShowObjWizardPages
_ShowWizardPages
_SizeWindow
_StatusUpdate
_TreeViewCreate
_VerGetFileLanguages
_VerUpdateFile
_WCHARArrayToCHARArray
_WaitOnDialog
_WriteBytes
_WriteLine
__CreateObjectContext
__CreateObjectContextSuiteExt
__GetCmdLineOptions
__GetContextGUID
__GetEnabledIServices
__GetFileRegistrar
__GetISMSIStringTableObj
__GetInfo
__GetInstallGuid
__GetLog
__GetLogDB
__GetLogEx
__GetMainWindow
__GetMaintOption
__GetMaintenanceMode
__GetObjects
__GetProductGuid
__GetProgress
__GetReboot
__GetReinstallMode
__GetRemoveAllMode
__GetTextSub
__GetUpdateMode
__GetUser
__ISRTGetPropertyBag
__ISRTReleasePropertyBag
__LoadString
__PutEnabledIServices
__ReleaseObjectContext
__ReleaseObjectContextSuiteExt
__RestoreMainLog
__RestoreMainLogEx
__SetComponentLog
__SetUpdateMode

Sections

.text
Size: 403KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

70e6f936533c7955651d5628edf897c3

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4aCertificate

Key Usages

67:b0:d5:bf:60:0e:df:b3:87:48:71:69:ea:9d:1f:a0Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

45:2b:65:0f:42:46:1c:f6:84:89:35:05:f5:18:de:13:39:94:d9:63:95:a9:66:9d:7b:07:65:11:a4:f9:b7:b8Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

comctl32

gdiplus

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

rpcrt4

Exports

Exports

Sections

.text Size: 403KB - Virtual size: 1.1MB

.rsrc Size: 13KB - Virtual size: 16KB

.reloc Size: 512B - Virtual size: 512B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

67:b0:d5:bf:60:0e:df:b3:87:48:71:69:ea:9d:1f:a0
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

45:2b:65:0f:42:46:1c:f6:84:89:35:05:f5:18:de:13:39:94:d9:63:95:a9:66:9d:7b:07:65:11:a4:f9:b7:b8
Signer

.text
Size: 403KB - Virtual size: 1.1MB

.rsrc
Size: 13KB - Virtual size: 16KB

.reloc
Size: 512B - Virtual size: 512B