66eb66722cadf42764057c96e880dfddfeb64700b220e09fff1032db55780133

Sharing

Copy URL Twitter E-mail

General

Target

66eb66722cadf42764057c96e880dfddfeb64700b220e09fff1032db55780133
Size

6.4MB
MD5

bccf036d0144817645a55538095e6b1b
SHA1

21ce0f6bd58c1e5163ff4eeeedb750b88a0adb0d
SHA256

66eb66722cadf42764057c96e880dfddfeb64700b220e09fff1032db55780133
SHA512

72c0168e778bb19c31aa6149fbaba75c719d4df0904dbd0a626fb8e01c17a075a0c1ad18a6bb6d3095bb448375bf599745ccfb014f0541727e95189206866670
SSDEEP

196608:UxdahRjm8v+N0mRRUI/1VgFiahRlGZR81oVLCdKlA:cdaLjPv+NpRRUI/1VgFialGZR81odCd9

Score

1^/10

Malware Config

Signatures

Files

66eb66722cadf42764057c96e880dfddfeb64700b220e09fff1032db55780133
.exe windows:4 windows x86 arch:x86

a52fae2c27ec8073425abddc246a16a8

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/12/2000, 08:00

Not After

12/11/2005, 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:07:11:43:00:00:00:00:00:34
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/05/2002, 00:55

Not After

25/11/2003, 01:05

Subject

CN=Microsoft Corporation,OU=Copyright (c) 2002 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

86:70:a0:14:ee:c5:40:2c:7a:86:20:e5:91:94:03:6e:92:36:cd:7e
Signer

Actual PE Digest

86:70:a0:14:ee:c5:40:2c:7a:86:20:e5:91:94:03:6e:92:36:cd:7e

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

msaccess.pdb

Imports

msvcrt

_ltow
_wcsicmp
memset
_controlfp
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
_except_handler3
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
?terminate@@YAXXZ
_onexit
__dllonexit
srand
strchr
_ecvt
wcsrchr
atol
wcscspn
_chdir
_clearfp
_statusfp
_fpreset
swscanf
wcstod
_wchmod
_unlink
strrchr
wcstok
strncmp
rand
wcstoul
wcstol
realloc
qsort
atof
memmove
wcschr
_wtol
strstr
wcsncmp
_CxxThrowException
_wcsnicmp
exit
_chdrive
_wchdir
wcsstr
_wsplitpath
_wtoi
wcscmp
malloc
free
__CxxFrameHandler
wcslen

gdi32

GetCharWidthW
EnumFontFamiliesA
CreateFontIndirectA
CopyMetaFileW
CopyEnhMetaFileW
CreateBrushIndirect
CreatePenIndirect
GetViewportExtEx
GetWindowExtEx
SetMapperFlags
GdiComment
EndDoc
EndPage
StartPage
AbortDoc
StartDocW
ExtEscape
CreateDCA
CreateICA
CreateEnhMetaFileW
SetAbortProc
EnumEnhMetaFile
GetNearestPaletteIndex
EnumFontFamiliesExA
GetTextFaceW
FillRgn
PaintRgn
GetTextColor
SetBitmapBits
GetTextAlign
SetTextAlign
GetClipRgn
SelectClipRgn
GetWorldTransform
GetWindowOrgEx
SetWorldTransform
CreateDIBitmap
GetEnhMetaFileHeader
GetDIBits
SetWinMetaFileBits
GetEnhMetaFilePaletteEntries
GetBkColor
CreateMetaFileW
CloseMetaFile
ExtTextOutW
SaveDC
SetMapMode
EnumMetaFile
PlayMetaFile
RestoreDC
CreateBitmap
SetDIBits
GetDCOrgEx
PlayEnhMetaFile
StretchDIBits
GetBkMode
RectInRegion
PtInRegion
CreatePolygonRgn
InvertRgn
CreatePalette
GetObjectType
GetTextExtentExPointW
DeleteObject
CreateFontIndirectW
GetDeviceCaps
GetObjectW
SetTextColor
SetBkColor
SetBkMode
GetTextMetricsW
SelectObject
CreateFontW
CreatePatternBrush
GetStockObject
GetTextExtentPoint32W
BitBlt
PatBlt
LineTo
MoveToEx
RealizePalette
SelectPalette
GetPaletteEntries
CreateSolidBrush
EnumFontFamiliesW
CreateRectRgn
CombineRgn
ExcludeClipRect
GetViewportOrgEx
DeleteDC
CreateCompatibleBitmap
CreateCompatibleDC
GetBitmapBits
RectVisible
IntersectClipRect
CreateRectRgnIndirect
OffsetViewportOrgEx
UnrealizeObject
SetBrushOrgEx
SetViewportOrgEx
SetRectRgn
Polygon
CreatePen
SetROP2
StretchBlt
GetNearestColor
OffsetClipRgn
GetRgnBox
CreateDiscardableBitmap
GetClipBox
TextOutW
OffsetRgn
PlayMetaFileRecord
DeleteMetaFile
SetViewportExtEx
SetWindowExtEx
LPtoDP
Escape
GetTextCharsetInfo
DPtoLP
SetStretchBltMode
PlayEnhMetaFileRecord
SetWindowOrgEx
DeleteEnhMetaFile
Rectangle
CloseEnhMetaFile
GetEnhMetaFileBits
SetPixel
GetWinMetaFileBits
GetEnhMetaFileW
GetROP2
TextOutA
Arc
Pie
Ellipse
EnumFontsW
GetMetaFileBitsEx
SetMetaFileBitsEx
SetEnhMetaFileBits

user32

IsCharAlphaNumericW
DefWindowProcW
GetForegroundWindow
GetDC
ReleaseDC
InvalidateRgn
GetDesktopWindow
DestroyAcceleratorTable
GetClassNameW
CharNextW
CreateAcceleratorTableW
GetWindowTextLengthW
SetParent
GetIconInfo
GetMessageTime
ChildWindowFromPoint
GetKeyboardType
VkKeyScanW
SetRectEmpty
GetPropA
RemovePropA
SetWindowPlacement
UnionRect
LoadImageW
InvertRect
DrawMenuBar
SetMenu
GetMenuItemCount
IsRectEmpty
GetDoubleClickTime
GetUpdateRect
GetUpdateRgn
TrackMouseEvent
ExcludeUpdateRgn
ValidateRect
ScrollWindowEx
CloseClipboard
SetClipboardData
OpenClipboard
GetTabbedTextExtentW
RegisterClipboardFormatA
GetNextDlgTabItem
DrawIconEx
EnumDisplaySettingsA
SetDlgItemInt
CopyRect
FrameRect
ToAsciiEx
ToUnicodeEx
SystemParametersInfoA
ActivateKeyboardLayout
CharNextA
CharLowerBuffW
GetKeyboardLayoutList
GetDialogBaseUnits
IsCharLowerW
GetScrollRange
SetWindowLongA
DestroyCaret
SetCaretPos
CreateCaret
MapVirtualKeyW
CopyAcceleratorTableW
OpenIcon
ShowScrollBar
LoadAcceleratorsW
DeferWindowPos
EnableScrollBar
EndDeferWindowPos
BeginDeferWindowPos
CharPrevW
GetClipboardFormatNameW
CreateIcon
GetWindowWord
SetWindowWord
DrawIcon
CharLowerW
SetClipboardViewer
ChangeClipboardChain
IsClipboardFormatAvailable
PostThreadMessageW
GetMessageW
EmptyClipboard
ScrollDC
GetCaretPos
LoadKeyboardLayoutA
LoadKeyboardLayoutW
GetWindowDC
GetDCEx
CreateDialogParamW
DrawFrameControl
GetSysColorBrush
GetSystemMetrics
DestroyCursor
EnumChildWindows
SetTimer
TranslateMessage
GetKeyboardState
SetKeyboardState
HideCaret
EnableMenuItem
ShowCaret
CreateWindowExW
GetClassInfoExW
RegisterClassExW
GetClassInfoW
RegisterClassW
DestroyIcon
MapDialogRect
CheckRadioButton
RedrawWindow
GetDlgItemInt
FillRect
FindWindowW
RemoveMenu
DefMDIChildProcW
SetClassLongW
GetTopWindow
PostQuitMessage
DefFrameProcW
SetWindowsHookExW
UnhookWindowsHookEx
ReplyMessage
TranslateMDISysAccel
WaitMessage
GetClassNameA
RegisterWindowMessageA
VkKeyScanExW
MsgWaitForMultipleObjects
GetWindowPlacement
KillTimer
FlashWindow
IsChild
PeekMessageA
IsWindowUnicode
IsDialogMessageW
IsDialogMessageA
GetMessagePos
MapWindowPoints
SendMessageA
EqualRect
CharUpperW
GetKeyboardLayout
RegisterClipboardFormatW
CallNextHookEx
GetWindowContextHelpId
InSendMessage
GetAsyncKeyState
SystemParametersInfoW
LoadCursorW
GetSystemMenu
DeleteMenu
MessageBoxW
DialogBoxIndirectParamW
EnumThreadWindows
BeginPaint
EndPaint
GetDlgCtrlID
InflateRect
GetPropW
RemovePropW
IsWindowEnabled
SetPropW
ClientToScreen
WinHelpW
GetClassLongW
LoadIconW
SetWindowPos
SetRect
PtInRect
CallWindowProcW
GetSysColor
DrawFocusRect
ScreenToClient
IsCharAlphaW
DrawTextExW
DrawTextExA
MoveWindow
GetScrollPos
SetScrollRange
SetWindowLongW
IsWindowVisible
BringWindowToTop
ScrollWindow
SetScrollPos
OffsetRect
DdeInitializeW
DdeAddData
DdeKeepStringHandle
SetFocus
DdeGetData
DdeCmpStringHandles
CharUpperA
DdeAccessData
DdeUnaccessData
DestroyWindow
DdeUninitialize
DdeCreateDataHandle
DdeClientTransaction
DdeNameService
DdePostAdvise
IsIconic
SetForegroundWindow
DdeAbandonTransaction
DdeDisconnect
DdeCreateStringHandleW
DdeConnect
DdeFreeStringHandle
DdeGetLastError
DdeQueryStringW
DdeFreeDataHandle
DdeEnableCallback
GetWindowThreadProcessId
GetCursorPos
WindowFromPoint
SetCursor
GetParent
PeekMessageW
IsDlgButtonChecked
CheckDlgButton
InvalidateRect
SetActiveWindow
GetKeyState
GetFocus
CharUpperBuffW
UpdateWindow
PostMessageW
ShowWindow
GetActiveWindow
RegisterWindowMessageW
EnableWindow
GetWindowTextW
GetDlgItem
GetClientRect
SetWindowTextW
SetDlgItemTextW
GetDlgItemTextW
EndDialog
SendDlgItemMessageW
SendMessageW
GetWindow
ShowCursor
GetCapture
ReleaseCapture
SetCapture
GetWindowRect
IntersectRect
IsZoomed
UnregisterClassW
MessageBeep
MessageBoxA
IsWindow
GetWindowLongW
DispatchMessageW

kernel32

GetFullPathNameW
GetTempPathA
GetTempFileNameA
GetUserDefaultLangID
VirtualQuery
ConvertDefaultLocale
GetDateFormatW
GetSystemDefaultLCID
SetErrorMode
GetVersionExA
SetUnhandledExceptionFilter
GetCommandLineW
VirtualAlloc
IsDBCSLeadByte
Sleep
TerminateProcess
CopyFileW
GetCurrentThreadId
GetCurrentProcess
WideCharToMultiByte
GetCurrentProcessId
GlobalReAlloc
GlobalSize
CreateProcessW
FindClose
GetShortPathNameW
GlobalAlloc
GlobalLock
GlobalHandle
GlobalUnlock
GlobalFree
MulDiv
CreateFileW
CloseHandle
GetSystemDefaultLangID
GetTempPathW
GetTempFileNameW
DeleteFileW
WritePrivateProfileStringW
FreeLibrary
OpenFile
GetUserDefaultLCID
GetLocaleInfoW
WaitForSingleObject
ReleaseMutex
GetTickCount
OutputDebugStringA
GetModuleFileNameW
SetLastError
GetLastError
LoadLibraryW
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersion
GetFileAttributesW
GetProcAddress
GetModuleHandleW
WriteFile
LoadLibraryExA
FormatMessageA
MultiByteToWideChar
ReadFile
GetFileSize
CreateFileA
GetStartupInfoA
QueryPerformanceCounter
UnhandledExceptionFilter
OutputDebugStringW
LoadLibraryExW
SizeofResource
GetModuleFileNameA
SetEndOfFile
GetStringTypeW
LockResource
GetSystemDirectoryW
MoveFileW
lstrcmpA
GetPrivateProfileIntW
GetProcessHeaps
HeapCompact
HeapSize
HeapReAlloc
HeapDestroy
HeapCreate
LCMapStringA
LocalAlloc
LocalFree
GetEnvironmentVariableW
CreateEventW
SetEvent
ResetEvent
CreateThread
SetThreadPriority
ResumeThread
ExitThread
FormatMessageW
LoadLibraryA
FindResourceW
LoadResource
OpenProcess
FreeResource
FindAtomW
CreateMutexW
SearchPathW
DuplicateHandle
GetExitCodeProcess
GetCurrentDirectoryW
CreateDirectoryW
FindNextFileW
VirtualProtect
DeleteFileA
DosDateTimeToFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
FileTimeToSystemTime
GetFileTime
SetFileTime
GetDriveTypeW
GetFileInformationByHandle
FileTimeToLocalFileTime
FileTimeToDosDateTime
GetFileAttributesA
lstrcmpiA
LCMapStringW
GetComputerNameW
CompareStringW
GetLocalTime
InterlockedDecrement
InterlockedIncrement
lstrlenW
FlushInstructionCache
HeapAlloc
GetProcessHeap
HeapFree
LeaveCriticalSection
EnterCriticalSection
RemoveDirectoryW
FindFirstFileW
GetSystemTimeAsFileTime
SetFilePointer
GetModuleHandleA

Exports

Exports

@EnumFree@4
@EnumInit@4
@EnumObject@20
@EnumXlateListSep@8
@EnumXlateOp@12
@Error@4
@FControlNameConflict@8
@FEnumFuncParams@24
@FGetDlgHelp@20
@FIsSubOfObject@4
@FReallocExpBuffer@8
@FreeEnumObject@8
@GetPasteSectionName@12
@GetStringOfId@16
@GetSubControlName@8
@ObjtypFromDwObj@4
AbortHscr@4
AccWizExtTextOutU@32
AccessLoadString@16
ActidOfHscr@4
CargOfActid@4
CloseHscr@4
ComboTypOfActidIarg@8
CreateIExprSrvObj
DllGetLCID
FCommitIMEString@4
FCreateAccessTemplate@12
FDeliverDb@16
FGetHintLogfont@4
FNextHscr@12
FSaveActidHscr@8
FSetMacroVersion@8
FUniqueIndexTableFieldEx@8
FillADT@4
GetHFontDialog@0
GetHyperLinkObject@12
GetLCID@0
IRunCommandIdFromDMIArgs@20
IdsArgNameOfActidIarg@8
IdsComboFillOfActidIarg@8
IsrowOfHscr@4
JETESLoadProjectTypeLib
LGetMacroVersion@4
MSAU_CreateSystemDatabase@20
MSAU_ErrCloseRegKey@4
MSAU_ErrDeleteRegKey@8
MSAU_ErrDeleteRegValue@8
MSAU_ErrGetDbobjList@52
MSAU_ErrGetObjNames@52
MSAU_ErrGetRegKey@20
MSAU_ErrGetRegKeyInfo@16
MSAU_ErrGetRegVal@20
MSAU_ErrGetRegValName@24
MSAU_ErrOpenRegKeyEx@20
MSAU_ErrSortDbobjArray@8
MSAU_ErrSortStringArray@4
MSAU_ErrWriteRegKey@12
MSAU_ErrWriteRegVal@20
MSAU_FRandomPid@8
MSAU_FWordHelpfileCmd@16
MSAU_FillInHashValues@20
MSAU_GetFileLanguage@16
MSAU_GetFileName@8
MSAU_GetPixelDepth@4
MSAU_GetSizeCount@8
MSAU_GetSizeList@12
MSAU_OfficeGetFileName@8
MSAU_OfficeGetTcDIB@12
MidEastSupport@0
ParseHyperlinkC@20
RewindHscr@4
SetEnumIntlView@4
SizeCallback@8
WizChooseColor@8

Sections

.text
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 359KB - Virtual size: 464KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a52fae2c27ec8073425abddc246a16a8

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9dCertificate

Extended Key Usages

Key Usages

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6Certificate

Extended Key Usages

Key Usages

61:07:11:43:00:00:00:00:00:34Certificate

Extended Key Usages

Key Usages

86:70:a0:14:ee:c5:40:2c:7a:86:20:e5:91:94:03:6e:92:36:cd:7eSigner

Headers

File Characteristics

PDB Paths

Imports

msvcrt

gdi32

user32

kernel32

Exports

Exports

Sections

.text Size: 5.0MB - Virtual size: 5.0MB

.data Size: 359KB - Virtual size: 464KB

.rsrc Size: 1.0MB - Virtual size: 1.0MB

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

61:07:11:43:00:00:00:00:00:34
Certificate

86:70:a0:14:ee:c5:40:2c:7a:86:20:e5:91:94:03:6e:92:36:cd:7e
Signer

.text
Size: 5.0MB - Virtual size: 5.0MB

.data
Size: 359KB - Virtual size: 464KB

.rsrc
Size: 1.0MB - Virtual size: 1.0MB