5421a4bc4689ee6a8a416758e6b95cade73d9a0df036f9900bab1a09b8fcab7d

Sharing

Copy URL Twitter E-mail

General

Target

5421a4bc4689ee6a8a416758e6b95cade73d9a0df036f9900bab1a09b8fcab7d
Size

1.9MB
MD5

13950c62266fc5c2648206fcea18b49a
SHA1

31818f6aad2e4f61ef06a6ae928493d27b04f2c0
SHA256

5421a4bc4689ee6a8a416758e6b95cade73d9a0df036f9900bab1a09b8fcab7d
SHA512

48d17dff3c842c3d9bedf8a11ced0553fc0200af069810ab72f2d2ac7a2f9377bdbf5619173b23bc0c5d45db053c2794ce86659a3fcda1750aaa14119876d234
SSDEEP

24576:y61iIE/4QM/Wl+7Vn2BlI+YDaQXLrRia8fiM9b1hnYQerEH7ZJ:HHwM/mKBMiaSLrR/AnjnDl

Score

1^/10

Malware Config

Signatures

Files

5421a4bc4689ee6a8a416758e6b95cade73d9a0df036f9900bab1a09b8fcab7d
.dll windows:4 windows x86 arch:x86

cc439e4cc1dd28c42094ce5ae477a548

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:ea:5f:ba:1c:e6:9f:cd:7c:37:65:7d:80:a8:1a:4f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

27/07/2006, 00:00

Not After

21/08/2008, 23:59

Subject

CN=NetSupport Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=NetSupport,O=NetSupport Ltd,L=Peterborough,ST=Cambridgeshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6b:a9:79:d2:7a:83:b6:1f:41:87:bf:ed:a9:ea:8e:4a:b1:f1:79:29
Signer

Actual PE Digest

6b:a9:79:d2:7a:83:b6:1f:41:87:bf:ed:a9:ea:8e:4a:b1:f1:79:29

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shfolder

SHGetFolderPathA

pcichek

CheckLicenseString

pcicapi

CapiClose
CapiOpen
CapiListen
CapiHangup

mpr

WNetGetConnectionA

kernel32

WinExec
_lopen
_lclose
WriteFile
SetNamedPipeHandleState
GetPriorityClass
CreateProcessA
TerminateProcess
ExpandEnvironmentStringsA
SearchPathA
GetSystemDirectoryA
GetDateFormatA
GetTimeFormatA
IsValidCodePage
SetLastError
GlobalSize
CreateFileA
GetFileSize
ReadFile
LoadLibraryExA
WaitForMultipleObjects
ExitThread
GetEnvironmentVariableA
GetComputerNameA
FindFirstFileA
FindNextFileA
FindClose
ExitProcess
GetCurrentProcess
SetPriorityClass
GetModuleFileNameA
GetVersion
GlobalGetAtomNameA
SetErrorMode
InterlockedExchange
GetACP
GetTickCount
GetWindowsDirectoryA
TlsAlloc
TlsFree
SetUnhandledExceptionFilter
IsDBCSLeadByte
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
FreeLibrary
InitializeCriticalSection
LoadLibraryA
GetProcAddress
CreateThread
OpenProcess
GetVersionExA
Sleep
GlobalDeleteAtom
GlobalAddAtomA
WaitForSingleObject
SetEvent
GetCurrentThreadId
CreateEventA
CloseHandle
GetProcessVersion
GetCurrentThread
RaiseException
Beep
SetFilePointer
GetExitCodeProcess
lstrcmpiA
SetThreadContext
ReadProcessMemory
CreateRemoteThread
PulseEvent
ResumeThread
GetThreadContext
VirtualQueryEx
QueryDosDeviceA
ConnectNamedPipe
CreateNamedPipeA
IsDBCSLeadByteEx
DefineDosDeviceA
WriteProfileStringA
SetConsoleCtrlHandler
DeviceIoControl
DisconnectNamedPipe
GlobalReAlloc
SetThreadPriority
SetProcessShutdownParameters
WideCharToMultiByte
ReleaseMutex
lstrcmpA
FlushInstructionCache
lstrlenW
GetTempPathA
HeapDestroy
lstrlenA
OpenFileMappingA
LocalAlloc
CreateFileMappingA
GetCurrentProcessId
MapViewOfFile
UnmapViewOfFile
MultiByteToWideChar
SetCurrentDirectoryA
OutputDebugStringA
RemoveDirectoryA
OpenEventA
MoveFileA
DosDateTimeToFileTime
CreateDirectoryA
SetFileAttributesA
GetDiskFreeSpaceA
LocalFileTimeToFileTime
SetFileTime
FileTimeToLocalFileTime
MulDiv
GetCurrentDirectoryA
GetVolumeInformationA
FileTimeToDosDateTime
GetDriveTypeA
HeapAlloc
IsBadReadPtr
GetProcessHeap
LoadResource
HeapFree
FindResourceA
WriteProcessMemory
LockResource
VirtualProtectEx
GetLocalTime
GetExitCodeThread
CompareStringA
OpenMutexA
GetProfileStringA
GetOEMCP
TlsSetValue
GetShortPathNameA
DeleteFileA
InterlockedDecrement
InterlockedIncrement
FormatMessageA
LocalFree
SetHandleInformation
ResetEvent
CreatePipe
DuplicateHandle
CreateMutexA
GetModuleHandleA
GetSystemDefaultLangID
RtlUnwind
GetTimeZoneInformation
GetSystemTime
HeapReAlloc
CompareStringW
TlsGetValue
GetEnvironmentStrings
LCMapStringA
FreeEnvironmentStringsA
FlushFileBuffers
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetLocaleInfoW
UnhandledExceptionFilter
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
IsBadCodePtr
SetStdHandle
SetEnvironmentVariableA
SetEndOfFile
LCMapStringW
IsValidLocale
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapSize
FreeEnvironmentStringsW
GetCPInfo
GetFileAttributesA
GetCommandLineA

user32

SetCapture
ClientToScreen
WindowFromPoint
EqualRect
DeferWindowPos
BeginDeferWindowPos
CopyRect
EndDeferWindowPos
GetTopWindow
GetWindow
LoadStringA
GetWindowPlacement
SetWindowPlacement
SetRectEmpty
TranslateAcceleratorA
SetMenu
GetUserObjectInformationA
CheckDlgButton
PtInRect
IntersectRect
GetCursorPos
GetForegroundWindow
SetForegroundWindow
EnumChildWindows
RegisterClipboardFormatA
GetClipboardData
CountClipboardFormats
EnumClipboardFormats
GetClipboardFormatNameA
IsClipboardFormatAvailable
MessageBoxA
GetThreadDesktop
SetThreadDesktop
CloseDesktop
EnumWindows
GetClassNameA
CharUpperA
ExitWindowsEx
wvsprintfA
RegisterWindowMessageA
CreateCaret
ShowCaret
DestroyCaret
GetKeyState
PeekMessageA
SetCaretPos
OpenClipboard
EmptyClipboard
SetClipboardData
MessageBeep
CloseClipboard
FindWindowExA
GetWindowTextLengthA
IsWindowVisible
GetDlgItemTextA
DestroyIcon
IsDlgButtonChecked
GetSystemMenu
EnableMenuItem
LoadImageA
DefDlgProcA
GetMenu
DeleteMenu
DrawMenuBar
GetClassInfoExA
RegisterClassExA
EnumDesktopWindows
EndDialog
FindWindowA
GetActiveWindow
TrackPopupMenu
IsChild
DestroyMenu
AppendMenuA
CreatePopupMenu
SystemParametersInfoA
DrawFocusRect
CharNextA
GetLastActivePopup
MessageBoxIndirectA
CreateDialogParamA
SetWindowsHookExA
CallNextHookEx
UnhookWindowsHookEx
WinHelpA
SetUserObjectSecurity
GetUserObjectSecurity
MsgWaitForMultipleObjects
CloseWindowStation
OpenDesktopA
SetProcessWindowStation
GetWindowThreadProcessId
EnableWindow
GetWindowDC
GetParent
LoadMenuA
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoA
SetMenuItemInfoA
GetWindowTextA
InflateRect
GetCapture
IsZoomed
ReleaseCapture
IsWindow
BeginPaint
EndPaint
PostQuitMessage
SetWindowTextA
GetWindowLongA
SetWindowLongA
GetSystemMetrics
UpdateWindow
SetPropA
GetPropA
wsprintfA
RemovePropA
GetClassInfoA
RegisterClassA
CreateWindowExA
BringWindowToTop
SetWindowPos
GetMessageA
TranslateMessage
DispatchMessageA
SetCursor
LoadCursorA
LoadBitmapA
GetDC
FillRect
ReleaseDC
GetWindowRect
SetRect
IsWindowEnabled
OffsetRect
GetDlgCtrlID
DrawTextA
GetDlgItem
GetClientRect
MapWindowPoints
InvalidateRect
GetSysColor
KillTimer
LoadIconA
CheckMenuItem
TileWindows
GetScrollInfo
SetScrollInfo
InsertMenuItemA
RemoveMenu
SetClassLongA
SetMenuDefaultItem
AdjustWindowRectEx
DrawIconEx
GetClassLongA
CopyIcon
CopyImage
GetWindowRgn
GetAsyncKeyState
OemToCharBuffA
HideCaret
CreateCursor
ClipCursor
GetScrollRange
SetScrollRange
SetScrollPos
ScrollWindow
MapVirtualKeyA
CharLowerBuffA
CharUpperBuffA
mouse_event
keybd_event
WaitForInputIdle
EnumDisplaySettingsA
wsprintfW
SendMessageTimeoutA
SwitchDesktop
OpenInputDesktop
GetIconInfo
AttachThreadInput
GetCursor
DialogBoxParamA
InvalidateRgn
CreateAcceleratorTableA
GetDesktopWindow
SetDlgItemTextA
SetTimer
DestroyWindow
PostThreadMessageA
CallWindowProcA
DefWindowProcA
ShowWindow
PostMessageA
SendDlgItemMessageA
SendMessageA
RedrawWindow
ScreenToClient
ModifyMenuA
MoveWindow
SetCursorPos
CreateMenu
GetFocus
LoadAcceleratorsA
IsDialogMessageA
UnionRect
OpenWindowStationA
GetProcessWindowStation
IsIconic
SetFocus
DestroyCursor

gdi32

DeleteObject
RectVisible
DeleteDC
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
SetTextColor
SetBkMode
GetTextExtentPointA
CreateSolidBrush
GetStockObject
CreateFontIndirectA
SelectClipRgn
CreateDCA
CreatePen
Rectangle
Ellipse
CreateHatchBrush
LineTo
MoveToEx
SetROP2
SetPixelV
SetPixel
LineDDA
ExtFloodFill
SetBkColor
GetPixel
Polygon
CreateBrushIndirect
GetDeviceCaps
GetPaletteEntries
CreatePalette
GetTextExtentPoint32A
CreateRectRgn
RectInRegion
CombineRgn
CreateRectRgnIndirect
GetRegionData
PtInRegion
StretchBlt
SetStretchBltMode
GetDIBits
GetTextMetricsA
CreatePatternBrush
PatBlt
UnrealizeObject
CreateBitmap
SetBrushOrgEx
GdiFlush
OffsetRgn
CreateDIBSection
RealizePalette
EqualRgn
GetSystemPaletteEntries
CreateDIBitmap
SelectPalette
ExtEscape
ExtTextOutA
GetBitmapBits
SetMapMode
StartPage
GetRgnBox
EndPage
SetWindowOrgEx
AddFontResourceA
SetTextCharacterExtra
SetTextJustification
RemoveFontResourceA
SetBitmapBits
SetPolyFillMode
SetDIBits
RoundRect
Polyline
FillRgn
Chord
Arc
Pie
IntersectClipRect
GetBkColor
CreatePenIndirect
GetObjectA
GetTextColor
SetRectRgn
GetWindowOrgEx
GetNearestPaletteIndex

winspool.drv

ClosePrinter
EnumJobsA
OpenPrinterA
EndDocPrinter
EndPagePrinter
StartDocPrinterA
AbortPrinter
StartPagePrinter
WritePrinter
EnumPrintersA
SetJobA
ord201
EnumPrinterDriversA
AddPrinterA
ord202
DeletePrinter

comdlg32

ChooseFontA
GetOpenFileNameA
GetSaveFileNameA

advapi32

AddAce
EqualSid
CopySid
GetLengthSid
EnumServicesStatusA
RegEnumKeyA
SetTokenInformation
LogonUserA
RegCreateKeyA
ControlService
StartServiceA
RevertToSelf
ImpersonateLoggedOnUser
OpenProcessToken
CloseServiceHandle
QueryServiceStatus
OpenServiceA
OpenSCManagerA
LookupPrivilegeNameA
GetTokenInformation
RegCloseKey
RegOpenKeyExA
GetUserNameA
CreateProcessAsUserA
RegFlushKey
RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegEnumValueA
RegEnumKeyExA
RegDeleteKeyA
RegQueryInfoKeyA
GetUserNameW
LookupPrivilegeValueA
RegQueryValueExA
IsValidSid
AddAccessAllowedAce
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
GetAce
InitializeAcl
GetAclInformation
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
QueryServiceConfigA
RegisterEventSourceA
ReportEventA
SetServiceStatus
DeregisterEventSource
LookupAccountSidA
AdjustTokenPrivileges
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority

shell32

SHGetMalloc
ShellExecuteA
ExtractIconA
FindExecutableA
SHGetDesktopFolder
Shell_NotifyIconA
SHGetFileInfoA
ExtractIconExA

ole32

CoTaskMemFree
StringFromGUID2
CoUninitialize
CoCreateInstance
CoInitialize
CLSIDFromProgID
OleLockRunning
OleInitialize
CLSIDFromString
StringFromCLSID
CoTaskMemAlloc
CreateStreamOnHGlobal
OleUninitialize

oleaut32

VariantInit
SysFreeString
SysAllocString
VariantClear
SysAllocStringLen
SysStringLen
LoadRegTypeLi
OleCreatePictureIndirect
OleLoadPicture
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SysStringByteLen
SafeArrayCreate
VariantChangeType
VariantCopy

comctl32

ImageList_GetIcon
ord17
ImageList_Draw
ImageList_Destroy
ImageList_DrawEx
ImageList_GetImageCount
ImageList_LoadImageA
ImageList_AddMasked
ImageList_Create
ImageList_ReplaceIcon
ImageList_GetIconSize

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

winmm

waveOutClose
waveInClose
waveInUnprepareHeader
waveOutPrepareHeader
waveOutWrite
waveOutReset
waveInReset
timeGetTime
timeEndPeriod
timeBeginPeriod
PlaySoundA
waveInAddBuffer
waveInOpen
waveOutOpen
waveInPrepareHeader
waveInStop
waveInStart
waveOutUnprepareHeader

wininet

InternetCrackUrlA

Exports

Exports

_NSMClient32@8
_NSMFindClass@12
br_close
br_open
br_poll
br_status

Sections

.text
Size: 968KB - Virtual size: 967KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hhshare
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 660KB - Virtual size: 659KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cc439e4cc1dd28c42094ce5ae477a548

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

51:ea:5f:ba:1c:e6:9f:cd:7c:37:65:7d:80:a8:1a:4fCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

6b:a9:79:d2:7a:83:b6:1f:41:87:bf:ed:a9:ea:8e:4a:b1:f1:79:29Signer

Headers

File Characteristics

Imports

shfolder

pcichek

pcicapi

mpr

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

version

winmm

wininet

Exports

Exports

Sections

.text Size: 968KB - Virtual size: 967KB

.rdata Size: 88KB - Virtual size: 85KB

.data Size: 80KB - Virtual size: 98KB

.tls Size: 4KB - Virtual size: 20B

.hhshare Size: 4KB - Virtual size: 24B

.rsrc Size: 660KB - Virtual size: 659KB

.reloc Size: 84KB - Virtual size: 83KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

51:ea:5f:ba:1c:e6:9f:cd:7c:37:65:7d:80:a8:1a:4f
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

6b:a9:79:d2:7a:83:b6:1f:41:87:bf:ed:a9:ea:8e:4a:b1:f1:79:29
Signer

.text
Size: 968KB - Virtual size: 967KB

.rdata
Size: 88KB - Virtual size: 85KB

.data
Size: 80KB - Virtual size: 98KB

.tls
Size: 4KB - Virtual size: 20B

.hhshare
Size: 4KB - Virtual size: 24B

.rsrc
Size: 660KB - Virtual size: 659KB

.reloc
Size: 84KB - Virtual size: 83KB