e1304d629ef392229a0272247ecf3028433b0fc720054d547eba5894dcd7eb56

Sharing

Copy URL Twitter E-mail

General

Target

e1304d629ef392229a0272247ecf3028433b0fc720054d547eba5894dcd7eb56
Size

549KB
MD5

ccb39903e08d8bc964bdc93ebb32e5d5
SHA1

34456bb31b9ee6be17db0992ade9d857435a6533
SHA256

e1304d629ef392229a0272247ecf3028433b0fc720054d547eba5894dcd7eb56
SHA512

181153fbf4ad70c59ec2867f03c9efd68b81e1b151a8a2a593213bc4b3540d3108d8f5a848a2285fda3eaa0fc28ebb982f9ab2e02068d829ed73288125c72d8a
SSDEEP

12288:HYrw9Hhegzm/mEZZcRP2VSvSwBV/0noeGRwiPKPz1T+Wr:H6w9cYm+PJ2VQEoxRwYKP5T+Wr

Score

1^/10

Malware Config

Signatures

Files

e1304d629ef392229a0272247ecf3028433b0fc720054d547eba5894dcd7eb56
.dll windows:4 windows x86 arch:x86

135a5a9937ee536808aa6ccebd97d821

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7f:e8:67:af:cd:ca:79:4f:00:b8:1d:64:e1:3d:7a:0b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

10/08/2009, 00:00

Not After

05/10/2012, 23:59

Subject

CN=VoiceFive Networks\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=VoiceFive Networks\, Inc.,L=Reston,ST=VA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\src\client\osmimhk\smallstandalone\OSMIMHK.pdb

Imports

ws2_32

connect
ntohl
inet_ntoa
ntohs
send
recv
gethostbyname
getsockopt
getsockname
getpeername
WSAGetLastError
htons

oleacc

AccessibleObjectFromPoint

wininet

ReadUrlCacheEntryStream
RetrieveUrlCacheEntryStreamA
UnlockUrlCacheEntryStream

kernel32

TlsAlloc
RaiseException
InterlockedIncrement
WaitForSingleObject
GetCommandLineA
QueryPerformanceCounter
DisableThreadLibraryCalls
WaitForMultipleObjects
CreateProcessA
CreateMutexA
ResetEvent
CreateEventA
CloseHandle
OpenProcess
OpenEventA
GlobalUnlock
GlobalLock
GlobalAlloc
SetFilePointer
TlsSetValue
GlobalFree
VirtualAlloc
VirtualQuery
InterlockedCompareExchange
ResumeThread
VirtualProtect
FlushInstructionCache
GetCurrentProcess
GetThreadContext
TlsFree
SuspendThread
FreeLibrary
ReadProcessMemory
VirtualQueryEx
VirtualAllocEx
WriteProcessMemory
VirtualProtectEx
CreateProcessW
LoadLibraryA
LoadLibraryExW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetFileType
SetLastError
GetCurrentThreadId
Sleep
InterlockedDecrement
GetTickCount
FlushFileBuffers
CreateFileA
ReadFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
SetThreadContext
TlsGetValue
GetCurrentProcessId
lstrlenA
GetLastError
MultiByteToWideChar
GetModuleHandleA
GetProcAddress
GetCurrentThread
lstrlenW
GetModuleFileNameA
WideCharToMultiByte
SetHandleCount
GetStartupInfoA
GetVersionExA
QueryPerformanceFrequency
HeapCreate
HeapDestroy
VirtualFree
ExitProcess
HeapSize
IsValidCodePage
GetOEMCP
GetStdHandle
WriteFile
GetCPInfo
LCMapStringW
GetConsoleMode
GetConsoleCP
LCMapStringA
CreateThread
ExitThread
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
SetEvent
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
ReleaseSemaphore
LocalAlloc
LocalFree
OpenMutexA
ReleaseMutex
CreateSemaphoreA
GetProcessHeap
HeapFree
HeapAlloc
LoadLibraryExA
FormatMessageA
GetSystemInfo
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
HeapReAlloc
GetSystemTimeAsFileTime
FreeEnvironmentStringsA

user32

IsWindowVisible
GetTopWindow
GetClassNameA
GetWindow
PostThreadMessageA
GetCursorPos
GetParent
SendMessageA
GetWindowTextA
FindWindowExA
GetAncestor
GetClientRect
GetWindowDC
ReleaseDC
CallNextHookEx
GetMessageA
DispatchMessageA
GetForegroundWindow
GetWindowThreadProcessId
WindowFromDC
LoadStringA
ClientToScreen

gdi32

GetClipBox

advapi32

CreateProcessAsUserA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
InitializeAcl
SetSecurityInfo
RegDeleteKeyA
RegEnumKeyExA

ole32

CoInitializeEx
CoCreateFreeThreadedMarshaler
CoInitialize
CoUninitialize
CoCreateInstance
CoUnmarshalInterface
CreateStreamOnHGlobal
CoMarshalInterface

oleaut32

DispGetParam
SysAllocStringLen
VariantChangeType
VariantClear
SysAllocString
SysStringLen
VariantInit
SysFreeString

rpcrt4

UuidCompare
UuidCreate

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Exports

Exports

?Mine_PR_Close@@YA?AW4PRStatus@@PAUPRFileDesc@@@Z
?Mine_PR_Read@@YAHPAUPRFileDesc@@PAXH@Z
?Mine_PR_Write@@YAHPAUPRFileDesc@@PBXH@Z
CheckCapability
ConfigBrowsers
ConfigLSP
GetServiceProviderInfo
IsCSLOAConfigured
IsLSPConfigured
KeyboardHookProc
MouseHookProc
MsgHookProc
Register
SetAutoRestartProc
SetForegroundURL
ShellHookProc
StartShellEvent
UnconfigBrowsers
UnconfigLSP
UnlockShellEvent
UpdateTopURL

Sections

.text
Size: 396KB - Virtual size: 393KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

135a5a9937ee536808aa6ccebd97d821

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

7f:e8:67:af:cd:ca:79:4f:00:b8:1d:64:e1:3d:7a:0bCertificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

PDB Paths

Imports

ws2_32

oleacc

wininet

kernel32

user32

gdi32

advapi32

ole32

oleaut32

rpcrt4

version

Exports

Exports

Sections

.text Size: 396KB - Virtual size: 393KB

.rdata Size: 88KB - Virtual size: 84KB

.data Size: 16KB - Virtual size: 29KB

Shared Size: 4KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 32KB - Virtual size: 30KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

7f:e8:67:af:cd:ca:79:4f:00:b8:1d:64:e1:3d:7a:0b
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

.text
Size: 396KB - Virtual size: 393KB

.rdata
Size: 88KB - Virtual size: 84KB

.data
Size: 16KB - Virtual size: 29KB

Shared
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 32KB - Virtual size: 30KB