d55ea67f328f0431e971317a8390b020N

Sharing

Copy URL Twitter E-mail

General

Target

d55ea67f328f0431e971317a8390b020N
Size

59KB
MD5

d55ea67f328f0431e971317a8390b020
SHA1

31000350fde05f3649333181ccfaec2c7d52f636
SHA256

bababe21a23c67430c69484ec92c24710f561c20c3e8bc7a75a7cc6d9478a659
SHA512

9ba3aeeeff8e64b0fa2d12566a0b0dbf5b169a7cdd75af6c26c81da44ef9c1aec52f645188c7c8aa5c325f275413285ddf711392299d8a9900299c61c2e0a41a
SSDEEP

1536:G1xOs5cdgrwZqq9ssgQKTL6ngqDisKldd:G1gIiOwZqq9ssgFTLWg5

Score

1^/10

Malware Config

Signatures

Files

d55ea67f328f0431e971317a8390b020N
.exe windows:4 windows x64 arch:x64

9f4f8f46e2ebb390cda1a6f3cc7b5f23

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:38:5d:e6:14:bc:be:5b:ae:4d:49:d9:ae:89:5c:f7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

25/11/2008, 00:00

Not After

09/12/2011, 23:59

Subject

CN=Synaptics Incorporated,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Technical Marketing,O=Synaptics Incorporated,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

81:28:7f:a3:65:1b:58:12:13:40:de:6c:41:d8:2d:e7:2c:6f:76:0d
Signer

Actual PE Digest

81:28:7f:a3:65:1b:58:12:13:40:de:6c:41:d8:2d:e7:2c:6f:76:0d

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

f:\checkpoints\TPDrv\Do_Not_Release_v15_0_19_1\OemModules\SynBtnAsst\x64\Release\SynBtnAsst.pdb

Imports

kernel32

FreeLibrary
GetWindowsDirectoryW
LoadLibraryW
GetProcAddress
Sleep
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
HeapReAlloc
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
RtlUnwindEx
GetModuleFileNameW
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetLastError
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FlsGetValue
FlsSetValue
TlsFree
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
HeapSize
GetLocaleInfoA
WideCharToMultiByte

user32

DefWindowProcW
PostQuitMessage
EndPaint
BeginPaint
UpdateWindow
ShowWindow
CreateWindowExW
RegisterClassExW
DispatchMessageW
TranslateMessage
GetMessageW
PostMessageW
FindWindowW

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

��
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9f4f8f46e2ebb390cda1a6f3cc7b5f23

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

76:38:5d:e6:14:bc:be:5b:ae:4d:49:d9:ae:89:5c:f7Certificate

Extended Key Usages

Key Usages

81:28:7f:a3:65:1b:58:12:13:40:de:6c:41:d8:2d:e7:2c:6f:76:0dSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 4KB - Virtual size: 9KB

.pdata Size: 2KB - Virtual size: 1KB

�� Size: 1KB - Virtual size: 1KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

76:38:5d:e6:14:bc:be:5b:ae:4d:49:d9:ae:89:5c:f7
Certificate

81:28:7f:a3:65:1b:58:12:13:40:de:6c:41:d8:2d:e7:2c:6f:76:0d
Signer

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 9KB

.pdata
Size: 2KB - Virtual size: 1KB

��
Size: 1KB - Virtual size: 1KB