eceefff68257daa181b39fded18b9efbb5eaf370fd73fca12cefc8ed0fb4d0e7N

Sharing

Copy URL Twitter E-mail

General

Target

eceefff68257daa181b39fded18b9efbb5eaf370fd73fca12cefc8ed0fb4d0e7N
Size

218KB
MD5

41dc6577d92ee7022e9e918bfff8c8a0
SHA1

8cb89f431aa2ef3799d4a043da27de97376869f8
SHA256

eceefff68257daa181b39fded18b9efbb5eaf370fd73fca12cefc8ed0fb4d0e7
SHA512

66ddbe7e3ac8a5941c91cc172f837500b4039f404e68fbb94c4627055850b99cbd019fb018210461f8b10582004366a9a5e7aa499bf69f5fa5365aafa40f557a
SSDEEP

3072:LK6KFQ6uRyEGO1tQfCkxFmdO/Pfnnelw6+aqFn+PYMmvOf4hL:LzyEGO1tABXfsu+Pnz4hL

Score

1^/10

Malware Config

Signatures

Files

eceefff68257daa181b39fded18b9efbb5eaf370fd73fca12cefc8ed0fb4d0e7N
.dll windows:5 windows x86 arch:x86

73290900196d8e4b6c91c00ff5182941

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=Jahzumr Ribdi,O=Thle Chekygbalw Fa,L=Koutsugo,ST=Suimnia,C=RU

Not Before

09/11/2015, 22:04

Not After

08/11/2016, 22:04

Subject

CN=Tykoo Mifle,O=Thle Chekygbalw Fa,L=Koutsugo,ST=Suimnia,C=RU

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

9e:cd:eb:ae:74:b6:8e:bd:48:b2:4e:a0:2a:92:2c:eb:e1:60:fe:7d
Signer

Actual PE Digest

9e:cd:eb:ae:74:b6:8e:bd:48:b2:4e:a0:2a:92:2c:eb:e1:60:fe:7d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

RaiseException
GetLastError
HeapSize
DecodePointer
DeleteCriticalSection
CloseHandle
GetModuleHandleW
LoadLibraryW
GetProcAddress
VirtualAllocEx
GetCurrentProcess
WriteProcessMemory
VirtualProtect
VirtualFreeEx
GetVersionExW
CreateFileW
HeapDestroy
SetFilePointer
ReadFile
WriteFile
FlushFileBuffers
FreeLibrary
MultiByteToWideChar
WideCharToMultiByte
ExpandEnvironmentStringsW
LoadLibraryA
InitializeCriticalSection
GetModuleFileNameA
InterlockedCompareExchange
EnterCriticalSection
LeaveCriticalSection
ReadConsoleW
WriteConsoleW
InitializeCriticalSectionAndSpinCount
GetProcessHeap
HeapFree
HeapAlloc
GetFileSize
HeapReAlloc
SetStdHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
LoadLibraryExW
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
GetStdHandle
IsDebuggerPresent
OutputDebugStringW
GetSystemTimeAsFileTime
GetStringTypeW
EncodePointer
GetCommandLineA
GetCurrentThreadId
RtlUnwind
IsProcessorFeaturePresent
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
Sleep
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ExitProcess
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP

advapi32

RegOpenKeyExA
RegQueryValueExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExA

shell32

SHGetFolderPathW
ord165

ole32

CoTaskMemFree

shlwapi

PathStripPathW
PathAppendW
PathRemoveFileSpecA
PathRemoveFileSpecW

ws2_32

WSAGetLastError
getsockopt
setsockopt

Exports

Exports

AddToRestricted
InstallHooks
Set_localStoreDefaultValue
Set_localStoreFileName
Set_localStorePath
UninstallHooks

Sections

.text
Size: 149KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.HKT
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

73290900196d8e4b6c91c00ff5182941

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

01Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

9e:cd:eb:ae:74:b6:8e:bd:48:b2:4e:a0:2a:92:2c:eb:e1:60:fe:7dSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

ole32

shlwapi

ws2_32

Exports

Exports

Sections

.text Size: 149KB - Virtual size: 149KB

.rdata Size: 39KB - Virtual size: 38KB

.data Size: 7KB - Virtual size: 15KB

.HKT Size: 8KB - Virtual size: 8KB

.rsrc Size: 1024B - Virtual size: 936B

.reloc Size: 8KB - Virtual size: 8KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

01
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

9e:cd:eb:ae:74:b6:8e:bd:48:b2:4e:a0:2a:92:2c:eb:e1:60:fe:7d
Signer

.text
Size: 149KB - Virtual size: 149KB

.rdata
Size: 39KB - Virtual size: 38KB

.data
Size: 7KB - Virtual size: 15KB

.HKT
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 1024B - Virtual size: 936B

.reloc
Size: 8KB - Virtual size: 8KB