eec8c9c73fe315e76ccee1e251352fd772a2e4c69c882228f732e153ac24c338N

Sharing

Copy URL Twitter E-mail

General

Target

eec8c9c73fe315e76ccee1e251352fd772a2e4c69c882228f732e153ac24c338N
Size

1.9MB
MD5

dd8bcbd114d888004d9c38b0e667a9c0
SHA1

fac0b2936949bbee2e90e61578b2b411321153bf
SHA256

eec8c9c73fe315e76ccee1e251352fd772a2e4c69c882228f732e153ac24c338
SHA512

6929bfa067fd1c7cd9edb80854893e36e437fa24ec016b009207b0d37aed055f053767e6e88fbfa9ba97530ce31807c829f9084d367690cd9bfde4190ff70bf1
SSDEEP

24576:W35lfqdNmq6OViWvwcFvKHJ7gs+yYHsweUrEH7a:i5lydDVr1eW

Score

1^/10

Malware Config

Signatures

Files

eec8c9c73fe315e76ccee1e251352fd772a2e4c69c882228f732e153ac24c338N
.dll windows:5 windows x86 arch:x86

52d89a3df652f37090e80291c55eddd9

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

67:79:e3:de:fe:24:f0:fc:6e:a3:86:15:96:e1:0f:64
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

03/05/2010, 00:00

Not After

01/08/2013, 23:59

Subject

CN=Rsupport Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Rsupport Co.\, Ltd.,L=Songpa-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8b:0e:5e:93:6c:ab:8d:4e:e0:0d:f3:fa:53:e9:30:7c:17:00:de:ec
Signer

Actual PE Digest

8b:0e:5e:93:6c:ab:8d:4e:e0:0d:f3:fa:53:e9:30:7c:17:00:de:ec

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wsock32

shutdown
htons
bind
listen
accept
socket
recvfrom
__WSAFDIsSet
select
recv
gethostbyname
getsockopt
connect
setsockopt
closesocket
send
WSAGetLastError
WSAStartup
ioctlsocket
ntohl
WSACleanup
inet_ntoa

dnsapi

DnsFree
DnsQuery_A

crypt32

CertFindCertificateInStore
CertOpenStore
CertGetNameStringA

statusstrings

GetStatusString

imrsdk

IMR_Close
IMR_AddClient
IMR_IDERGetDeviceState
IMR_IDERSetDeviceState
IMR_IDERClientFeatureSupported
IMR_IDEROpenTCPSessionEx
IMR_IDERGetSessionStatistics
IMR_SetCertificateInfo
IMR_Init
IMR_IDERCloseSession
IMR_GetErrorString
IMR_SOLSendText
IMR_SOLCloseSession
IMR_SOLOpenTCPSessionEx
IMR_SOLReceiveText
IMR_RemoveClient

kernel32

InterlockedCompareExchange
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetTickCount
LocalFree
SetLastError
WideCharToMultiByte
OutputDebugStringA
GetModuleHandleA
GetProcAddress
CreateProcessA
LocalAlloc
InterlockedExchange
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
FormatMessageA
GetExitCodeProcess
TerminateProcess
GetCurrentProcess
GetLastError
Sleep
GetModuleFileNameA
CreateSemaphoreA
CreateEventA
ResumeThread
GetCurrentThreadId
SetEvent
ReleaseSemaphore
WaitForSingleObject
CloseHandle

user32

PostMessageA
wsprintfA
MessageBoxA

ole32

CLSIDFromString

oleaut32

SysFreeString

mfc90

ord601
ord4029
ord265
ord266
ord3579
ord798
ord800
ord793
ord3107
ord941
ord2692
ord2978
ord2766
ord6001
ord5646
ord820
ord316
ord589
ord3659
ord4667
ord4890
ord4334
ord2886
ord4057
ord4067
ord4066
ord2759
ord2888
ord2769
ord3110
ord4714
ord2961
ord5663
ord4981
ord4333
ord5659
ord5657
ord3209
ord2087
ord4199
ord5813
ord6721
ord5533
ord1046
ord4165
ord6018
ord2206
ord2251
ord4733
ord6781
ord4159
ord6783
ord4409
ord4434
ord4197
ord1182
ord1186
ord1087
ord321
ord2691
ord2539
ord910
ord2447
ord1303
ord310
ord945
ord5835
ord605
ord1278
ord1243
ord1241
ord1268
ord1180
ord1233
ord2084
ord391
ord1152
ord1277
ord1275
ord1145
ord1075
ord1137
ord322
ord801

msvcr90

_write
abort
__clean_type_info_names_internal
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_invalid_parameter_noinfo
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
__CxxFrameHandler3
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
strncpy
memset
free
_snprintf
sscanf
memmove_s
wcstombs
sprintf
_beginthreadex
strrchr
_purecall
strstr
_mbscmp
mbstowcs
malloc
strtoul
isalnum
realloc
memcpy
??0bad_cast@std@@QAE@PBD@Z
??1bad_cast@std@@UAE@XZ
_read
??0bad_cast@std@@QAE@ABV01@@Z
vsprintf
strchr
strncmp
atol
strtol
strncat
rand
memmove
_setmode
___mb_cur_max_func
wctomb
mbtowc
exit
_getch
fflush
printf
div
_unlock
__dllonexit
_encode_pointer

msvcp90

?width@ios_base@std@@QBEHXZ
?flags@ios_base@std@@QBEHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBEPAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??1_Lockit@std@@QAE@XZ
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
??Bid@locale@std@@QAEIXZ
?id@?$ctype@_W@std@@2V0locale@2@A
??0_Lockit@std@@QAE@H@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?tie@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBEPAV?$basic_ostream@_WU?$char_traits@_W@std@@@2@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?length@?$char_traits@D@std@@SAIPBD@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?widen@?$ctype@_W@std@@QBE_WD@Z
?eq_int_type@?$char_traits@_W@std@@SA_NABG0@Z
?eof@?$char_traits@_W@std@@SAGXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
??1locale@std@@QAE@XZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
?eof@?$char_traits@D@std@@SAHXZ
?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?width@ios_base@std@@QAEHH@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?_Decref@facet@locale@std@@QAEPAV123@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Incref@facet@locale@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?good@ios_base@std@@QBE_NXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBDH@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?find_first_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHABV12@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

winhttp

WinHttpReadData
WinHttpOpenRequest
WinHttpCloseHandle
WinHttpSetOption
WinHttpSetCredentials
WinHttpOpen
WinHttpSetStatusCallback
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpQueryAuthSchemes
WinHttpQueryDataAvailable
WinHttpAddRequestHeaders
WinHttpCrackUrl
WinHttpConnect

Exports

Exports

CloseBiosSOL
CloseIderSOL
OpenBiosSOL
OpenIderSOL
RGAssetService
RGInfoService
RGetLastStatus
RGetPowerState
RScanForAmtDevices
RSetPowerState

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

52d89a3df652f37090e80291c55eddd9

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

67:79:e3:de:fe:24:f0:fc:6e:a3:86:15:96:e1:0f:64Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

8b:0e:5e:93:6c:ab:8d:4e:e0:0d:f3:fa:53:e9:30:7c:17:00:de:ecSigner

Headers

File Characteristics

Imports

wsock32

dnsapi

crypt32

statusstrings

imrsdk

kernel32

user32

ole32

oleaut32

mfc90

msvcr90

msvcp90

winhttp

Exports

Exports

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 144KB - Virtual size: 144KB

.data Size: 32KB - Virtual size: 39KB

.rsrc Size: 14KB - Virtual size: 13KB

.reloc Size: 106KB - Virtual size: 106KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

67:79:e3:de:fe:24:f0:fc:6e:a3:86:15:96:e1:0f:64
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

8b:0e:5e:93:6c:ab:8d:4e:e0:0d:f3:fa:53:e9:30:7c:17:00:de:ec
Signer

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 144KB - Virtual size: 144KB

.data
Size: 32KB - Virtual size: 39KB

.rsrc
Size: 14KB - Virtual size: 13KB

.reloc
Size: 106KB - Virtual size: 106KB