9e01c07798cf32b77d4208d8c213dda110ea0100da4b8ab51082914025641226N

Sharing

Copy URL Twitter E-mail

General

Target

9e01c07798cf32b77d4208d8c213dda110ea0100da4b8ab51082914025641226N
Size

34KB
MD5

f4bfa04bd478d0229196d3081e106a40
SHA1

6c785603c7204e59dd590d9bb31ec4f81f46fb15
SHA256

9e01c07798cf32b77d4208d8c213dda110ea0100da4b8ab51082914025641226
SHA512

f7000ef54fbba57fb198065f6e9ab1b3323e1ecf3ca6441b052791b40b2c9a1cf8d86914f9ec105ef37aec4d24883abb80116060f59e4c98060f70f662365f84
SSDEEP

768:RTyFQ3tkIvGzpw/OdD3OtmHiEA0OiNOqJyqMlI91o:xrqBzS/eDGEAYOJqMlIo

Score

1^/10

Malware Config

Signatures

Files

9e01c07798cf32b77d4208d8c213dda110ea0100da4b8ab51082914025641226N
.dll windows:6 windows x64 arch:x64

73cc4481a2956c4bb2e6bc4e0a03fb4f

Code Sign

4d:e5:a8:c7
Certificate

Issuer

CN=Tres Finocchiaro,OU=code.google.com/jzebra,O=jZebra Web Applet,L=Canastota,ST=New York,C=US

Not Before

01/06/2011, 02:49

Not After

31/05/2016, 02:49

Subject

CN=Tres Finocchiaro,OU=code.google.com/jzebra,O=jZebra Web Applet,L=Canastota,ST=New York,C=US

2f:29:4c:8a:7d:ae:3f:bc:d4:62:05:60:32:ec:c7:fd:22:1e:bc:d7:68:e7:53:c7:07:36:09:67:c9:fc:2c:b5
Signer

Actual PE Digest

2f:29:4c:8a:7d:ae:3f:bc:d4:62:05:60:32:ec:c7:fd:22:1e:bc:d7:68:e7:53:c7:07:36:09:67:c9:fc:2c:b5

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

sspi_bridge.pdb

Imports

secur32

FreeContextBuffer
EnumerateSecurityPackagesW
DecryptMessage
EncryptMessage
VerifySignature
MakeSignature
AcquireCredentialsHandleW
QueryCredentialsAttributesW
QueryContextAttributesW
DeleteSecurityContext
InitializeSecurityContextW
FreeCredentialsHandle

kernel32

MultiByteToWideChar
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
FormatMessageW
lstrlenW
FileTimeToSystemTime
CompareStringEx
RtlVirtualUnwind
WideCharToMultiByte
RtlCaptureContext
RtlLookupFunctionEntry
UnhandledExceptionFilter

vcruntime140

memcmp
memcpy
memset
__CxxFrameHandler3
__C_specific_handler
__std_type_info_destroy_list
__std_exception_copy
__std_exception_destroy
_CxxThrowException

api-ms-win-crt-runtime-l1-1-0

_errno
_invalid_parameter_noinfo
_execute_onexit_table
_initialize_onexit_table
_initterm
_initterm_e
_cexit
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment

api-ms-win-crt-string-l1-1-0

wcslen
_wcsdup
wcscpy_s
wcscat_s
wcscmp

api-ms-win-crt-heap-l1-1-0

malloc
free
_callnewh

api-ms-win-crt-environment-l1-1-0

_wgetenv
getenv

api-ms-win-crt-stdio-l1-1-0

fflush
__acrt_iob_func
__stdio_common_vfprintf
__stdio_common_vsprintf_s

Exports

Exports

gss_accept_sec_context
gss_acquire_cred
gss_add_oid_set_member
gss_canonicalize_name
gss_compare_name
gss_context_time
gss_create_empty_oid_set
gss_delete_sec_context
gss_display_name
gss_display_status
gss_export_name
gss_export_sec_context
gss_get_mic
gss_import_name
gss_import_sec_context
gss_indicate_mechs
gss_init_sec_context
gss_inquire_context
gss_inquire_cred
gss_inquire_names_for_mech
gss_release_buffer
gss_release_cred
gss_release_name
gss_release_oid_set
gss_unwrap
gss_verify_mic
gss_wrap
gss_wrap_size_limit

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

73cc4481a2956c4bb2e6bc4e0a03fb4f

Code Sign

4d:e5:a8:c7Certificate

2f:29:4c:8a:7d:ae:3f:bc:d4:62:05:60:32:ec:c7:fd:22:1e:bc:d7:68:e7:53:c7:07:36:09:67:c9:fc:2c:b5Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

secur32

kernel32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-stdio-l1-1-0

Exports

Exports

Sections

.text Size: 18KB - Virtual size: 17KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 888B

.reloc Size: 512B - Virtual size: 84B

4d:e5:a8:c7
Certificate

2f:29:4c:8a:7d:ae:3f:bc:d4:62:05:60:32:ec:c7:fd:22:1e:bc:d7:68:e7:53:c7:07:36:09:67:c9:fc:2c:b5
Signer

.text
Size: 18KB - Virtual size: 17KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 888B

.reloc
Size: 512B - Virtual size: 84B