0169a59550f537d6761fb23c1793c02f1fe1b4170eec7526ce548e1d259f0ad9N

Sharing

Copy URL

Twitter E-mail

General

Target

0169a59550f537d6761fb23c1793c02f1fe1b4170eec7526ce548e1d259f0ad9N
Size

356KB
MD5

f3a7e373ac23f1232843f803361008d0
SHA1

42051969eff31298a5dc9a11268f9fc633c9016d
SHA256

0169a59550f537d6761fb23c1793c02f1fe1b4170eec7526ce548e1d259f0ad9
SHA512

9d012de1ccad11858662c2b4d2c967617846fe9a544344bffac6d364e48dac1b036375f9b047a819097cfc7bf1f5a050e5d16826d04330d9d2b411e281334080
SSDEEP

6144:t/Jh9n1jvELB4mCWnF0BV+UdvrEFp7hKf:nh9n17LKF0BjvrEH7Q

Score

1^/10

Malware Config

Signatures

Files

0169a59550f537d6761fb23c1793c02f1fe1b4170eec7526ce548e1d259f0ad9N
.dll windows:4 windows x86 arch:x86

002ecd70b3532e3c9590f920981bab2d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:f3:f0:f7:39:57:a6:9d:a0:71:00:56:02:08:42:b3
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

18/07/2018, 00:00

Not After

16/07/2019, 23:59

Subject

CN=INCA Internet Co.\,Ltd.,OU=IT Team,O=INCA Internet Co.\,Ltd.,L=Guro-gu,ST=SEOUL,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5b:ac:50:56:07:d6:96:b1:31:59:d3:58:40:07:e9:37
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

18/07/2018, 00:00

Not After

16/07/2019, 23:59

Subject

CN=INCA Internet Co.\,Ltd.,OU=IT Team,O=INCA Internet Co.\,Ltd.,L=Guro-gu,ST=SEOUL,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

d8:70:6a:c7:ac:25:60:63:a3:c4:3e:03:36:14:cc:0a:f3:4b:ef:2c:49:9f:30:b8:cc:4f:34:4f:c8:49:e4:a1
Signer

Actual PE Digest

d8:70:6a:c7:ac:25:60:63:a3:c4:3e:03:36:14:cc:0a:f3:4b:ef:2c:49:9f:30:b8:cc:4f:34:4f:c8:49:e4:a1

Digest Algorithm

sha256

PE Digest Matches

false

ec:25:9d:f7:60:a4:ae:b5:5c:1b:02:8b:43:78:7b:5b:d5:69:cb:dd
Signer

Actual PE Digest

ec:25:9d:f7:60:a4:ae:b5:5c:1b:02:8b:43:78:7b:5b:d5:69:cb:dd

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\project\nos-d\engdev_0902_tkctrl\trunk\1.0\dll\tkctrl\x86\releaseu\TKCtrlU.pdb

Imports

user32

MessageBoxW
PostQuitMessage

advapi32

CloseServiceHandle
LookupAccountNameW
ConvertSidToStringSidW
RegCloseKey
RegSetValueExW
RegOpenKeyExW
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegCreateKeyExW
RegQueryValueExA
RegOpenKeyW
CreateServiceW
StartServiceW
OpenServiceW
ControlService
QueryServiceStatus
DeleteService
OpenSCManagerW
RegOpenKeyA
GetUserNameA
RegQueryInfoKeyA
RegEnumKeyExA
RegEnumValueA
ConvertSidToStringSidA
LookupAccountNameA

kernel32

CompareStringW
InterlockedIncrement
CompareStringA
OutputDebugStringW
DeviceIoControl
GetLastError
GetSystemDirectoryW
LocalFree
FormatMessageW
GetProcAddress
LoadLibraryW
GetVolumeInformationW
CreateEventW
CreateThread
WaitForSingleObject
SetEvent
ReadFile
GetQueuedCompletionStatus
CloseHandle
GetSystemInfo
TerminateThread
ConnectNamedPipe
CreateIoCompletionPort
CreateNamedPipeW
GetCurrentProcess
CreateRemoteThread
GetModuleHandleW
VirtualFreeEx
WriteProcessMemory
VirtualAllocEx
OpenProcess
Module32NextW
Module32FirstW
CreateToolhelp32Snapshot
WriteFile
SetNamedPipeHandleState
Sleep
CreateFileW
DisconnectNamedPipe
FlushFileBuffers
ExpandEnvironmentStringsW
GetVersion
SetLastError
GetTickCount
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
LeaveCriticalSection
EnterCriticalSection
SetEnvironmentVariableA
MultiByteToWideChar
WideCharToMultiByte
GetComputerNameA
GetWindowsDirectoryW
CreateDirectoryW
RemoveDirectoryW
GetVersionExW
GetFileAttributesW
HeapAlloc
HeapFree
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcessHeap
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DeleteCriticalSection
FatalAppExitA
VirtualFree
VirtualAlloc
HeapReAlloc
HeapDestroy
HeapCreate
GetModuleHandleA
ExitProcess
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThread
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSection
RtlUnwind
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
LoadLibraryA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
HeapSize
GetLocaleInfoW
GetTimeZoneInformation
CreateFileA

Exports

Exports

TKCtrlClose
TKCtrlCloseACI
TKCtrlCloseDataQueue
TKCtrlCloseDataQueueEx
TKCtrlCloseHandle
TKCtrlCloseNtfsFile
TKCtrlControlACI
TKCtrlControlVolumeScan
TKCtrlDeleteFile
TKCtrlDeleteFileA
TKCtrlDeleteFileW
TKCtrlEnumDirectoryObject
TKCtrlFindClose
TKCtrlFindFirstFile
TKCtrlFindFirstFileA
TKCtrlFindFirstFileL
TKCtrlFindFirstFileQ
TKCtrlFindFirstFileQA
TKCtrlFindFirstFileQL
TKCtrlFindFirstFileQW
TKCtrlFindFirstFileW
TKCtrlFindNextFile
TKCtrlFindNextFileA
TKCtrlFindNextFileL
TKCtrlFindNextFileQ
TKCtrlFindNextFileQA
TKCtrlFindNextFileQL
TKCtrlFindNextFileQW
TKCtrlFindNextFileW
TKCtrlGetAllPolicyLog
TKCtrlGetDllVersion
TKCtrlGetDrvVersion
TKCtrlGetFileSize
TKCtrlGetFileSizeEx
TKCtrlGetHiddenModule
TKCtrlGetModuleInfo
TKCtrlGetModuleList
TKCtrlGetProcessList
TKCtrlGetProcessListEx
TKCtrlHideModule
TKCtrlInit
TKCtrlInitACI
TKCtrlInitCharacterSet
TKCtrlInitDataQueue
TKCtrlInitDataQueueEx
TKCtrlLoadAtStartUp
TKCtrlLoadDriver
TKCtrlOpenFile
TKCtrlOpenFileA
TKCtrlOpenFileW
TKCtrlOpenNtfsFile
TKCtrlReadFile
TKCtrlReadNtfsFile
TKCtrlRegCloseContext
TKCtrlRegCloseKey
TKCtrlRegCreateContext
TKCtrlRegCreateContextA
TKCtrlRegCreateContextW
TKCtrlRegDeleteValue2
TKCtrlRegDeleteValueW2
TKCtrlRegEnumKeyEx
TKCtrlRegEnumKeyExA
TKCtrlRegEnumKeyExW
TKCtrlRegEnumValue
TKCtrlRegEnumValueA
TKCtrlRegEnumValueW
TKCtrlRegOpenKey
TKCtrlRegOpenKeyA
TKCtrlRegOpenKeyW
TKCtrlRegQueryInfoKey
TKCtrlRegQueryInfoKeyA
TKCtrlRegQueryInfoKeyW
TKCtrlRegQueryValueEx
TKCtrlRegQueryValueEx2
TKCtrlRegQueryValueExA
TKCtrlRegQueryValueExW
TKCtrlRegQueryValueExW2
TKCtrlRegisterSyncThreadNotify
TKCtrlSetAppContext
TKCtrlSetPauseDataQueue
TKCtrlSetQueryInfo
TKCtrlSetQueryInfoEx
TKCtrlStartACI
TKCtrlStartVolumeScan
TKCtrlStopACI
TKCtrlUnloadDriver
TKCtrlUnregisterSyncThreadNotify

Sections

.text
Size: 204KB - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

002ecd70b3532e3c9590f920981bab2d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

61:f3:f0:f7:39:57:a6:9d:a0:71:00:56:02:08:42:b3Certificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

5b:ac:50:56:07:d6:96:b1:31:59:d3:58:40:07:e9:37Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6Certificate

Extended Key Usages

Key Usages

d8:70:6a:c7:ac:25:60:63:a3:c4:3e:03:36:14:cc:0a:f3:4b:ef:2c:49:9f:30:b8:cc:4f:34:4f:c8:49:e4:a1Signer

ec:25:9d:f7:60:a4:ae:b5:5c:1b:02:8b:43:78:7b:5b:d5:69:cb:ddSigner

Headers

File Characteristics

PDB Paths

Imports

user32

advapi32

kernel32

Exports

Exports

Sections

.text Size: 204KB - Virtual size: 200KB

.rdata Size: 24KB - Virtual size: 21KB

.data Size: 4KB - Virtual size: 23KB

.rsrc Size: 16KB - Virtual size: 15KB

.reloc Size: 8KB - Virtual size: 5KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

61:f3:f0:f7:39:57:a6:9d:a0:71:00:56:02:08:42:b3
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

5b:ac:50:56:07:d6:96:b1:31:59:d3:58:40:07:e9:37
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

d8:70:6a:c7:ac:25:60:63:a3:c4:3e:03:36:14:cc:0a:f3:4b:ef:2c:49:9f:30:b8:cc:4f:34:4f:c8:49:e4:a1
Signer

ec:25:9d:f7:60:a4:ae:b5:5c:1b:02:8b:43:78:7b:5b:d5:69:cb:dd
Signer

.text
Size: 204KB - Virtual size: 200KB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 4KB - Virtual size: 23KB

.rsrc
Size: 16KB - Virtual size: 15KB

.reloc
Size: 8KB - Virtual size: 5KB