3a852dcb12b889f871e51a81b88a7871f2d87294804d79a94569508885de3432N

Sharing

Copy URL Twitter E-mail

General

Target

3a852dcb12b889f871e51a81b88a7871f2d87294804d79a94569508885de3432N
Size

1.2MB
MD5

21dad0fccb2b2d647fefc0db4e40cd00
SHA1

4b7ffcd3345a100be2349993ff2590f13a93bb07
SHA256

3a852dcb12b889f871e51a81b88a7871f2d87294804d79a94569508885de3432
SHA512

cecd3389b1dc454ceb6f81b0c3a71b0bcb3e11c3acb799e29fac323798b2063014a5d580c5a7bfc734a1f1f8310df4cfd35c488151012f728770680c9c720461
SSDEEP

24576:4D50bhR/gHAtdN1KPP4/k9Z7UitpOcIDAph/NqRkT21IMfyu:MAR/gHATazBT21I

Score

1^/10

Malware Config

Signatures

Files

3a852dcb12b889f871e51a81b88a7871f2d87294804d79a94569508885de3432N
.exe windows:5 windows x64 arch:x64

d1f0664bd98aac4d0d73539d486e148e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

14:78:1b:c8:62:e8:dc:50:3a:55:93:46:f5:dc:c5:18
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28/07/2015, 00:00

Not After

26/07/2018, 23:59

Subject

CN=NVIDIA Corporation,O=NVIDIA Corporation,L=SANTA CLARA,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:c1:5a:f2:13:67:d0:75:8b:ed:dc:ca:11:86:42:de
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

13/07/2015, 00:00

Not After

13/07/2018, 23:59

Subject

CN=NVIDIA Corporation,OU=IT MIIS,O=NVIDIA Corporation,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d9:7d:aa:c0:1a:24:8f:ea
Certificate

Issuer

CN=Starfield Services Root Certificate Authority,OU=http://certificates.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

16/02/2016, 07:00

Not After

16/02/2021, 07:00

Subject

CN=Starfield Services Timestamp Authority - G1,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

d7:ab:a5:10:a2:b1:39:6d:66:bb:00:9d:c9:31:41:a7:7f:7e:c0:c5:f7:07:22:76:c0:ab:f2:05:cd:b7:93:ab
Signer

Actual PE Digest

d7:ab:a5:10:a2:b1:39:6d:66:bb:00:9d:c9:31:41:a7:7f:7e:c0:c5:f7:07:22:76:c0:ab:f2:05:cd:b7:93:ab

Digest Algorithm

sha256

PE Digest Matches

false

0f:d8:ad:de:52:2e:c1:1d:86:22:6a:67:e7:f0:58:0c:6a:c6:3b:27
Signer

Actual PE Digest

0f:d8:ad:de:52:2e:c1:1d:86:22:6a:67:e7:f0:58:0c:6a:c6:3b:27

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\dvs\p4\build\sw\rel\gpu_drv\r340\r340_00\drivers\ui\uxd\bin\x64\Release\NvXDSync.pdb

Imports

rpcrt4

CStdStubBuffer_DebugServerRelease
NdrCStdStubBuffer_Release
NdrOleAllocate
NdrOleFree
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
CStdStubBuffer_QueryInterface
CStdStubBuffer_AddRef
CStdStubBuffer_Connect
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_CountRefs
CStdStubBuffer_DebugServerQueryInterface

shlwapi

PathFindFileNameW

kernel32

LeaveCriticalSection
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetProcAddress
GetModuleHandleW
CloseHandle
lstrcmpiW
GetSystemTimeAsFileTime
CreateFileW
GetProcessTimes
GetCurrentProcess
CreateThread
OpenEventW
CreateEventW
GetModuleFileNameW
SetEvent
Sleep
GetCurrentThreadId
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
CreateEventA
ExpandEnvironmentStringsW
EnterCriticalSection
OutputDebugStringW
QueryPerformanceCounter
QueryPerformanceFrequency
ReleaseMutex
GetFileSizeEx
WriteFile
WideCharToMultiByte
ProcessIdToSessionId
GetCurrentProcessId
GetCommandLineW
HeapFree
GetProcessHeap
ReleaseSemaphore
CreateSemaphoreA
DuplicateHandle
HeapAlloc
WaitForMultipleObjects
GetLocaleInfoW
LocalFree
RaiseException
lstrlenW
FlushFileBuffers
WaitForSingleObject
InitializeCriticalSection
TlsAlloc
TlsFree
FormatMessageA
ExitThread
TlsGetValue
OpenEventA
ResetEvent
TlsSetValue
ResumeThread
SystemTimeToFileTime
SetWaitableTimer
CreateWaitableTimerA
GetFileAttributesW
ReadFile
CreateMutexW
MoveFileW
SetEnvironmentVariableA
CreateDirectoryW
DeleteFileW
RemoveDirectoryW
CompareStringW
WriteConsoleW
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetConsoleMode
GetConsoleCP
SetFilePointer
LoadLibraryW
GetTickCount
LocalAlloc
LoadLibraryA
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
GetDateFormatA
GetTimeFormatA
EncodePointer
DecodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
TerminateProcess
VirtualProtect
VirtualAlloc
SetThreadStackGuarantee
GetSystemInfo
VirtualQuery
GetStartupInfoW
ExitProcess
GetStdHandle
HeapSetInformation
GetVersion
HeapCreate
GetTimeZoneInformation
FlsGetValue
FlsSetValue
FlsFree
SetLastError
FlsAlloc
HeapReAlloc
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType

advapi32

RegQueryValueExW
RegEnumValueW
TraceMessage
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags

ole32

CoResumeClassObjects
CoSuspendClassObjects
CoRegisterClassObject
CoRevokeClassObject
StringFromGUID2
CoTaskMemAlloc
CoUninitialize
CoInitializeEx
CoCreateInstance
CoAddRefServerProcess
CoReleaseServerProcess
CoCreateInstanceEx
CoTaskMemRealloc
CoTaskMemFree

oleaut32

VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
SysStringLen

Sections

.text
Size: 691KB - Virtual size: 690KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 255B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 237KB - Virtual size: 237KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

M&
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d1f0664bd98aac4d0d73539d486e148e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

14:78:1b:c8:62:e8:dc:50:3a:55:93:46:f5:dc:c5:18Certificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

7b:c1:5a:f2:13:67:d0:75:8b:ed:dc:ca:11:86:42:deCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

d9:7d:aa:c0:1a:24:8f:eaCertificate

Extended Key Usages

Key Usages

d7:ab:a5:10:a2:b1:39:6d:66:bb:00:9d:c9:31:41:a7:7f:7e:c0:c5:f7:07:22:76:c0:ab:f2:05:cd:b7:93:abSigner

0f:d8:ad:de:52:2e:c1:1d:86:22:6a:67:e7:f0:58:0c:6a:c6:3b:27Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

rpcrt4

shlwapi

kernel32

advapi32

ole32

oleaut32

Sections

.text Size: 691KB - Virtual size: 690KB

.orpc Size: 512B - Virtual size: 255B

.rdata Size: 237KB - Virtual size: 237KB

.data Size: 40KB - Virtual size: 53KB

.pdata Size: 34KB - Virtual size: 34KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 150KB - Virtual size: 149KB

M& Size: 10KB - Virtual size: 10KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

14:78:1b:c8:62:e8:dc:50:3a:55:93:46:f5:dc:c5:18
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

7b:c1:5a:f2:13:67:d0:75:8b:ed:dc:ca:11:86:42:de
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

d9:7d:aa:c0:1a:24:8f:ea
Certificate

d7:ab:a5:10:a2:b1:39:6d:66:bb:00:9d:c9:31:41:a7:7f:7e:c0:c5:f7:07:22:76:c0:ab:f2:05:cd:b7:93:ab
Signer

0f:d8:ad:de:52:2e:c1:1d:86:22:6a:67:e7:f0:58:0c:6a:c6:3b:27
Signer

.text
Size: 691KB - Virtual size: 690KB

.orpc
Size: 512B - Virtual size: 255B

.rdata
Size: 237KB - Virtual size: 237KB

.data
Size: 40KB - Virtual size: 53KB

.pdata
Size: 34KB - Virtual size: 34KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 150KB - Virtual size: 149KB

M&
Size: 10KB - Virtual size: 10KB