5d55e7a23f5997fb89c9f4c2bd99c06a4c15ad305f96dcbab8dc1d64b5f06235N

Sharing

Copy URL Twitter E-mail

General

Target

5d55e7a23f5997fb89c9f4c2bd99c06a4c15ad305f96dcbab8dc1d64b5f06235N
Size

791KB
MD5

0bc93a01f3c5ff22e86681c278997e00
SHA1

00972a4f3e83dd6886ab335da475202da98693e9
SHA256

5d55e7a23f5997fb89c9f4c2bd99c06a4c15ad305f96dcbab8dc1d64b5f06235
SHA512

ad6b838e5917ca51334c7f3845473650d03a3fa5f66befbf9faf7e015c0dcfb00c52e9e4199bd763e51c128a80203d5a85dfb7c2af3165c0b3fdfb5dd080cc5d
SSDEEP

12288:2OiajIhzdNvajtjz38HkZIbKnxWrlJsk7aMClZE:2OxjIhzdNvkjGK01I+

Score

1^/10

Malware Config

Signatures

Files

5d55e7a23f5997fb89c9f4c2bd99c06a4c15ad305f96dcbab8dc1d64b5f06235N
.dll windows:5 windows x86 arch:x86

0e896f8445ded734b092c99aa77ebfa5

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04/04/2006, 17:44

Not After

26/04/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/04/2006, 19:43

Not After

04/10/2007, 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

77:da:04:55:1f:0b:3c:16:cb:17:5d:6d:c9:d0:9c:a7:fb:b6:77:dc
Signer

Actual PE Digest

77:da:04:55:1f:0b:3c:16:cb:17:5d:6d:c9:d0:9c:a7:fb:b6:77:dc

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

msidcrl40.pdb

Imports

shell32

SHGetSpecialFolderPathW
SHFileOperationA
SHCreateDirectoryExW
SHGetFolderPathW
SHFileOperationW

kernel32

HeapReAlloc
HeapSize
RtlUnwind
VirtualProtect
VirtualAlloc
GetModuleHandleA
GetSystemInfo
VirtualQuery
ExitThread
ExitProcess
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
TerminateProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
LCMapStringW
GetTimeFormatA
GetDateFormatA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
SetFilePointer
GetConsoleCP
GetConsoleMode
GetProcessHeap
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
CompareStringA
CompareStringW
SetEnvironmentVariableA
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
MultiByteToWideChar
GetLastError
EnterCriticalSection
LeaveCriticalSection
lstrlenW
InterlockedIncrement
InterlockedDecrement
LocalFree
TryEnterCriticalSection
HeapAlloc
GetVersionExA
HeapFree
GetCommandLineA
CreateMutexW
CreateFileMappingW
WaitForMultipleObjects
MapViewOfFile
UnmapViewOfFile
ReleaseMutex
GetCurrentProcessId
GetSystemTimeAsFileTime
ResetEvent
GetModuleFileNameW
MulDiv
lstrcmpW
FlushInstructionCache
GlobalAlloc
GlobalLock
GlobalUnlock
GetComputerNameW
CreateEventW
WaitForSingleObject
SetEvent
InterlockedExchange
GetTempPathW
GetTempFileNameW
SetThreadLocale
FileTimeToLocalFileTime
WideCharToMultiByte
FileTimeToSystemTime
EnumResourceNamesW
CreateDirectoryExW
CreateFileW
WriteFile
GetSystemTime
GetLongPathNameW
LoadLibraryA
GetProcAddress
GetSystemDefaultLangID
SetLastError
GetCurrentThreadId
FreeLibrary
lstrcmpiW
CreateThread
CloseHandle
TlsFree
TlsAlloc
TlsSetValue
TlsGetValue
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetTimeZoneInformation
SetEnvironmentVariableW
ReadFile
SetEndOfFile
GetFileAttributesW
LoadLibraryW
FormatMessageA
lstrcmpA
GetCurrentDirectoryW
CopyFileW
LoadLibraryExW
DeleteFileW
TerminateThread
OutputDebugStringA
GetLocalTime
OutputDebugStringW
IsProcessorFeaturePresent
InterlockedCompareExchange
LocalAlloc
lstrlenA
GetThreadLocale
GetCurrentProcess
GetVersionExW

oleaut32

SysFreeString
VariantClear
SysAllocString
VariantInit
VariantChangeType
SysStringLen
SysAllocStringLen
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
SysStringByteLen
VarBstrCmp
VariantChangeTypeEx

advapi32

SetNamedSecurityInfoW
CryptDestroyKey
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
CryptReleaseContext
RegDeleteKeyW
RegEnumKeyExW
CredFree
CryptEncrypt
CryptDecrypt
CredDeleteW
RegEnumValueW
CredWriteW
CredReadW
RegQueryInfoKeyW
CryptContextAddRef
CryptDuplicateKey
CryptHashData
CryptDeriveKey
RegEnumValueA
RegQueryValueExA
CryptGenRandom
CryptSetKeyParam
CryptGetKeyParam
CryptImportKey
CryptGetProvParam
CryptExportKey
CryptGetHashParam
CryptSetHashParam
CryptCreateHash
CredEnumerateW
CryptDestroyHash
CryptGenKey
CryptAcquireContextA
CryptAcquireContextW
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW

shlwapi

PathCombineW
PathCreateFromUrlW
PathIsPrefixW
PathIsDirectoryW
PathFileExistsW

ole32

OleInitialize
CreateStreamOnHGlobal
OleUninitialize
OleLockRunning
CoGetClassObject
CLSIDFromProgID
StringFromGUID2
CoCreateInstance
CoTaskMemFree
CoInitializeEx
CLSIDFromString
CoTaskMemAlloc
CoUninitialize

user32

CreateAcceleratorTableW
ReleaseCapture
GetClassNameW
GetDlgItem
IsChild
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
ScreenToClient
ClientToScreen
GetClientRect
GetFocus
GetWindow
SetWindowPos
DestroyAcceleratorTable
GetSysColor
RegisterWindowMessageW
GetClassInfoExW
LoadCursorW
RegisterClassExW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
DefWindowProcW
GetDesktopWindow
BeginPaint
EndPaint
UnregisterClassA
CallWindowProcW
UnhookWindowsHookEx
MoveWindow
IsWindow
CallNextHookEx
SetFocus
GetNextDlgTabItem
GetKeyState
GetParent
CharNextW
FillRect
UnregisterClassW
GetWindowLongW
SetWindowLongW
AdjustWindowRectEx
CreateWindowExW
GetDC
ReleaseDC
SystemParametersInfoA
LoadStringA
SendMessageW
LoadStringW
SetWindowTextA
ShowWindow
DestroyWindow
SetWindowsHookExW
GetWindowTextA

gdi32

GetStockObject
GetObjectW
CreateSolidBrush
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
SelectObject
DeleteObject
GetDeviceCaps

crypt32

CryptUnprotectData
CryptProtectData
CryptSignMessage
CertGetIssuerCertificateFromStore
CertGetNameStringA
CertVerifyCertificateChainPolicy
CertCloseStore
CertGetCertificateContextProperty
CryptExportPublicKeyInfo
CryptEncodeObjectEx
CryptSignAndEncodeCertificate
CertSetCertificateContextProperty
CertOpenStore
CertCreateCertificateContext
CertAddCertificateContextToStore
CertVerifySubjectCertificateContext
CertDuplicateCertificateContext
CertFreeCertificateContext
CryptVerifyMessageSignature

wininet

InternetConnectW
HttpQueryInfoA
InternetReadFileExA
InternetSetOptionW
InternetOpenA
HttpSendRequestA
HttpOpenRequestW
HttpSendRequestW
InternetReadFile
InternetCreateUrlW
InternetGetConnectedState
InternetGetConnectedStateExW
InternetSetCookieW
InternetCrackUrlW
InternetSetStatusCallbackW
InternetCloseHandle

sensapi

IsNetworkAlive

psapi

GetModuleFileNameExW
EnumProcessModules

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WinVerifyTrustEx

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Exports

Exports

?g_strRequest@@3V?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@A
?g_strResponse@@3V?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@A
AuthIdentityToService
AuthIdentityToServiceEx
BuildAuthTokenRequest
BuildAuthTokenRequestEx
BuildServiceTokenRequest
BuildServiceTokenRequestEx
CacheAuthState
CancelPendingRequest
CloseEnumIdentitiesHandle
CloseIdentityHandle
CreateIdentityHandle
CreateIdentityHandleFromAuthState
CreateIdentityHandleFromCachedAuthState
CreatePassportAuthUIContext
DecryptWithSessionKey
DestroyPassportAuthUIContext
EncryptWithSessionKey
EnumIdentitiesWithCachedCredentials
ExportAuthState
GetAuthState
GetAuthStateEx
GetCertificate
GetExtendedError
GetExtendedProperty
GetIdentityProperty
GetIdentityPropertyByName
GetPreferredAuthUIContextSize
GetServiceConfig
GetUserExtendedProperty
GetWebAuthUrl
GetWebAuthUrlEx
HasPersistedCredential
Initialize
InitializeEx
LogonIdentity
LogonIdentityEx
LogonIdentityWithUI
MigratePersistedCredentials
MoveAuthUIContext
NextIdentity
PassportFreeMemory
PersistCredential
PutTokenResponse
PutTokenResponseEx
RemoveAuthStateFromCache
RemoveChangeNotificationCallback
RemovePersistedCredential
SetChangeNotificationCallback
SetCredential
SetExtendedProperty
SetIdcrlOptions
SetIdentityCallback
SetIdentityProperty
SetUserExtendedProperty
Uninitialize
VerifyCertificate

Sections

.text
Size: 735KB - Virtual size: 735KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0e896f8445ded734b092c99aa77ebfa5

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:baCertificate

Extended Key Usages

Key Usages

61:46:9e:cb:00:04:00:00:00:65Certificate

Extended Key Usages

Key Usages

77:da:04:55:1f:0b:3c:16:cb:17:5d:6d:c9:d0:9c:a7:fb:b6:77:dcSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shell32

kernel32

oleaut32

advapi32

shlwapi

ole32

user32

gdi32

crypt32

wininet

sensapi

psapi

wintrust

version

Exports

Exports

Sections

.text Size: 735KB - Virtual size: 735KB

.data Size: 10KB - Virtual size: 19KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 36KB - Virtual size: 35KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

61:46:9e:cb:00:04:00:00:00:65
Certificate

77:da:04:55:1f:0b:3c:16:cb:17:5d:6d:c9:d0:9c:a7:fb:b6:77:dc
Signer

.text
Size: 735KB - Virtual size: 735KB

.data
Size: 10KB - Virtual size: 19KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 36KB - Virtual size: 35KB