4871cf07e9e8cefcc924e03765d1c6de7d9b526f286ef6907f262b1acc111d73

Sharing

Copy URL

Twitter E-mail

General

Target

4871cf07e9e8cefcc924e03765d1c6de7d9b526f286ef6907f262b1acc111d73
Size

624KB
MD5

506d8040d5510ba281579090ecab3176
SHA1

4b1e6748718cb9512a48658bc372846f0dc2fded
SHA256

4871cf07e9e8cefcc924e03765d1c6de7d9b526f286ef6907f262b1acc111d73
SHA512

6bf9057ffd683244a20d72b6681474e90008e5398cf1dc5ad27d72acbe6f16b4365775043b7228bc1ea78863a26bac7cbc82339e37a6eb191f9e35ecc0e55ceb
SSDEEP

12288:5IB8pvskfO5KiRI7XHgZQKhJgeCmJEBjvrEH7QyF:568dswi+LHgZpJEMurEH7FF

Score

1^/10

Malware Config

Signatures

Files

4871cf07e9e8cefcc924e03765d1c6de7d9b526f286ef6907f262b1acc111d73
.dll regsvr32 windows:5 windows x86 arch:x86

6a4fbbd06468509a7d61a80b345e2b9f

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22-08-2007 22:31

Not After

25-08-2012 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-12-2009 22:40

Not After

07-03-2011 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16-09-2006 01:04

Not After

15-09-2019 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25-07-2008 19:02

Not After

25-07-2013 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

e8:25:ca:41:6e:c1:72:9f:07:74:71:c3:5d:e3:f2:60:37:1f:7a:ee
Signer

Actual PE Digest

e8:25:ca:41:6e:c1:72:9f:07:74:71:c3:5d:e3:f2:60:37:1f:7a:ee

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

t:\misc_urlredirection\x86\ship\0\urlredirection.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

secur32

GetUserNameExW

advapi32

DeregisterEventSource
ReportEventW
RegisterEventSourceW
OpenThreadToken
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegQueryValueExA
RegEnumKeyW
RegEnumValueW
RegDeleteValueA
RegEnumValueA
RegQueryInfoKeyA
GetLengthSid
AddAccessAllowedAce
AddAccessDeniedAce
InitializeAcl
AllocateAndInitializeSid
CopySid
GetTokenInformation
OpenProcessToken
FreeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
CheckTokenMembership
IsValidSid
ConvertSidToStringSidA
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsA
TraceEvent
RegOpenKeyExA

gdi32

GetDeviceCaps
DeleteDC
DeleteObject
CreateDCA
CreateSolidBrush

kernel32

VirtualProtect
QueryPerformanceCounter
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetFileAttributesW
GetVersion
lstrlenW
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetLastError
lstrcmpiW
LoadLibraryW
SetLastError
GetModuleFileNameW
OutputDebugStringA
LoadLibraryExW
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
DisableThreadLibraryCalls
SetThreadLocale
GetThreadLocale
HeapFree
HeapAlloc
GetProcessHeap
VirtualAlloc
HeapSetInformation
HeapCreate
HeapDestroy
HeapReAlloc
HeapSize
HeapUnlock
HeapLock
TlsSetValue
CreateFileW
GetLocaleInfoW
ExpandEnvironmentStringsW
GetProcessTimes
GetCurrentProcess
GlobalFree
CreateMutexA
OpenMutexA
CreateSemaphoreA
CreateFileMappingA
GetShortPathNameA
GetModuleFileNameA
DeleteFileW
GlobalAlloc
GetSystemDefaultLCID
GetSystemDefaultLangID
IsValidLocale
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
VirtualFree
TlsGetValue
TlsAlloc
TlsFree
LocalFree
LocalAlloc
CloseHandle
GetSystemDirectoryW
GetVersionExA
GetModuleHandleExW
RtlCaptureStackBackTrace
WaitForSingleObject
ReleaseMutex
GetSystemTimeAsFileTime
GetTickCount
GetLocalTime
WriteFile
SetFileAttributesW
ReadFile
GetUserDefaultLangID
GetTimeZoneInformation
GetDiskFreeSpaceExW
IsWow64Process
GetSystemInfo
GetUserDefaultLCID
GetVersionExW
TerminateProcess
GetCurrentProcessId
UnmapViewOfFile
MapViewOfFile
Sleep
IsDBCSLeadByte
LockResource
FindResourceA
GetStringTypeExW
WideCharToMultiByte
IsValidCodePage
CompareStringW
GetTempPathW
GetShortPathNameW
GetLongPathNameW
CreateDirectoryW
GetFileType
GetCurrentThread
InterlockedExchange
GlobalMemoryStatus
ReleaseSemaphore
IsProcessorFeaturePresent
EnumUILanguagesW
EnumSystemLocalesW
EncodePointer
DecodePointer
InterlockedCompareExchange
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter

ole32

CoInitializeEx
CoUninitialize
StringFromGUID2
CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance
CoTaskMemAlloc

oleaut32

VariantClear
SysFreeString
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
SysAllocString
LoadTypeLi
LoadRegTypeLi
DispCallFunc
SysStringLen
VariantInit

shell32

SHGetDesktopFolder
SHGetSpecialFolderPathW
SHGetFileInfoW

user32

GetSysColor
EnumDisplayMonitors
GetMonitorInfoA
GetKeyboardLayout
GetKeyboardLayoutList
GetSystemMetrics
SystemParametersInfoA
ReleaseDC
GetMenuCheckMarkDimensions
MessageBoxW
CharNextW
GetDC

msvcr90

wcsrchr
malloc
free
memcpy_s
wcsstr
_initterm
memset
swprintf_s
wcsnlen
_recalloc
wcscpy_s
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
__clean_type_info_names_internal
_crt_debugger_hook
_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
__CppXcptFilter
_adjust_fdiv
wcscat_s
memcpy
strncpy_s
wcschr
bsearch
_vsnprintf_s
wcsncat_s
memmove
_CIsqrt
vswprintf_s
_amsg_exit
_initterm_e
wcsncpy_s
_decode_pointer
_encoded_null
_malloc_crt
_encode_pointer
_wcsicmp
_CxxThrowException
_vsnprintf
__CxxFrameHandler3
_vscwprintf

shlwapi

StrRetToBufW
PathFindExtensionW
AssocQueryStringW
PathFindFileNameW

rpcrt4

UuidCreate

msohev

ord5
ord10
ord28
ord4

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 326KB - Virtual size: 326KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 198KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6a4fbbd06468509a7d61a80b345e2b9f

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:01:cf:3e:00:00:00:00:00:0fCertificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

61:06:94:2d:00:00:00:00:00:09Certificate

Extended Key Usages

Key Usages

e8:25:ca:41:6e:c1:72:9f:07:74:71:c3:5d:e3:f2:60:37:1f:7a:eeSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

secur32

advapi32

gdi32

kernel32

ole32

oleaut32

shell32

user32

msvcr90

shlwapi

rpcrt4

msohev

Exports

Exports

Sections

.text Size: 326KB - Virtual size: 326KB

.data Size: 198KB - Virtual size: 227KB

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 11KB - Virtual size: 11KB

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:01:cf:3e:00:00:00:00:00:0f
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:06:94:2d:00:00:00:00:00:09
Certificate

e8:25:ca:41:6e:c1:72:9f:07:74:71:c3:5d:e3:f2:60:37:1f:7a:ee
Signer

.text
Size: 326KB - Virtual size: 326KB

.data
Size: 198KB - Virtual size: 227KB

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 11KB - Virtual size: 11KB