f8c3b043af4a5e5ba484c366bb0bcf643b265cd7edcf1d41d5d069d02a29ad57

Sharing

Copy URL

Twitter E-mail

General

Target

f8c3b043af4a5e5ba484c366bb0bcf643b265cd7edcf1d41d5d069d02a29ad57
Size

1.4MB
MD5

f092acde702fdacf415d10509eef8701
SHA1

6c5b8fa2d16c61bd0bc5bc7f73db00a790f208f8
SHA256

f8c3b043af4a5e5ba484c366bb0bcf643b265cd7edcf1d41d5d069d02a29ad57
SHA512

a30dea6055d5a9560343984e7189ce1fce0ce8b6cf352f63a4fbf8beaca614fb273b1b3399ddf4c2d92d0bebcff025022e3849d3d9a54fb04411c9e4c160b0b1
SSDEEP

24576:jLsgtxjqgr9vP0ofHXacAZdevw5dpow8OyqDEsTrAci8RhV6P2s3JkhbxLervrEd:jljwcKMvw/pocBHTvi8RhV6P2s3KxeI

Score

1^/10

Malware Config

Signatures

Files

f8c3b043af4a5e5ba484c366bb0bcf643b265cd7edcf1d41d5d069d02a29ad57
.dll windows:5 windows x86 arch:x86

0fa9189a131dee47425d4ccaa09ce657

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22-08-2007 22:31

Not After

25-08-2012 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-12-2009 22:40

Not After

07-03-2011 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16-09-2006 01:04

Not After

15-09-2019 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25-07-2008 19:02

Not After

25-07-2013 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

53:4d:31:cf:d3:36:e7:30:de:49:78:de:1a:a5:5c:42:d2:77:ff:3f
Signer

Actual PE Digest

53:4d:31:cf:d3:36:e7:30:de:49:78:de:1a:a5:5c:42:d2:77:ff:3f

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

t:\richedit\x86\ship\0\riched20.pdb

Imports

kernel32

QueryPerformanceCounter
GetSystemTimeAsFileTime
GetProcessHeap
InterlockedExchange
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
LeaveCriticalSection
RaiseException
GetFileType
SetFilePointer
CloseHandle
WriteFile
ReadFile
GetCurrentProcessId
Sleep
LocalAlloc
LocalLock
LocalUnlock
HeapDestroy
DeleteCriticalSection
InitializeCriticalSection
DisableThreadLibraryCalls
LocalFree
GetTickCount
lstrcmpiA
HeapReAlloc
HeapCreate
HeapAlloc
HeapFree
GetCurrentThreadId
GetLastError
FindAtomW
FindAtomA
LoadLibraryW
LoadLibraryA
CompareStringW
CompareStringA
CreateFileW
CreateFileA
GetStringTypeExW
GetStringTypeExA
GetModuleHandleA
GetSystemDefaultLCID
GetACP
GetModuleHandleW
GetProcAddress
GetModuleFileNameW
GetModuleFileNameA
GetUserDefaultLCID
GetSystemDefaultLangID
GetLocaleInfoW
WideCharToMultiByte
IsValidCodePage
GetThreadLocale
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
GlobalUnlock
GlobalHandle
GlobalLock
GlobalSize
GlobalReAlloc
GlobalFlags
GlobalFree
GlobalAlloc
lstrcmpiW
GetProfileSectionW
GetVersionExA
MultiByteToWideChar
FreeLibrary
MulDiv
EnterCriticalSection
VirtualProtect

user32

CreatePopupMenu
AppendMenuW
UnionRect
IsWindowEnabled
GetDesktopWindow
IsWindow
GetWindow
EnableWindow
IsChild
CreateWindowExA
SetParent
MoveWindow
ShowWindow
GetDCEx
MonitorFromWindow
GetMonitorInfoW
DrawFrameControl
GetCursor
DestroyWindow
GetScrollInfo
DrawFocusRect
GetMessageTime
GetMessagePos
OffsetRect
CopyRect
GetAsyncKeyState
WindowFromDC
DestroyMenu
MessageBeep
GetClipboardData
GetClipboardOwner
OpenClipboard
EmptyClipboard
CloseClipboard
SetClipboardData
IsClipboardFormatAvailable
GetCaretPos
GetCapture
DestroyCaret
BeginPaint
EndPaint
ValidateRect
SetScrollInfo
SetForegroundWindow
ClientToScreen
ScreenToClient
SetCursor
SetFocus
SetCapture
ReleaseCapture
ScrollWindowEx
SetCaretPos
ShowCaret
HideCaret
CreateCaret
UpdateWindow
SetScrollPos
SetScrollRange
IsWindowVisible
InvalidateRect
GetDlgItem
GetFocus
IsIconic
GetWindowDC
GetWindowRect
SetRect
ReleaseDC
GetDC
IntersectRect
NotifyWinEvent
RegisterClipboardFormatA
GetSystemMetrics
RegisterClassW
RegisterClassA
UnregisterClassW
UnregisterClassA
CharUpperBuffW
CharUpperA
CharLowerBuffW
CharLowerA
CreateWindowExW
SetWindowPos
GetDoubleClickTime
GetKeyboardLayoutList
IsWindowUnicode
SendMessageW
RegisterWindowMessageA
FindWindowA
SendMessageA
SystemParametersInfoW
GetKeyState
GetSysColor
FrameRect
InflateRect
FillRect
SetTimer
GetClientRect
MapWindowPoints
GetCursorPos
PtInRect
WindowFromPoint
KillTimer
GetForegroundWindow
GetParent
InvertRect
PeekMessageW
PeekMessageA
PostMessageW
PostMessageA
SetWindowLongW
SetWindowLongA
LoadCursorW
LoadCursorA
LoadBitmapW
LoadBitmapA
GetClassLongW
GetClassLongA
GetWindowLongW
GetWindowLongA
DefWindowProcW
DefWindowProcA
SetCaretBlinkTime
EnableScrollBar
ShowScrollBar
ActivateKeyboardLayout
GetKeyboardLayout
TrackPopupMenu

gdi32

SelectClipRgn
StretchBlt
CombineRgn
CreateRectRgnIndirect
GetWindowOrgEx
Polyline
PatBlt
SetTextColor
GetBkColor
SetBkMode
CreatePen
GetCurrentObject
EnumMetaFile
DeleteMetaFile
CloseMetaFile
SetWindowExtEx
SetWindowOrgEx
CreateMetaFileA
DeleteEnhMetaFile
SetMetaFileBitsEx
GetWinMetaFileBits
BitBlt
CreateBitmap
GetBkMode
RestoreDC
IntersectClipRect
SaveDC
GdiFlush
GetMetaFileBitsEx
GetEnhMetaFileBits
GetEnhMetaFileHeader
SetEnhMetaFileBits
TranslateCharsetInfo
GetPixel
CreateCompatibleBitmap
Rectangle
SetROP2
CreateDIBSection
GetOutlineTextMetricsW
GetFontData
GetGlyphOutlineW
StretchDIBits
GetGlyphIndicesW
CreateCompatibleDC
CreateICW
GetObjectW
CreateICA
GetStockObject
DeleteDC
CreatePatternBrush
SelectPalette
GetObjectA
CreateFontIndirectW
CreateFontIndirectA
GetTextFaceW
GetTextFaceA
EnumFontFamiliesExW
GetKerningPairsA
RealizePalette
SelectObject
ExtTextOutA
GetOutlineTextMetricsA
GetTextMetricsW
GetCharWidthW
GetCharWidthA
GetCharWidth32A
GetCharABCWidthsW
GetDeviceCaps
CreateDCW
SetBkColor
CreateSolidBrush
DeleteObject
GetObjectType
Escape
CreatePalette
LPtoDP
DPtoLP
ExtTextOutW
GetTextCharsetInfo
SetTextAlign
GetTextMetricsA

advapi32

RegEnumKeyExW
RegEnumKeyExA
RegQueryValueExW
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegOpenKeyExW

msvcr90

?_type_info_dtor_internal_method@type_info@@QAEXXZ
memset
wcsncpy_s
memcpy
memmove
strncpy_s
_wcsnicmp
qsort
wcsncmp
wcstod
_encode_pointer
_malloc_crt
free
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_vsnprintf_s
_except_handler4_common
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
iswspace

Exports

Exports

CreateMathXmlHandler
CreateTextBoxLayout
CreateTextServices
DllGetVersion
GetMathAlphanumeric
GetMathAlphanumericCode
GetMathContextMenu
GetMathContextMenuItems
IID_IRichEditOle
IID_IRichEditOleCallback
IID_ITextDocument2
IID_ITextHost
IID_ITextHost2
IID_ITextHostEx
IID_ITextServices
IID_ITextServices2
MathBuildDown
MathBuildUp
MathTranslate
ProcessMathMenuID
RECreateMessageFilter
REExtendedRegisterClass
REMSOHInst
RichComboBoxWndProc
RichEdit10ANSIWndProc
RichEditANSIWndProc
RichEditWndProc
RichListBoxWndProc
SetCustomTextOutHandlerEx
WriteMathPrSax
_DisableOleinitCheck@0

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0fa9189a131dee47425d4ccaa09ce657

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:01:cf:3e:00:00:00:00:00:0fCertificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

61:06:94:2d:00:00:00:00:00:09Certificate

Extended Key Usages

Key Usages

53:4d:31:cf:d3:36:e7:30:de:49:78:de:1a:a5:5c:42:d2:77:ff:3fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

msvcr90

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.data Size: 33KB - Virtual size: 34KB

.rsrc Size: 102KB - Virtual size: 101KB

.reloc Size: 33KB - Virtual size: 32KB

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:01:cf:3e:00:00:00:00:00:0f
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:06:94:2d:00:00:00:00:00:09
Certificate

53:4d:31:cf:d3:36:e7:30:de:49:78:de:1a:a5:5c:42:d2:77:ff:3f
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 33KB - Virtual size: 34KB

.rsrc
Size: 102KB - Virtual size: 101KB

.reloc
Size: 33KB - Virtual size: 32KB