ddc8e0f9fa81e96cb64fe18b9e1734f5f3ae429ab5367bb72f95db869bad696bN[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

ddc8e0f9fa81e96cb64fe18b9e1734f5f3ae429ab5367bb72f95db869bad696bN.exe
Size

1.1MB
MD5

afe1b42582da986eb28d7269f4232800
SHA1

ecab096387c4a7b649ab0dcb0155d042db88be29
SHA256

ddc8e0f9fa81e96cb64fe18b9e1734f5f3ae429ab5367bb72f95db869bad696b
SHA512

d51ab1936e4c5bdf4ca18a3203f7ac073d17bfa9c759e6ab72433278f471667f6a2865e564cacd58e45ce77c20b3108e79073a0b29d03e99d331e5c168f778f3
SSDEEP

12288:Wog9LQJll6XjiIKuvssWWiNP874qeOiKif/qc5/sv2wHGxt0IchxI491qRFsuH9l:WocLQ/l7gsA4tExv2I91q/DCYrEH7s

Score

1^/10

Malware Config

Signatures

Files

ddc8e0f9fa81e96cb64fe18b9e1734f5f3ae429ab5367bb72f95db869bad696bN.exe
.dll windows:6 windows x86 arch:x86

87b892d3aca3cbe8e16875d234b18c63

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

14:78:1b:c8:62:e8:dc:50:3a:55:93:46:f5:dc:c5:18
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28-07-2015 00:00

Not After

26-07-2018 23:59

Subject

CN=NVIDIA Corporation,O=NVIDIA Corporation,L=SANTA CLARA,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:c1:5a:f2:13:67:d0:75:8b:ed:dc:ca:11:86:42:de
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

13-07-2015 00:00

Not After

13-07-2018 23:59

Subject

CN=NVIDIA Corporation,OU=IT MIIS,O=NVIDIA Corporation,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

19-02-2018 00:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign TSA for Advanced - G2

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02-08-2011 10:00

Not After

29-03-2029 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ae:f1:2f:d6:d3:9c:eb:c8:42:b9:90:21:18:d0:f2:da:73:57:38:50:f3:8b:12:46:4c:1f:8a:5b:b9:80:b2:6b
Signer

Actual PE Digest

ae:f1:2f:d6:d3:9c:eb:c8:42:b9:90:21:18:d0:f2:da:73:57:38:50:f3:8b:12:46:4c:1f:8a:5b:b9:80:b2:6b

Digest Algorithm

sha256

PE Digest Matches

false

4b:98:86:c1:58:9d:40:e5:fc:ff:30:6f:78:12:26:15:fd:d9:37:42
Signer

Actual PE Digest

4b:98:86:c1:58:9d:40:e5:fc:ff:30:6f:78:12:26:15:fd:d9:37:42

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\dvs\p4\build\sw\rel\gfclient\rel_03_13_1\Utilities\NvGfeXcode\GfeXCode\winxp_x86_release\GfeXCode.pdb

Imports

shell32

SHGetFolderPathW

user32

SetRectEmpty
SetRect
MessageBoxW

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor

shlwapi

PathFileExistsW
SHCreateStreamOnFileEx

ole32

CoInitializeEx
PropVariantClear
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoUninitialize

gdiplus

GdiplusShutdown
GdipGetImageEncoders
GdipCloneImage
GdipAlloc
GdipDisposeImage
GdiplusStartup
GdipSetPropertyItem
GdipCreateBitmapFromGdiDib
GdipCreateBitmapFromScan0
GdipCreateHBITMAPFromBitmap
GdipFree
GdipGetImageEncodersSize

gdi32

DeleteObject

mfplat

MFGetStrideForBitmapInfoHeader
MFStartup
MFShutdown
MFCreateMemoryBuffer

mfreadwrite

MFCreateSourceReaderFromURL

propsys

PropVariantToUInt32

kernel32

ReadFile
ReadConsoleW
OutputDebugStringA
GetTickCount
SetEndOfFile
HeapReAlloc
HeapSize
WriteConsoleW
SetFilePointerEx
SetStdHandle
CreateFileW
RtlCaptureStackBackTrace
SetConsoleCtrlHandler
GetProcessHeap
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileW
FindNextFileA
FindFirstFileExW
FindFirstFileExA
GetStringTypeW
GetModuleHandleW
FindClose
DecodePointer
FlushFileBuffers
GetACP
GetFileType
GetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
CloseHandle
GetLastError
SetEvent
WaitForSingleObject
CreateEventW
Sleep
CreateThread
GetCurrentThread
SetThreadPriority
WaitForMultipleObjects
MulDiv
DeleteFileW
CopyFileW
DebugBreak
OutputDebugStringW
QueryPerformanceCounter
QueryPerformanceFrequency
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetCurrentThreadId
GetSystemTime
SystemTimeToTzSpecificLocalTime
EncodePointer
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryExW
TryEnterCriticalSection
WaitForSingleObjectEx
SignalObjectAndWait
GetCurrentProcess
SwitchToThread
GetThreadPriority
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
FormatMessageW
GetProcAddress
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
DuplicateHandle
ReleaseSemaphore
InitializeSListHead
UnregisterWaitEx
GetVersionExW
VirtualAlloc
VirtualFree
VirtualProtect
SetProcessAffinityMask
CreateTimerQueue
SetLastError
LoadLibraryW
WaitForMultipleObjectsEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetCurrentProcessId
GetSystemTimeAsFileTime
IsDebuggerPresent
GetStartupInfoW
RaiseException
RtlUnwind
InitializeCriticalSectionAndSpinCount
MultiByteToWideChar
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
WideCharToMultiByte
HeapFree
HeapAlloc
WriteFile
GetConsoleCP
GetConsoleMode
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW

Exports

Exports

DllMain
GfeXcodeFunc
GfeXcodeFuncEx
GfeXcodeImage

Sections

.text
Size: 810KB - Virtual size: 809KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 169KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.cfguard
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

87b892d3aca3cbe8e16875d234b18c63

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

14:78:1b:c8:62:e8:dc:50:3a:55:93:46:f5:dc:c5:18Certificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

7b:c1:5a:f2:13:67:d0:75:8b:ed:dc:ca:11:86:42:deCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3aCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

ae:f1:2f:d6:d3:9c:eb:c8:42:b9:90:21:18:d0:f2:da:73:57:38:50:f3:8b:12:46:4c:1f:8a:5b:b9:80:b2:6bSigner

4b:98:86:c1:58:9d:40:e5:fc:ff:30:6f:78:12:26:15:fd:d9:37:42Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shell32

user32

advapi32

shlwapi

ole32

gdiplus

gdi32

mfplat

mfreadwrite

propsys

kernel32

Exports

Exports

Sections

.text Size: 810KB - Virtual size: 809KB

.rdata Size: 169KB - Virtual size: 168KB

.data Size: 13KB - Virtual size: 19KB

.idata Size: 7KB - Virtual size: 6KB

.cfguard Size: 5KB - Virtual size: 4KB

.00cfg Size: 512B - Virtual size: 260B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 27KB - Virtual size: 26KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

14:78:1b:c8:62:e8:dc:50:3a:55:93:46:f5:dc:c5:18
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

7b:c1:5a:f2:13:67:d0:75:8b:ed:dc:ca:11:86:42:de
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

ae:f1:2f:d6:d3:9c:eb:c8:42:b9:90:21:18:d0:f2:da:73:57:38:50:f3:8b:12:46:4c:1f:8a:5b:b9:80:b2:6b
Signer

4b:98:86:c1:58:9d:40:e5:fc:ff:30:6f:78:12:26:15:fd:d9:37:42
Signer

.text
Size: 810KB - Virtual size: 809KB

.rdata
Size: 169KB - Virtual size: 168KB

.data
Size: 13KB - Virtual size: 19KB

.idata
Size: 7KB - Virtual size: 6KB

.cfguard
Size: 5KB - Virtual size: 4KB

.00cfg
Size: 512B - Virtual size: 260B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 27KB - Virtual size: 26KB