General

Malware Config

Signatures

Files

• 110950b35c182952edfb6b0afc373ecf572fb90a0dfe56d435e3f7acc1cec474

  .exe windows x86

  dc4164f6a86d3fa81d6770ef24f2614a

  
  

  Code Sign

  0a

  Certificate

  Issuer

  CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

  Not Before

  06-08-2003 00:00

  Not After

  05-08-2013 23:59

  Subject

  CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

  Extended Key Usages

  ExtKeyUsageClientAuth

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5

  Certificate

  Issuer

  CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

  Not Before

  15-06-2007 00:00

  Not After

  14-06-2012 23:59

  Subject

  CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4

  Certificate

  Issuer

  CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

  Not Before

  04-12-2003 00:00

  Not After

  03-12-2013 23:59

  Subject

  CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  67:1e:57:5f:54:ec:3b:53:c2:b0:2e:2e:0b:ea:c5:ec

  Certificate

  Issuer

  CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

  Not Before

  08-03-2010 00:00

  Not After

  07-03-2012 23:59

  Subject

  CN=Google Inc,OU=Digital ID Class 3 - Netscape Object Signing,O=Google Inc,L=Mountain View,ST=California,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  ExtKeyUsageMicrosoftCommercialCodeSigning

  99:db:c4:36:03:68:96:38:d6:05:e3:64:df:b8:a2:7b:7e:ef:2a:57

  Signer

  Actual PE Digest

  99:db:c4:36:03:68:96:38:d6:05:e3:64:df:b8:a2:7b:7e:ef:2a:57

  Digest Algorithm

  sha1

  PE Digest Matches

  false

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=Google Inc,OU=Digital ID Class 3 - Netscape Object Signing,O=Google Inc,L=Mountain View,ST=California,C=US

  01-06-2010 23:30

  Valid: false

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  ExitProcess

  GetCommandLineA

  GetStartupInfoA

  GetModuleHandleA

  GetProcessHeap

  HeapReAlloc

  HeapAlloc

  RtlUnwind

  WideCharToMultiByte

  CreateFileA

  DeleteFileA

  RemoveDirectoryA

  WriteFile

  FindResourceA

  LockResource

  LoadResource

  SizeofResource

  GetVersionExA

  RaiseException

  lstrcmpA

  CloseHandle

  CreateDirectoryA

  InterlockedExchange

  GetTempFileNameA

  FindResourceExA

  GetLastError

  GetTempPathA

  SetLastError

  GetModuleFileNameA

  CreateFileMappingA

  MapViewOfFile

  UnmapViewOfFile

  VirtualQuery

  ReadFile

  SetFilePointer

  CreateProcessA

  WaitForSingleObject

  GetExitCodeProcess

  EnterCriticalSection

  LeaveCriticalSection

  InitializeCriticalSection

  DeleteCriticalSection

  GetACP

  GetLocaleInfoA

  GetThreadLocale

  HeapDestroy

  HeapFree

  HeapSize

  shlwapi

  PathQuoteSpacesA

  ole32

  CoInitializeEx

  CoUninitialize

  user32

  UnregisterClassA

  MessageBoxA

  CharLowerBuffA

  CharNextA

  wvsprintfA

  Sections

  .text

  Size: 13KB - Virtual size: 13KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 2KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 512B - Virtual size: 484B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 532KB - Virtual size: 532KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ