c979a4346e7a3d073c0617e5d025680ee4c4ecc7686660963f28152ae2149337

Sharing

Copy URL Twitter E-mail

General

Target

c979a4346e7a3d073c0617e5d025680ee4c4ecc7686660963f28152ae2149337
Size

709KB
MD5

1a3ac7708bead968602f629df97e59fc
SHA1

00a28b4fed8ec9ab26dfcde19a3a7f6f1293225f
SHA256

c979a4346e7a3d073c0617e5d025680ee4c4ecc7686660963f28152ae2149337
SHA512

4c23fcc206fbe853d555ba5a2cbbcf04c66c802fe713d227d65ff9985db86cb047b5a47eb704df16d39cf3a2925b5c0e699ba11de2c9fd3075fbe0d5d571dc88
SSDEEP

12288:osDzrTSU7GimiV/ZKkUSTXsSova363tfO2aZO+8d3c6dksXWeDuUlsk:HTSE3Hova369fO2rj3WsXWC

Score

N/A

Malware Config

Signatures

Files

c979a4346e7a3d073c0617e5d025680ee4c4ecc7686660963f28152ae2149337
.exe windows x86

9a81e6a7017553346897d586aa0d4b20

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

45:62:43:07:0b:32:ab:65:36:43:ba:67:b6:52:95:3c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

27/08/2007, 00:00

Not After

04/09/2009, 23:59

Subject

CN=Hewlett Packard,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Desktop Consumer Solutions,O=Hewlett Packard,L=San Diego,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

ReadFile
SetFilePointer
LockFile
UnlockFile
SetEndOfFile
GetThreadLocale
DuplicateHandle
GetVolumeInformationA
InterlockedIncrement
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
GetCPInfo
GetOEMCP
SetErrorMode
RtlUnwind
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
VirtualProtect
VirtualAlloc
VirtualQuery
GetTimeFormatA
GetDateFormatA
GetSystemTimeAsFileTime
HeapSize
SetStdHandle
GetFileType
GetACP
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetStdHandle
VirtualFree
HeapDestroy
HeapCreate
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
FileTimeToLocalFileTime
FileTimeToSystemTime
InterlockedDecrement
GetModuleFileNameW
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
FreeResource
GlobalLock
GlobalUnlock
OpenMutexA
CreateMutexA
GetFileTime
CompareFileTime
WritePrivateProfileStringA
MoveFileA
LocalAlloc
Sleep
GetProcessAffinityMask
CreateThread
SetThreadAffinityMask
ResumeThread
GetShortPathNameA
GetLocaleInfoA
GetUserDefaultLangID
FormatMessageA
LocalFree
GetSystemDefaultLangID
TerminateProcess
lstrcmpA
CreateDirectoryA
GetTempPathA
FlushFileBuffers
DeleteFileA
GlobalAlloc
GlobalFree
HeapFree
GetProcessHeap
HeapAlloc
InitializeCriticalSection
GetFileSize
DeleteCriticalSection
QueryPerformanceCounter
QueryPerformanceFrequency
WriteFile
OutputDebugStringA
CreateFileA
GetStartupInfoA
CreateProcessA
WaitForSingleObject
GetExitCodeProcess
GetVersionExA
GetDiskFreeSpaceA
GlobalMemoryStatus
GetSystemDirectoryA
GetSystemInfo
GetEnvironmentVariableA
lstrcmpiA
CompareStringW
CompareStringA
GetVersion
InterlockedExchange
GetCommandLineA
GetCurrentProcessId
FindResourceExA
GetWindowsDirectoryA
FindFirstFileA
FindNextFileA
FindClose
CloseHandle
GetPrivateProfileStringA
GetCurrentDirectoryA
lstrlenA
MulDiv
GetCurrentProcess
GlobalAddAtomA
GlobalDeleteAtom
GetCurrentThreadId
GetTickCount
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
GetFullPathNameA
GetFileAttributesA
FindResourceA
LoadResource
LockResource
SizeofResource
FreeLibrary
SetLastError
GetDriveTypeA
QueryDosDeviceA
GetModuleHandleA
GetLastError
LoadLibraryA
GetProcAddress
EnterCriticalSection
LeaveCriticalSection
HeapReAlloc

user32

PostThreadMessageA
RegisterClipboardFormatA
GetNextDlgGroupItem
ReleaseCapture
SetCapture
InvalidateRgn
IsRectEmpty
CopyAcceleratorTableA
CharNextA
InvalidateRect
SetRect
MessageBeep
UnregisterClassA
DestroyMenu
LoadCursorA
GetSysColorBrush
SetWindowContextHelpId
MapDialogRect
SetCursor
GetMessageA
ValidateRect
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetCursorPos
WindowFromPoint
ShowWindow
MoveWindow
IsDialogMessageA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
EnableMenuItem
CheckMenuItem
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
GetKeyState
SetForegroundWindow
UpdateWindow
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
ScreenToClient
EqualRect
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
IsWindowEnabled
GetParent
GetNextDlgTabItem
EndDialog
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
IsWindow
SetWindowTextA
MessageBoxA
WaitForInputIdle
MsgWaitForMultipleObjects
PostQuitMessage
GetWindowThreadProcessId
EnumDisplaySettingsA
GetSystemMetrics
CharUpperA
GetDesktopWindow
GetWindowRect
IsIconic
LoadBitmapA
GetWindowTextLengthA
GetWindowLongA
GetDC
SetWindowLongA
ReleaseDC
PeekMessageA
TranslateMessage
DispatchMessageA
RegisterWindowMessageA
GetFocus
PostMessageA
GetSysColor
LoadImageA
GetClientRect
LoadIconA
EnableWindow
SendMessageA
IsWindowVisible

gdi32

GetStockObject
CreateSolidBrush
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
DeleteObject
SetMapMode
SetBkMode
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
SetLayout
GetDeviceCaps
CreateCompatibleDC
CreateCompatibleBitmap
RestoreDC
SaveDC
CreateRectRgnIndirect
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
StretchBlt
BitBlt
GetObjectA
CreateFontA
GetLayout

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegQueryValueA
RegEnumKeyA
RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegCreateKeyExA
RegOpenKeyA
RegOpenKeyExA
RegDeleteKeyA
RegSetValueExA
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
LookupAccountSidA
FreeSid
RegQueryValueExA

shlwapi

PathStripToRootA
PathFindFileNameA
PathFindExtensionA
PathIsUNCA

oledlg

ord8

ole32

StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
StgOpenStorageOnILockBytes

oleaut32

SysStringLen
SysAllocStringLen
SysAllocString
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
SysAllocStringByteLen
SysFreeString
VariantInit
VariantChangeType
VariantClear
OleLoadPicturePath

Sections

.text
Size: 408KB - Virtual size: 406KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9a81e6a7017553346897d586aa0d4b20

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

45:62:43:07:0b:32:ab:65:36:43:ba:67:b6:52:95:3cCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

version

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shlwapi

oledlg

ole32

oleaut32

Sections

.text Size: 408KB - Virtual size: 406KB

.rdata Size: 112KB - Virtual size: 110KB

.data Size: 16KB - Virtual size: 94KB

.rsrc Size: 164KB - Virtual size: 162KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

45:62:43:07:0b:32:ab:65:36:43:ba:67:b6:52:95:3c
Certificate

.text
Size: 408KB - Virtual size: 406KB

.rdata
Size: 112KB - Virtual size: 110KB

.data
Size: 16KB - Virtual size: 94KB

.rsrc
Size: 164KB - Virtual size: 162KB