d5f7e0c50b8090563efa49d652dac361b7c7a0168443381c89dfe51184254620

Sharing

Copy URL Twitter E-mail

General

Target

d5f7e0c50b8090563efa49d652dac361b7c7a0168443381c89dfe51184254620
Size

521KB
MD5

4040cedcf65e94b18d90efa99b4e2ecd
SHA1

11211dc7fddc225bf08e91476a17e51d6b7bbab6
SHA256

d5f7e0c50b8090563efa49d652dac361b7c7a0168443381c89dfe51184254620
SHA512

0311e61bb985158197848b6e09e18bd388eab041389f7fe9c96b028f9a34cc5373097ec60da5460904297ad83932ee9138aaf4a7fd84ade52ac6468e11ef24ac
SSDEEP

12288:7LvTwCXi8lwtNCFY5hH1Ygm/Ll4tl+eIO9CVRiMi7V:7khOgyl43AACVRRi7V

Score

N/A

Malware Config

Signatures

Files

d5f7e0c50b8090563efa49d652dac361b7c7a0168443381c89dfe51184254620
.exe windows x86

ab7028c689eda741357257b2e53cc729

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:d2:87:fc:29:56:c1:1f:bb:e4:50:87:9a:7a:15:3e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

06/07/2006, 00:00

Not After

05/07/2009, 23:59

Subject

CN=Nova Development,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Secure Code Signing,O=Nova Development,L=Calabsasas,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdipGetImageGraphicsContext
GdipCreateSolidFill
GdipCloneBrush
GdipCreateBitmapFromHBITMAP
GdipSetImageAttributesColorMatrix
GdipCreateBitmapFromScan0
GdipFillEllipseI
GdipCreatePen1
GdipDrawEllipseI
GdipDeletePen
GdipDeleteBrush
GdipGetImageHeight
GdipGetImageWidth
GdiplusStartup
GdipCloneImage
GdipAlloc
GdiplusShutdown
GdipFree
GdipLoadImageFromStream
GdipCreateFromHDC
GdipCreateImageAttributes
GdipSetImageAttributesRemapTable
GdipDrawImageRectRectI
GdipDisposeImageAttributes
GdipDeleteGraphics
GdipDisposeImage
GdipGetImageType
GdipDrawImageRectI

kernel32

lstrcatA
GetPrivateProfileStringA
lstrcpyA
lstrlenA
LocalAlloc
SetEnvironmentVariableA
CreateThread
GetDriveTypeA
LoadLibraryA
SetErrorMode
FreeLibrary
VirtualAlloc
FlushFileBuffers
SetStdHandle
LCMapStringW
LCMapStringA
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateFileA
CompareStringA
SetEndOfFile
SetFilePointer
CopyFileA
WriteFile
lstrcmpiA
ReadFile
GetFileSize
lstrcpynA
GetModuleFileNameA
DeleteFileA
GetWindowsDirectoryA
QueryPerformanceFrequency
CreateEventA
GetTickCount
GetCurrentThreadId
GetFileAttributesA
IsDBCSLeadByte
FindClose
lstrcmpA
FindFirstFileA
GetProcAddress
GetModuleHandleA
CreateDirectoryA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
FreeResource
LockResource
LoadResource
FindResourceA
GetUserDefaultLCID
GetCurrentDirectoryA
SetCurrentDirectoryA
GetEnvironmentVariableA
VerLanguageNameA
HeapAlloc
HeapFree
HeapDestroy
HeapCreate
GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
CompareStringW
SetLastError
GetLastError
Sleep
GlobalSize
SizeofResource
GetSystemDirectoryA
GetSystemInfo
GetVersion
GetLocalTime
GetCurrentProcess
WritePrivateProfileStringA
FindResourceExA
CreateProcessA
InterlockedIncrement
InterlockedDecrement
VirtualQuery
VirtualProtect
SearchPathA
WaitForSingleObject
SetEvent
ResetEvent
QueryPerformanceCounter
SystemTimeToFileTime
EnterCriticalSection
InitializeCriticalSection
InterlockedExchange
DeleteCriticalSection
LeaveCriticalSection
GetStartupInfoA
GetCommandLineA
ExitProcess
RtlUnwind
GetTimeZoneInformation
GetSystemTime
RaiseException
TerminateProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
TlsSetValue
TlsAlloc
TlsGetValue
VirtualFree
HeapReAlloc
HeapSize
IsBadWritePtr
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
IsBadReadPtr
IsBadCodePtr

user32

GetDlgItemTextA
SetForegroundWindow
LoadStringA
PeekMessageA
GetDesktopWindow
ReleaseDC
GetDC
SetWindowLongA
GetClassInfoA
GetWindowLongA
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
GetKeyState
ScreenToClient
MessageBeep
MapVirtualKeyA
VkKeyScanA
CharNextA
GetParent
DialogBoxIndirectParamA
SetFocus
IsRectEmpty
SubtractRect
EqualRect
IntersectRect
CopyRect
UnionRect
PtInRect
SendDlgItemMessageA
SetWindowTextA
LoadIconA
ReleaseCapture
SetCursor
LoadCursorA
SetCapture
DestroyCursor
SetClassLongA
LoadCursorFromFileA
GetMessageTime
GetMessagePos
UpdateWindow
WaitForInputIdle
EnableWindow
GetClassInfoExA
SetParent
DrawIcon
ClientToScreen
GetIconInfo
DrawTextA
DrawTextW
InflateRect
DrawFrameControl
IsCharAlphaA
IsCharAlphaNumericA
DestroyCaret
ShowCaret
SetCaretBlinkTime
CreateCaret
CharLowerBuffA
CharUpperBuffA
SetCaretPos
GetScrollPos
ShowWindow
IsWindowVisible
IsIconic
EnumChildWindows
CreateWindowExA
InvalidateRect
SetCursorPos
GetCursorPos
ShowScrollBar
AppendMenuA
GetSystemMenu
UnregisterClassA
TrackPopupMenu
DestroyMenu
SetRectEmpty
GetFocus
GetWindow
GetForegroundWindow
SetScrollPos
GetScrollRange
SetScrollRange
WindowFromPoint
ValidateRect
IsDlgButtonChecked
CheckRadioButton
GetWindowTextA
CreatePopupMenu
SetRect
SystemParametersInfoA
CharLowerA
MsgWaitForMultipleObjects
IsWindow
DestroyWindow
GetMessageA
RegisterClassExA
DrawFocusRect
DispatchMessageA
CharUpperA
RegisterWindowMessageA
EndDialog
LoadBitmapA
SetTimer
FillRect
KillTimer
DialogBoxParamA
GetClientRect
GetWindowRect
SetDlgItemTextA
GetSystemMetrics
MoveWindow
GetDlgItem
SetWindowPos
BeginPaint
EndPaint
PostMessageA
wsprintfA
MessageBoxA
PostQuitMessage
DefWindowProcA
CreateDialogParamA
GetSysColor
FindWindowA
SendMessageA
RegisterClassA
TranslateMessage

gdi32

GetTextExtentPoint32A
GetSystemPaletteEntries
CreatePalette
GetDeviceCaps
CreateEllipticRgnIndirect
CreateDCA
GetTextMetricsA
StretchDIBits
RoundRect
Ellipse
SetTextCharacterExtra
TextOutA
SetTextAlign
ExtTextOutA
Polyline
CreatePolygonRgn
CreateRoundRectRgn
CreateEllipticRgn
GetPixel
SetPixel
CreateDIBitmap
LineTo
CreatePen
SetWinMetaFileBits
SetEnhMetaFileBits
PlayEnhMetaFile
SetStretchBltMode
CreateCompatibleBitmap
CreateBitmap
StretchBlt
DeleteEnhMetaFile
CreateHatchBrush
SetBkColor
Rectangle
DeleteObject
CreateSolidBrush
DeleteDC
BitBlt
SelectObject
RealizePalette
SelectPalette
UnrealizeObject
CreateCompatibleDC
SetTextColor
SetBkMode
GetStockObject
GetObjectA
CreateRectRgn
CreateRectRgnIndirect
MoveToEx
CreateFontIndirectA
EnumFontFamiliesExA
CombineRgn
AddFontResourceA
RemoveFontResourceA
SaveDC
SelectClipRgn
Polygon
EnumFontsA
PatBlt
CreatePatternBrush
RestoreDC

comdlg32

GetOpenFileNameA

ole32

CoInitialize
CoCreateInstance
CreateStreamOnHGlobal
CoUninitialize

oleaut32

SysAllocStringLen
SysFreeString

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegOpenKeyA
RegQueryValueA
RegQueryValueExA
RegCloseKey

shell32

ShellExecuteA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

winmm

mixerSetControlDetails
mixerGetLineControlsA
mixerGetLineInfoA
mixerClose
mciSendCommandA
timeGetDevCaps
timeKillEvent
timeBeginPeriod
timeSetEvent
timeGetTime
mixerOpen

atl

ord47
ord40
ord42

Exports

Exports

AppEnumWindows
CaptureHookProc
DemoClosingDialog
DemoMenuDialog
DemoSplashDialog
EnumFontExProc
EventProcDll
JournalPlayHookProc
JournalRecordHookProc
KeyboardHookProc
LaunchAppProc
MouseHookProc
PlayerAbout
ServerWndProc
WinSupBackWndProc
WinSupWndProc

Sections

.text
Size: 384KB - Virtual size: 381KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 32KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ab7028c689eda741357257b2e53cc729

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

1f:d2:87:fc:29:56:c1:1f:bb:e4:50:87:9a:7a:15:3eCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

gdiplus

kernel32

user32

gdi32

comdlg32

ole32

oleaut32

advapi32

shell32

version

winmm

atl

Exports

Exports

Sections

.text Size: 384KB - Virtual size: 381KB

.rdata Size: 28KB - Virtual size: 24KB

.data Size: 32KB - Virtual size: 39KB

.rsrc Size: 68KB - Virtual size: 140KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

1f:d2:87:fc:29:56:c1:1f:bb:e4:50:87:9a:7a:15:3e
Certificate

.text
Size: 384KB - Virtual size: 381KB

.rdata
Size: 28KB - Virtual size: 24KB

.data
Size: 32KB - Virtual size: 39KB

.rsrc
Size: 68KB - Virtual size: 140KB