56f06b653149f78caadd3d392587222e880447ebce5eea3946b27585570c27b6

Sharing

Copy URL

Twitter E-mail

General

Target

56f06b653149f78caadd3d392587222e880447ebce5eea3946b27585570c27b6
Size

539KB
MD5

6319deba9e4020c41f0d95845dd79ae1
SHA1

00ae8460e1fd0d24a62125cb933088c88a0346df
SHA256

56f06b653149f78caadd3d392587222e880447ebce5eea3946b27585570c27b6
SHA512

604a73d01a2ba7c12094ed817c756fdbe991b831a211b43442d2bf786286003ccfec3d0939b4db575a43a469deeb4ba3f45de7221ea742159aec029f6226374f
SSDEEP

12288:018PltD6Prl9zG2oxgXhEL13eA7nmY3ehn:018PltGPre2GguLtriYq

Score

N/A

Malware Config

Signatures

Files

56f06b653149f78caadd3d392587222e880447ebce5eea3946b27585570c27b6
.exe windows x86

ea9d4e4a0debb5b1c483331b25efe8c7

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6f:e6:83:1b:58:a9:60:d7:37:b2:33:58:94:6f:d8:98
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

31-01-2007 00:00

Not After

16-02-2010 23:59

Subject

CN=Hewlett-Packard,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=ISS - Software Delivery Group,O=Hewlett-Packard,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b2:c5:24:2b:4f:bf:4c:7a:e3:ab:df:5b:21:dd:16:06:1b:f0:98:46
Signer

Actual PE Digest

b2:c5:24:2b:4f:bf:4c:7a:e3:ab:df:5b:21:dd:16:06:1b:f0:98:46

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Hewlett-Packard,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=ISS - Software Delivery Group,O=Hewlett-Packard,L=Houston,ST=Texas,C=US

12-08-2009 20:50
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

kernel32

FindClose
FindNextFileW
MoveFileExW
DeleteFileW
SetFileAttributesW
FindFirstFileW
GlobalFree
lstrcmpiW
GetLocaleInfoW
lstrcmpiA
CloseHandle
WriteFile
CreateFileW
Process32NextW
Process32FirstW
GetLastError
GetDateFormatW
GetTimeFormatW
GetLocalTime
CopyFileW
GetDriveTypeW
SetErrorMode
GetCurrentProcess
GetCurrentProcessId
CreateToolhelp32Snapshot
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
GetCommandLineW
GetStdHandle
DuplicateHandle
CreatePipe
Sleep
GetDiskFreeSpaceExW
SetCurrentDirectoryW
GetCurrentDirectoryW
FreeLibrary
LoadLibraryW
SetProcessShutdownParameters
MultiByteToWideChar
lstrlenA
ReadFile
HeapFree
SetFilePointer
HeapAlloc
GetProcessHeap
GetFileSize
lstrcmpA
lstrcpynA
RemoveDirectoryW
GetFileTime
SetFileTime
LocalFileTimeToFileTime
HeapReAlloc
InterlockedDecrement
GetTempFileNameW
ExpandEnvironmentStringsW
LocalFree
GetThreadLocale
SetEnvironmentVariableW
SetEnvironmentVariableA
CompareStringW
CompareStringA
LoadLibraryA
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
GetStringTypeW
GetStringTypeA
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
LCMapStringW
LCMapStringA
GetTickCount
QueryPerformanceCounter
GetCommandLineA
HeapSize
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetOEMCP
GetTempPathW
CreateDirectoryW
GetModuleFileNameW
lstrcatW
lstrlenW
lstrcmpW
GetConsoleCP
lstrcpyW
WideCharToMultiByte
DosDateTimeToFileTime
FileTimeToSystemTime
GetDateFormatA
GetTimeFormatA
GetConsoleMode
SetHandleCount
GetStartupInfoA
GetFileAttributesW
GetACP
GetCPInfo
GetModuleFileNameA
ExitProcess
HeapCreate
HeapDestroy
VirtualAlloc
VirtualFree
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetFileType
SetStdHandle
GetSystemTimeAsFileTime
GetStartupInfoW
GetVersionExA
InterlockedIncrement
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
RaiseException
RtlUnwind
GetProcAddress

user32

GetDlgItem
LoadStringW
SetWindowPos
SetDlgItemTextA
EndDialog
SendMessageW
GetParent
GetWindowRect
ShowWindow
GetClientRect
PeekMessageW
CharNextW
GetSystemMetrics
LoadImageW
DestroyIcon
CreateDialogParamW
DestroyWindow
GetDesktopWindow
CloseWindow
OpenIcon
DispatchMessageW
MessageBoxW
SetWindowTextW
GetSystemMenu
AppendMenuW
EnableWindow
SendDlgItemMessageW
ScreenToClient
MoveWindow
SetDlgItemTextW
SetWindowLongW
DialogBoxParamW
CallWindowProcW
SetFocus
wsprintfW

advapi32

RegEnumKeyW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceStatusEx
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
InitiateSystemShutdownW
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegDeleteKeyW
RegCloseKey
RegOpenKeyW
RegSetValueExW

shell32

CommandLineToArgvW
SHBrowseForFolderW
SHGetMalloc
Shell_NotifyIconW
SHGetPathFromIDListW

ole32

CoTaskMemFree
StringFromCLSID
CoCreateGuid
OleUninitialize
OleInitialize
CoCreateInstance
CoUninitialize
CoInitializeSecurity
CoInitializeEx
CoSetProxyBlanket

oleaut32

SafeArrayGetElement
VariantInit
SysFreeString
SysAllocString
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayUnaccessData
VariantClear

Sections

.text
Size: 176KB - Virtual size: 173KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 303KB - Virtual size: 303KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ea9d4e4a0debb5b1c483331b25efe8c7

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

6f:e6:83:1b:58:a9:60:d7:37:b2:33:58:94:6f:d8:98Certificate

Extended Key Usages

Key Usages

b2:c5:24:2b:4f:bf:4c:7a:e3:ab:df:5b:21:dd:16:06:1b:f0:98:46Signer

Signature Validations

Verification

12-08-2009 20:50 Valid: false

Headers

File Characteristics

Imports

version

kernel32

user32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 176KB - Virtual size: 173KB

.rdata Size: 40KB - Virtual size: 37KB

.data Size: 16KB - Virtual size: 24KB

.rsrc Size: 303KB - Virtual size: 303KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

6f:e6:83:1b:58:a9:60:d7:37:b2:33:58:94:6f:d8:98
Certificate

b2:c5:24:2b:4f:bf:4c:7a:e3:ab:df:5b:21:dd:16:06:1b:f0:98:46
Signer

12-08-2009 20:50
Valid: false

.text
Size: 176KB - Virtual size: 173KB

.rdata
Size: 40KB - Virtual size: 37KB

.data
Size: 16KB - Virtual size: 24KB

.rsrc
Size: 303KB - Virtual size: 303KB