5f9b051dae75fe1485e321b0c43f54e1375af87f9fefa293a4d21055f846cd70

Sharing

Copy URL Twitter E-mail

General

Target

5f9b051dae75fe1485e321b0c43f54e1375af87f9fefa293a4d21055f846cd70
Size

151KB
MD5

59f2062d4dbfcf4ae6542be4036b994a
SHA1

3d213bc9c54d1fa1dd68d2893920563f35216388
SHA256

5f9b051dae75fe1485e321b0c43f54e1375af87f9fefa293a4d21055f846cd70
SHA512

0e0a93856b858621c50b2d22b751a099c97719021a646dd5c54ebf29b298cadf3493c5ba23e96a1b83d00118f3aa54aff17e8a730d24917d37ec718cc7566bb1
SSDEEP

3072:/5U9wqllP+k+QZIV9U/R7E5qab3EnPl6BzOj+Ma5XDOLnQtLamOEzEvXxKkt:hewgP+k+vV9U/6qarCPlPjWXDHhDzEpz

Score

N/A

Malware Config

Signatures

Files

5f9b051dae75fe1485e321b0c43f54e1375af87f9fefa293a4d21055f846cd70
.exe windows x86

66b2ae9d6b37fc3b5f5bcd0c4e845ed8

Code Sign

6b:26:c6:4d:4e:d9:d8:2a:ab:ef:de:3c:f9:9c:02:15
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

07/10/2011, 00:00

Not After

29/10/2012, 23:59

Subject

CN=Mozilla Corporation,OU=Release Engineering,O=Mozilla Corporation,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:98:90:d7:1d:7d:81:db:4e:92:67:45:f2:e2:b6:9a:18:6c:f6:7b
Signer

Actual PE Digest

69:98:90:d7:1d:7d:81:db:4e:92:67:45:f2:e2:b6:9a:18:6c:f6:7b

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Mozilla Corporation,OU=Release Engineering,O=Mozilla Corporation,L=Mountain View,ST=California,C=US

06/09/2012, 01:25
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareStringW
SetEndOfFile
GetProcAddress
LoadLibraryW
GetCurrentProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
WriteFile
GetPrivateProfileStringW
GetDriveTypeW
GetFileSize
CreateFileW
ReadFile
TerminateProcess
GetExitCodeProcess
LoadLibraryExW
CreateProcessW
FreeLibrary
LocalFree
DeleteFileW
LocalAlloc
SetLastError
MultiByteToWideChar
GetModuleFileNameW
GetFileAttributesW
CopyFileW
CreateThread
CloseHandle
GetProcessHeap
GetStringTypeW
SetStdHandle
WriteConsoleW
HeapReAlloc
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
SetFilePointer
RtlUnwind
FlushFileBuffers
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
IsProcessorFeaturePresent
SetEnvironmentVariableA
SetEnvironmentVariableW
lstrcmpiW
CreateEventW
GetLastError
Sleep
SetEvent
WaitForSingleObject
CreateDirectoryW
MoveFileExW
GetCommandLineW
HeapSetInformation
EncodePointer
DecodePointer
GetModuleHandleW
ExitProcess
HeapFree
HeapAlloc
SetUnhandledExceptionFilter
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
IsDebuggerPresent
HeapSize
LeaveCriticalSection
EnterCriticalSection
RaiseException

user32

wsprintfW
LoadStringA

advapi32

ChangeServiceConfig2W
SetServiceStatus
StartServiceCtrlDispatcherW
CreateServiceW
CloseServiceHandle
DeleteService
OpenSCManagerW
SetServiceObjectSecurity
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
OpenSCManagerA
QueryServiceStatusEx
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
CreateWellKnownSid
GetSecurityDescriptorDacl
QueryServiceConfigW
ControlService
BuildExplicitAccessWithNameW
FreeSid
SetEntriesInAclW
QueryServiceStatus
LookupAccountSidW
OpenServiceW
QueryServiceObjectSecurity
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegisterServiceCtrlHandlerW

shell32

SHGetFolderPathW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

shlwapi

PathUnquoteSpacesW
PathQuoteSpacesW
PathAppendW
PathStripToRootW
PathRemoveFileSpecW

ole32

CoCreateGuid

rpcrt4

UuidToStringW
RpcStringFreeW

wintrust

WinVerifyTrust

crypt32

CryptMsgClose
CryptQueryObject
CertGetNameStringW
CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CryptMsgGetParam

Sections

.text
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 46KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sqtqbdd
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

66b2ae9d6b37fc3b5f5bcd0c4e845ed8

Code Sign

6b:26:c6:4d:4e:d9:d8:2a:ab:ef:de:3c:f9:9c:02:15Certificate

Extended Key Usages

01Certificate

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91Certificate

Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

69:98:90:d7:1d:7d:81:db:4e:92:67:45:f2:e2:b6:9a:18:6c:f6:7bSigner

Signature Validations

Verification

06/09/2012, 01:25 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

version

shlwapi

ole32

rpcrt4

wintrust

crypt32

Sections

.text Size: 67KB - Virtual size: 67KB

.rdata Size: 23KB - Virtual size: 23KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 46KB - Virtual size: 47KB

sqtqbdd Size: 6KB - Virtual size: 6KB

6b:26:c6:4d:4e:d9:d8:2a:ab:ef:de:3c:f9:9c:02:15
Certificate

01
Certificate

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

69:98:90:d7:1d:7d:81:db:4e:92:67:45:f2:e2:b6:9a:18:6c:f6:7b
Signer

06/09/2012, 01:25
Valid: false

.text
Size: 67KB - Virtual size: 67KB

.rdata
Size: 23KB - Virtual size: 23KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 46KB - Virtual size: 47KB

sqtqbdd
Size: 6KB - Virtual size: 6KB