25c29d937688a835e9966021265ae0595eb9cf98be5bb581f17ecbb9ff2b29a2

Sharing

Copy URL Twitter E-mail

General

Target

25c29d937688a835e9966021265ae0595eb9cf98be5bb581f17ecbb9ff2b29a2
Size

210KB
MD5

40894ad6dbb37c685962e74a8c9aec7f
SHA1

7ad6415979c0e41566db620d667e7f4718a2743e
SHA256

25c29d937688a835e9966021265ae0595eb9cf98be5bb581f17ecbb9ff2b29a2
SHA512

3ed21e42b7d7b89ecdc76fa4aee63e4110218202bc5d0460c66cbcf4712e4d7c1038b2b41bd2f64339b306e611d516858f7072753fa105157808573698ec5549
SSDEEP

3072:L88X5jI+bihISJ5YS2GW2WmWW2GidIZfmmTEiX2OgJNtWSj9tjynlNEzvNhwI:LnI+mqSqIZOmT3X2O63WSjenwz1hwI

Score

N/A

Malware Config

Signatures

Files

25c29d937688a835e9966021265ae0595eb9cf98be5bb581f17ecbb9ff2b29a2
.exe windows x86

db0480e53e02e038c4a79aaa55ec5653

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

67:1e:57:5f:54:ec:3b:53:c2:b0:2e:2e:0b:ea:c5:ec
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

08/03/2010, 00:00

Not After

07/03/2012, 23:59

Subject

CN=Google Inc,OU=Digital ID Class 3 - Netscape Object Signing,O=Google Inc,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:e6:c0:3f:f9:a2:13:5f:03:ce:57:d7:bb:a4:6a:bc:21:51:59:98
Signer

Actual PE Digest

47:e6:c0:3f:f9:a2:13:5f:03:ce:57:d7:bb:a4:6a:bc:21:51:59:98

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Google Inc,OU=Digital ID Class 3 - Netscape Object Signing,O=Google Inc,L=Mountain View,ST=California,C=US

18/05/2011, 19:22
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessW
GetModuleFileNameW
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoA
SetUnhandledExceptionFilter
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
LoadLibraryA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
Sleep
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
MultiByteToWideChar
GetLocaleInfoA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

shlwapi

PathAppendW
PathRemoveFileSpecW

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

db0480e53e02e038c4a79aaa55ec5653

Code Sign

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

67:1e:57:5f:54:ec:3b:53:c2:b0:2e:2e:0b:ea:c5:ecCertificate

Extended Key Usages

47:e6:c0:3f:f9:a2:13:5f:03:ce:57:d7:bb:a4:6a:bc:21:51:59:98Signer

Signature Validations

Verification

18/05/2011, 19:22 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shlwapi

Sections

.text Size: 25KB - Virtual size: 25KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 3KB - Virtual size: 6KB

.rsrc Size: 12KB - Virtual size: 12KB

.reloc Size: 3KB - Virtual size: 3KB

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

67:1e:57:5f:54:ec:3b:53:c2:b0:2e:2e:0b:ea:c5:ec
Certificate

47:e6:c0:3f:f9:a2:13:5f:03:ce:57:d7:bb:a4:6a:bc:21:51:59:98
Signer

18/05/2011, 19:22
Valid: false

.text
Size: 25KB - Virtual size: 25KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 12KB - Virtual size: 12KB

.reloc
Size: 3KB - Virtual size: 3KB