140817536ee2848e57fb5555259e97dd02a97b8d98450dd279dae32c5d9055be

Sharing

Copy URL Twitter E-mail

General

Target

140817536ee2848e57fb5555259e97dd02a97b8d98450dd279dae32c5d9055be
Size

526KB
MD5

730d33ac625fa422a3d2fbb9e607ece5
SHA1

bcc2cade0a8944181c400606f757453a05c8a2bc
SHA256

140817536ee2848e57fb5555259e97dd02a97b8d98450dd279dae32c5d9055be
SHA512

3fa6976b7b6372986590d239935c1a8e45e0967a30ccbcfa9f750067c90b8feba2e7088b950e6326451c88705893e159b0750636841d6a2db7eea6d21c2855a9
SSDEEP

6144:bApOIzi8zu/fetNTI4WSYaSqXtMfl793ohjvSrfl/AOnpsD1pgkaHi80I2J5bJmK:twi8yfet1HYiz9eWVcw

Score

N/A

Malware Config

Signatures

Files

140817536ee2848e57fb5555259e97dd02a97b8d98450dd279dae32c5d9055be
.exe windows x86

7521b9ac131b259252e342b04a0d3202

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

29:ab:bf:b3:04:a7:81:82:9f:d1:e6:2c:77:3a:4a:ff
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

14/06/2006, 00:00

Not After

15/07/2009, 23:59

Subject

CN=Sun Microsystems\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Sun Microsystems,O=Sun Microsystems\, Inc.,L=Palo Alto,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegDeleteKeyA
RegCreateKeyExA
RegDeleteValueA
RegCloseKey
RegOpenKeyExA
RegQueryInfoKeyA
RegEnumKeyExA
RegSetValueExA
RegQueryValueExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegEnumKeyA
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextA

crypt32

CertGetNameStringW
CertFindCertificateInStore
CryptMsgGetParam
CryptQueryObject
CryptMsgClose
CertCloseStore

version

VerQueryValueA
GetFileVersionInfoA

user32

GetClientRect
GetDC
ReleaseDC
InvalidateRect
InvalidateRgn
MapDialogRect
SetWindowContextHelpId
GetWindowRect
PtInRect
SetCursor
GetDlgCtrlID
LoadBitmapA
EnableWindow
EndDialog
RegisterClassA
ShowWindow
PostQuitMessage
CreatePopupMenu
AppendMenuA
GetCursorPos
SetForegroundWindow
TrackPopupMenu
PostMessageA
GetSystemMetrics
LoadImageA
DialogBoxIndirectParamA
RegisterWindowMessageA
FillRect
GetWindowTextA
CallWindowProcA
UnregisterClassA
MessageBoxA
LoadStringA
CharNextA
wsprintfA
GetDesktopWindow
PeekMessageA
DispatchMessageA
DispatchMessageW
TranslateMessage
GetMessageA
GetMessageW
IsWindowUnicode
MsgWaitForMultipleObjects
SetWindowLongA
GetWindowLongA
EndPaint
BeginPaint
SetFocus
GetWindow
IsChild
GetFocus
DestroyAcceleratorTable
SendMessageA
DefWindowProcA
GetSysColor
SetCapture
GetWindowTextLengthA
SetWindowTextA
RegisterClassExA
GetClassInfoExA
LoadCursorA
CreateWindowExA
CreateAcceleratorTableA
GetParent
GetClassNameA
SetWindowPos
DestroyWindow
RedrawWindow
GetDlgItem
IsWindow
ReleaseCapture

gdi32

StretchBlt
SetTextColor
SaveDC
SetGraphicsMode
ModifyWorldTransform
SetViewportOrgEx
SetWindowOrgEx
DPtoLP
CreateFontIndirectA
RestoreDC
CreateSolidBrush
GetStockObject
GetObjectA
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
SelectObject
DeleteObject
SetBkMode

comctl32

ord17

wintrust

WinVerifyTrust

wininet

InternetTimeToSystemTime
InternetReadFile
InternetGetConnectedState
InternetOpenA
InternetErrorDlg
HttpAddRequestHeadersA
InternetTimeFromSystemTime
InternetCloseHandle
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetCrackUrlA

urlmon

URLDownloadToFileA

shell32

Shell_NotifyIconA
ShellExecuteA

kernel32

FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
GetCPInfo
GetOEMCP
GetTimeZoneInformation
SetUnhandledExceptionFilter
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
HeapSize
CompareStringW
IsBadWritePtr
VirtualFree
HeapCreate
HeapDestroy
ExitProcess
GetStartupInfoA
GetSystemTimeAsFileTime
HeapReAlloc
SetEnvironmentVariableA
VirtualAlloc
GetEnvironmentStrings
RtlUnwind
CreatePipe
SetHandleInformation
ReadFile
GetCurrentProcessId
GetTickCount
LocalFree
GetEnvironmentVariableA
GetTempPathA
GetSystemInfo
LoadLibraryA
GetProcAddress
OpenEventA
GetSystemTime
CreateEventA
CreateThread
ResetEvent
WaitForMultipleObjects
SetEvent
LockResource
GlobalHandle
GlobalFree
SetLastError
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
IsBadReadPtr
IsBadCodePtr
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
FlushFileBuffers
VirtualProtect
CompareStringA
VirtualQuery
TerminateProcess
GlobalLock
GlobalUnlock
MulDiv
GetCurrentThreadId
FormatMessageA
DeleteFileA
CreateProcessA
GetExitCodeProcess
GlobalAlloc
HeapAlloc
GetProcessHeap
HeapFree
GetCurrentProcess
FlushInstructionCache
LeaveCriticalSection
EnterCriticalSection
lstrcpyA
lstrcatA
CreateFileA
GetFileSize
GetFileTime
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
RaiseException
InitializeCriticalSection
DeleteCriticalSection
CloseHandle
GetLastError
CreateMutexA
lstrcmpiA
GetCommandLineA
InterlockedIncrement
InterlockedDecrement
lstrlenW
GetModuleHandleA
MultiByteToWideChar
lstrlenA
GetModuleFileNameA
WideCharToMultiByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
lstrcpynA
IsDBCSLeadByte
lstrcmpA
WriteFile
WaitForSingleObject
SetEndOfFile
SetFilePointer
CompareFileTime
SystemTimeToFileTime
Sleep
FileTimeToSystemTime

ole32

StringFromCLSID
OleUninitialize
OleInitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CreateStreamOnHGlobal
StringFromGUID2
CoInitializeSecurity
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoInitialize
CoUninitialize
OleLockRunning

oleaut32

LoadTypeLi
LoadRegTypeLi
VariantInit
VariantClear
OleCreateFontIndirect
SysStringByteLen
SysStringLen
SysAllocString
SysAllocStringLen
VarUI4FromStr
SysFreeString

Sections

.text
Size: 120KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 204KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7521b9ac131b259252e342b04a0d3202

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

29:ab:bf:b3:04:a7:81:82:9f:d1:e6:2c:77:3a:4a:ffCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

advapi32

crypt32

version

user32

gdi32

comctl32

wintrust

wininet

urlmon

shell32

kernel32

ole32

oleaut32

Sections

.text Size: 120KB - Virtual size: 117KB

.rdata Size: 32KB - Virtual size: 28KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 204KB - Virtual size: 200KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

29:ab:bf:b3:04:a7:81:82:9f:d1:e6:2c:77:3a:4a:ff
Certificate

.text
Size: 120KB - Virtual size: 117KB

.rdata
Size: 32KB - Virtual size: 28KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 204KB - Virtual size: 200KB