c84af406e42896f5d69f3536cc27f0d41a5c0a1286909c4fdbfc42b9113099a8

Sharing

Copy URL Twitter E-mail

General

Target

c84af406e42896f5d69f3536cc27f0d41a5c0a1286909c4fdbfc42b9113099a8
Size

1022KB
MD5

6d73f402a888dd68dc94c96029882e65
SHA1

20e13f589f185c6150037a54e87e025ca303adaf
SHA256

c84af406e42896f5d69f3536cc27f0d41a5c0a1286909c4fdbfc42b9113099a8
SHA512

c1abc017fc094f26c7d52bc25e199eedb585a331be622726bdc9bc6111cf24bee8f249c6f5333d26fee386950950f60abb755a3851287e3ca511fbdcfbcae3c7
SSDEEP

24576:V398Lo1+bNd1fYz6t5jBNi9H+O2+u9A99JS5k/:Vw0z6zjBNi9eOxuejJoi

Score

N/A

Malware Config

Signatures

Files

c84af406e42896f5d69f3536cc27f0d41a5c0a1286909c4fdbfc42b9113099a8
.exe windows x86

cb9cc9299b3eac773195aa871cec4acd

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:ee:2c:9d:ad:71:45:09:44:a1:13:71:a8:0c:00:69
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

21/03/2008, 00:00

Not After

23/04/2011, 23:59

Subject

CN=Intel Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=ISWQL,O=Intel Corporation,L=Folsom,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ef:95:40:c4:b6:44:4b:af:f1:a7:c9:2b:b5:bc:40:a4:e9:d0:88:a1
Signer

Actual PE Digest

ef:95:40:c4:b6:44:4b:af:f1:a7:c9:2b:b5:bc:40:a4:e9:d0:88:a1

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Intel Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=ISWQL,O=Intel Corporation,L=Folsom,ST=California,C=US

07/04/2010, 17:02
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
LoadLibraryW
GetPrivateProfileStringW
FindResourceW
SizeofResource
LoadResource
LockResource
CreateMutexW
GetModuleFileNameA
WriteFile
GetLocalTime
GetCommandLineW
GetTickCount
SetFilePointer
BeginUpdateResourceW
EndUpdateResourceA
UpdateResourceW
EnumResourceLanguagesW
GetUserDefaultLangID
GetUserDefaultUILanguage
GetVersion
ConvertDefaultLocale
GetLocaleInfoW
GetVersionExW
GetModuleHandleW
GetCurrentProcess
GetSystemInfo
GetSystemWow64DirectoryW
OpenProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
TerminateProcess
GetExitCodeProcess
CreateEventW
SetEvent
CreateThread
GetFileTime
GlobalLock
GlobalUnlock
GlobalFree
ExitProcess
LocalFree
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
FlushFileBuffers
LoadLibraryA
GetOEMCP
GetACP
HeapSize
GetCurrentThreadId
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
MultiByteToWideChar
ReadFile
GetFileSize
CreateFileW
GetCurrentDirectoryW
RemoveDirectoryW
MoveFileW
GetFileAttributesW
GlobalAlloc
CompareFileTime
CopyFileW
GetTempFileNameW
GetTempPathW
GetEnvironmentVariableW
GetSystemDirectoryW
FreeLibrary
GetProcAddress
LoadLibraryExW
SetErrorMode
Sleep
SetFileAttributesW
MoveFileExW
CreateFileA
DeleteFileW
WaitForSingleObject
CreateProcessW
SetLastError
VerifyVersionInfoW
VerSetConditionMask
GetWindowsDirectoryW
FindNextFileW
FindClose
FindFirstFileW
GetLastError
GetModuleFileNameW
WideCharToMultiByte
SetFileAttributesA
SetStdHandle
GetStartupInfoA
SetHandleCount
GetFileType
GetStdHandle
HeapCreate
HeapDestroy
HeapReAlloc
VirtualAlloc
VirtualFree
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetFileAttributesA
FileTimeToDosDateTime
FileTimeToLocalFileTime
CloseHandle
GetFileInformationByHandle
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetCPInfo
RtlUnwind
RaiseException
GetStartupInfoW
GetProcessHeap
GetVersionExA
GetModuleHandleA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
DeleteFileA
GetConsoleMode
GetConsoleCP
HeapFree
HeapAlloc
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
InterlockedExchange
InterlockedCompareExchange
LocalAlloc

user32

SetTimer
GetDlgItem
SendMessageW
ShowWindow
EndDialog
DialogBoxParamW
LoadStringW
GetWindowModuleFileNameW
DialogBoxIndirectParamW
MonitorFromWindow
GetMonitorInfoW
OffsetRect
GetWindowLongW
AdjustWindowRect
GetWindowRect
DrawTextW
LoadIconW
SetRectEmpty
SetDlgItemTextW
PostMessageW
EnableWindow
GetWindowThreadProcessId
ReleaseDC
GetDC
KillTimer
SetFocus
SetWindowPos
GetClientRect
SetWindowTextW
MessageBoxIndirectW
LoadImageW
ExitWindowsEx
EnumWindows
wsprintfW

gdi32

SetBkMode
SetTextColor
DeleteDC
GetTextExtentPoint32W
SelectObject
CreateCompatibleDC
DeleteObject
CreateFontW
GetStockObject

advapi32

RegEnumKeyExW
RegEnumValueW
RegCloseKey
GetNamedSecurityInfoW
SetNamedSecurityInfoW
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
IsTextUnicode
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
DeleteService
ControlService
StartServiceW
CloseServiceHandle
ChangeServiceConfigW
ChangeServiceConfig2W
CreateServiceW
OpenServiceW
OpenSCManagerW
QueryServiceStatus
RegDeleteValueW
RegQueryInfoKeyW
RegDeleteKeyW
RegOpenKeyExW

shell32

SHGetFolderPathW
SHCreateDirectoryExA
SHCreateDirectoryExW

ole32

CoCreateInstance
CLSIDFromString
CoUninitialize
CoInitialize

cabinet

ord11
ord13
ord14
ord20
ord22
ord23
ord10

setupapi

SetupGetLineTextW
SetupGetStringFieldW
SetupFindNextLine
SetupFindFirstLineW
SetupDiGetDeviceRegistryPropertyW
SetupDiDestroyDeviceInfoList
SetupCloseInfFile
SetupOpenInfFileW
SetupDiGetINFClassW
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo

shlwapi

PathFindFileNameW
PathAppendW
PathRemoveFileSpecW
PathFindFileNameA
PathAppendA
PathAddBackslashA
PathRemoveFileSpecA
PathFileExistsW
SHDeleteKeyW
PathStripPathW
PathFindExtensionW
PathCombineW
PathAddBackslashW
PathIsDirectoryW
PathRenameExtensionW
PathIsRelativeW
PathRemoveBackslashW
PathIsRootW
PathStripToRootW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

psapi

GetModuleFileNameExW
EnumProcessModules

Sections

.text
Size: 320KB - Virtual size: 319KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 524KB - Virtual size: 521KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cb9cc9299b3eac773195aa871cec4acd

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

48:ee:2c:9d:ad:71:45:09:44:a1:13:71:a8:0c:00:69Certificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

ef:95:40:c4:b6:44:4b:af:f1:a7:c9:2b:b5:bc:40:a4:e9:d0:88:a1Signer

Signature Validations

Verification

07/04/2010, 17:02 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

cabinet

setupapi

shlwapi

version

psapi

Sections

.text Size: 320KB - Virtual size: 319KB

.rdata Size: 68KB - Virtual size: 65KB

.data Size: 8KB - Virtual size: 19KB

.rsrc Size: 524KB - Virtual size: 521KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

48:ee:2c:9d:ad:71:45:09:44:a1:13:71:a8:0c:00:69
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

ef:95:40:c4:b6:44:4b:af:f1:a7:c9:2b:b5:bc:40:a4:e9:d0:88:a1
Signer

07/04/2010, 17:02
Valid: false

.text
Size: 320KB - Virtual size: 319KB

.rdata
Size: 68KB - Virtual size: 65KB

.data
Size: 8KB - Virtual size: 19KB

.rsrc
Size: 524KB - Virtual size: 521KB