ca2ad5732e8f8fe2ba85ff15c262e2260bd96e1f8f831363dc7ec847040e0323

Sharing

Copy URL

Twitter E-mail

General

Target

ca2ad5732e8f8fe2ba85ff15c262e2260bd96e1f8f831363dc7ec847040e0323
Size

825KB
MD5

6b7a49025a171f53df16e42dcfffa20e
SHA1

fcf671f0effb6ad46d7338e2b3a87cd6a8233043
SHA256

ca2ad5732e8f8fe2ba85ff15c262e2260bd96e1f8f831363dc7ec847040e0323
SHA512

8f867bbfe2cdc4e4b03ff5f66d24565998c65477f83ca189e024e21579d8d3fa529e609d32c1f20758fb190a3b526e22bcff41f7fbe640e451eb4b1214f5cc8a
SSDEEP

12288:i1cSw14QnSToyZ3tdJV3+AUHv4UNN82e1k0pIm+XI7XHgZQKhJgeCmG8QM264NB:4cSw1bn0nT+6Y40mzLHgZpJElpM26U

Score

N/A

Malware Config

Signatures

Files

ca2ad5732e8f8fe2ba85ff15c262e2260bd96e1f8f831363dc7ec847040e0323
.exe windows x86

015a47aa3b91ab4911e68e6c84841d66

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22-08-2007 22:31

Not After

25-08-2012 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-12-2009 22:40

Not After

07-03-2011 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16-09-2006 01:04

Not After

15-09-2019 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:a2:30:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25-07-2008 19:01

Not After

25-07-2013 19:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

72:6e:f3:61:c8:28:50:1e:a9:9b:02:b3:1d:0a:18:9a:1a:3d:4b:eb
Signer

Actual PE Digest

72:6e:f3:61:c8:28:50:1e:a9:9b:02:b3:1d:0a:18:9a:1a:3d:4b:eb

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

10-01-2010 08:25
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueA
VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

secur32

GetUserNameExW

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenThreadToken
UnregisterTraceGuids
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegQueryValueExW
ConvertStringSecurityDescriptorToSecurityDescriptorA
ConvertSidToStringSidA
SetNamedSecurityInfoW
GetSecurityDescriptorDacl
RegSetValueExW
RegDeleteValueW
RegCreateKeyExA
RegDeleteValueA
RegEnumKeyExA
RegEnumValueA
RegQueryInfoKeyA
GetUserNameA
DeregisterEventSource
ReportEventA
RegisterEventSourceW
ReportEventW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsA
TraceEvent
RegQueryInfoKeyW
RegEnumKeyW
RegEnumValueW
GetLengthSid
AddAccessAllowedAce
AddAccessDeniedAce
InitializeAcl
AllocateAndInitializeSid
CopySid
GetTokenInformation
OpenProcessToken
FreeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CheckTokenMembership
IsValidSid

comctl32

ImageList_Create
ImageList_ReplaceIcon
ord17
ImageList_Destroy

gdi32

TranslateCharsetInfo
CreateSolidBrush
CreateDCA
GetTextMetricsA
DeleteDC
RestoreDC
DeleteObject
GetTextFaceA
SelectObject
CreateFontA
GetDeviceCaps
SetMapMode
SaveDC
CreateFontIndirectW
GetObjectW
GetTextExtentPoint32W
SetTextAlign
CreateFontIndirectA
GetObjectA
ExtTextOutW
SetBkMode
SetTextColor

kernel32

WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
lstrcmpiW
SetStdHandle
LeaveCriticalSection
EnterCriticalSection
GetLastError
GetLocalTime
GetCommandLineW
ReleaseMutex
WaitForSingleObject
WaitForMultipleObjects
Sleep
GetCurrentProcess
TerminateProcess
SetProcessWorkingSetSize
DeleteFileW
CreateThread
CloseHandle
GetCurrentProcessId
SetUnhandledExceptionFilter
GetProcAddress
GetModuleHandleA
MapViewOfFile
GetVersionExW
GetVersionExA
GetModuleFileNameW
FreeLibrary
InitializeCriticalSection
GetProcessHeap
DeleteCriticalSection
MultiByteToWideChar
GetSystemTimeAsFileTime
GetTickCount
SetLastError
LocalFree
WriteFile
GetTimeFormatW
GetDateFormatW
FindNextFileW
FindClose
FindFirstFileW
GetSystemWindowsDirectoryW
MoveFileW
SetFilePointer
RaiseException
GetComputerNameA
SetPriorityClass
UnmapViewOfFile
GetFileSize
CreateFileMappingA
SuspendThread
ExitThread
MulDiv
GetModuleFileNameA
LoadLibraryA
GetSystemDefaultLangID
GetSystemDefaultUILanguage
GetUserDefaultLangID
GetACP
GetSystemDefaultLCID
SetEvent
GetTempPathW
GetFileAttributesW
ExpandEnvironmentStringsW
WideCharToMultiByte
CreateProcessW
SetThreadPriority
CreateRemoteThread
OpenProcess
LoadLibraryExA
SetEndOfFile
IsDBCSLeadByte
GetSystemDirectoryA
SetEnvironmentVariableA
CreateDirectoryW
ReadProcessMemory
VirtualQueryEx
GetSystemInfo
HeapFree
HeapAlloc
VirtualAlloc
HeapSetInformation
HeapCreate
HeapDestroy
HeapReAlloc
HeapSize
HeapUnlock
HeapLock
TlsSetValue
GetModuleHandleW
GetModuleHandleExW
RtlCaptureStackBackTrace
SetFileAttributesW
VirtualFree
TlsGetValue
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsFree
GetVersion
CreateFileW
GetLocaleInfoW
GetProcessTimes
CreateEventA
OpenEventA
GlobalFree
LoadLibraryW
OutputDebugStringA
CreateMutexA
OpenMutexA
CreateSemaphoreA
OpenSemaphoreA
GetShortPathNameA
GlobalAlloc
LocalAlloc
GetCurrentThreadId
IsValidLocale
GetSystemDirectoryW
GetTimeZoneInformation
GetDiskFreeSpaceExW
IsWow64Process
GetUserDefaultLCID
GetConsoleMode
GetStringTypeExW
IsValidCodePage
CompareStringW
GetShortPathNameW
GetLongPathNameW
GetFileType
CreateFileA
LoadLibraryExW
GetCurrentThread
FlushFileBuffers
GlobalMemoryStatus
ReleaseSemaphore
IsProcessorFeaturePresent
EnumUILanguagesW
EnumSystemLocalesW
GetCalendarInfoW
GetUserDefaultUILanguage
GetCommandLineA
GetStartupInfoA
RtlUnwind
ExitProcess
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InterlockedIncrement
InterlockedDecrement
QueryPerformanceCounter
UnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetOEMCP
LCMapStringA
LCMapStringW
InterlockedExchange
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP

ole32

CoTaskMemFree
CoInitializeEx
CoUninitialize
CoCreateInstance
StringFromIID

oleacc

LresultFromObject
CreateStdAccessibleObject

oleaut32

VariantTimeToDosDateTime
SystemTimeToVariantTime
SysAllocString
SysFreeString
SysStringLen

rpcrt4

UuidCreate

shell32

SHGetSpecialFolderPathW
ShellExecuteExA
ExtractIconExA

shlwapi

AssocQueryStringW
UrlGetPartA
wnsprintfA

urlmon

CreateURLMoniker

user32

SetRectEmpty
IsWindowVisible
CreateDialogIndirectParamA
DrawTextA
DrawTextW
MapDialogRect
CallWindowProcA
CallWindowProcW
GetMenuCheckMarkDimensions
IsWindow
GetKeyboardLayout
LoadBitmapA
GetMonitorInfoA
GetWindowLongW
GetKeyboardLayoutList
GetDlgCtrlID
MoveWindow
RegisterClassExA
PostMessageA
SendMessageA
DefWindowProcA
SetTimer
KillTimer
PostQuitMessage
DispatchMessageA
TranslateMessage
IsDialogMessageA
GetMessageA
CreateWindowExA
DialogBoxParamA
SystemParametersInfoA
DestroyIcon
LoadStringW
DestroyWindow
ReleaseDC
FillRect
GetSysColorBrush
MapWindowPoints
GetWindowRect
GetDC
SetWindowTextA
CreateDialogParamW
DialogBoxParamW
EnumDisplayMonitors
GetSystemMetrics
GetDlgItem
DrawIconEx
SetWindowPos
LoadIconA
ShowWindow
GetWindowLongA
SetWindowLongA
SetForegroundWindow
GetClientRect
SetCursor
LoadCursorA
InvalidateRect
DrawFocusRect
SetWindowTextW
GetWindow
EnableWindow
GetSysColor
SendDlgItemMessageA
EndDialog
CheckDlgButton
SetFocus
LoadStringA
IsDlgButtonChecked
SetDlgItemTextA
GetScrollInfo
SetScrollInfo
GetFocus
FlashWindowEx
GetForegroundWindow
GetWindowPlacement
IsIconic
GetWindowThreadProcessId
EnumWindows
SendMessageTimeoutA
GetParent
UpdateWindow
IsWindowUnicode
GetClassNameA
SendMessageW

wininet

InternetCrackUrlA
InternetCanonicalizeUrlA
HttpOpenRequestA
InternetCloseHandle
InternetReadFileExA
HttpEndRequestA
InternetWriteFile
HttpSendRequestExA
InternetConnectA
InternetOpenA
InternetSetStatusCallback
InternetGetConnectedState
HttpQueryInfoA

Exports

Exports

_GetAllocCounters@0

Sections

.text
Size: 572KB - Virtual size: 571KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 203KB - Virtual size: 323KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

015a47aa3b91ab4911e68e6c84841d66

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:01:cf:3e:00:00:00:00:00:0fCertificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

61:05:a2:30:00:00:00:00:00:08Certificate

Extended Key Usages

Key Usages

72:6e:f3:61:c8:28:50:1e:a9:9b:02:b3:1d:0a:18:9a:1a:3d:4b:ebSigner

Signature Validations

Verification

10-01-2010 08:25 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

version

secur32

advapi32

comctl32

gdi32

kernel32

ole32

oleacc

oleaut32

rpcrt4

shell32

shlwapi

urlmon

user32

wininet

Exports

Exports

Sections

.text Size: 572KB - Virtual size: 571KB

.data Size: 203KB - Virtual size: 323KB

.rsrc Size: 15KB - Virtual size: 14KB

.reloc Size: 34KB - Virtual size: 34KB

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:01:cf:3e:00:00:00:00:00:0f
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:05:a2:30:00:00:00:00:00:08
Certificate

72:6e:f3:61:c8:28:50:1e:a9:9b:02:b3:1d:0a:18:9a:1a:3d:4b:eb
Signer

10-01-2010 08:25
Valid: false

.text
Size: 572KB - Virtual size: 571KB

.data
Size: 203KB - Virtual size: 323KB

.rsrc
Size: 15KB - Virtual size: 14KB

.reloc
Size: 34KB - Virtual size: 34KB