c7184fb2414f1d9c74876e2aa9000198ab896c5e8938fcd96aa2bb0a157f6fcc

Sharing

Copy URL

Twitter E-mail

General

Target

c7184fb2414f1d9c74876e2aa9000198ab896c5e8938fcd96aa2bb0a157f6fcc
Size

154KB
MD5

6c009e35dc914784e06cf8af05aa46b6
SHA1

4d8d0780a612eac1c786c89ada9fe3344575577b
SHA256

c7184fb2414f1d9c74876e2aa9000198ab896c5e8938fcd96aa2bb0a157f6fcc
SHA512

2b8a127763ce4a051874424abb591dcff97870711852ae0af14ba47472631e3215f901db1bb7e7c388ac517d76163ee492bf5db2b5fc77b4ba41f8834ef50b88
SSDEEP

3072:ujALokqu1uMjkI9jm2/11PFJzQg7iOgvWC9:umjjkIB1xFKg7iNWC9

Score

N/A

Malware Config

Signatures

Files

c7184fb2414f1d9c74876e2aa9000198ab896c5e8938fcd96aa2bb0a157f6fcc
.exe windows x86

66b557f5bb8066a933d34f277a37ab09

Code Sign

12:7e:e4:4c:29:9c:8d:b2:4f:6c:d3:78:27:6d:94:7b
Certificate

Issuer

CN=Root Agency

Not Before

13-09-2012 00:33

Not After

31-12-2039 23:59

Subject

CN=dev.mozilla.org

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01-05-2012 00:00

Not After

31-12-2012 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2c:2f:7c:d2:2a:fe:a0:42:1c:b4:89:a5:9c:06:25:e4:35:c7:1d:81
Signer

Actual PE Digest

2c:2f:7c:d2:2a:fe:a0:42:1c:b4:89:a5:9c:06:25:e4:35:c7:1d:81

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=dev.mozilla.org

03-10-2012 20:35
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileA
VirtualProtect
GetCurrentDirectoryA
CloseHandle
LocalFree
ReadFile
SetFilePointer
LocalAlloc
GetFileSize
CreateFileA
GetModuleFileNameA
ResumeThread
CreateMutexA
GetCurrentProcessId
WriteFile
VirtualAllocEx
GetCurrentProcess
ExitThread
ReleaseMutex
GetModuleHandleA
EnumCalendarInfoW
GetNamedPipeInfo
GetProcessTimes
CallNamedPipeW
LoadLibraryA
SetVolumeMountPointW
EnumResourceTypesA
SetComputerNameA
LockFileEx
ClearCommBreak
VirtualProtectEx
SetVolumeLabelW
BuildCommDCBAndTimeoutsA
BuildCommDCBA
GlobalFindAtomA
SetConsoleWindowInfo
ReplaceFileW
BackupWrite
UpdateResourceA
SetTimeZoneInformation
LocalHandle
SetConsoleOutputCP
OpenSemaphoreW
_hwrite
GetCurrencyFormatA
VirtualFree
VirtualAlloc
SuspendThread
GetCPInfoExW
GetProcAddress

advapi32

GetUserNameA

user32

wsprintfA
FindWindowA
GetWindow
DefWindowProcA
UnhookWinEvent
DestroyWindow
CreateWindowExA
SetWinEventHook
RegisterClassExA
IsCharUpperA
ShowWindowAsync
CreateDesktopW
SetDoubleClickTime
SetMenuInfo
GetWindowRgnBox
HiliteMenuItem
PaintDesktop
OemToCharW
LoadKeyboardLayoutA
DlgDirListComboBoxA
GetMenuBarInfo
ValidateRgn
UnregisterHotKey
DdeConnect
LookupIconIdFromDirectoryEx
EnumDesktopsA
DlgDirSelectExW
DdeQueryConvInfo
GetSystemMenu
SetCaretBlinkTime
GetMenu
RealGetWindowClassW
SetLastErrorEx
EnumWindowStationsA
CreateMDIWindowA
SetProcessDefaultLayout
SetPropA
AnyPopup
CreateIconFromResource
RegisterRawInputDevices

ole32

CoInitialize
CoUninitialize

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 124KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

66b557f5bb8066a933d34f277a37ab09

Code Sign

12:7e:e4:4c:29:9c:8d:b2:4f:6c:d3:78:27:6d:94:7bCertificate

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

2c:2f:7c:d2:2a:fe:a0:42:1c:b4:89:a5:9c:06:25:e4:35:c7:1d:81Signer

Signature Validations

Verification

03-10-2012 20:35 Valid: false

Headers

File Characteristics

Imports

kernel32

advapi32

user32

ole32

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 292B

.CRT Size: 512B - Virtual size: 4B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 124KB - Virtual size: 127KB

12:7e:e4:4c:29:9c:8d:b2:4f:6c:d3:78:27:6d:94:7b
Certificate

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

2c:2f:7c:d2:2a:fe:a0:42:1c:b4:89:a5:9c:06:25:e4:35:c7:1d:81
Signer

03-10-2012 20:35
Valid: false

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 292B

.CRT
Size: 512B - Virtual size: 4B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 124KB - Virtual size: 127KB