5d43df2349c5d8de4e0e7035be344ad4aff9d362873bbe4b75a9c934ef56da36

Sharing

Copy URL Twitter E-mail

General

Target

5d43df2349c5d8de4e0e7035be344ad4aff9d362873bbe4b75a9c934ef56da36
Size

279KB
MD5

6fc54219103f837cdff175d2edd0db80
SHA1

e196b9fc5823bc29bdbf9fe6dcd7e4fc78e0947f
SHA256

5d43df2349c5d8de4e0e7035be344ad4aff9d362873bbe4b75a9c934ef56da36
SHA512

0743c82fb4278b6174477bc1fff0d682dea7dcced7435826a628c102c81ea16cb0da124345c8991d12689c75af55e10b72812a9971541025983049b93a244bd4
SSDEEP

6144:cqkiEO2Mdm1go7gEkhLTuIlnanpNuluzuIa1Z4RKr:VEOndmZTkpTNanpNu0za1Z0Kr

Score

N/A

Malware Config

Signatures

Files

5d43df2349c5d8de4e0e7035be344ad4aff9d362873bbe4b75a9c934ef56da36
.exe windows x86

3077db12ba6421841987b3053f3599e0

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1c:2d:d6:1a:35:e6:5d:f6:29:97:01:ff:9b:e5:ca:44
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

20/01/2010, 00:00

Not After

24/01/2012, 23:59

Subject

CN=BITDEFENDER LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BITDEFENDER LLC,L=Fort Lauderdale,ST=Florida,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9c:d3:d7:55:ee:e1:33:12:ce:17:12:d5:2d:87:9e:3b:52:69:76:00
Signer

Actual PE Digest

9c:d3:d7:55:ee:e1:33:12:ce:17:12:d5:2d:87:9e:3b:52:69:76:00

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=BITDEFENDER LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BITDEFENDER LLC,L=Fort Lauderdale,ST=Florida,C=US

07/05/2010, 16:02
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcatA
SystemTimeToFileTime
SetThreadPriority
GetNamedPipeInfo
SetComputerNameA
FileTimeToLocalFileTime
CreateMailslotA
CompareFileTime
GetShortPathNameA
EnumDateFormatsW
GetProcAddress
FreeResource
IsBadStringPtrW
OpenMutexW
BeginUpdateResourceW
OpenWaitableTimerA
GetNumberFormatA
CreateMutexA
lstrcpyA
CreateFileMappingW
GlobalDeleteAtom
GetFullPathNameW
CreateDirectoryW
FileTimeToDosDateTime
GetLastError
GetModuleHandleW
GetStringTypeW
OpenSemaphoreW
lstrcmpW
CreateFileMappingA
OpenEventW
IsBadWritePtr
GetAtomNameW
GlobalGetAtomNameW
GetCommandLineA
GetDiskFreeSpaceW
IsDebuggerPresent
RaiseException
FlushFileBuffers
ReplaceFileW
CreateThread
GetCurrentThreadId
RemoveDirectoryA
lstrlenA
OpenFile
GetOEMCP
GetFileAttributesW
GetLongPathNameW
SleepEx
GetAtomNameA
GetCurrentProcessId
lstrcpy
lstrcmpiW
GetStartupInfoA
GetSystemDirectoryW

user32

CreateDialogIndirectParamW
SetParent
GetMenuItemInfoW
MonitorFromRect
GetCaretPos
GetMenuItemRect
GetDC
GetWindowTextW
CharPrevA
WaitForInputIdle
GetClassLongW
LoadImageA
MonitorFromPoint
FindWindowA
LoadMenuA
GetSysColorBrush
CharNextA
WaitMessage
wsprintfW
CloseWindow
GetDC
wvsprintfA
EnumDesktopsA
InvalidateRgn
FlashWindow
CharUpperW
AppendMenuW
EmptyClipboard
PostMessageA
CreateWindowExA
CharPrevW
GetDlgItemTextW
CopyIcon
CreateDesktopW
AdjustWindowRect
LoadMenuW
ClientToScreen
GetWindowTextLengthW
CascadeWindows
MonitorFromWindow
CharLowerW
EnumClipboardFormats
GetMessageW
CheckMenuItem
wsprintfA
MoveWindow
DestroyCursor
SetWindowRgn
FindWindowW
GetTopWindow
LoadImageW

gdi32

CreateRectRgn
FillRgn
EndFormPage
SetICMProfileA
SetEnhMetaFileBits
EndPath
PtVisible
SelectClipRgn
RemoveFontResourceExW
LPtoDP
CreateBrushIndirect
GetEnhMetaFileDescriptionW
GetTextAlign

advapi32

RegSaveKeyA
RegSaveKeyW
RegReplaceKeyW
RegCreateKeyW
RegCreateKeyExA
RegQueryInfoKeyA

shell32

SHGetFileInfoW

shlwapi

SHGetValueW

opengl32

glRasterPos2i
glGetPointerv
glDrawArrays
glTexCoord4iv
wglDescribePixelFormat
glTexCoord4s
glVertex2iv
glPixelMapfv
glGetLightfv
glVertex4i
glPushMatrix

wininet

FindFirstUrlCacheEntryExW

winspool.drv

EnumPrinterDriversW
DEVICECAPABILITIES
DeleteFormW
SetPortA
DeleteMonitorA
EnumPrintProcessorDatatypesA

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.blP
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.soHFM
Size: 1KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.z
Size: 512B - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.OAGmt
Size: 2KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.uWpmRy
Size: 1024B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ozFQX
Size: 2KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.q
Size: 4KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.fNyRjT
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.knOF
Size: 1024B - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.kmGbS
Size: 1KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.acyI
Size: 1024B - Virtual size: 221KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 229KB - Virtual size: 229KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3077db12ba6421841987b3053f3599e0

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

1c:2d:d6:1a:35:e6:5d:f6:29:97:01:ff:9b:e5:ca:44Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

9c:d3:d7:55:ee:e1:33:12:ce:17:12:d5:2d:87:9e:3b:52:69:76:00Signer

Signature Validations

Verification

07/05/2010, 16:02 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

opengl32

wininet

winspool.drv

Sections

.text Size: 12KB - Virtual size: 11KB

.blP Size: 512B - Virtual size: 4KB

.soHFM Size: 1KB - Virtual size: 13KB

.z Size: 512B - Virtual size: 12KB

.OAGmt Size: 2KB - Virtual size: 42KB

.uWpmRy Size: 1024B - Virtual size: 7KB

.ozFQX Size: 2KB - Virtual size: 31KB

.q Size: 4KB - Virtual size: 33KB

.fNyRjT Size: 2KB - Virtual size: 6KB

.data Size: 12KB - Virtual size: 12KB

.knOF Size: 1024B - Virtual size: 34KB

.kmGbS Size: 1KB - Virtual size: 47KB

.acyI Size: 1024B - Virtual size: 221KB

.rsrc Size: 229KB - Virtual size: 229KB

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

1c:2d:d6:1a:35:e6:5d:f6:29:97:01:ff:9b:e5:ca:44
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

9c:d3:d7:55:ee:e1:33:12:ce:17:12:d5:2d:87:9e:3b:52:69:76:00
Signer

07/05/2010, 16:02
Valid: false

.text
Size: 12KB - Virtual size: 11KB

.blP
Size: 512B - Virtual size: 4KB

.soHFM
Size: 1KB - Virtual size: 13KB

.z
Size: 512B - Virtual size: 12KB

.OAGmt
Size: 2KB - Virtual size: 42KB

.uWpmRy
Size: 1024B - Virtual size: 7KB

.ozFQX
Size: 2KB - Virtual size: 31KB

.q
Size: 4KB - Virtual size: 33KB

.fNyRjT
Size: 2KB - Virtual size: 6KB

.data
Size: 12KB - Virtual size: 12KB

.knOF
Size: 1024B - Virtual size: 34KB

.kmGbS
Size: 1KB - Virtual size: 47KB

.acyI
Size: 1024B - Virtual size: 221KB

.rsrc
Size: 229KB - Virtual size: 229KB