9fc767ae62fbad420847ad577b8a3a810bfa188ac51f6830a9948dc4be42fffa

Sharing

Copy URL

Twitter E-mail

General

Target

9fc767ae62fbad420847ad577b8a3a810bfa188ac51f6830a9948dc4be42fffa
Size

1.7MB
MD5

60ad28c13d48c66965ee94231f439b20
SHA1

9be608398ce999b6927e03561d2c65dc73aa5de0
SHA256

9fc767ae62fbad420847ad577b8a3a810bfa188ac51f6830a9948dc4be42fffa
SHA512

2c4de389ffc46539f01a11ed14e09bbddf9ce945670998a3db571cdd88f9cadea7770105ca28fb7b0a8b94f90cb62fe1f1d9cf1d086c51afa928b34edfea4d25
SSDEEP

24576:nJqfTsy60r8BdVZHfAsjcOrCVS6LCQ8oqqiaM/cDNzYNwO9:nIfQMihU4d9oJNzw

Score

N/A

Malware Config

Signatures

Files

9fc767ae62fbad420847ad577b8a3a810bfa188ac51f6830a9948dc4be42fffa
.exe windows x86

3ff013cca07288b87fc393dd9311fcb3

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:00:0b:3c
Certificate

Issuer

CN=AOL Member CA,O=America Online Inc.,L=Dulles,ST=Virginia,C=US

Not Before

19/12/2008, 16:59

Not After

19/12/2010, 16:59

Subject

CN=Winamp,OU=Nullsoft,O=Nullsoft Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07
Certificate

Issuer

CN=America Online Root Certification Authority 1,O=America Online Inc.,C=US

Not Before

04/06/2004, 17:26

Not After

04/06/2029, 17:26

Subject

CN=AOL Member CA,O=America Online Inc.,L=Dulles,ST=Virginia,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b1:3c:88:89:13:9d:03:db:8b:ee:c6:df:12:ce:64:c8:d3:83:13:7a
Signer

Actual PE Digest

b1:3c:88:89:13:9d:03:db:8b:ee:c6:df:12:ce:64:c8:d3:83:13:7a

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Winamp,OU=Nullsoft,O=Nullsoft Inc.,C=US

06/12/2010, 22:03
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathRemoveFileSpecW
UrlIsW
UrlGetPartW
PathFindFileNameA
PathIsRootW
PathRemoveFileSpecA
PathAppendA
PathIsNetworkPathW
StrCmpIW
StrCmpNW
PathFindExtensionW
StrCmpNIW
PathStripPathW
PathCanonicalizeW
StrToIntExW
PathCommonPrefixW
PathAddBackslashW
PathIsUNCW
PathIsSameRootW
PathCombineA
StrToIntW
ord29
PathQuoteSpacesA
StrChrW
PathQuoteSpacesW
PathCombineW
PathFileExistsW
PathIsFileSpecW
PathIsRelativeW
PathStripToRootW
PathRemoveBlanksW
PathRemoveBackslashW
PathIsDirectoryW
PathFindFileNameW
PathIsURLW
PathRemoveExtensionW
PathAddExtensionW
PathAppendW
PathUnquoteSpacesW

rpcrt4

UuidFromStringW
RpcStringFreeW
UuidToStringW
UuidCreate

nsutil

nsutil_fft_Forward_F32R_IP
nsutil_image_Palette_RGB32
nsutil_image_PaletteFlipped_RGB32
nsutil_image_Convert_RGB24_RGB32
nsutil_image_ConvertFlipped_RGB24_RGB32
nsutil_stats_RMS_F32
nsutil_window_Multiply_F32_IP
nsutil_window_FillHann_F32_IP
nsutil_window_Hann_F32_IP
nsutil_pcm_FloatToInt_Interleaved
nsutil_pcm_IntToFloat_Interleaved_Gain
nsutil_image_Convert_YUV420_RGB32
nsutil_image_CopyFlipped_U8
nsutil_image_Copy_U8
nsutil_fft_Create_F32R

kernel32

lstrlenW
GetFullPathNameW
OpenEventW
TerminateProcess
OpenProcess
DeleteFileW
ExitProcess
GetLastError
SetLastError
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetShortPathNameW
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetVersionExA
SetEnvironmentVariableW
GetTempPathW
CopyFileW
CreateDirectoryW
lstrcmpiA
GetModuleFileNameA
FindClose
FindNextFileW
FindFirstFileW
lstrcpyW
FreeLibrary
LoadLibraryW
GetProcAddress
GetPrivateProfileIntW
SetThreadPriority
WriteFile
CreateThread
CreateFileA
LoadLibraryA
GlobalAddAtomW
GlobalDeleteAtom
GetCurrentThreadId
CompareStringW
CreateProcessW
RemoveDirectoryW
MoveFileExW
GetVersionExW
Sleep
WritePrivateProfileStringW
GlobalUnlock
GlobalLock
SetCurrentDirectoryW
GetCurrentDirectoryW
GetEnvironmentVariableW
GetPrivateProfileStringW
SetPriorityClass
GetCurrentProcess
RemoveDirectoryA
FindNextFileA
DeleteFileA
FindFirstFileA
GetVersion
CreateWaitableTimerA
SetWaitableTimer
MulDiv
SystemTimeToFileTime
GetSystemTime
GetStringTypeExA
GetStringTypeExW
GetSystemDirectoryW
GetModuleHandleA
SetThreadExecutionState
lstrcmpiW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSize
InitializeCriticalSectionAndSpinCount
ReadFile
LocalFree
LocalAlloc
SetEndOfFile
SetFilePointer
MoveFileW
WaitForMultipleObjects
GetCurrentThread
ResetEvent
GetLongPathNameW
lstrcmpW
LoadLibraryExW
ReleaseSemaphore
CreateSemaphoreA
ReadProcessMemory
CreateProcessA
DuplicateHandle
CreateEventW
GetExitCodeThread
GetCommandLineW
GetTempFileNameW
GetDriveTypeW
GetLogicalDrives
SetCurrentDirectoryA
GetShortPathNameA
WritePrivateProfileStructA
GetPrivateProfileStructA
TlsGetValue
TlsSetValue
TlsAlloc
GetCurrentProcessId
WaitForMultipleObjectsEx
TryEnterCriticalSection
GetLocaleInfoW
QueueUserAPC
CompareStringA
WritePrivateProfileSectionW
QueryPerformanceCounter
GetACP
LockResource
SizeofResource
LoadResource
FindResourceW
FindResourceA
FreeResource
HeapFree
HeapAlloc
GetProcessHeap
OutputDebugStringA
FindResourceExW
GetTimeFormatW
GetLocalTime
IsDebuggerPresent
UnhandledExceptionFilter
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
SetErrorMode
GetStartupInfoA
InterlockedCompareExchange
RaiseException
InterlockedExchange
QueryPerformanceFrequency
MultiByteToWideChar
GlobalFree
GlobalAlloc
GetModuleFileNameW
lstrcpynW
lstrcpynA
lstrlenA
SetEvent
GetTickCount
CreateEventA
CloseHandle
WaitForSingleObject
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
CreateFileW

user32

GetMenu
RemovePropA
LoadAcceleratorsA
LoadMenuW
LoadMenuA
DialogBoxParamW
DialogBoxParamA
LoadStringW
SystemParametersInfoW
AttachThreadInput
MapDialogRect
AdjustWindowRectEx
GetWindowTextLengthW
InflateRect
GetDesktopWindow
SendMessageCallbackA
ReplyMessage
CreateIconIndirect
SetWindowsHookExA
CallNextHookEx
GetClassLongW
TranslateAcceleratorW
UnhookWindowsHookEx
IsMenu
InsertMenuItemA
RegisterClassA
SetClassLongA
GetKeyboardState
GetMenuItemInfoW
SetMenuItemInfoW
RegisterWindowMessageW
SendMessageTimeoutA
LoadStringA
DrawIconEx
IsDlgButtonChecked
GetDlgItemInt
SetDlgItemInt
CheckDlgButton
DeleteMenu
LoadAcceleratorsW
ShowWindowAsync
PostMessageW
IsDialogMessageW
OpenClipboard
GetClipboardData
CloseClipboard
EmptyClipboard
SetClipboardData
GetSystemMenu
EqualRect
EnumDisplaySettingsA
GetWindowRgn
DrawTextA
GetKeyState
IsIconic
FlashWindowEx
MessageBeep
BringWindowToTop
MonitorFromWindow
MonitorFromRect
CharPrevA
CreateDialogParamA
IsWindowUnicode
MsgWaitForMultipleObjectsEx
CallMsgFilterA
TranslateMessage
DispatchMessageW
PeekMessageW
PostQuitMessage
ShowCursor
SetCursorPos
CallWindowProcW
GetActiveWindow
OffsetRect
SetWindowLongW
DestroyCursor
LoadImageW
BeginDeferWindowPos
DeferWindowPos
SetWindowRgn
SendNotifyMessageA
CharPrevW
WindowFromPoint
ChildWindowFromPoint
GetWindowTextA
RegisterClipboardFormatA
IsCharAlphaA
ModifyMenuW
SetMenuItemInfoA
CheckMenuItem
RemoveMenu
EnableMenuItem
GetMenuItemRect
SystemParametersInfoA
MonitorFromPoint
CreateDialogIndirectParamW
GetMessageW
DialogBoxIndirectParamW
LoadBitmapW
GetSysColorBrush
IsDialogMessageA
SetWindowLongA
SendMessageA
PtInRect
MapWindowPoints
GetClientRect
GetDlgItem
GetMonitorInfoA
InsertMenuW
InsertMenuA
DestroyMenu
GetMenuItemInfoA
GetMenuItemCount
AppendMenuA
GetMenuStringW
GetSubMenu
GetMenuState
GetMenuItemID
AppendMenuW
CreatePopupMenu
InsertMenuItemW
PeekMessageA
GetForegroundWindow
GetMessageA
DispatchMessageA
SetWindowTextA
GetClassInfoW
RegisterClassW
DefWindowProcA
CharUpperW
FindWindowW
IsChild
GetWindowLongW
GetNextDlgTabItem
GetClassNameW
GetMessagePos
ChildWindowFromPointEx
ValidateRect
GetUpdateRect
GetUpdateRgn
RedrawWindow
GetAncestor
ReleaseCapture
ClientToScreen
CreateWindowExW
SetPropW
RemovePropW
FindWindowExA
GetPropW
GetCursorPos
TrackPopupMenu
EnumThreadWindows
IsWindowVisible
UpdateWindow
GetClassLongA
GetSystemMetrics
LoadIconA
DestroyIcon
CharLowerW
FindWindowA
GetClassInfoExW
RegisterClassExW
SetCursor
GetFocus
SetFocus
GetCapture
SetCapture
TrackMouseEvent
BeginPaint
EndPaint
LoadCursorA
SetRect
DefWindowProcW
GetDlgCtrlID
SendMessageW
FillRect
CopyRect
DrawFocusRect
GetDCEx
SetRectEmpty
GetSysColor
GetWindowThreadProcessId
FindWindowExW
CharNextW
PostThreadMessageA
KillTimer
MessageBoxW
SetTimer
GetWindow
SetScrollInfo
GetScrollInfo
SetScrollPos
SetDlgItemTextW
SetForegroundWindow
CreateDialogParamW
GetDlgItemTextW
DrawTextW
GetWindowTextW
SetWindowTextW
PostMessageA
ScreenToClient
SetParent
SetWindowPos
GetWindowLongA
InvalidateRect
GetWindowRect
EndDialog
GetDC
GetWindowDC
ReleaseDC
LoadImageA
SendDlgItemMessageA
GetWindowTextLengthA
GetDlgItemTextA
CharUpperBuffA
MessageBoxA
CharNextA
IsWindow
RegisterWindowMessageA
ShowWindow
SetActiveWindow
SendDlgItemMessageW
EnableWindow
GetAsyncKeyState
GetParent
IsWindowEnabled
CallWindowProcA
DestroyWindow
SetDlgItemTextA
EndDeferWindowPos

gdi32

MoveToEx
SetBkColor
GetTextExtentPoint32W
GetTextMetricsW
ExtTextOutW
SetTextAlign
GetTextMetricsA
ExtTextOutA
CombineRgn
OffsetRgn
CreateRectRgn
GetTextExtentPoint32A
CreateFontIndirectA
CreatePolyPolygonRgn
CreatePen
Rectangle
LineTo
CreateFontA
CreateSolidBrush
FillRgn
GetStockObject
CreateRectRgnIndirect
GetObjectA
StretchBlt
GetPixel
SetPixel
CreateBrushIndirect
SetDIBits
GetNearestColor
SetStretchBltMode
RestoreDC
RectVisible
SetTextColor
SetBkMode
UpdateColors
SelectPalette
RealizePalette
BitBlt
GetDeviceCaps
CreateCompatibleDC
SelectObject
GetDIBits
GetDIBColorTable
DeleteDC
DeleteObject
CreatePalette
CreateCompatibleBitmap
GetCurrentObject
SetBrushOrgEx
CreatePatternBrush
GetObjectW
CreateFontIndirectW
GetFontLanguageInfo
IntersectClipRect
ExtSelectClipRgn
EnumFontsA
CreateFontW
SaveDC
CreateDIBSection

advapi32

RegQueryValueExA
RegOpenKeyA
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegDeleteKeyW
RegEnumKeyW
RegOpenKeyW
RegCreateKeyW
RegDeleteValueW
RegCreateKeyExW
CryptAcquireContextA
CryptReleaseContext
CryptGenRandom
RegCloseKey

shell32

SHGetPathFromIDListW
DragQueryPoint
Shell_NotifyIconW
SHGetSpecialFolderPathW
SHBrowseForFolderW
DragQueryFileW
DragFinish
SHAppBarMessage
SHFileOperationW
SHChangeNotify
ord680
SHGetDesktopFolder
SHGetFolderPathW
ShellExecuteW

ole32

CoUninitialize
RevokeDragDrop
CoRevokeClassObject
OleUninitialize
OleInitialize
RegisterDragDrop
CoRegisterClassObject
CoCreateInstance
StringFromGUID2
CoGetObject
CoInitialize
CoTaskMemFree
CoCreateGuid
CoTaskMemAlloc
OleRun
CoInitializeEx

oleaut32

SafeArrayCopy
SysAllocStringLen
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
SysFreeString
SysAllocString
VariantInit
VariantClear

msvcr90

vsprintf_s
strlen
wcslen
_i64tow_s
_configthreadlocale
_wsetlocale
_wchmod
wcscpy_s
fputs
_create_locale
_wtoi_l
swscanf
fgetws
_CIatan
_CItan
_CIcos
_except_handler3
_wtof_l
floor
wcsrchr
ferror
fseek
ftell
fwrite
fopen
sscanf
strtol
wcschr
memmove
??_V@YAXPAX@Z
??_U@YAPAXI@Z
_waccess
fgets
feof
_strnicmp
atoi
fprintf
fputc
wcsnlen
towupper
wcsncmp
strchr
_stricmp
_purecall
_wcsnicmp
wcsstr
_wtoi
_itow
_wcsicmp
__CxxFrameHandler3
_vsnprintf
_wcsdup
_strdup
realloc
strrchr
_vsnwprintf
??2@YAPAXI@Z
??3@YAXPAX@Z
_CIsqrt
_CIsin
_CIpow
memset
strncmp
_wfopen
fread
fclose
memcpy
strstr
malloc
free
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_initterm_e
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler4_common
_invoke_watson
_controlfp_s
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_CxxThrowException

Exports

Exports

plstring_malloc
plstring_release
plstring_retain
plstring_wcsdup

Sections

.text
Size: 566KB - Virtual size: 566KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 25B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 811KB - Virtual size: 810KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3ff013cca07288b87fc393dd9311fcb3

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

70:00:0b:3cCertificate

Extended Key Usages

Key Usages

07Certificate

Key Usages

b1:3c:88:89:13:9d:03:db:8b:ee:c6:df:12:ce:64:c8:d3:83:13:7aSigner

Signature Validations

Verification

06/12/2010, 22:03 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

rpcrt4

nsutil

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msvcr90

Exports

Exports

Sections

.text Size: 566KB - Virtual size: 566KB

.rdata Size: 96KB - Virtual size: 96KB

.data Size: 18KB - Virtual size: 102KB

.tls Size: 512B - Virtual size: 25B

.rsrc Size: 811KB - Virtual size: 810KB

.reloc Size: 59KB - Virtual size: 59KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

70:00:0b:3c
Certificate

07
Certificate

b1:3c:88:89:13:9d:03:db:8b:ee:c6:df:12:ce:64:c8:d3:83:13:7a
Signer

06/12/2010, 22:03
Valid: false

.text
Size: 566KB - Virtual size: 566KB

.rdata
Size: 96KB - Virtual size: 96KB

.data
Size: 18KB - Virtual size: 102KB

.tls
Size: 512B - Virtual size: 25B

.rsrc
Size: 811KB - Virtual size: 810KB

.reloc
Size: 59KB - Virtual size: 59KB