ca58765fbbe479fc4e30fd5fdae625597b6cda840dcedc7fa49d307ac3747a64

Sharing

Copy URL Twitter E-mail

General

Target

ca58765fbbe479fc4e30fd5fdae625597b6cda840dcedc7fa49d307ac3747a64
Size

571KB
MD5

60e4049f543f888574cdf2e8ff657d90
SHA1

9d92c09d0bc8bbd6e8156f229c213fb99d8dae61
SHA256

ca58765fbbe479fc4e30fd5fdae625597b6cda840dcedc7fa49d307ac3747a64
SHA512

6147a531c6236dacb08a3eb6b08ba78cb776461562420552841cd26fb003ad24805aa065d2abb310b6f6173198592777681fc41e9b3317f112fc809bb955ffa9
SSDEEP

6144:yKlEqHZon2glgLiCFwLhjgH2+wbNH2XjwTlBhqAqBdTlBhqAqBW:jRon2EgOYHRwbNRTpgTp/

Score

N/A

Malware Config

Signatures

Files

ca58765fbbe479fc4e30fd5fdae625597b6cda840dcedc7fa49d307ac3747a64
.exe windows x86

8b79472340243c53e339d8328102e0e4

Code Sign

02:3a:64
Certificate

Issuer

CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US

Not Before

18/10/2012, 14:38

Not After

20/05/2022, 14:38

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7e:1f:df:72:99:e8:d2:45:a1:5d:0b:a8:e5:b1:59:ba
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

19/05/2022, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

2c:5e:52:b1:58:69:b6:74:c4:9e:25:1d:60:3c:61:62
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

05/12/2012, 00:00

Not After

05/12/2013, 23:59

Subject

CN=security systems information technology Co.\,Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=security systems information technology Co.\,Ltd.,L=shenzhen,ST=guangzhou,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:37:23:35:bd:fc:4b:56:0f:06:8e:cc:77:77:cd:fd:a4:d6:66:a1
Signer

Actual PE Digest

07:37:23:35:bd:fc:4b:56:0f:06:8e:cc:77:77:cd:fd:a4:d6:66:a1

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=security systems information technology Co.\,Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=security systems information technology Co.\,Ltd.,L=shenzhen,ST=guangzhou,C=CN

07/01/2013, 04:00
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetOEMCP
RtlUnwind
GetStartupInfoA
GetCommandLineA
ExitProcess
TerminateProcess
HeapFree
CreateThread
ExitThread
HeapAlloc
RaiseException
SetStdHandle
GetFileType
HeapReAlloc
HeapSize
GetACP
GetTimeZoneInformation
GetSystemTime
GetLocalTime
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetEnvironmentVariableA
GetCPInfo
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
GetDriveTypeA
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetTickCount
GetCurrentProcessId
GetSystemDirectoryA
GetProfileStringA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFullPathNameA
GetVolumeInformationA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
DuplicateHandle
SetErrorMode
SizeofResource
GetProcessVersion
GetCurrentDirectoryA
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
MulDiv
GetVersion
lstrcatA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GetModuleHandleA
FindNextFileA
lstrcpyA
SetLastError
SetFileAttributesA
CreateFileA
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
FindFirstFileA
FindClose
lstrcpynA
GetFileTime
GetFileSize
InterlockedExchange
MultiByteToWideChar
InterlockedDecrement
InterlockedIncrement
LocalFree
lstrlenA
WideCharToMultiByte
GlobalUnlock
GlobalFree
LockResource
FindResourceA
LoadResource
CreateEventA
SetEvent
WaitForSingleObject
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
GetProcAddress
GetFileAttributesA
CreateProcessA
GetModuleFileNameA
GetSystemDefaultLangID
LoadLibraryA
FreeLibrary
GetCurrentProcess
CloseHandle
CreateMutexA
GetLastError
GetPrivateProfileIntA
WritePrivateProfileStringA
DeleteFileA
GetVersionExA
Sleep

user32

SetDlgItemTextA
IsDialogMessageA
SetWindowTextA
ShowWindow
LoadStringA
ClientToScreen
GetDC
ReleaseDC
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
LoadCursorA
GetClassNameA
PtInRect
GetSysColorBrush
CharUpperA
DestroyMenu
InvalidateRect
SendDlgItemMessageA
MapWindowPoints
GetSysColor
SetFocus
AdjustWindowRectEx
ScreenToClient
CopyRect
GetTopWindow
GetCapture
WinHelpA
GetClassInfoA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessagePos
GetForegroundWindow
SetForegroundWindow
GetWindow
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
UnhookWindowsHookEx
EndDialog
SetActiveWindow
IsWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
UnregisterClassA
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
MessageBoxA
SetCursor
PostQuitMessage
PostMessageA
EnableWindow
PeekMessageA
IsIconic
CheckRadioButton
RegisterClassA
UpdateWindow
GetSystemMetrics
GetClientRect
HideCaret
ShowCaret
ExcludeUpdateRgn
DrawFocusRect
DefDlgProcA
InflateRect
CharNextA
IsWindowUnicode
MsgWaitForMultipleObjects
DrawIcon
SendMessageA
LoadIconA
wsprintfA
GetMessageTime

gdi32

ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
IntersectClipRect
DeleteObject
SetViewportExtEx
GetDeviceCaps
CreateSolidBrush
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
CreateDIBitmap
CreateCompatibleDC
BitBlt
GetTextExtentPointA
PatBlt
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetBkMode
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateBitmap

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegCloseKey
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
ChangeServiceConfigA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenSCManagerA
OpenServiceA
CloseServiceHandle
QueryServiceStatus
ControlService

comctl32

ord17

ws2_32

WSAStartup
WSACleanup
WSASetLastError
htonl
getservbyname
gethostbyaddr
getservbyport
gethostname
gethostbyname
socket
WSAGetLastError
setsockopt
bind
ioctlsocket
inet_addr
getsockopt
send
recv
connect
getsockname
WSAIoctl
htons
closesocket
select
__WSAFDIsSet
recvfrom
inet_ntoa
ntohs
sendto
ntohl

iphlpapi

GetNetworkParams
GetIpAddrTable
GetBestRoute

winmm

timeGetDevCaps
timeBeginPeriod
timeGetTime
timeEndPeriod

ole32

CoInitialize
CoUninitialize
CoCreateGuid

Sections

.text
Size: 248KB - Virtual size: 248KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 264KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8b79472340243c53e339d8328102e0e4

Code Sign

02:3a:64Certificate

Extended Key Usages

Key Usages

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78Certificate

Key Usages

7e:1f:df:72:99:e8:d2:45:a1:5d:0b:a8:e5:b1:59:baCertificate

Extended Key Usages

Key Usages

2c:5e:52:b1:58:69:b6:74:c4:9e:25:1d:60:3c:61:62Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

07:37:23:35:bd:fc:4b:56:0f:06:8e:cc:77:77:cd:fd:a4:d6:66:a1Signer

Signature Validations

Verification

07/01/2013, 04:00 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

comctl32

ws2_32

iphlpapi

winmm

ole32

Sections

.text Size: 248KB - Virtual size: 248KB

.rdata Size: 28KB - Virtual size: 28KB

.data Size: 20KB - Virtual size: 38KB

.rsrc Size: 264KB - Virtual size: 264KB

02:3a:64
Certificate

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

7e:1f:df:72:99:e8:d2:45:a1:5d:0b:a8:e5:b1:59:ba
Certificate

2c:5e:52:b1:58:69:b6:74:c4:9e:25:1d:60:3c:61:62
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

07:37:23:35:bd:fc:4b:56:0f:06:8e:cc:77:77:cd:fd:a4:d6:66:a1
Signer

07/01/2013, 04:00
Valid: false

.text
Size: 248KB - Virtual size: 248KB

.rdata
Size: 28KB - Virtual size: 28KB

.data
Size: 20KB - Virtual size: 38KB

.rsrc
Size: 264KB - Virtual size: 264KB