5f8ff61a410fc3c2d19e09da0177f216e1c05af62cf4948d1eabce0bc4b77507

Sharing

Copy URL Twitter E-mail

General

Target

5f8ff61a410fc3c2d19e09da0177f216e1c05af62cf4948d1eabce0bc4b77507
Size

120KB
MD5

6ade1303e9eb2915dbd9e652962995cb
SHA1

ab16a7bbff7ad84d0ac7253809d070e1489d357e
SHA256

5f8ff61a410fc3c2d19e09da0177f216e1c05af62cf4948d1eabce0bc4b77507
SHA512

04093639acd8a8eb2d9e322abe47bf60db558dc1f248cfe316e6c38553e8458821159bc0ff3518332ca4425b0551b1bb8d4d0ebd7ee1832002c4d39a4b9523ba
SSDEEP

3072:zfLOXurSalfHfG2N1X+S4RvSCzdPV0VXkjf5Wty:XEGtUSsDdPVLjf5Wty

Score

N/A

Malware Config

Signatures

Files

5f8ff61a410fc3c2d19e09da0177f216e1c05af62cf4948d1eabce0bc4b77507
.dll windows x86

348455ac79d3a5ef49002e19f2d2acef

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:f6:32:6f:70:cb:ec:34:0b:f2:d1:86:8f:e6:5b:1e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

25/11/2009, 00:00

Not After

23/11/2012, 23:59

Subject

CN=Valve,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Valve,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

87:08:bf:17:de:91:91:28:3e:58:72:46:1f:be:93:d2:f0:80:9e:17
Signer

Actual PE Digest

87:08:bf:17:de:91:91:28:3e:58:72:46:1f:be:93:d2:f0:80:9e:17

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Valve,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Valve,ST=Washington,C=US

17/08/2012, 16:47
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CloseHandle
CreateFileMappingA
DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetConsoleScreenBufferInfo
GetLastError
GetModuleHandleA
GetProcAddress
GetStdHandle
InitializeCriticalSection
InterlockedExchange
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
MapViewOfFile
MultiByteToWideChar
SetConsoleTextAttribute
Sleep
TlsGetValue
UnmapViewOfFile
VirtualProtect
VirtualQuery
WideCharToMultiByte

msvcrt

_close
_fstat
_isatty
_open
_read
__dllonexit
__lc_codepage
__mb_cur_max
_errno
_get_osfhandle
_iob
_isctype
_pctype
_stricmp
_strnicmp
_winmajor
abort
acos
asin
atan
bsearch
calloc
ceil
clock
cos
cosh
exp
fflush
floor
fputc
fputs
free
frexp
fwrite
getenv
gmtime
ldexp
localeconv
localtime
log
malloc
memcpy
memset
mktime
pow
realloc
sin
sinh
sqrt
strchr
strcmp
strcpy
strlen
strspn
strtol
strtoul
tan
tanh
time
toupper
vfprintf
wcslen

Exports

Exports

av_add_q
av_adler32_update
av_aes_crypt
av_aes_init
av_aes_size
av_base64_decode
av_base64_encode
av_bmg_get
av_compare_mod
av_compare_ts
av_crc
av_crc_get_table
av_crc_init
av_d2q
av_d2str
av_dbl2ext
av_dbl2int
av_default_item_name
av_des_crypt
av_des_init
av_dict_copy
av_dict_free
av_dict_get
av_dict_set
av_div_q
av_dynarray_add
av_eval_expr
av_evaluate_lls
av_expr_eval
av_expr_free
av_expr_parse
av_expr_parse_and_eval
av_ext2dbl
av_fifo_alloc
av_fifo_drain
av_fifo_free
av_fifo_generic_read
av_fifo_generic_write
av_fifo_realloc2
av_fifo_reset
av_fifo_size
av_fifo_space
av_file_map
av_file_unmap
av_find_info_tag
av_find_nearest_q_idx
av_find_opt
av_flt2int
av_force_cpu_flags
av_free
av_free_expr
av_freep
av_gcd
av_get_bits_per_pixel
av_get_bits_per_sample_fmt
av_get_bytes_per_sample
av_get_channel_layout
av_get_channel_layout_nb_channels
av_get_channel_layout_string
av_get_cpu_flags
av_get_double
av_get_int
av_get_picture_type_char
av_get_pix_fmt
av_get_pix_fmt_name
av_get_pix_fmt_string
av_get_q
av_get_random_seed
av_get_sample_fmt
av_get_sample_fmt_name
av_get_sample_fmt_string
av_get_string
av_get_token
av_image_alloc
av_image_check_size
av_image_copy
av_image_copy_plane
av_image_fill_linesizes
av_image_fill_max_pixsteps
av_image_fill_pointers
av_image_get_linesize
av_init_lls
av_int2dbl
av_int2flt
av_lfg_init
av_log
av_log_default_callback
av_log_get_level
av_log_set_callback
av_log_set_flags
av_log_set_level
av_lzo1x_decode
av_malloc
av_mallocz
av_md5_final
av_md5_init
av_md5_size
av_md5_sum
av_md5_update
av_memcpy_backptr
av_mul_q
av_nearer_q
av_next_option
av_opt_find
av_opt_flag_is_set
av_opt_free
av_opt_set_defaults
av_opt_set_defaults2
av_opt_set_dict
av_opt_show2
av_parse_and_eval_expr
av_parse_color
av_parse_expr
av_parse_time
av_parse_video_rate
av_parse_video_size
av_pix_fmt_descriptors
av_rc4_crypt
av_rc4_init
av_read_image_line
av_realloc
av_reduce
av_rescale
av_rescale_q
av_rescale_rnd
av_reverse
av_samples_alloc
av_samples_fill_arrays
av_set_double
av_set_int
av_set_options_string
av_set_q
av_set_string3
av_sha_final
av_sha_init
av_sha_size
av_sha_update
av_solve_lls
av_strdup
av_strerror
av_stristart
av_stristr
av_strlcat
av_strlcatf
av_strlcpy
av_strstart
av_strtod
av_sub_q
av_tree_destroy
av_tree_enumerate
av_tree_find
av_tree_insert
av_tree_node_size
av_update_lls
av_vlog
av_write_image_line
avutil_configuration
avutil_license
avutil_version
ff_get_cpu_flags_x86
ff_inverse
ff_log2_tab
ff_set_systematic_pal2
ff_sqrt_tab

Sections

.text
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 368B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 17KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

348455ac79d3a5ef49002e19f2d2acef

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

7b:f6:32:6f:70:cb:ec:34:0b:f2:d1:86:8f:e6:5b:1eCertificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

87:08:bf:17:de:91:91:28:3e:58:72:46:1f:be:93:d2:f0:80:9e:17Signer

Signature Validations

Verification

17/08/2012, 16:47 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 86KB - Virtual size: 86KB

.data Size: 15KB - Virtual size: 15KB

/4 Size: 512B - Virtual size: 368B

.bss Size: - Virtual size: 17KB

.edata Size: 4KB - Virtual size: 4KB

.idata Size: 2KB - Virtual size: 2KB

.CRT Size: 512B - Virtual size: 24B

.tls Size: 512B - Virtual size: 32B

.reloc Size: 3KB - Virtual size: 2KB

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

7b:f6:32:6f:70:cb:ec:34:0b:f2:d1:86:8f:e6:5b:1e
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

87:08:bf:17:de:91:91:28:3e:58:72:46:1f:be:93:d2:f0:80:9e:17
Signer

17/08/2012, 16:47
Valid: false

.text
Size: 86KB - Virtual size: 86KB

.data
Size: 15KB - Virtual size: 15KB

/4
Size: 512B - Virtual size: 368B

.bss
Size: - Virtual size: 17KB

.edata
Size: 4KB - Virtual size: 4KB

.idata
Size: 2KB - Virtual size: 2KB

.CRT
Size: 512B - Virtual size: 24B

.tls
Size: 512B - Virtual size: 32B

.reloc
Size: 3KB - Virtual size: 2KB