cb4149ac95819e1f08f23bebf05a1a59ff99f67964123337531fbd46baeb00f1

Sharing

Copy URL Twitter E-mail

General

Target

cb4149ac95819e1f08f23bebf05a1a59ff99f67964123337531fbd46baeb00f1
Size

453KB
MD5

6d6c6e2e8ef4fd398f33dbfd9e451b30
SHA1

e43f0fbc3f3cb0d225c70aa9b5eb678d82d9a21b
SHA256

cb4149ac95819e1f08f23bebf05a1a59ff99f67964123337531fbd46baeb00f1
SHA512

aab64179d2edf16a689c928090ce53c014fc607beb71c5d95309ee506e2a7011e8669d3a3334f68079e1e88c88b4936a46d51720781f8513e04cedbd25461916
SSDEEP

12288:CvqR5XbAX5FmFVY/EJIervebMnoRh75DMB:zR5Xa5FGY8hmIncVM

Score

N/A

Malware Config

Signatures

Files

cb4149ac95819e1f08f23bebf05a1a59ff99f67964123337531fbd46baeb00f1
.exe windows x86

72608bdc0b886862a8ed22bd7941ccf3

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

36:67:e1:58:b5:24:c8:ff:bf:e5:38:17:27:86:f1:e2
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

15/01/2013, 00:00

Not After

15/01/2016, 23:59

Subject

CN=YANDEX LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=YANDEX LLC,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

08:fa:73:3d:f6:89:ae:8c:1b:16:22:b6:82:9f:cb:35:13:c4:46:6f
Signer

Actual PE Digest

08:fa:73:3d:f6:89:ae:8c:1b:16:22:b6:82:9f:cb:35:13:c4:46:6f

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=YANDEX LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=YANDEX LLC,L=Moscow,ST=Moscow,C=RU

28/02/2014, 09:59
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetReadFile
InternetQueryDataAvailable
HttpQueryInfoW
HttpSendRequestW
InternetSetOptionW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetCloseHandle
InternetCrackUrlW
InternetOpenW
InternetConnectW

winmm

timeGetTime

kernel32

GetTickCount
WriteFile
GetModuleFileNameW
CreateFileW
GetLastError
SetLastError
OutputDebugStringA
ReleaseMutex
CloseHandle
DeleteFileW
GetCurrentProcessId
MoveFileExW
GetCurrentProcess
CreateDirectoryW
GetFileAttributesW
ReadFile
GetTempPathW
GetCurrentDirectoryW
GetCommandLineW
LocalFree
Sleep
RaiseException
IsDebuggerPresent
GetCurrentThreadId
DuplicateHandle
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
SetEndOfFile
FlushFileBuffers
FindFirstFileW
FindFirstFileExW
FindClose
FindNextFileW
QueryPerformanceCounter
InterlockedCompareExchange
GetSystemTimeAsFileTime
OpenProcess
WaitForSingleObject
GetModuleHandleW
GetVersionExW
GetProcAddress
InterlockedExchangeAdd
GetSystemDirectoryW
GetWindowsDirectoryW
CreateEventW
ExpandEnvironmentStringsW
TlsGetValue
InterlockedIncrement
TlsSetValue
TlsAlloc
TlsFree
InterlockedDecrement
QueueUserWorkItem
SetEvent
UnregisterWait
ConnectNamedPipe
ResetEvent
GetOverlappedResult
DisconnectNamedPipe
InitializeCriticalSection
UnregisterWaitEx
RegisterWaitForSingleObject
CreateNamedPipeW
GetProcessTimes
ReadProcessMemory
LoadLibraryW
FreeLibrary
GetSystemTime
MultiByteToWideChar
WideCharToMultiByte
InterlockedExchange
GetStringTypeW
EncodePointer
DecodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
HeapFree
GetStartupInfoW
GetConsoleCP
GetConsoleMode
HeapAlloc
GetProcessHeap
GetFullPathNameW
ExitProcess
SetStdHandle
GetFileType
HeapReAlloc
GetCPInfo
RtlUnwind
LCMapStringW
IsProcessorFeaturePresent
HeapCreate
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetACP
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
WriteConsoleW
GetLocaleInfoW
HeapSize
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetDriveTypeW
CompareStringW
SetEnvironmentVariableA
CreateProcessW
SetFilePointer
CreateMutexW
GetUserDefaultUILanguage
GetNativeSystemInfo
HeapSetInformation
SetEnvironmentVariableW
GetEnvironmentVariableW
FindResourceW
LoadResource
LockResource
SizeofResource
LoadLibraryA
LocalAlloc

advapi32

GetSecurityDescriptorSacl
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
ConvertStringSecurityDescriptorToSecurityDescriptorW

ole32

CoCreateInstance
CoSetProxyBlanket
CoTaskMemFree

user32

CharUpperW
MessageBoxW
CreateWindowExW
RegisterClassExW
PostMessageW
DispatchMessageW
TranslateMessage
GetMessageW
PostQuitMessage
DefWindowProcW
UpdateWindow

oleaut32

SysFreeString
VariantClear
SysAllocString

Sections

.text
Size: 299KB - Virtual size: 298KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

72608bdc0b886862a8ed22bd7941ccf3

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

36:67:e1:58:b5:24:c8:ff:bf:e5:38:17:27:86:f1:e2Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

08:fa:73:3d:f6:89:ae:8c:1b:16:22:b6:82:9f:cb:35:13:c4:46:6fSigner

Signature Validations

Verification

28/02/2014, 09:59 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

wininet

winmm

kernel32

advapi32

ole32

user32

oleaut32

Sections

.text Size: 299KB - Virtual size: 298KB

.rdata Size: 85KB - Virtual size: 85KB

.data Size: 6KB - Virtual size: 18KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 1024B - Virtual size: 848B

.reloc Size: 60KB - Virtual size: 60KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

36:67:e1:58:b5:24:c8:ff:bf:e5:38:17:27:86:f1:e2
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

08:fa:73:3d:f6:89:ae:8c:1b:16:22:b6:82:9f:cb:35:13:c4:46:6f
Signer

28/02/2014, 09:59
Valid: false

.text
Size: 299KB - Virtual size: 298KB

.rdata
Size: 85KB - Virtual size: 85KB

.data
Size: 6KB - Virtual size: 18KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 1024B - Virtual size: 848B

.reloc
Size: 60KB - Virtual size: 60KB