81fba389ed7430d1f40e2f372200dac9df46e3f875328dff6410b5a1d86b7506

Sharing

Copy URL Twitter E-mail

General

Target

81fba389ed7430d1f40e2f372200dac9df46e3f875328dff6410b5a1d86b7506
Size

971KB
MD5

5b55398c2ae68de512e05ea816b30e30
SHA1

6be11296d8ff774b4520f5b217b14c9699d6f193
SHA256

81fba389ed7430d1f40e2f372200dac9df46e3f875328dff6410b5a1d86b7506
SHA512

c6c494475266bb10cb347728c3f41a7f7c62e5294d3e5271d9f1183ae08c7214563fc7ef9d820189890165fcca151bcbe85d1ffcfd8eaa2f94bb0c1493560e50
SSDEEP

24576:+AhmzRHyHfj6d04AWuKz5jzmISUAbnPHOof:+wLfj7itTAbnP

Score

N/A

Malware Config

Signatures

Files

81fba389ed7430d1f40e2f372200dac9df46e3f875328dff6410b5a1d86b7506
.exe windows x86

c39b372932edb521dac059e7b78965c2

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

37:d3:74:0f:b0:4d:b7:fa:54:df:df:35:8b:ef:6d:5f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

17/02/2009, 00:00

Not After

12/04/2012, 23:59

Subject

CN=CyberLink,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=CyberLink,L=Taipei,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6d:96:38:5b:ab:2a:43:12:e3:59:75:ed:a4:d6:42:ed:b3:54:a3:c7
Signer

Actual PE Digest

6d:96:38:5b:ab:2a:43:12:e3:59:75:ed:a4:d6:42:ed:b3:54:a3:c7

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=CyberLink,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=CyberLink,L=Taipei,ST=Taiwan,C=TW

01/10/2010, 02:55
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStringTypeA
GetStringTypeW
SetStdHandle
GetDriveTypeA
CompareStringA
CompareStringW
SetEnvironmentVariableA
IsBadCodePtr
IsBadReadPtr
GetCPInfo
GetOEMCP
LCMapStringW
LCMapStringA
GetDateFormatA
GetTimeFormatA
GetTimeZoneInformation
SetUnhandledExceptionFilter
Sleep
IsBadWritePtr
GetVersionExW
GetCurrentProcessId
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetModuleFileNameA
GetStdHandle
HeapSize
TerminateProcess
CreateThread
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapReAlloc
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
RtlUnwind
ExitProcess
GetStartupInfoW
GetCurrentDirectoryW
GetPrivateProfileStringW
WritePrivateProfileStringW
LocalFileTimeToFileTime
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
GlobalFlags
GetDiskFreeSpaceW
GetFileTime
SetFileTime
GetFileAttributesW
GetTickCount
GetCurrentThread
lstrcmpiA
ConvertDefaultLocale
EnumResourceLanguagesW
WaitForSingleObject
ResumeThread
SetThreadPriority
SystemTimeToFileTime
lstrcmpA
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetVersion
GlobalGetAtomNameW
GlobalSize
InterlockedDecrement
LoadLibraryW
GetShortPathNameW
GetFullPathNameW
GetVolumeInformationW
lstrcpyW
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
GetStringTypeExW
MoveFileW
MulDiv
SetLastError
lstrcpynW
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetModuleHandleA
LoadLibraryA
FreeLibrary
lstrcatW
lstrcmpW
GetModuleHandleW
GetProcAddress
GetVersionExA
GlobalLock
GlobalUnlock
FreeResource
lstrlenA
FindFirstFileW
FindNextFileW
FindClose
DeviceIoControl
CreateMutexW
WideCharToMultiByte
MultiByteToWideChar
GetLocaleInfoW
GetNumberFormatW
GetSystemTime
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrcmpiW
GetCurrentProcess
GlobalAlloc
GlobalFree
GetTempFileNameW
CreateDirectoryW
GetModuleFileNameW
GetDriveTypeW
GetFileSize
lstrlenW
LoadResource
LockResource
SizeofResource
FindResourceW
CreateFileW
GetLastError
FormatMessageW
LocalFree
CloseHandle
ReadFile
DeleteFileW
SetFileAttributesW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange

user32

WindowFromPoint
GetMenuItemInfoW
GetSysColorBrush
SetRect
RegisterClipboardFormatW
SetWindowContextHelpId
MapDialogRect
ShowOwnedPopups
PostQuitMessage
GetMessageW
ValidateRect
KillTimer
SetTimer
SetWindowRgn
DrawIcon
IsRectEmpty
FindWindowW
SystemParametersInfoW
LoadCursorW
DestroyCursor
SetCursorPos
SetCapture
RedrawWindow
InflateRect
LoadMenuW
DestroyMenu
UnpackDDElParam
ReuseDDElParam
SetCursor
ReleaseCapture
LoadAcceleratorsW
InsertMenuItemW
CreatePopupMenu
SetRectEmpty
BringWindowToTop
SetMenu
TranslateAcceleratorW
GetMenuStringW
AppendMenuW
InsertMenuW
RemoveMenu
CharUpperW
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
MapVirtualKeyW
GetKeyNameTextW
SetMenuItemBitmaps
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapW
ShowWindow
MoveWindow
DeleteMenu
IsDialogMessageW
SetDlgItemTextW
GetDlgItemInt
WinHelpW
EnableWindow
SendMessageW
GetWindowRect
GetDC
DestroyIcon
CharNextW
CopyAcceleratorTableW
ReleaseDC
DispatchMessageW
TranslateMessage
PeekMessageW
wsprintfW
GetClientRect
GetKeyState
GetCapture
CreateWindowExW
SetWindowsHookExW
CallNextHookEx
GetClassInfoExW
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SendDlgItemMessageW
SendDlgItemMessageA
SetFocus
IsChild
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
MessageBoxW
TrackPopupMenu
SetScrollRange
GetScrollRange
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
PostThreadMessageW
CreateMenu
SetScrollPos
GetScrollPos
ShowScrollBar
IsWindowVisible
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
GetSysColor
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetTabbedTextExtentA
IsClipboardFormatAvailable
GetDCEx
LockWindowUpdate
GetSystemMenu
SetWindowTextW
LoadIconW
CopyRect
TranslateMDISysAccel
DrawMenuBar
DefFrameProcW
GetKeyboardLayout
MapVirtualKeyExW
IsCharLowerW
DrawIconEx
HideCaret
ShowCaret
IsMenu
DestroyAcceleratorTable
LoadImageW
GetIconInfo
CreateIconIndirect
CopyIcon
GetMenuDefaultItem
DrawFocusRect
IsZoomed
IsIconic
SetForegroundWindow
RegisterWindowMessageW
InvalidateRect
UpdateWindow
GetCursorPos
ScreenToClient
DrawStateW
FillRect
GetFocus
PostMessageW
EndDialog
GetNextDlgTabItem
GetParent
IsWindowEnabled
GetDlgItem
GetWindowLongW
IsWindow
DestroyWindow
CreateDialogIndirectParamW
GetSystemMetrics
SetActiveWindow
GetActiveWindow
GetDesktopWindow
GetWindow
PtInRect
GetWindowPlacement
SystemParametersInfoA
IntersectRect
OffsetRect
SetWindowPos
SetWindowLongW
CallWindowProcW
DefWindowProcW
GetDlgCtrlID
UnregisterClassW
RegisterClassW
GetClassInfoW
SetScrollInfo
GetScrollInfo
SetParent

gdi32

EndPage
SetAbortProc
AbortDoc
EndDoc
GetBkColor
GetTextColor
GetRgnBox
GetNearestColor
GetBkMode
GetPolyFillMode
GetROP2
GetStretchBltMode
GetTextAlign
GetTextFaceW
GetTextExtentPoint32A
GetWindowOrgEx
StartPage
Rectangle
GetViewportOrgEx
Ellipse
LPtoDP
CreateEllipticRgn
DPtoLP
GetMapMode
CombineRgn
SetRectRgn
CreateFontIndirectW
CreateFontW
GetCharWidthW
StretchDIBits
GetTextMetricsW
CreateCompatibleBitmap
CreateDCW
CreatePen
GetDeviceCaps
GetStockObject
CreateCompatibleDC
CreatePatternBrush
DeleteDC
ExtSelectClipRgn
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
TextOutW
RectVisible
PtVisible
StartDocW
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
SelectClipRgn
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
SetMapMode
SetStretchBltMode
SetROP2
GetTextExtentPoint32W
CreateSolidBrush
DeleteObject
GetClipBox
SetTextColor
SetBkColor
GetObjectW
CreateBitmap
CreateRectRgnIndirect
PatBlt
SaveDC
RestoreDC
SetBkMode
Polygon
StretchBlt
SetPixel
CreateDIBSection
EnumFontFamiliesExW
GetTextCharsetInfo
GetDIBits
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
SetPolyFillMode
ExtTextOutW

comdlg32

GetOpenFileNameW
GetSaveFileNameW
PrintDlgW
CommDlgExtendedError
GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter
GetJobW

advapi32

CryptCreateHash
RegSetValueExW
RegCreateKeyExW
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
RegQueryValueExW
RegOpenKeyExW
CryptDestroyHash
CryptDeriveKey
CryptHashData
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
RegCreateKeyW
RegDeleteValueW
GetFileSecurityW
SetFileSecurityW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegSetValueW
RegOpenKeyW
CryptDecrypt
CryptEncrypt
RegCloseKey

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetSpecialFolderPathW
SHGetFileInfoW
ShellExecuteExW
DragFinish
DragQueryFileW
ExtractIconW
SHGetMalloc

comctl32

ImageList_GetIcon
ImageList_Destroy
ImageList_Create
ImageList_LoadImageW
ImageList_Draw
ImageList_GetImageInfo
ImageList_Add
ImageList_AddMasked
ImageList_ReplaceIcon
ord17

shlwapi

PathCompactPathW
PathFileExistsW
PathRemoveFileSpecW
PathAddBackslashW
PathRemoveBackslashW
PathRemoveExtensionW
PathStripToRootW
PathFindExtensionW
PathFindFileNameW
PathIsUNCW

oledlg

OleUIAddVerbMenuW
OleUIBusyW

ole32

OleDestroyMenuDescriptor
OleCreateMenuDescriptor
IsAccelerator
OleTranslateAccelerator
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CLSIDFromString
CLSIDFromProgID
CoDisconnectObject
CoTaskMemAlloc
CoTaskMemFree

oleaut32

VarDateFromStr
SysAllocStringLen
VariantClear
VariantChangeType
VariantInit
SysFreeString
SysStringLen
SystemTimeToVariantTime
VariantCopy
SafeArrayDestroy
SysAllocString
LoadTypeLi
OleCreateFontIndirect

winmm

PlaySoundW

Sections

.text
Size: 644KB - Virtual size: 642KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 164KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 147KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c39b372932edb521dac059e7b78965c2

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

37:d3:74:0f:b0:4d:b7:fa:54:df:df:35:8b:ef:6d:5fCertificate

Extended Key Usages

Key Usages

6d:96:38:5b:ab:2a:43:12:e3:59:75:ed:a4:d6:42:ed:b3:54:a3:c7Signer

Signature Validations

Verification

01/10/2010, 02:55 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

winmm

Sections

.text Size: 644KB - Virtual size: 642KB

.rdata Size: 164KB - Virtual size: 162KB

.data Size: 12KB - Virtual size: 28KB

.rsrc Size: 147KB - Virtual size: 147KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

37:d3:74:0f:b0:4d:b7:fa:54:df:df:35:8b:ef:6d:5f
Certificate

6d:96:38:5b:ab:2a:43:12:e3:59:75:ed:a4:d6:42:ed:b3:54:a3:c7
Signer

01/10/2010, 02:55
Valid: false

.text
Size: 644KB - Virtual size: 642KB

.rdata
Size: 164KB - Virtual size: 162KB

.data
Size: 12KB - Virtual size: 28KB

.rsrc
Size: 147KB - Virtual size: 147KB