5963d6cb94766412a3989a717829a0b34441bde0f7ef3904815bc822b8323faa

Sharing

Copy URL

Twitter E-mail

General

Target

5963d6cb94766412a3989a717829a0b34441bde0f7ef3904815bc822b8323faa
Size

264KB
MD5

681e96866e64226397b446577b2b4cd0
SHA1

33304a8959c6314201830a7f57427377be0e291f
SHA256

5963d6cb94766412a3989a717829a0b34441bde0f7ef3904815bc822b8323faa
SHA512

1a7ef50c261477c7c195e875e157973fa28a3da8aa2c6804c3abfe3b48a77815b61332d60bd7c6446a9a3ec72f695b226f7766a58845c777377e719afb583481
SSDEEP

6144:oLTT7LFIFam5Dsg/B2bVQgqchtfXLUmxNqjjzh4MNPORHYkDZ+yGrnS:oLTT7

Score

N/A

Malware Config

Signatures

Files

5963d6cb94766412a3989a717829a0b34441bde0f7ef3904815bc822b8323faa
.exe windows x86

545acad4842d3a31a00ac8cc705d9aa7

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01-05-2012 00:00

Not After

31-12-2012 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3d:1d:c2:5f:13:5d:5a:54:bd:38:13:2f:b6:8d:6a:fa
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

18-07-2012 00:00

Not After

18-07-2015 23:59

Subject

CN=Fresco Logic Inc,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Fresco Logic Inc,L=Beaverton,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1c:94:7a:2b:98:5f:9b:35:7c:9b:63:54:cb:c9:49:de:93:be:cb:0e
Signer

Actual PE Digest

1c:94:7a:2b:98:5f:9b:35:7c:9b:63:54:cb:c9:49:de:93:be:cb:0e

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Fresco Logic Inc,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Fresco Logic Inc,L=Beaverton,ST=Oregon,C=US

02-11-2012 09:01
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegSetValueExW
RegOpenKeyExW
RegCloseKey

kernel32

FreeLibrary
GetProcAddress
LoadLibraryW
ResetEvent
WaitForSingleObject
InitializeCriticalSection
DeleteCriticalSection
SetEvent
LeaveCriticalSection
EnterCriticalSection
CreateThread
CreateEventW
GetModuleHandleW
WideCharToMultiByte
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
RtlUnwind
OutputDebugStringA
GetStartupInfoW
InterlockedCompareExchange
Sleep
InterlockedExchange
GetLocaleInfoW
CreateFileW
CloseHandle
CreateMutexW
GetLastError
DeviceIoControl
GlobalAlloc
GlobalFree
GetVersionExW

user32

DestroyWindow
CreateWindowExW
LoadStringW
RegisterDeviceNotificationW
GetMessageW
IsDialogMessageW
TranslateMessage
DispatchMessageW
CreateDialogParamW
LoadIconW
SendMessageW
EndDialog
PostQuitMessage
UnregisterDeviceNotification

msvcrt

calloc
isdigit
mbtowc
__mb_cur_max
isleadbyte
isxdigit
localeconv
_iob
_snprintf
_itoa
wctomb
malloc
ferror
iswctype
wcstombs
realloc
free
__pioinfo
_read
_fileno
_lseeki64
_write
_isatty
ungetc
_errno
strstr
wcschr
wcsrchr
wcsncmp
wcsstr
_wcsicmp
?terminate@@YAXXZ
memcpy
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
_wcmdln
exit
_XcptFilter
_exit
memset
_cexit
__wgetmainargs
_wcsupr
__badioinfo
_controlfp

comctl32

ord17

cfgmgr32

CM_Get_Device_IDW
CM_Get_Sibling
CM_Get_Parent
CM_Get_Child
CM_Get_DevNode_Registry_PropertyW
CM_Locate_DevNodeW
CM_Reenumerate_DevNode

setupapi

SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDevsW
SetupDiCreateDeviceInfoList
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiOpenDeviceInfoW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList

shell32

Shell_NotifyIconW

ole32

CoInitializeSecurity
CoCreateInstance
CoUninitialize
CoInitializeEx

oleaut32

SysFreeString
SysAllocString

secur32

GetUserNameExW

Sections

.text
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 224KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

545acad4842d3a31a00ac8cc705d9aa7

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

3d:1d:c2:5f:13:5d:5a:54:bd:38:13:2f:b6:8d:6a:faCertificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

1c:94:7a:2b:98:5f:9b:35:7c:9b:63:54:cb:c9:49:de:93:be:cb:0eSigner

Signature Validations

Verification

02-11-2012 09:01 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

comctl32

cfgmgr32

setupapi

shell32

ole32

oleaut32

secur32

Sections

.text Size: 33KB - Virtual size: 32KB

.data Size: 1024B - Virtual size: 4KB

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 224KB - Virtual size: 224KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

3d:1d:c2:5f:13:5d:5a:54:bd:38:13:2f:b6:8d:6a:fa
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

1c:94:7a:2b:98:5f:9b:35:7c:9b:63:54:cb:c9:49:de:93:be:cb:0e
Signer

02-11-2012 09:01
Valid: false

.text
Size: 33KB - Virtual size: 32KB

.data
Size: 1024B - Virtual size: 4KB

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 224KB - Virtual size: 224KB