fde846f174a185ca0cafa1557cacc05a5fc0433a7baa0ddcec0e90b191159073

Sharing

Copy URL Twitter E-mail

General

Target

fde846f174a185ca0cafa1557cacc05a5fc0433a7baa0ddcec0e90b191159073
Size

2.4MB
MD5

423d8a76e838d3d1fd4206ceca33354f
SHA1

8667aeb9353eaf6be56c0b28efca5de188a9ea1f
SHA256

fde846f174a185ca0cafa1557cacc05a5fc0433a7baa0ddcec0e90b191159073
SHA512

f33786943f6d1923017d3886bbaf866e35db16424374202e99691a639359390f68e10411c85e1e508a7439b845236ec48812f18f9be301511aa12c44fc58c4ad
SSDEEP

49152:tHTQ5Un0A2/9u4l3HjWT6Dl10nIUauCa/mBLsR7TBaCqDbZP/8XfeUrO9Rx:e2o3HI8MnIUUPCqDbZn8Xf

Score

N/A

Malware Config

Signatures

Files

fde846f174a185ca0cafa1557cacc05a5fc0433a7baa0ddcec0e90b191159073
.exe windows x86

7f9bcebf5ab50284e62f0a87fa2620a6

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:57:f9:cb:ca:c1:ea:95:04:83:8e:3e:d9:35:5d:2d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

24/10/2008, 00:00

Not After

10/12/2009, 23:59

Subject

CN=Adobe Systems Incorporated,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Information Systems,O=Adobe Systems Incorporated,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

99:6b:52:49:84:df:8c:1d:56:1a:2a:df:3c:c2:5d:6b:86:2c:9c:0b
Signer

Actual PE Digest

99:6b:52:49:84:df:8c:1d:56:1a:2a:df:3c:c2:5d:6b:86:2c:9c:0b

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Adobe Systems Incorporated,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Information Systems,O=Adobe Systems Incorporated,L=San Jose,ST=California,C=US

08/01/2009, 15:36
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msi

ord141
ord137
ord88
ord175

psapi

GetModuleFileNameExW
EnumProcessModules
GetModuleBaseNameW

crypt32

CryptProtectData
CryptUnprotectData

kernel32

TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
GetModuleHandleA
GlobalFlags
lstrlenA
FileTimeToSystemTime
FlushFileBuffers
SetEndOfFile
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
HeapFree
GetSystemTimeAsFileTime
ExitProcess
InitializeCriticalSection
HeapAlloc
HeapReAlloc
GetCommandLineA
GetProcessHeap
GetStartupInfoA
ExitThread
HeapSize
GetConsoleCP
GetConsoleMode
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
SetHandleCount
GetFileType
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
QueryPerformanceCounter
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoA
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
CreateFileA
InterlockedCompareExchange
CreateSemaphoreA
ReleaseSemaphore
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
FreeResource
GlobalAddAtomW
GlobalFindAtomW
CompareStringW
LoadLibraryA
GetVersionExA
GlobalDeleteAtom
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
lstrcmpW
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
MulDiv
CreateThread
TerminateThread
GetExitCodeThread
GetCurrentThread
GetPrivateProfileStringW
WritePrivateProfileStringW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetPrivateProfileSectionA
WritePrivateProfileSectionA
GetEnvironmentVariableW
SetEnvironmentVariableA
CreateMutexA
InterlockedIncrement
InterlockedDecrement
GetTempPathW
GetFileAttributesW
GetFullPathNameW
lstrlenW
lstrcpynW
GetACP
WideCharToMultiByte
CreateDirectoryW
GetVolumeInformationW
GetTempFileNameW
RemoveDirectoryW
SetFileAttributesW
GetFileTime
FileTimeToLocalFileTime
GetDiskFreeSpaceExW
MoveFileExW
MoveFileW
CopyFileW
DeleteFileW
SetFilePointer
WriteFile
ReadFile
CreateFileW
GetCurrentThreadId
OpenThread
Sleep
MultiByteToWideChar
GetTickCount
OpenProcess
GetModuleHandleW
GetVersionExW
GetModuleFileNameW
GetSystemDefaultLCID
SetLastError
CreateMutexW
ReleaseMutex
CloseHandle
GetThreadLocale
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetCurrentProcessId
FindFirstFileW
FindNextFileW
FindClose
GetEnvironmentStringsW
CreateProcessW
WaitForSingleObject
FreeEnvironmentStringsW
GetCurrentProcess
GetCommandLineW
LoadLibraryW
GetProcAddress
FreeLibrary
GetLastError
GetWindowsDirectoryW
SetCurrentDirectoryW
LocalFree
GetStringTypeExA

user32

TabbedTextOutW
GetSysColorBrush
WindowFromPoint
IsDialogMessageW
CreateDialogIndirectParamW
EndDialog
IsWindowEnabled
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
CheckMenuItem
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
GetCapture
GetClassLongW
SetPropW
GetPropW
RemovePropW
SetFocus
GetForegroundWindow
GetLastActivePopup
GetTopWindow
DestroyWindow
GetMessageTime
UnregisterClassA
SetScrollPos
UpdateWindow
GetMenu
CreateWindowExW
GetClassInfoExW
RegisterClassW
GetSysColor
AdjustWindowRectEx
GetScrollInfo
PtInRect
DefWindowProcW
CallWindowProcW
SetWindowLongW
SystemParametersInfoA
GetWindowPlacement
GetWindow
GetMenuState
ClientToScreen
GetMenuItemID
GetMenuItemCount
GetWindowTextLengthW
GetWindowTextA
GetWindowLongW
EnumChildWindows
SetWindowPos
DrawTextA
SetWindowsHookExW
MessageBoxW
UnhookWindowsHookEx
CallNextHookEx
GetWindowTextW
GetSystemMetrics
EnableMenuItem
GetDesktopWindow
MoveWindow
EnumWindows
GetClassNameW
ExitWindowsEx
wsprintfW
PeekMessageW
MsgWaitForMultipleObjects
LoadMenuIndirectW
GetSubMenu
GetCursorPos
TrackPopupMenuEx
DestroyMenu
IsIconic
GetKeyState
GetParent
GetWindowRect
ScreenToClient
GetDC
DrawFocusRect
ReleaseDC
GetNextDlgTabItem
GetFocus
GetSystemMenu
RemoveMenu
LoadCursorW
SetCursor
SetForegroundWindow
GetMessagePos
MapWindowPoints
SetDlgItemTextW
GetDlgItem
SetWindowTextW
ShowWindow
CheckDlgButton
IsDlgButtonChecked
EndPaint
BeginPaint
CopyRect
InvalidateRect
GetDlgCtrlID
GetClientRect
KillTimer
SetTimer
GetMessageW
TranslateMessage
DispatchMessageW
PostQuitMessage
SetActiveWindow
GetActiveWindow
EnableWindow
IsWindowVisible
IsWindow
GetWindowThreadProcessId
AllowSetForegroundWindow
SendMessageW
FindWindowW
PostMessageW
RegisterWindowMessageW
GetClassInfoW
DestroyIcon
LoadIconW
GrayStringW
DrawTextExW
DrawTextW
LoadStringA

gdi32

SetWindowExtEx
ScaleWindowExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
TextOutW
RectVisible
PtVisible
ScaleViewportExtEx
CreateCompatibleDC
DeleteDC
DeleteObject
GetStockObject
GetObjectW
CreateFontIndirectW
SelectObject
SetMapMode
RestoreDC
SaveDC
ExtTextOutW
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyW
RegDeleteValueW
RegCreateKeyExA
RegCloseKey
AllocateAndInitializeSid
FreeSid
SetEntriesInAclW
SetNamedSecurityInfoW
RegOpenKeyExW
RegQueryValueExW
OpenProcessToken
GetTokenInformation
ConvertSidToStringSidW
RegOpenKeyExA
RegQueryValueExA

shell32

ShellExecuteExW
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
Shell_NotifyIconW
SHFileOperationW
SHGetDesktopFolder
SHBrowseForFolderW
CommandLineToArgvW

comctl32

ord17

shlwapi

PathFileExistsW
PathIsDirectoryW
PathStripToRootA
PathRemoveFileSpecW
PathIsFileSpecW
PathFindExtensionW

ws2_32

inet_addr
ntohl

oleaut32

VariantClear
VariantChangeType
VariantInit

wininet

HttpQueryInfoA
InternetReadFileExA
InternetSetOptionA
InternetCrackUrlA
HttpOpenRequestA
InternetCanonicalizeUrlA
InternetSetStatusCallbackW
InternetOpenA
InternetSetStatusCallbackA
HttpSendRequestA
InternetCloseHandle
InternetConnectA

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

iphlpapi

GetIfTable
GetBestInterface
GetAdaptersInfo

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 352KB - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 122KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 170KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7f9bcebf5ab50284e62f0a87fa2620a6

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

76:57:f9:cb:ca:c1:ea:95:04:83:8e:3e:d9:35:5d:2dCertificate

Extended Key Usages

Key Usages

99:6b:52:49:84:df:8c:1d:56:1a:2a:df:3c:c2:5d:6b:86:2c:9c:0bSigner

Signature Validations

Verification

08/01/2009, 15:36 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

msi

psapi

crypt32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ws2_32

oleaut32

wininet

version

iphlpapi

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 352KB - Virtual size: 352KB

.data Size: 122KB - Virtual size: 145KB

.data1 Size: 512B - Virtual size: 84B

.rsrc Size: 126KB - Virtual size: 126KB

.reloc Size: 170KB - Virtual size: 170KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

76:57:f9:cb:ca:c1:ea:95:04:83:8e:3e:d9:35:5d:2d
Certificate

99:6b:52:49:84:df:8c:1d:56:1a:2a:df:3c:c2:5d:6b:86:2c:9c:0b
Signer

08/01/2009, 15:36
Valid: false

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 352KB - Virtual size: 352KB

.data
Size: 122KB - Virtual size: 145KB

.data1
Size: 512B - Virtual size: 84B

.rsrc
Size: 126KB - Virtual size: 126KB

.reloc
Size: 170KB - Virtual size: 170KB