918164a3723100e16e1ae71bf33ac03786fe60343772893306185ba6e30f998c

Sharing

Copy URL Twitter E-mail

General

Target

918164a3723100e16e1ae71bf33ac03786fe60343772893306185ba6e30f998c
Size

1.0MB
MD5

317a69e0b1a930a2dc8cb67895425a20
SHA1

46b9b1c382497ef4666e1de6132f49d5c294fc56
SHA256

918164a3723100e16e1ae71bf33ac03786fe60343772893306185ba6e30f998c
SHA512

caf9837c038f1249de57571d076bb8c86a0559dfa836545f74e442278cc91b18685e5f97b4ebce45b8626c315f0eb5e5d7ce93e081b74c5b186bc0a1554830c4
SSDEEP

24576:WfWMWNkW0z4q7y+hL+EXVY+O2+u9A99Jc:I3hL+EXVPOxuejJ

Score

N/A

Malware Config

Signatures

Files

918164a3723100e16e1ae71bf33ac03786fe60343772893306185ba6e30f998c
.exe windows x86

6de74e66366edb37dfd8104ff85b77b6

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

30/09/2010, 00:00

Not After

01/01/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:02:1a:27:d2:83:12:88:5c:61:3a:a4:98:58:0f:6f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

08/03/2011, 00:00

Not After

22/04/2014, 23:59

Subject

CN=Intel Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=ISWQL,O=Intel Corporation,L=Folsom,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

92:32:e2:94:62:0e:76:73:a3:81:46:ef:9c:ea:c0:41:58:b3:d4:13
Signer

Actual PE Digest

92:32:e2:94:62:0e:76:73:a3:81:46:ef:9c:ea:c0:41:58:b3:d4:13

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Intel Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=ISWQL,O=Intel Corporation,L=Folsom,ST=California,C=US

28/10/2011, 22:49
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryExW
GetProcAddress
FreeLibrary
GetCurrentDirectoryW
CreateFileW
GetFileSize
ReadFile
MultiByteToWideChar
GetFileTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
LoadLibraryW
GetPrivateProfileStringW
GetModuleFileNameA
WriteFile
CreateMutexW
CreateThread
GetLocalTime
GetCommandLineW
GetTickCount
SetFilePointer
EnumResourceLanguagesW
GetUserDefaultLangID
GetUserDefaultUILanguage
GetVersion
ConvertDefaultLocale
GetLocaleInfoW
GetVersionExW
GetCurrentProcess
GetSystemInfo
GetSystemWow64DirectoryW
OpenProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
TerminateProcess
GetExitCodeProcess
SetEvent
GlobalAlloc
GlobalLock
SetErrorMode
GlobalFree
ExitProcess
CreateEventW
MoveFileExW
SetEndOfFile
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
FlushFileBuffers
LoadLibraryA
GetOEMCP
GetACP
HeapSize
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStartupInfoA
SetHandleCount
GetCurrentThreadId
GetFileType
GetStdHandle
HeapCreate
HeapDestroy
RemoveDirectoryW
Sleep
MoveFileW
GetFileAttributesW
CompareFileTime
SetFileAttributesW
CopyFileW
GetTempFileNameW
GlobalUnlock
GetTempPathW
DeleteFileW
GetEnvironmentVariableW
GetSystemDirectoryW
FindNextFileW
FindClose
FindFirstFileW
SetLastError
VerifyVersionInfoW
VerSetConditionMask
GetWindowsDirectoryW
WaitForSingleObject
TlsGetValue
CreateProcessW
LocalFree
GetModuleFileNameW
WideCharToMultiByte
CloseHandle
GetLastError
CreateFileA
SizeofResource
LockResource
LoadResource
FindResourceW
HeapReAlloc
VirtualAlloc
VirtualFree
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
RtlUnwind
RaiseException
GetCPInfo
GetModuleHandleW
TlsFree
TlsSetValue
TlsAlloc
SetFileAttributesA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetStartupInfoW
GetProcessHeap
GetVersionExA
GetModuleHandleA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetConsoleMode
GetConsoleCP
HeapFree
HeapAlloc
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
InterlockedExchange
InterlockedCompareExchange
LocalAlloc

user32

SetRectEmpty
GetDlgItem
SendMessageW
ShowWindow
EndDialog
SetDlgItemTextW
SetTimer
SendDlgItemMessageW
SetFocus
DialogBoxIndirectParamW
SetWindowPos
GetClientRect
MonitorFromWindow
GetMonitorInfoW
OffsetRect
GetWindowLongW
AdjustWindowRect
GetWindowRect
SetWindowTextW
DrawTextW
MessageBoxIndirectW
LoadIconW
wsprintfW
LoadImageW
PostMessageW
EnableWindow
ReleaseDC
GetDC
EnumWindows
GetWindowThreadProcessId
GetWindowModuleFileNameW
SendMessageTimeoutW
ExitWindowsEx
LoadStringW
DialogBoxParamW
MessageBoxW
KillTimer

gdi32

SetBkMode
SetTextColor
DeleteDC
GetTextExtentPoint32W
SelectObject
CreateCompatibleDC
DeleteObject
CreateFontW
GetStockObject

advapi32

RegDeleteValueW
SetNamedSecurityInfoW
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegOpenKeyExW
RegEnumValueW
RegCloseKey
IsTextUnicode
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
DeleteService
ControlService
StartServiceW
CloseServiceHandle
ChangeServiceConfigW
ChangeServiceConfig2W
CreateServiceW
OpenServiceW
OpenSCManagerW
QueryServiceStatus
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
GetNamedSecurityInfoW

shell32

SHGetFolderPathW
SHCreateDirectoryExW
SHCreateDirectoryExA
CommandLineToArgvW

ole32

CoUninitialize
CoCreateInstance
CLSIDFromString
CoInitialize

cabinet

ord22
ord23
ord20
ord21

setupapi

SetupDiSetClassInstallParamsW
SetupOpenInfFileW
SetupCloseInfFile
SetupFindFirstLineW
SetupGetLineTextW
SetupGetStringFieldW
SetupFindNextLine
SetupDiGetINFClassW
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiCallClassInstaller
SetupDiGetDeviceInstallParamsW
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyW

shlwapi

PathFindFileNameA
PathAddBackslashA
PathRemoveFileSpecA
PathAppendA
PathFindFileNameW
PathRenameExtensionW
PathIsRootW
PathMatchSpecA
PathIsSystemFolderW
PathRemoveBackslashW
PathStripToRootW
PathIsDirectoryW
PathAddBackslashW
PathCombineW
PathRemoveFileSpecW
PathFindExtensionW
SHDeleteKeyW
PathStripPathW
PathFileExistsW
PathAppendW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

psapi

GetModuleFileNameExW
EnumProcessModules

Sections

.text
Size: 332KB - Virtual size: 331KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 619KB - Virtual size: 619KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6de74e66366edb37dfd8104ff85b77b6

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4Certificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

10:02:1a:27:d2:83:12:88:5c:61:3a:a4:98:58:0f:6fCertificate

Extended Key Usages

Key Usages

92:32:e2:94:62:0e:76:73:a3:81:46:ef:9c:ea:c0:41:58:b3:d4:13Signer

Signature Validations

Verification

28/10/2011, 22:49 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

cabinet

setupapi

shlwapi

version

psapi

Sections

.text Size: 332KB - Virtual size: 331KB

.rdata Size: 72KB - Virtual size: 69KB

.data Size: 8KB - Virtual size: 19KB

.rsrc Size: 619KB - Virtual size: 619KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

10:02:1a:27:d2:83:12:88:5c:61:3a:a4:98:58:0f:6f
Certificate

92:32:e2:94:62:0e:76:73:a3:81:46:ef:9c:ea:c0:41:58:b3:d4:13
Signer

28/10/2011, 22:49
Valid: false

.text
Size: 332KB - Virtual size: 331KB

.rdata
Size: 72KB - Virtual size: 69KB

.data
Size: 8KB - Virtual size: 19KB

.rsrc
Size: 619KB - Virtual size: 619KB