8d841148f53508915b93272359f031a543392502b2388142efd50e5a506e927f

Sharing

Copy URL Twitter E-mail

General

Target

8d841148f53508915b93272359f031a543392502b2388142efd50e5a506e927f
Size

707KB
MD5

07578578869967803ca25fae405f8520
SHA1

bd6dc3026b24c8de4ca3b839bb14b883465f438c
SHA256

8d841148f53508915b93272359f031a543392502b2388142efd50e5a506e927f
SHA512

c13ecce33c41a56b367a02cb6b7a7ab4da0d336b294fd3ac92342be99de1e3634649b4c8a0ea6e5aedb7aaa39d6d2ac8bd38c209ec6df001516a48ae4fb48c39
SSDEEP

12288:a5gArEmi72peZWc68liMXPI7XHgZQKhJgeCm7Dz/:a59i7WescHiMXwLHgZpJEI/

Score

N/A

Malware Config

Signatures

Files

8d841148f53508915b93272359f031a543392502b2388142efd50e5a506e927f
.exe windows x86

5315e7b01f00cb920ac01fbf418d7dff

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:02

Not After

25/07/2013, 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

ab:07:21:0e:3e:11:98:c5:79:8a:da:25:18:c0:24:36:2b:d6:87:65
Signer

Actual PE Digest

ab:07:21:0e:3e:11:98:c5:79:8a:da:25:18:c0:24:36:2b:d6:87:65

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

16/03/2010, 10:00
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcr90

wcsrchr
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_controlfp_s
_invoke_watson
_decode_pointer
_onexit
_lock
memcpy_s
_wcsicmp
wcscpy_s
free
_vsnprintf
_vscwprintf
_wcsnicmp
_CIsqrt
vswprintf_s
memmove
strncpy_s
_vsnwprintf_s
_snwprintf_s
wcsncat_s
_vsnprintf_s
bsearch
__dllonexit
_unlock
?terminate@@YAXXZ
_crt_debugger_hook
_except_handler4_common
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
wcstoul
wcsstr
wcschr
memcpy
_CxxThrowException
__CxxFrameHandler3
malloc
swprintf_s
wcsnlen
wcscat_s
memset
wcsncpy_s

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

secur32

GetUserNameExW

kernel32

InterlockedExchange
Sleep
InterlockedCompareExchange
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
HeapFree
HeapAlloc
VirtualAlloc
HeapSetInformation
HeapCreate
HeapDestroy
HeapReAlloc
HeapSize
HeapUnlock
HeapLock
TlsSetValue
GetVersionExA
GetModuleHandleExW
RtlCaptureStackBackTrace
WaitForSingleObject
ReleaseMutex
GetLocalTime
WriteFile
EnterCriticalSection
LeaveCriticalSection
SetFileAttributesW
DeleteFileW
CopyFileW
ReadFile
SetEvent
GlobalFree
UnmapViewOfFile
OpenProcess
GlobalAlloc
WaitForMultipleObjects
CreateProcessA
MapViewOfFile
CreateFileMappingA
CreateMutexA
CreateEventA
DuplicateHandle
GetSystemDefaultLCID
GetSystemDefaultLangID
IsValidLocale
GetUserDefaultLangID
VirtualFree
TlsGetValue
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsFree
DeleteCriticalSection
CreateFileW
ExpandEnvironmentStringsW
GetProcessTimes
OpenMutexA
CreateSemaphoreA
GetShortPathNameA
GetModuleFileNameA
GetSystemDirectoryW
GetTimeZoneInformation
GetDiskFreeSpaceExW
IsWow64Process
GetUserDefaultLCID
GetSystemInfo
LocalFree
LocalAlloc
GetProcessHeap
IsDBCSLeadByte
LockResource
LoadResource
FindResourceA
GetStringTypeExW
SystemTimeToFileTime
GetSystemTime
WideCharToMultiByte
IsValidCodePage
CompareStringW
MultiByteToWideChar
GetTempPathW
GetShortPathNameW
GetLongPathNameW
CreateDirectoryW
GetFileType
LoadLibraryExW
GetCurrentThread
InitializeCriticalSection
GlobalMemoryStatus
ReleaseSemaphore
IsProcessorFeaturePresent
EnumUILanguagesW
EnumSystemLocalesW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
VirtualProtect
GetUserDefaultUILanguage
MulDiv
GetLocaleInfoW
GetNumberFormatW
GetTickCount
CreateEventW
SetUnhandledExceptionFilter
FreeLibrary
OutputDebugStringA
SetLastError
GetLastError
GetModuleFileNameW
CreateProcessW
CloseHandle
GetVersionExW
RaiseException
GetVersion
GetFileAttributesW
GetProcAddress
GetModuleHandleW
LoadLibraryW
GetModuleHandleA
LoadLibraryA
EncodePointer
DecodePointer
WaitForSingleObjectEx
CreateFileMappingW
OpenFileMappingW
OpenThread

advapi32

GetLengthSid
RegQueryValueExW
RegOpenKeyExW
RegOpenCurrentUser
RegSetValueExW
RegCreateKeyExW
RegQueryValueExA
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsA
TraceEvent
RegQueryInfoKeyA
RegDeleteValueA
RegEnumValueA
RegDeleteValueW
RegQueryInfoKeyW
RegEnumKeyW
RegEnumValueW
RegOpenKeyExA
AddAccessAllowedAce
AddAccessDeniedAce
InitializeAcl
AllocateAndInitializeSid
CopySid
GetTokenInformation
OpenProcessToken
OpenThreadToken
RegisterEventSourceW
ReportEventW
DeregisterEventSource
ConvertSidToStringSidA
CreateWellKnownSid
IsValidSid
EqualSid
CheckTokenMembership
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
RegCloseKey

shell32

SHGetSpecialFolderPathW
SHGetFileInfoW
SHAppBarMessage
Shell_NotifyIconW
SHGetDesktopFolder

user32

GetKeyboardLayoutList
BeginPaint
EndPaint
SetActiveWindow
FillRect
DrawIconEx
CreateIconIndirect
SetWindowPos
GetDlgItem
GetDC
DrawTextExW
ReleaseDC
GetIconInfo
MsgWaitForMultipleObjectsEx
GetMessageW
IsDialogMessageW
TranslateMessage
DispatchMessageW
ShowWindow
UpdateWindow
LoadIconW
EnumDisplayMonitors
GetKeyboardLayout
SystemParametersInfoA
GetMenuCheckMarkDimensions
GetMonitorInfoA
GetWindowRect
GetWindowLongW
SetWindowLongW
FindWindowW
LoadImageW
RegisterWindowMessageW
MessageBoxW
SetForegroundWindow
AllowSetForegroundWindow
SetTimer
GetCursorInfo
GetSysColor
UnregisterClassW
RegisterClassExW
PeekMessageW
CreateWindowExW
GetSystemMetrics
SystemParametersInfoW
GetMonitorInfoW
MonitorFromRect
LoadCursorW
SendMessageW
DefWindowProcW
KillTimer
GetDoubleClickTime
DestroyIcon
CreatePopupMenu
AppendMenuW
SetMenuDefaultItem
GetCursorPos
TrackPopupMenuEx
DestroyMenu
DestroyWindow
PostQuitMessage

gdi32

CreateDCA
CreateFontW
CreateSolidBrush
CreateDIBSection
CreateCompatibleDC
CreateBitmap
SelectObject
DeleteObject
GetStockObject
DeleteDC
CreateDCW
GetDeviceCaps

shlwapi

StrRetToBufW

ole32

CoTaskMemFree
CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

SysAllocString
SysFreeString

rpcrt4

UuidCreate

uxtheme

DrawThemeBackground
CloseThemeData
OpenThemeData
GetThemeColor

Exports

Exports

_GetAllocCounters@0

Sections

.text
Size: 381KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 200KB - Virtual size: 239KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5315e7b01f00cb920ac01fbf418d7dff

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:01:cf:3e:00:00:00:00:00:0fCertificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

61:06:94:2d:00:00:00:00:00:09Certificate

Extended Key Usages

Key Usages

ab:07:21:0e:3e:11:98:c5:79:8a:da:25:18:c0:24:36:2b:d6:87:65Signer

Signature Validations

Verification

16/03/2010, 10:00 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

msvcr90

version

secur32

kernel32

advapi32

shell32

user32

gdi32

shlwapi

ole32

oleaut32

rpcrt4

uxtheme

Exports

Exports

Sections

.text Size: 381KB - Virtual size: 380KB

.data Size: 200KB - Virtual size: 239KB

.rsrc Size: 100KB - Virtual size: 100KB

.reloc Size: 25KB - Virtual size: 25KB

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:01:cf:3e:00:00:00:00:00:0f
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:06:94:2d:00:00:00:00:00:09
Certificate

ab:07:21:0e:3e:11:98:c5:79:8a:da:25:18:c0:24:36:2b:d6:87:65
Signer

16/03/2010, 10:00
Valid: false

.text
Size: 381KB - Virtual size: 380KB

.data
Size: 200KB - Virtual size: 239KB

.rsrc
Size: 100KB - Virtual size: 100KB

.reloc
Size: 25KB - Virtual size: 25KB