440c997ecc21530f6545c7cb5d4e90313b6d24b361e2bb826b16adb41802bcf6

Sharing

Copy URL

Twitter E-mail

General

Target

440c997ecc21530f6545c7cb5d4e90313b6d24b361e2bb826b16adb41802bcf6
Size

202KB
MD5

603705fdf73d8bf2664bc76578781be7
SHA1

c7ce2a7be700d9345dbbeee8dc531e87a552e34a
SHA256

440c997ecc21530f6545c7cb5d4e90313b6d24b361e2bb826b16adb41802bcf6
SHA512

1c37ab9206660bef82d79d41caf0fe00f7da3e149bc9ebabd6637bc8d851f03ef857adfc2c9688f39ff93693ad8c6f248f158539220817d7245502ab985a80de
SSDEEP

6144:35FgGaNwEngKLqpeeZ0yoG2ZOqKaL4j2I:35FINBg10yoG2sq

Score

N/A

Malware Config

Signatures

Files

440c997ecc21530f6545c7cb5d4e90313b6d24b361e2bb826b16adb41802bcf6
.exe windows x64

64511c73749e29abdc52e046775e810e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2c:80:89:2e:01:15:b0:b7:7a:a3:59:4b:9a:73:39:53
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

21/07/2010, 00:00

Not After

11/06/2013, 23:59

Subject

CN=Realtek Semiconductor Corp,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=RTCN,O=Realtek Semiconductor Corp,L=Hsinchu,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

d9:d7:ea:9a:a4:bb:60:58:73:bc:b6:93:e6:4c:23:04:d3:87:3e:1d
Signer

Actual PE Digest

d9:d7:ea:9a:a4:bb:60:58:73:bc:b6:93:e6:4c:23:04:d3:87:3e:1d

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Realtek Semiconductor Corp,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=RTCN,O=Realtek Semiconductor Corp,L=Hsinchu,ST=Taiwan,C=TW

09/05/2012, 08:09
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

setupapi

SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
CM_Get_Parent
SetupDiGetDeviceInstanceIdW
CM_Get_Res_Des_Data
CM_Get_Next_Res_Des
CM_Get_DevNode_Status
CM_Get_First_Log_Conf
CM_Free_Res_Des_Handle
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInterfaces
CM_Get_Res_Des_Data_Size
CM_Get_Device_IDW
SetupDiGetDeviceInterfaceDetailW

winmm

timeEndPeriod
timeBeginPeriod

userenv

CreateEnvironmentBlock

wtsapi32

WTSQueryUserToken

kernel32

GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LoadLibraryA
CreateFileW
DeviceIoControl
CloseHandle
GetExitCodeThread
LockResource
SizeofResource
GetLastError
CreateToolhelp32Snapshot
Process32FirstW
FindResourceExW
FindResourceW
ProcessIdToSessionId
WriteConsoleW
OpenProcess
WTSGetActiveConsoleSessionId
LoadResource
RaiseException
MultiByteToWideChar
WaitForSingleObject
CreateEventW
SetEvent
CreateThread
WaitForMultipleObjects
DeleteCriticalSection
InitializeCriticalSection
LocalFree
Sleep
LocalAlloc
CreateWaitableTimerW
SetWaitableTimer
LeaveCriticalSection
EnterCriticalSection
GetStringTypeW
GetStringTypeA
CreateFileA
FlushFileBuffers
lstrlenA
FreeEnvironmentStringsW
GetEnvironmentStringsW
Process32NextW
GetCommandLineA
GetConsoleMode
GetConsoleCP
SetFilePointer
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameW
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
RtlPcToFileHeader
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetVersionExA
GetACP
GetLocaleInfoA
GetThreadLocale
RtlUnwindEx
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
GetOEMCP
IsValidCodePage
GetModuleHandleA
GetProcAddress
FlsGetValue
FlsSetValue
TlsFree
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
HeapSetInformation
HeapCreate
LCMapStringA
WideCharToMultiByte
LCMapStringW

user32

UnregisterClassA
UnregisterDeviceNotification
RegisterDeviceNotificationW

advapi32

SetServiceStatus
StartServiceCtrlDispatcherW
RegQueryValueExW
AdjustTokenPrivileges
RegOpenKeyExW
RegCloseKey
SetTokenInformation
OpenProcessToken
DuplicateTokenEx
LookupPrivilegeValueW
CreateProcessAsUserW
RegisterServiceCtrlHandlerExW

shell32

SHGetFolderPathW

ole32

CoCreateInstance
StringFromGUID2
CoInitializeSecurity
CoSetProxyBlanket
CoUninitialize
CoInitializeEx

oleaut32

SysFreeString
SafeArrayAccessData
SafeArrayUnaccessData
VariantInit
VariantClear
SysAllocString
VariantChangeType

Sections

.text
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

*
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

64511c73749e29abdc52e046775e810e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

2c:80:89:2e:01:15:b0:b7:7a:a3:59:4b:9a:73:39:53Certificate

Extended Key Usages

Key Usages

d9:d7:ea:9a:a4:bb:60:58:73:bc:b6:93:e6:4c:23:04:d3:87:3e:1dSigner

Signature Validations

Verification

09/05/2012, 08:09 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

setupapi

winmm

userenv

wtsapi32

kernel32

user32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 134KB - Virtual size: 134KB

.rdata Size: 38KB - Virtual size: 37KB

.data Size: 6KB - Virtual size: 17KB

.pdata Size: 8KB - Virtual size: 7KB

* Size: 1KB - Virtual size: 1KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

2c:80:89:2e:01:15:b0:b7:7a:a3:59:4b:9a:73:39:53
Certificate

d9:d7:ea:9a:a4:bb:60:58:73:bc:b6:93:e6:4c:23:04:d3:87:3e:1d
Signer

09/05/2012, 08:09
Valid: false

.text
Size: 134KB - Virtual size: 134KB

.rdata
Size: 38KB - Virtual size: 37KB

.data
Size: 6KB - Virtual size: 17KB

.pdata
Size: 8KB - Virtual size: 7KB

*
Size: 1KB - Virtual size: 1KB