7ed46d477d3da8a070f326711b54f250e79394a58cb9326edf4ac000200f9a9f

Sharing

Copy URL Twitter E-mail

General

Target

7ed46d477d3da8a070f326711b54f250e79394a58cb9326edf4ac000200f9a9f
Size

361KB
MD5

540bf9f80dfb314844c5668631506561
SHA1

55c20222605812dd8f72e53fc5415241b69a2eb0
SHA256

7ed46d477d3da8a070f326711b54f250e79394a58cb9326edf4ac000200f9a9f
SHA512

447c871af15e4247ffb61bf1ee3277fd7e5f8239f5d6384ff9af0bee63d576649d55df593329c375d8cb5dff60ab859d26868c221a2dd5178265e6f239fa1856
SSDEEP

6144:zNYoEJEs/9gHybHe3Kbyc2aei/RRdubW7m+AtVpWi9:w/tb+6gCR/uiS+AtVpWU

Score

N/A

Malware Config

Signatures

Files

7ed46d477d3da8a070f326711b54f250e79394a58cb9326edf4ac000200f9a9f
.exe windows x86

efaf5b4c35822bf29a84483a567f1d69

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

37:d3:74:0f:b0:4d:b7:fa:54:df:df:35:8b:ef:6d:5f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

17/02/2009, 00:00

Not After

12/04/2012, 23:59

Subject

CN=CyberLink,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=CyberLink,L=Taipei,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f4:e3:65:51:92:74:c8:96:78:07:bc:a9:30:0b:5d:22:4c:a4:0b:81
Signer

Actual PE Digest

f4:e3:65:51:92:74:c8:96:78:07:bc:a9:30:0b:5d:22:4c:a4:0b:81

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=CyberLink,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=CyberLink,L=Taipei,ST=Taiwan,C=TW

29/11/2011, 01:51
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ResetEvent
WritePrivateProfileStringW
GetPrivateProfileStringW
GetVersionExW
FlushInstructionCache
GetCurrentProcess
SetLastError
CreateMutexW
LoadLibraryW
GetLocaleInfoW
GetUserDefaultLangID
GetUserDefaultUILanguage
GetProcAddress
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
LeaveCriticalSection
HeapDestroy
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
VirtualProtect
GetModuleHandleA
GetSystemInfo
VirtualQuery
GetStartupInfoW
HeapCreate
ExitProcess
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringA
WideCharToMultiByte
LCMapStringW
FreeEnvironmentStringsA
EnterCriticalSection
FindResourceExW
LockResource
CreateFileW
QueryPerformanceCounter
WriteFile
OutputDebugStringW
GetCommandLineW
FindResourceW
LoadLibraryExW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
SetEvent
InterlockedDecrement
InterlockedIncrement
GetCurrentThreadId
CloseHandle
GetModuleHandleW
CreateEventW
CreateThread
Sleep
GetModuleFileNameW
lstrcmpiW
GetLastError
DeleteCriticalSection
InitializeCriticalSection
RaiseException
lstrlenW
WaitForSingleObject
HeapAlloc
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
FlushFileBuffers
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
ExitThread

user32

GetSystemMenu
RemoveMenu
CallWindowProcW
EndPaint
BeginPaint
FindWindowW
SetWindowRgn
KillTimer
UnregisterClassA
InvalidateRect
UpdateWindow
RegisterDeviceNotificationW
GetDesktopWindow
GetWindowRect
UnregisterDeviceNotification
DefWindowProcW
RegisterClassExW
CreateWindowExW
UnregisterClassW
LoadCursorW
GetClassInfoExW
IsWindow
IsWindowVisible
ShowWindow
SetWindowPos
GetWindowLongW
SetWindowLongW
CharUpperBuffW
DestroyWindow
GetAncestor
SetFocus
MsgWaitForMultipleObjectsEx
PeekMessageW
PostMessageW
MessageBoxW
CharUpperW
LoadStringW
CharNextW
PostThreadMessageW
GetMessageW
DispatchMessageW
TranslateMessage
SetTimer

gdi32

GetObjectW
GetPixel
CreateRectRgn
CombineRgn
BitBlt
DeleteDC
DeleteObject
CreateCompatibleBitmap
SetViewportOrgEx
SelectObject
CreateCompatibleDC
CreateDCW

advapi32

RegDeleteValueW
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
RegEnumKeyExW
ControlService
DeleteService
CreateServiceW
RegQueryInfoKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteKeyW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
SetServiceStatus
RegisterEventSourceW
ReportEventW
DeregisterEventSource

shell32

SHCreateDirectoryExW
SHGetSpecialFolderPathW

ole32

CoCreateInstance
StringFromGUID2
CoTaskMemFree
CoRegisterClassObject
CoRevokeClassObject
CoTaskMemRealloc
CoTaskMemAlloc
CoInitialize
CoUninitialize
CoInitializeSecurity

oleaut32

SysStringLen
SysFreeString
SysAllocString
LoadTypeLi
VarBstrCmp
SysStringByteLen
SysAllocStringByteLen
LoadRegTypeLi
VariantChangeType
VariantCopy
VariantClear
VariantInit
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi

shlwapi

PathRemoveFileSpecW
PathFileExistsW
PathAppendW
PathAddBackslashW

gdiplus

GdipCreateHBITMAPFromBitmap
GdipCloneImage
GdipCloneBrush
GdipCreateFont
GdipDrawImageRectRectI
GdipDrawImageI
GdipMeasureString
GdipDrawString
GdipFillRectangleI
GdipDrawRectangleI
GdipSetTextRenderingHint
GdipGetImageGraphicsContext
GdipCreateFromHWND
GdipCreateFromHDC
GdipSetStringFormatAlign
GdipSetPenColor
GdipCreateSolidFill
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromGraphics
GdipCreateBitmapFromFile
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDeleteGraphics
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeletePen
GdipCreatePen1
GdipDeleteBrush
GdipAlloc
GdipFree

Sections

.text
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

efaf5b4c35822bf29a84483a567f1d69

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

37:d3:74:0f:b0:4d:b7:fa:54:df:df:35:8b:ef:6d:5fCertificate

Extended Key Usages

Key Usages

f4:e3:65:51:92:74:c8:96:78:07:bc:a9:30:0b:5d:22:4c:a4:0b:81Signer

Signature Validations

Verification

29/11/2011, 01:51 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

gdiplus

Sections

.text Size: 144KB - Virtual size: 143KB

.rdata Size: 44KB - Virtual size: 42KB

.data Size: 12KB - Virtual size: 18KB

.rsrc Size: 152KB - Virtual size: 152KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

37:d3:74:0f:b0:4d:b7:fa:54:df:df:35:8b:ef:6d:5f
Certificate

f4:e3:65:51:92:74:c8:96:78:07:bc:a9:30:0b:5d:22:4c:a4:0b:81
Signer

29/11/2011, 01:51
Valid: false

.text
Size: 144KB - Virtual size: 143KB

.rdata
Size: 44KB - Virtual size: 42KB

.data
Size: 12KB - Virtual size: 18KB

.rsrc
Size: 152KB - Virtual size: 152KB