089d60fc92eae426c9ad4dbefe13de8fa7a6c43231216db4f0d07bd81f41966b

Sharing

Copy URL

Twitter E-mail

General

Target

089d60fc92eae426c9ad4dbefe13de8fa7a6c43231216db4f0d07bd81f41966b
Size

569KB
MD5

040104c41ecd4d1b2219bbfc08e36731
SHA1

b4e174284fb2c75066e9b3f297ffdba01cd7edcd
SHA256

089d60fc92eae426c9ad4dbefe13de8fa7a6c43231216db4f0d07bd81f41966b
SHA512

1d22a7f5e349446a27a197beec8dcc4e2c79f3fb1e86e5de271e6302d2239a3164be9ffedf00d01001cf2bccb7603dfd01c4661a37931695651d88fdd5576a6c
SSDEEP

6144:oV6uDVUUQH5qAHBE6v8okoagoX14bGhzzB5Nb/5zsXRPf6fDfmRd:oV6ubWBdyuqzzXF/2ZIfmRd

Score

N/A

Malware Config

Signatures

Files

089d60fc92eae426c9ad4dbefe13de8fa7a6c43231216db4f0d07bd81f41966b
.exe windows x86

7624c238034e2cb54c93ae6f9d14b03b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3a:8e:49:11:ea:41:4d:e5:37:bc:ee:2a:aa:b7:4f:c7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

27/02/2009, 00:00

Not After

20/04/2012, 23:59

Subject

CN=Broadcom Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Enterprise Computing,O=Broadcom Corporation,L=Irvine,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b0:20:d6:85:4b:c4:a2:4c:11:db:8f:1a:8d:e5:61:06:f3:f9:a1:3d
Signer

Actual PE Digest

b0:20:d6:85:4b:c4:a2:4c:11:db:8f:1a:8d:e5:61:06:f3:f9:a1:3d

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Broadcom Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Enterprise Computing,O=Broadcom Corporation,L=Irvine,ST=California,C=US

11/08/2009, 23:09
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

getsockname
closesocket
WSACleanup
WSAStartup
socket
bind
WSALookupServiceNextW
WSAGetLastError
WSALookupServiceBeginW
WSAAddressToStringW
WSASetServiceW
sendto
WSALookupServiceEnd
ntohl

setupapi

SetupDiDestroyDeviceInfoList
SetupDiSetClassInstallParamsW
CM_Get_DevNode_Status
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
CM_Locate_DevNodeW
SetupDiOpenDevRegKey
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInstanceIdW
SetupDiGetDeviceInterfaceDetailW
CM_Get_Parent
SetupDiGetDeviceInstanceIdA
SetupDiGetDeviceRegistryPropertyA
CM_Get_Device_IDW
SetupDiSetClassInstallParamsA
CM_Get_Device_IDA
SetupDiCallClassInstaller

kernel32

OutputDebugStringW
OpenProcess
Process32NextW
lstrcmpiW
Process32FirstW
CreateToolhelp32Snapshot
GetLocalTime
LoadLibraryA
CreateProcessW
GetSystemDirectoryW
InterlockedDecrement
SetEvent
GetCurrentThreadId
lstrlenA
GetCurrentThread
InterlockedIncrement
DisconnectNamedPipe
WriteFile
ReadFile
ConnectNamedPipe
WaitForMultipleObjects
ResetEvent
LocalFree
CreateNamedPipeW
CreateEventW
CreateThread
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetCommandLineW
lstrcmpW
lstrcpyW
LockResource
FindResourceExW
RaiseException
GetWindowsDirectoryW
GetModuleHandleA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
ExitThread
RtlUnwind
HeapReAlloc
GetTimeZoneInformation
GetSystemTimeAsFileTime
ExitProcess
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
TerminateProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
FatalAppExitA
VirtualAlloc
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
LCMapStringW
HeapSize
SetConsoleCtrlHandler
SetFilePointer
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
GetModuleFileNameW
IsValidCodePage
GetLocaleInfoW
SetStdHandle
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetThreadLocale
lstrlenW
LoadLibraryW
FreeLibrary
CallNamedPipeA
MultiByteToWideChar
GetModuleHandleW
GetProcAddress
GetCurrentProcess
OutputDebugStringA
SetLastError
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetVersionExW
CreateFileA
WideCharToMultiByte
Sleep
InterlockedExchange
WaitForSingleObject
TerminateThread
CreateFileW
SetThreadPriority
CloseHandle
DeviceIoControl
GetLastError
MulDiv
IsValidLocale

user32

SetWindowPos
CreateDialogParamW
wsprintfW
UnregisterClassA
IsWindowVisible
EnumChildWindows
SetClassLongW
IsWindow
CallWindowProcW
GetDlgItem
CheckDlgButton
CheckRadioButton
PostMessageW
GetParent
GetClassNameW
GetWindowTextW
FindWindowExW
GetWindowLongW
GetMessageW
ShowWindow
CreateWindowExW
GetForegroundWindow
DestroyWindow
GetDesktopWindow
GetProcessWindowStation
GetThreadDesktop
OpenWindowStationW
OpenDesktopW
PostThreadMessageW
LoadStringW
wvsprintfW
SetThreadDesktop
SetProcessWindowStation
CloseDesktop
CloseWindowStation
UnregisterDeviceNotification
RegisterDeviceNotificationW
MessageBoxW
CharNextW
PeekMessageW
DefWindowProcW
SetDlgItemTextW
PostQuitMessage
KillTimer
SetTimer
BringWindowToTop
SetActiveWindow
SetFocus
GetSystemMetrics
GetWindowRect
mouse_event
GetWindowThreadProcessId
IsWindowEnabled
EnableWindow
FindWindowW
SendMessageW
UpdateWindow
DispatchMessageW
EnumWindows

advapi32

RegDeleteKeyW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
CryptAcquireContextW
CryptReleaseContext
CryptSetProvParam
InitializeSecurityDescriptor
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegDeleteKeyA
RegEnumValueA
RegCreateKeyExA
RegDeleteKeyExA
RegDeleteValueA
RegNotifyChangeKeyValue
RegEnumKeyW
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
GetUserNameW
OpenThreadToken
ImpersonateLoggedOnUser
RegOpenCurrentUser
StartServiceW
QueryServiceStatus
RegOpenKeyExA
GetTokenInformation
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
IsValidSid
GetLengthSid
CopySid
OpenProcessToken
LookupPrivilegeValueW
CryptExportKey
CryptGenKey
CryptGetUserKey
CryptDecrypt
CryptImportKey
RegSetValueExW
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteValueW
RegQueryValueExA
RegSetValueExA
RegEnumValueW
CloseServiceHandle
OpenServiceW
OpenSCManagerW
ChangeServiceConfig2W
CreateServiceW
DeleteService
ControlService
DeregisterEventSource
ReportEventW
RegisterEventSourceW
SetServiceStatus
RevertToSelf
AdjustTokenPrivileges
CryptDestroyKey
CryptEncrypt

ole32

CoInitializeSecurity
CoInitialize
CoUninitialize
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoRegisterClassObject
CoRevokeClassObject
StringFromGUID2

oleaut32

SysStringLen
SysFreeString
SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr

Sections

.text
Size: 368KB - Virtual size: 367KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7624c238034e2cb54c93ae6f9d14b03b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

3a:8e:49:11:ea:41:4d:e5:37:bc:ee:2a:aa:b7:4f:c7Certificate

Extended Key Usages

Key Usages

b0:20:d6:85:4b:c4:a2:4c:11:db:8f:1a:8d:e5:61:06:f3:f9:a1:3dSigner

Signature Validations

Verification

11/08/2009, 23:09 Valid: false

Headers

File Characteristics

Imports

ws2_32

setupapi

kernel32

user32

advapi32

ole32

oleaut32

Sections

.text Size: 368KB - Virtual size: 367KB

.rdata Size: 148KB - Virtual size: 147KB

.data Size: 12KB - Virtual size: 140KB

.rsrc Size: 32KB - Virtual size: 29KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

3a:8e:49:11:ea:41:4d:e5:37:bc:ee:2a:aa:b7:4f:c7
Certificate

b0:20:d6:85:4b:c4:a2:4c:11:db:8f:1a:8d:e5:61:06:f3:f9:a1:3d
Signer

11/08/2009, 23:09
Valid: false

.text
Size: 368KB - Virtual size: 367KB

.rdata
Size: 148KB - Virtual size: 147KB

.data
Size: 12KB - Virtual size: 140KB

.rsrc
Size: 32KB - Virtual size: 29KB