31b09c4ff0f88446ff8ecc27a5f44624e6f832d93a1b4a1daa50031b27dfaffd

Sharing

Copy URL

Twitter E-mail

General

Target

31b09c4ff0f88446ff8ecc27a5f44624e6f832d93a1b4a1daa50031b27dfaffd
Size

821KB
MD5

79d5e7c56cf552c7a7c9ecd581d1a550
SHA1

5342f48688fd3f40294e3a42dd5e9edcb7161805
SHA256

31b09c4ff0f88446ff8ecc27a5f44624e6f832d93a1b4a1daa50031b27dfaffd
SHA512

cc21fd601f7f099bae05e43a4cb35fbb5061a881897b93963f3dff1f01852cc732fafd5db28d27105e7caa4696600b8389481e3877968fa00a16244e00edd900
SSDEEP

6144:TLsTGAgD/ZDv2EPYT7uc/yesncFwIc/jTcjvqXa/cJfjjH1jaDzAyc9DcyMdcWNS:TsGAgrA0

Score

N/A

Malware Config

Signatures

Files

31b09c4ff0f88446ff8ecc27a5f44624e6f832d93a1b4a1daa50031b27dfaffd
.exe windows x86

7cfee60717462de0578265c20c375e97

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16-03-2010 00:00

Not After

15-03-2013 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42u

ord4419
ord3592
ord609
ord800
ord641
ord567
ord540
ord324
ord825
ord3621
ord3658
ord2406
ord4229
ord6437
ord2070
ord4294
ord1634
ord1143
ord6193
ord6376
ord4704
ord755
ord470
ord5783
ord283
ord858
ord6195
ord3568
ord3688
ord5784
ord6451
ord4370
ord4847
ord2371
ord640
ord5781
ord1633
ord323
ord4667
ord535
ord823
ord2810
ord538
ord4199
ord2606
ord861
ord6279
ord6278
ord6655
ord4272
ord941
ord940
ord4124
ord2756
ord4269
ord6371
ord4621
ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord4074
ord4692
ord5303
ord5285
ord5710
ord4616
ord3733
ord815
ord561
ord1165
ord942
ord2613
ord1131
ord2717
ord6640
ord5706
ord536
ord5679
ord537
ord6868
ord4197
ord3806
ord551
ord3332
ord5568
ord2910
ord4273
ord2566
ord3567
ord556
ord809
ord1785
ord4270
ord6354
ord1088
ord2114
ord2854
ord3614
ord3737
ord818
ord2859
ord5871
ord2746
ord3871
ord2822
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5273
ord2116
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord5276
ord4347
ord6370
ord5157
ord2377
ord5237
ord4401
ord1767
ord4073
ord6048
ord2506
ord4992
ord5261
ord3566
ord3569
ord4418
ord3397
ord5286
ord4390
ord1768
ord6051
ord4480
ord2567
ord1569

msvcrt

__CxxFrameHandler
wcscmp
wcslen
_wcsicmp
_wtoi
free
fclose
fwrite
__dllonexit
malloc
wcsncpy
swscanf
??1type_info@@UAE@XZ
_CxxThrowException
time
gmtime
clock
wcsncat
_onexit
_controlfp
_wfopen
wcstok
_ftol
_wtol
_exit
_XcptFilter
exit
_wcmdln
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs

kernel32

LoadLibraryW
GetProcAddress
FreeLibrary
GetModuleFileNameW
GetModuleHandleW
GetStartupInfoW
InterlockedDecrement
InterlockedIncrement
SetPriorityClass
GetCurrentProcess
Sleep
DeleteFileW
GetTempFileNameW
GetTempPathW
GetTickCount
GetLastError
CloseHandle
SetProcessWorkingSetSize
CreateProcessW
OutputDebugStringW
GetCurrentProcessId
SetFilePointer
ReadFile
CreateFileW
LoadLibraryExW
VirtualFree
VirtualAlloc
GetFileSize
lstrlenW
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
LocalFree
OpenProcess

user32

EqualRect
SetCursor
WaitForInputIdle
FindWindowW
LoadCursorW
PostMessageW
IsIconic
GetSystemMetrics
SetClassLongW
SendMessageW
LoadIconW
EnableWindow
SetTimer
KillTimer
IsWindow
InvalidateRect
GetClientRect
OffsetRect
LoadBitmapW
SystemParametersInfoW
SetRect
CopyRect
InflateRect
MessageBoxW
GetActiveWindow
GetWindowLongW
DrawIcon
GetParent
PtInRect
BringWindowToTop

gdi32

GetStockObject
SelectObject
DeleteObject
GetObjectW
CreateCompatibleDC
BitBlt
StretchBlt
CreatePen
CreateSolidBrush
Rectangle
Ellipse
CreateFontIndirectW

comctl32

_TrackMouseEvent

ole32

CoInitialize

oleaut32

VariantChangeType
GetErrorInfo
SetErrorInfo
SysStringByteLen
SysAllocStringByteLen
SysFreeString
SysStringLen
CreateErrorInfo
SysAllocString
VariantClear
VariantInit

shlwapi

PathRemoveFileSpecW
SHGetValueW
PathFileExistsW
PathCombineW
SHSetValueW
PathIsRelativeW

msvcp60

??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ

shell32

ShellExecuteW
ShellExecuteExW

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 681KB - Virtual size: 681KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7cfee60717462de0578265c20c375e97

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

mfc42u

msvcrt

kernel32

user32

gdi32

comctl32

ole32

oleaut32

shlwapi

msvcp60

shell32

Sections

.text Size: 108KB - Virtual size: 107KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 12KB - Virtual size: 9KB

.rsrc Size: 681KB - Virtual size: 681KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

.text
Size: 108KB - Virtual size: 107KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 12KB - Virtual size: 9KB

.rsrc
Size: 681KB - Virtual size: 681KB