9fdb3131d94e5ea6c12e3899c1b3f088f77fe4d703a320f48b5cf6c6dc534bbb

Sharing

Copy URL Twitter E-mail

General

Target

9fdb3131d94e5ea6c12e3899c1b3f088f77fe4d703a320f48b5cf6c6dc534bbb
Size

603KB
MD5

628080202fbdcfcff4a8c524a871ed30
SHA1

b5fb3fa075e633d47c70ae3bc9941cbf41aba325
SHA256

9fdb3131d94e5ea6c12e3899c1b3f088f77fe4d703a320f48b5cf6c6dc534bbb
SHA512

8070cc4b2519dc3111da7b9ee8f730f93e62d7c17502594a83c3c66b2d796ab3902e51ef982e3e15890fac2e04e3ad2e53b3d4dd21893b37221c27d5518ec2a1
SSDEEP

6144:LzHVlwLwp5eiBj7J/ONZO8RO+JxCYDzFgQ1bWC/UknQv0XuiDxYYRTK5PkcioTTM:Lz1S8D/ONG

Score

N/A

Malware Config

Signatures

Files

9fdb3131d94e5ea6c12e3899c1b3f088f77fe4d703a320f48b5cf6c6dc534bbb
.exe windows x64

cfed3055ed7235c1ea3c42fb30541b19

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2c:80:89:2e:01:15:b0:b7:7a:a3:59:4b:9a:73:39:53
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

21/07/2010, 00:00

Not After

11/06/2013, 23:59

Subject

CN=Realtek Semiconductor Corp,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=RTCN,O=Realtek Semiconductor Corp,L=Hsinchu,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:ce:ca:1d:de:a7:17:94:ca:ca:6d:be:6b:ac:fb:ad:25:0b:6e:43
Signer

Actual PE Digest

1d:ce:ca:1d:de:a7:17:94:ca:ca:6d:be:6b:ac:fb:ad:25:0b:6e:43

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Realtek Semiconductor Corp,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=RTCN,O=Realtek Semiconductor Corp,L=Hsinchu,ST=Taiwan,C=TW

03/11/2010, 10:14
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

setupapi

CM_Get_Res_Des_Data
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetDeviceInstanceIdW
SetupDiEnumDeviceInterfaces
CM_Get_DevNode_Status
CM_Get_Next_Res_Des
CM_Get_Device_IDW
SetupDiGetDeviceRegistryPropertyW
CM_Get_First_Log_Conf
CM_Free_Res_Des_Handle
SetupDiGetDeviceInterfaceDetailW
CM_Get_Parent
CM_Get_Res_Des_Data_Size
SetupDiGetClassDevsW

winmm

timeBeginPeriod
timeEndPeriod

kernel32

FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LoadLibraryA
SizeofResource
DeviceIoControl
GetLastError
CreateFileW
FindResourceExW
FindResourceW
LoadResource
CloseHandle
LockResource
RaiseException
WaitForSingleObject
CreateEventW
SetEvent
CreateThread
WaitForMultipleObjects
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LocalFree
LeaveCriticalSection
CreateWaitableTimerW
Sleep
SetWaitableTimer
LocalAlloc
GetLocaleInfoA
lstrlenA
GetTickCount
GetCurrentProcessId
GetExitCodeThread
TerminateProcess
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
SetFilePointer
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RtlUnwindEx
FreeEnvironmentStringsW
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
GetProcAddress
FlsGetValue
FlsSetValue
TlsFree
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
HeapSetInformation
HeapCreate
MultiByteToWideChar
LCMapStringA
WideCharToMultiByte
LCMapStringW
RtlPcToFileHeader
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsA
GetEnvironmentStrings

user32

RegisterDeviceNotificationW
UnregisterDeviceNotification
UnregisterClassA

advapi32

RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
SetServiceStatus

ole32

CoInitializeSecurity
CoSetProxyBlanket
CoUninitialize
CoInitializeEx
StringFromGUID2
CoCreateInstance
CoInitialize

oleaut32

SysAllocString
VariantChangeType
SysFreeString
SafeArrayAccessData
SafeArrayUnaccessData
VariantInit
VariantClear

Sections

.text
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

�n
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cfed3055ed7235c1ea3c42fb30541b19

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

2c:80:89:2e:01:15:b0:b7:7a:a3:59:4b:9a:73:39:53Certificate

Extended Key Usages

Key Usages

1d:ce:ca:1d:de:a7:17:94:ca:ca:6d:be:6b:ac:fb:ad:25:0b:6e:43Signer

Signature Validations

Verification

03/11/2010, 10:14 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

setupapi

winmm

kernel32

user32

advapi32

ole32

oleaut32

Sections

.text Size: 118KB - Virtual size: 117KB

.rdata Size: 33KB - Virtual size: 33KB

.data Size: 6KB - Virtual size: 17KB

.pdata Size: 7KB - Virtual size: 6KB

�n Size: 1KB - Virtual size: 1KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

2c:80:89:2e:01:15:b0:b7:7a:a3:59:4b:9a:73:39:53
Certificate

1d:ce:ca:1d:de:a7:17:94:ca:ca:6d:be:6b:ac:fb:ad:25:0b:6e:43
Signer

03/11/2010, 10:14
Valid: false

.text
Size: 118KB - Virtual size: 117KB

.rdata
Size: 33KB - Virtual size: 33KB

.data
Size: 6KB - Virtual size: 17KB

.pdata
Size: 7KB - Virtual size: 6KB

�n
Size: 1KB - Virtual size: 1KB