22c53b31e71d70871a3fd8eac9ab6e790b0199f8635f41854c5d895cc85222fc

Sharing

Copy URL Twitter E-mail

General

Target

22c53b31e71d70871a3fd8eac9ab6e790b0199f8635f41854c5d895cc85222fc
Size

152KB
MD5

75c260210e4a2936f4918679f276fcc0
SHA1

ab83ee8d446cde61e02bec3ebc5abd80085640e8
SHA256

22c53b31e71d70871a3fd8eac9ab6e790b0199f8635f41854c5d895cc85222fc
SHA512

5dd37290cf743ba77dee0e47046a8d2f8e93070b3cdf387ee9e2178b9c6acb58faf10e70e334b40f23257f33c0ab11cd839e5d76cece842972abc477e5dbf5f2
SSDEEP

3072:w6Ni5gB5ZLbMIap7GLLyiP08PPkm2ea0HAfeUeyYod:wxgB5ZLbMIDyis8P7HceUeyP

Score

N/A

Malware Config

Signatures

Files

22c53b31e71d70871a3fd8eac9ab6e790b0199f8635f41854c5d895cc85222fc
.exe windows x64

1241ce82806c00da531266b9cc8880b2

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

56:4a:36:1e:16:8a:81:a8:f3:ef:aa:da:33:25:08:e1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

13/09/2008, 00:00

Not After

09/10/2011, 23:59

Subject

CN=McAfee\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IIS,O=McAfee\, Inc.,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c0:5e:86:5c:7a:04:0e:d1:51:e0:41:3a:90:68:61:02:a4:03:7f:a9
Signer

Actual PE Digest

c0:5e:86:5c:7a:04:0e:d1:51:e0:41:3a:90:68:61:02:a4:03:7f:a9

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=McAfee\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IIS,O=McAfee\, Inc.,L=Santa Clara,ST=California,C=US

06/10/2010, 21:56
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

SetServiceStatus
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
OpenProcessToken
OpenThreadToken
AdjustTokenPrivileges
PrivilegeCheck
LookupPrivilegeValueW
CloseServiceHandle
StartServiceW
OpenServiceW
OpenSCManagerW
QueryServiceStatus
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
GetSecurityDescriptorDacl
GetTokenInformation
CopySid
GetLengthSid
AllocateAndInitializeSid
SetSecurityDescriptorDacl
AddAccessAllowedAceEx
AddAccessDeniedAceEx
InitializeAcl
InitializeSecurityDescriptor
SetServiceObjectSecurity
RegOpenKeyW
RegCreateKeyExW

sfc

SfcIsFileProtected

kernel32

CreateThread
InitializeCriticalSection
FreeLibrary
GetProcAddress
LoadLibraryA
GetCurrentProcess
GetCurrentThread
Sleep
CreateFileW
InitializeCriticalSectionAndSpinCount
LoadLibraryW
GetFileAttributesExW
GetSystemWindowsDirectoryW
QueryDosDeviceW
GetLogicalDriveStringsW
GetVersion
Module32NextW
Module32FirstW
CreateToolhelp32Snapshot
GetVersionExW
OpenProcess
DeleteCriticalSection
GetSystemDirectoryW
GetWindowsDirectoryW
GetEnvironmentVariableW
SetFilePointer
WriteFile
ReadFile
VirtualProtect
IsBadReadPtr
SetLastError
GetModuleHandleW
GetModuleFileNameW
GetCurrentThreadId
CloseHandle
GetStdHandle
DebugBreak
HeapAlloc
HeapFree
HeapReAlloc
ExitProcess
GetModuleFileNameA
HeapSetInformation
HeapCreate
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
EncodePointer
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
OutputDebugStringA
HeapSize
RtlUnwindEx
GetCPInfo
GetACP
GetOEMCP
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
GetConsoleCP
GetConsoleMode
GetStringTypeW
VirtualAlloc
SetThreadStackGuarantee
GetSystemInfo
VirtualQuery
SetStdHandle
WriteConsoleW
FlushFileBuffers
SetEvent
CreateEventW
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
DeviceIoControl
GetLastError
FindClose
TerminateProcess
FindFirstFileW

ntdll

_wcsnicmp

Sections

.text
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bldvar
Size: 512B - Virtual size: 19B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

��
Size: 1024B - Virtual size: 978B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1241ce82806c00da531266b9cc8880b2

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

56:4a:36:1e:16:8a:81:a8:f3:ef:aa:da:33:25:08:e1Certificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

c0:5e:86:5c:7a:04:0e:d1:51:e0:41:3a:90:68:61:02:a4:03:7f:a9Signer

Signature Validations

Verification

06/10/2010, 21:56 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

sfc

kernel32

ntdll

Sections

.text Size: 71KB - Virtual size: 71KB

.rdata Size: 30KB - Virtual size: 29KB

.data Size: 27KB - Virtual size: 37KB

.pdata Size: 5KB - Virtual size: 4KB

.bldvar Size: 512B - Virtual size: 19B

.rsrc Size: 1KB - Virtual size: 1KB

�� Size: 1024B - Virtual size: 978B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

56:4a:36:1e:16:8a:81:a8:f3:ef:aa:da:33:25:08:e1
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

c0:5e:86:5c:7a:04:0e:d1:51:e0:41:3a:90:68:61:02:a4:03:7f:a9
Signer

06/10/2010, 21:56
Valid: false

.text
Size: 71KB - Virtual size: 71KB

.rdata
Size: 30KB - Virtual size: 29KB

.data
Size: 27KB - Virtual size: 37KB

.pdata
Size: 5KB - Virtual size: 4KB

.bldvar
Size: 512B - Virtual size: 19B

.rsrc
Size: 1KB - Virtual size: 1KB

��
Size: 1024B - Virtual size: 978B