7042ed3a9c034468e514f5f57eeb91c410b3fd496eda64c7250f96178a588d4d

Sharing

Copy URL

Twitter E-mail

General

Target

7042ed3a9c034468e514f5f57eeb91c410b3fd496eda64c7250f96178a588d4d
Size

214KB
MD5

7b7667bdd933d263a59aabf6d76d24b0
SHA1

ff56a4a84a140cfcdbc0173eaf1a10193ae0d826
SHA256

7042ed3a9c034468e514f5f57eeb91c410b3fd496eda64c7250f96178a588d4d
SHA512

76fcfe91ba2ce4d100d45becc72c6553563fc5491cb1e2da8675fd9c6fbd4209121c29d3b8a1c52333c832aab85744cfe787cded4055d810eef6b56e5215cfb3
SSDEEP

6144:1gvBoMOz8OUlEaVh7fgqJeDcOFPSgxWmndUEcxwX61r:IBoMOgOUlx1geWcOFqG31OUYr

Score

N/A

Malware Config

Signatures

Files

7042ed3a9c034468e514f5f57eeb91c410b3fd496eda64c7250f96178a588d4d
.exe windows x86

452a931753cc8164bef543535e1e00e4

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:be:8f:83:f4:45:50:21:f4:e2:4f:b0:21:fc:a2:4a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

08/03/2010, 00:00

Not After

08/03/2011, 23:59

Subject

CN=Kaspersky Lab,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Technical dept,O=Kaspersky Lab,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f3:e2:19:d1:c5:e3:35:87:7d:96:69:86:f1:e7:ec:7c:c0:c3:4d:43
Signer

Actual PE Digest

f3:e2:19:d1:c5:e3:35:87:7d:96:69:86:f1:e7:ec:7c:c0:c3:4d:43

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Kaspersky Lab,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Technical dept,O=Kaspersky Lab,L=Moscow,ST=Moscow,C=RU

24/09/2010, 16:17
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

malloc
free
memmove

mscms

IsColorProfileTagPresent
GetColorProfileElement
GetColorProfileHeader
OpenColorProfileA
OpenColorProfileW
CloseColorProfile

kernel32

lstrlenA
GlobalLock
GetLocalTime
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetVersionExW
GetLastError
GlobalHandle
GlobalUnlock
GlobalFree
DeleteCriticalSection
InitializeCriticalSection
DisableThreadLibraryCalls
LeaveCriticalSection
EnterCriticalSection
SetLastError
GlobalAlloc
lstrlenW
VirtualAllocEx

user32

AppendMenuA
CreatePopupMenu
TileChildWindows
DdeSetQualityOfService
SendNotifyMessageW
OemKeyScan
SoftModalMessageBox
MonitorFromWindow
DdeQueryNextServer
GetCursor
GetAltTabInfo
ValidateRgn
WindowFromDC
SetRect
GetKeyState
CreateIconFromResource
IsRectEmpty
InvertRect
ChangeDisplaySettingsW
ChangeDisplaySettingsExA
DeregisterShellHookWindow
CheckMenuRadioItem
LookupIconIdFromDirectory
RemovePropW
SendMessageTimeoutW
ChangeClipboardChain
DrawIcon
DrawFocusRect
FlashWindow
ShowStartGlass
EmptyClipboard
DlgDirListComboBoxA
BroadcastSystemMessage
CascadeWindows
PostThreadMessageA
OpenInputDesktop
SendDlgItemMessageW
ScrollChildren
GetMenuDefaultItem
CsrBroadcastSystemMessageExW
GetMenuInfo
GetScrollInfo
RegisterClassA
AnimateWindow
CharToOemW
AttachThreadInput
ScreenToClient
SetMenu
GetWindow
SetWindowsHookA
DrawFrameControl
RegisterClassW
GetTopWindow
GetWindowWord
IsHungAppWindow
PtInRect
SetTimer
PackDDElParam
LoadMenuIndirectA
DrawCaptionTempA
GetDC
EnumThreadWindows
MenuWindowProcA
RecordShutdownReason
SetProcessWindowStation
RealGetWindowClassA
SetWindowRgn
CalcMenuBar
WinHelpA
SetCaretPos
RemovePropA
LoadRemoteFonts
GetLastActivePopup
GetInternalWindowPos
LoadKeyboardLayoutEx
GetCapture
DdeEnableCallback
MessageBoxA
SetShellWindowEx
EnumClipboardFormats
EnumPropsExW
SetWindowStationUser

winmm

midiStreamRestart
mciExecute
mciGetErrorStringW
midiInGetNumDevs
midiOutUnprepareHeader
PlaySoundA
auxGetVolume
mmioRenameA
mciLoadCommandResource
mmioSeek
mixerGetLineControlsA
waveOutGetPosition
waveOutGetErrorTextA
mciSendCommandA
midiOutGetDevCapsA

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 3KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 93KB - Virtual size: 348KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

452a931753cc8164bef543535e1e00e4

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

07:be:8f:83:f4:45:50:21:f4:e2:4f:b0:21:fc:a2:4aCertificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

f3:e2:19:d1:c5:e3:35:87:7d:96:69:86:f1:e7:ec:7c:c0:c3:4d:43Signer

Signature Validations

Verification

24/09/2010, 16:17 Valid: false

Headers

File Characteristics

Imports

msvcrt

mscms

kernel32

user32

winmm

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 4KB - Virtual size: 3KB

Size: 2KB - Virtual size: 11KB

Size: 3KB - Virtual size: 23KB

Size: 2KB - Virtual size: 11KB

.data Size: 93KB - Virtual size: 348KB

Size: 1KB - Virtual size: 35KB

Size: 1024B - Virtual size: 46KB

Size: 2KB - Virtual size: 3KB

Size: 1KB - Virtual size: 41KB

.rsrc Size: 62KB - Virtual size: 61KB

.reloc Size: 4KB - Virtual size: 4KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

07:be:8f:83:f4:45:50:21:f4:e2:4f:b0:21:fc:a2:4a
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

f3:e2:19:d1:c5:e3:35:87:7d:96:69:86:f1:e7:ec:7c:c0:c3:4d:43
Signer

24/09/2010, 16:17
Valid: false

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 93KB - Virtual size: 348KB

.rsrc
Size: 62KB - Virtual size: 61KB

.reloc
Size: 4KB - Virtual size: 4KB