eb043e3eb39bd6361bba68859ba6dc6a67b4bbefcea5837a1f363d0f493cdc8b

Sharing

Copy URL Twitter E-mail

General

Target

eb043e3eb39bd6361bba68859ba6dc6a67b4bbefcea5837a1f363d0f493cdc8b
Size

667KB
MD5

6ecc27e2fab5849abff59cecd320e7c8
SHA1

18c067c7468ef3fa31eb66289feece4056d3d3e9
SHA256

eb043e3eb39bd6361bba68859ba6dc6a67b4bbefcea5837a1f363d0f493cdc8b
SHA512

f58d0fe6e5113bd32ee4b6700754df1908d9ddaa1fe9016d7aba8b85a980771c9c1a5daa3a1eda880a0d41dfb6d82adf8bcb64ffa14c117db6e4198a95efef79
SSDEEP

12288:HUAFdtB4omD0rJ8ieqUqtEue1Tg6X15XTIS8w7MAjN0hdMCeNpBj/N5lNg:vFdtuvCJ8iDU8Euo1xTb8TPhKCKpBjlW

Score

N/A

Malware Config

Signatures

Files

eb043e3eb39bd6361bba68859ba6dc6a67b4bbefcea5837a1f363d0f493cdc8b
.exe windows x86

f9406185f2ff585f05760b10ea4c114b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

36:b8:da:6b:f0:0d:94:f1:58:30:10:01:ad:d6:52:7f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

22/02/2010, 00:00

Not After

22/02/2012, 23:59

Subject

CN=Google Inc,OU=Digital ID Class 3 - Java Object Signing,O=Google Inc,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

8b:63:52:ea:bf:ac:31:3e:73:41:f5:1e:50:73:a1:05:6b:47:0a:1e
Signer

Actual PE Digest

8b:63:52:ea:bf:ac:31:3e:73:41:f5:1e:50:73:a1:05:6b:47:0a:1e

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Google Inc,OU=Digital ID Class 3 - Java Object Signing,O=Google Inc,L=Mountain View,ST=California,C=US

18/11/2011, 20:37
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

kernel32

GetSystemTimeAsFileTime
Process32NextW
GetProcessTimes
Process32FirstW
CreateToolhelp32Snapshot
GetTempPathW
LocalAlloc
GetSystemTime
ProcessIdToSessionId
VerifyVersionInfoW
VerSetConditionMask
FindClose
FindNextFileW
FindFirstFileW
GetUserDefaultUILanguage
SetThreadLocale
CompareFileTime
EnumResourceLanguagesW
EnumResourceNamesW
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetACP
GetLocaleInfoA
GetThreadLocale
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
GetSystemInfo
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
ExitProcess
CompareStringW
CompareStringA
IsValidCodePage
GetOEMCP
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
GetCPInfo
LCMapStringA
RtlUnwind
VirtualQuery
VirtualProtect
GetStartupInfoW
CreateThread
ExitThread
IsDebuggerPresent
TerminateProcess
UnhandledExceptionFilter
GetTickCount
GetFileSizeEx
ReadFile
LCMapStringW
FormatMessageW
GlobalFree
CreateMutexW
ReleaseMutex
WriteFile
FlushFileBuffers
DeleteFileW
MoveFileExW
GetTempFileNameW
GetFileAttributesExW
OpenFileMappingW
LocalFree
OpenEventW
GetCurrentProcessId
GetVersionExW
WideCharToMultiByte
ResetEvent
SetEvent
CreateEventW
OpenProcess
WaitForMultipleObjects
SetEnvironmentVariableA
SetThreadPriority
ResumeThread
GetCurrentProcess
FlushInstructionCache
CreateFileW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
Sleep
GetCommandLineW
CreateProcessW
SystemTimeToFileTime
WaitForSingleObject
GetExitCodeProcess
CloseHandle
MultiByteToWideChar
FreeLibrary
LoadLibraryExW
lstrcmpiW
lstrlenW
GetCurrentThreadId
OutputDebugStringA
GetModuleFileNameW
SetLastError
GetLastError
InterlockedDecrement
InterlockedIncrement
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
InterlockedExchange
GetVersion
GetFileAttributesW
GetProcAddress
GetModuleHandleW
LoadLibraryW
GetModuleHandleA
LoadLibraryA
SetFilePointer
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
SetUnhandledExceptionFilter
InterlockedCompareExchange
CreateFileA

user32

EnumChildWindows
PostMessageW
DestroyWindow
GetActiveWindow
EndDialog
SendMessageW
SetWindowLongW
GetWindowLongW
SetTimer
GetDlgItem
SetWindowPos
MapWindowPoints
GetClientRect
SystemParametersInfoW
UnregisterClassA
MessageBoxIndirectW
LoadImageW
CharNextW
GetWindowRect
GetWindow
GetParent
GetSystemMetrics
DialogBoxParamW
FindWindowExW
EnableWindow
GetClassNameW
IsWindow
LoadCursorW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
DefWindowProcW
CallWindowProcW
BringWindowToTop
MessageBoxW
SetWindowRgn
EndPaint
BeginPaint
IsWindowEnabled
IsWindowVisible
GetWindowThreadProcessId
RegisterClassW

advapi32

RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
CryptDestroyHash
CryptDestroyKey
RegEnumValueW
GetSecurityDescriptorControl
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
CryptVerifySignatureW
CryptCreateHash
CryptHashData
CryptAcquireContextW
RegNotifyChangeKeyValue
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
GetSidIdentifierAuthority
GetSidSubAuthorityCount
RegQueryValueExW
OpenProcessToken
GetTokenInformation
ConvertSidToStringSidW
AllocateAndInitializeSid
FreeSid
GetAce
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
SetSecurityDescriptorDacl
EqualSid
CopySid
IsValidSid
GetLengthSid
InitializeSecurityDescriptor
MakeAbsoluteSD
GetAclInformation
InitializeAcl
AddAce
RegFlushKey
GetSecurityDescriptorLength
MakeSelfRelativeSD
GetSecurityDescriptorOwner

ole32

CoInitializeEx
CoInitialize
CoCreateGuid
OleRun
CoUninitialize
CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc
CLSIDFromProgID
CoTaskMemRealloc

shell32

ShellExecuteExW
ord165
ShellExecuteW
SHGetFolderPathW

oleaut32

VariantClear
SysAllocString
SysAllocStringLen
VarUI4FromStr
VariantInit

shlwapi

SHCreateStreamOnFileW
PathMatchSpecW
SHDeleteValueW
PathIsDirectoryW
PathCombineW
PathRemoveExtensionW
SHGetValueW
PathFindFileNameW
StrCatBuffA
PathFileExistsW
PathAppendW
SHSetValueW

gdi32

CreateRectRgn

urlmon

CreateAsyncBindCtx
RegisterBindStatusCallback
CreateURLMonikerEx

userenv

UnloadUserProfile

crypt32

CertGetNameStringW
CertFreeCertificateChain
CertCreateContext
CryptUnprotectData
CryptProtectData
CryptQueryObject
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertNameToStrW
CertFreeCertificateContext
CryptImportPublicKeyInfo
CertVerifyCertificateChainPolicy
CertGetCertificateChain

psapi

GetProcessImageFileNameW
EnumProcessModules
EnumProcesses
GetModuleFileNameExW

wininet

InternetReadFile
InternetOpenW
InternetOpenUrlW
HttpQueryInfoW
InternetCloseHandle

wintrust

WinVerifyTrust

Sections

.text
Size: 284KB - Virtual size: 283KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f9406185f2ff585f05760b10ea4c114b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

36:b8:da:6b:f0:0d:94:f1:58:30:10:01:ad:d6:52:7fCertificate

Extended Key Usages

Key Usages

8b:63:52:ea:bf:ac:31:3e:73:41:f5:1e:50:73:a1:05:6b:47:0a:1eSigner

Signature Validations

Verification

18/11/2011, 20:37 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

version

kernel32

user32

advapi32

ole32

shell32

oleaut32

shlwapi

gdi32

urlmon

userenv

crypt32

psapi

wininet

wintrust

Sections

.text Size: 284KB - Virtual size: 283KB

.rdata Size: 66KB - Virtual size: 66KB

.data Size: 8KB - Virtual size: 47KB

.rsrc Size: 128KB - Virtual size: 128KB

.reloc Size: 20KB - Virtual size: 19KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

36:b8:da:6b:f0:0d:94:f1:58:30:10:01:ad:d6:52:7f
Certificate

8b:63:52:ea:bf:ac:31:3e:73:41:f5:1e:50:73:a1:05:6b:47:0a:1e
Signer

18/11/2011, 20:37
Valid: false

.text
Size: 284KB - Virtual size: 283KB

.rdata
Size: 66KB - Virtual size: 66KB

.data
Size: 8KB - Virtual size: 47KB

.rsrc
Size: 128KB - Virtual size: 128KB

.reloc
Size: 20KB - Virtual size: 19KB