0a8e2ef8f18874bdb2b7c1d764eadd180533a8b86a6a04beb1a906e974e840e0

Sharing

Copy URL

Twitter E-mail

General

Target

0a8e2ef8f18874bdb2b7c1d764eadd180533a8b86a6a04beb1a906e974e840e0
Size

843KB
MD5

6bf8f292f187526f3092e3a20a3a3700
SHA1

251749af9189bb6e78be08a1fa1ef511d6924d9f
SHA256

0a8e2ef8f18874bdb2b7c1d764eadd180533a8b86a6a04beb1a906e974e840e0
SHA512

5aa8e9d659fa20cf1e42c28007b04734ab04edf3ce5330f6224826e0a75297877702189e856c7c461e946690ebc7f252c48d8f21291f5f2a6b1a44ce299ced2b
SSDEEP

24576:4dTfw+Lc3ZkHhzzxqgJDu+fJArU3PZkYjZ2z9oKxY:l+Lc3ZkH9S+hMU3hkoZuiKxY

Score

N/A

Malware Config

Signatures

Files

0a8e2ef8f18874bdb2b7c1d764eadd180533a8b86a6a04beb1a906e974e840e0
.exe windows x86

9a45d5de62adecca100a6d41540144eb

Code Sign

07:27:58:3d
Certificate

Issuer

CN=GTE CyberTrust Global Root,OU=GTE CyberTrust Solutions\, Inc.,O=GTE Corporation,C=US

Not Before

13-01-2010 19:20

Not After

30-09-2015 18:19

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

02:3a:64
Certificate

Issuer

CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US

Not Before

18-10-2012 14:38

Not After

20-05-2022 14:38

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7e:1f:df:72:99:e8:d2:45:a1:5d:0b:a8:e5:b1:59:ba
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

19-05-2022 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0d:d2:fc:97:b3:c6:59:7c:ab:d9:7b:29:d9:38:34:40
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

02-07-2012 00:00

Not After

26-08-2014 12:00

Subject

CN=Safe Download Limited,O=Safe Download Limited,L=Douglas,ST=Douglas,C=IM

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:1c:57:ee:5d:70:eb:9b:a0:b1:52:0c:72:9c:1b:09
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-02-2011 12:00

Not After

10-02-2026 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3d:a5:9c:fd:46:ef:f4:09:0d:67:5e:e3:73:b6:81:ce:bb:aa:34:61
Signer

Actual PE Digest

3d:a5:9c:fd:46:ef:f4:09:0d:67:5e:e3:73:b6:81:ce:bb:aa:34:61

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Safe Download Limited,O=Safe Download Limited,L=Douglas,ST=Douglas,C=IM

14-12-2012 13:13
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

dbghelp

MiniDumpWriteDump

kernel32

QueryPerformanceCounter
HeapFree
InterlockedCompareExchange
UnlockFile
LockFile
GetTickCount
UnlockFileEx
GetSystemTimeAsFileTime
FormatMessageA
WriteFile
InitializeCriticalSection
WideCharToMultiByte
LoadLibraryW
Sleep
FormatMessageW
HeapDestroy
LeaveCriticalSection
GetFileAttributesA
HeapCreate
HeapValidate
GetFileAttributesW
ReadFile
CreateFileW
MultiByteToWideChar
FlushFileBuffers
GetTempPathW
GetLastError
GetProcAddress
HeapSize
LockFileEx
EnterCriticalSection
GetDiskFreeSpaceW
LoadLibraryA
SystemTimeToFileTime
GetDiskFreeSpaceA
GetSystemInfo
GetFileAttributesExW
DeleteCriticalSection
GetVersionExA
CloseHandle
DeleteFileW
GetCurrentProcessId
GetTempPathA
LocalFree
GetSystemTime
AreFileApisANSI
DeleteFileA
GetEnvironmentVariableW
GetDriveTypeW
SetUnhandledExceptionFilter
InterlockedDecrement
GetCurrentProcess
SetFilePointerEx
GetLogicalDriveStringsW
GetCurrentThread
VirtualFree
GetModuleFileNameW
GetCurrentDirectoryW
VirtualAlloc
DeviceIoControl
QueryPerformanceFrequency
GetCurrentThreadId
SetThreadAffinityMask
GetDiskFreeSpaceExW
GetVolumeNameForVolumeMountPointW
GetVolumeInformationW
GetDateFormatA
HeapAlloc
FreeLibrary
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
SetFilePointer
CreateMutexW
GetFileSize
CreateFileA
HeapReAlloc
GetFullPathNameA
GetFullPathNameW
GetTimeFormatA
CreateFileMappingW
lstrlenA
SetEnvironmentVariableA
CompareStringW
WriteConsoleW
GetProcessHeap
GetConsoleMode
GetConsoleCP
SetStdHandle
InterlockedExchange
EncodePointer
DecodePointer
InterlockedIncrement
GetCommandLineW
HeapSetInformation
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetModuleHandleW
ExitProcess
GetStdHandle
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
RtlUnwind
SetHandleCount
GetFileType
GetStartupInfoW
RaiseException
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoW
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW

advapi32

RegCloseKey
ControlService
QueryServiceStatus
StartServiceW
RegDeleteKeyW
RegOpenKeyW
RegQueryValueExW
RegCreateKeyW
OpenServiceW
OpenSCManagerW
DeleteService
CloseServiceHandle
CreateServiceW
RegSetValueExW

ole32

CoUninitialize
CoInitializeSecurity
CoInitializeEx
CoSetProxyBlanket
CoCreateInstance

oleaut32

SysFreeString
VariantClear
SysAllocString

Sections

.text
Size: 704KB - Virtual size: 703KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9a45d5de62adecca100a6d41540144eb

Code Sign

07:27:58:3dCertificate

Key Usages

02:3a:64Certificate

Extended Key Usages

Key Usages

7e:1f:df:72:99:e8:d2:45:a1:5d:0b:a8:e5:b1:59:baCertificate

Extended Key Usages

Key Usages

0d:d2:fc:97:b3:c6:59:7c:ab:d9:7b:29:d9:38:34:40Certificate

Extended Key Usages

Key Usages

08:1c:57:ee:5d:70:eb:9b:a0:b1:52:0c:72:9c:1b:09Certificate

Extended Key Usages

Key Usages

3d:a5:9c:fd:46:ef:f4:09:0d:67:5e:e3:73:b6:81:ce:bb:aa:34:61Signer

Signature Validations

Verification

14-12-2012 13:13 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

dbghelp

kernel32

advapi32

ole32

oleaut32

Sections

.text Size: 704KB - Virtual size: 703KB

.rdata Size: 82KB - Virtual size: 82KB

.data Size: 12KB - Virtual size: 22KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 42KB - Virtual size: 42KB

07:27:58:3d
Certificate

02:3a:64
Certificate

7e:1f:df:72:99:e8:d2:45:a1:5d:0b:a8:e5:b1:59:ba
Certificate

0d:d2:fc:97:b3:c6:59:7c:ab:d9:7b:29:d9:38:34:40
Certificate

08:1c:57:ee:5d:70:eb:9b:a0:b1:52:0c:72:9c:1b:09
Certificate

3d:a5:9c:fd:46:ef:f4:09:0d:67:5e:e3:73:b6:81:ce:bb:aa:34:61
Signer

14-12-2012 13:13
Valid: false

.text
Size: 704KB - Virtual size: 703KB

.rdata
Size: 82KB - Virtual size: 82KB

.data
Size: 12KB - Virtual size: 22KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 42KB - Virtual size: 42KB