85706c0ab4a299728bd47a0e4360bcf28ac1c60eed2dd0074b6532def5b8110f

Sharing

Copy URL Twitter E-mail

General

Target

85706c0ab4a299728bd47a0e4360bcf28ac1c60eed2dd0074b6532def5b8110f
Size

1.1MB
MD5

65ff8ecb7dd186d4d34f18bea7348d57
SHA1

ca6a84aedb2fc4b26c05e2043da30e9440ca4bad
SHA256

85706c0ab4a299728bd47a0e4360bcf28ac1c60eed2dd0074b6532def5b8110f
SHA512

d5b3a3b99f863736f63bdfb05143c5e31970f0d53b9a326f799941f44b188fd45790b58ff398d387f4bd7f14bd7c727da51d04066c10c6b41c1a95b8d0afebd6
SSDEEP

12288:sdx2bXWsMfcORrDCmGetWBIxrY2+CtQIrAcQ1shjGyctYCU6bXZoZybyJ:EsmsMEEUeoBPTCtQIPQ1sBQY56UbJ

Score

N/A

Malware Config

Signatures

Files

85706c0ab4a299728bd47a0e4360bcf28ac1c60eed2dd0074b6532def5b8110f
.exe windows x86

e53950e8f6a9ada68dba16b213b78696

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

08:99:45:31:fd:f1:b2:eb:b8:c7:82:1b:f6:50:fd:cf
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

18/12/2008, 00:00

Not After

18/12/2011, 23:59

Subject

CN=Hewlett-Packard Company,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Hewlett-Packard Company,O=Hewlett-Packard Company,L=Palo Alto,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:c7:27:15:c4:0d:86:a8:c7:8a:a0:57:79:37:5f:92:36:cf:df:6c
Signer

Actual PE Digest

61:c7:27:15:c4:0d:86:a8:c7:8a:a0:57:79:37:5f:92:36:cf:df:6c

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Hewlett-Packard Company,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Hewlett-Packard Company,O=Hewlett-Packard Company,L=Palo Alto,ST=California,C=US

28/09/2010, 17:59
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathRemoveFileSpecW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

kernel32

FreeLibrary
SetLastError
OutputDebugStringA
LockResource
SizeofResource
LoadResource
FindResourceW
DeleteFileW
GetFileSize
ReleaseMutex
GetCurrentThreadId
CreateMutexW
GetSystemTime
SystemTimeToFileTime
GetSystemTimeAsFileTime
SystemTimeToTzSpecificLocalTime
GetTimeFormatW
GetDateFormatW
GetLocaleInfoW
LoadLibraryA
FlushFileBuffers
WriteFile
SetFilePointer
GetFileSizeEx
CreateSemaphoreW
ReleaseSemaphore
ReadFile
WaitForSingleObject
GetCurrentProcess
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
SetEnvironmentVariableA
GetVersion
CompareStringA
InitializeCriticalSectionAndSpinCount
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeA
GetConsoleMode
GetConsoleCP
HeapReAlloc
VirtualAlloc
IsValidCodePage
GetOEMCP
GetACP
HeapSize
GetCurrentProcessId
VirtualFree
HeapCreate
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
ExitProcess
GetModuleFileNameA
GetStdHandle
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStringTypeW
LCMapStringW
LCMapStringA
GetCPInfo
HeapAlloc
HeapFree
IsDebuggerPresent
SetUnhandledExceptionFilter
GetFileAttributesW
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoA
GetCommandLineA
RaiseException
RtlUnwind
InterlockedExchange
InterlockedCompareExchange
InterlockedDecrement
InterlockedIncrement
GetProcAddress
GetModuleHandleW
GetModuleHandleA
MultiByteToWideChar
WideCharToMultiByte
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetLastError
CreateDirectoryW
CopyFileExW
QueryPerformanceCounter
LoadLibraryW
QueryPerformanceFrequency
OutputDebugStringW
CompareFileTime
CreateFileW
GetFileTime
CloseHandle
GetCommandLineW
Sleep
LocalFree
GetModuleFileNameW
CreateProcessW
WriteConsoleW
CreateFileA
CompareStringW

user32

MessageBoxW
DestroyIcon
LoadIconW
LoadMenuW
LoadStringW
MsgWaitForMultipleObjects
FrameRect
DrawIconEx
DrawTextW
DestroyMenu
CopyIcon
FillRect
LoadImageW
GetSystemMetrics
SetRect
MsgWaitForMultipleObjectsEx
PeekMessageW

gdi32

MoveToEx
LineTo
SetBkMode
RoundRect
CreateSolidBrush
CreateCompatibleDC
DPtoLP
CreateBitmap
GetMapMode
CreatePen
BitBlt
SetBkColor
SetTextColor
CreateDCW
DeleteDC
GetDIBits
CreateCompatibleBitmap
SelectObject
GetObjectW
DeleteObject
CreatePatternBrush
SetMapMode

shell32

CommandLineToArgvW
SHGetSpecialFolderPathW
SHFileOperationW

ole32

CoTaskMemFree
CoInitializeEx
CoCreateInstance
CoUninitialize

oleaut32

SysFreeString
SysAllocString

Sections

.text
Size: 497KB - Virtual size: 497KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 450KB - Virtual size: 450KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e53950e8f6a9ada68dba16b213b78696

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

08:99:45:31:fd:f1:b2:eb:b8:c7:82:1b:f6:50:fd:cfCertificate

Extended Key Usages

Key Usages

61:c7:27:15:c4:0d:86:a8:c7:8a:a0:57:79:37:5f:92:36:cf:df:6cSigner

Signature Validations

Verification

28/09/2010, 17:59 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

version

kernel32

user32

gdi32

shell32

ole32

oleaut32

Sections

.text Size: 497KB - Virtual size: 497KB

.rdata Size: 450KB - Virtual size: 450KB

.data Size: 18KB - Virtual size: 26KB

.rsrc Size: 43KB - Virtual size: 43KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

08:99:45:31:fd:f1:b2:eb:b8:c7:82:1b:f6:50:fd:cf
Certificate

61:c7:27:15:c4:0d:86:a8:c7:8a:a0:57:79:37:5f:92:36:cf:df:6c
Signer

28/09/2010, 17:59
Valid: false

.text
Size: 497KB - Virtual size: 497KB

.rdata
Size: 450KB - Virtual size: 450KB

.data
Size: 18KB - Virtual size: 26KB

.rsrc
Size: 43KB - Virtual size: 43KB