0ff9f0733a2f071bdc96ac8546f1262cc6800a654ec7274941d0d28974e1ac75

Sharing

Copy URL Twitter E-mail

General

Target

0ff9f0733a2f071bdc96ac8546f1262cc6800a654ec7274941d0d28974e1ac75
Size

251KB
MD5

653e07e64bfb0bacce58de6e9c35f043
SHA1

23a4331bb9508d0881a58b5071bb5310c3aa79de
SHA256

0ff9f0733a2f071bdc96ac8546f1262cc6800a654ec7274941d0d28974e1ac75
SHA512

ff030d8a3a6356770493352bc8bd3b4da3a0cc888b45b06488bb6a58c96ae0818bb159b89bd8adbc1c510f951797a11dee480b6a3c287f3b4be4fe84e9e29844
SSDEEP

6144:XgyXGzMgoG4/oc1M96gnbctogLH2RdWOro8OA+qU8Y:QyXGU/J1M9PnbA5WR4Oro8OSU8Y

Score

N/A

Malware Config

Signatures

Files

0ff9f0733a2f071bdc96ac8546f1262cc6800a654ec7274941d0d28974e1ac75
.exe windows x86

517da41289359674af9cc7c225885446

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:53

Not After

16/09/2011, 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:53

Not After

16/09/2011, 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04/04/2006, 17:44

Not After

26/04/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/04/2006, 19:43

Not After

04/10/2007, 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

00:c7:b1:0c:e7:94:3e:b7:12:6f:27:10:53:ec:45:d9:46:9d:c7:f3
Signer

Actual PE Digest

00:c7:b1:0c:e7:94:3e:b7:12:6f:27:10:53:ec:45:d9:46:9d:c7:f3

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

19/04/2007, 21:07
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegDeleteKeyA
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegQueryInfoKeyA
RegEnumKeyExA
ReportEventW
RegisterEventSourceW
RegQueryValueExW
RegOpenKeyExW
DeregisterEventSource

gdi32

GetTextExtentPoint32W
CreateSolidBrush
DeleteObject
BitBlt
SetTextColor
DeleteDC
CreateBitmap
SelectObject
CreateCompatibleDC
GetBitmapBits
GetObjectA
PatBlt
CreateFontIndirectA
GetDeviceCaps
ExtTextOutA
ExtTextOutW
SetBkColor

kernel32

RaiseException
InitializeCriticalSection
DeleteCriticalSection
LocalAlloc
GetLastError
LocalFree
GlobalAlloc
GlobalFree
InterlockedDecrement
GetCurrentThreadId
GetVersionExA
InterlockedIncrement
lstrlenW
GetModuleHandleA
MultiByteToWideChar
lstrlenA
GetModuleFileNameA
WideCharToMultiByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
GetProcAddress
LoadLibraryA
GetThreadLocale
GetSystemDefaultLCID
LockResource
GetSystemDefaultLangID
MulDiv
GetLocaleInfoA
lstrcmpA
GetACP
InterlockedExchange
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
VirtualProtect
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
GetProcessHeap
LoadLibraryW
GetModuleFileNameW
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStartupInfoA

shlwapi

wvnsprintfW
wvnsprintfA

msvcrt

__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
__CxxFrameHandler
swprintf
_onexit
__dllonexit
realloc
malloc
atoi
??2@YAPAXI@Z
??3@YAXPAX@Z
free
_except_handler3
memset

user32

CharNextA
GetSystemMetrics
GetWindowRect
SystemParametersInfoA
OffsetRect
SetWindowPos
SetWindowTextA
SetWindowTextW
IsWindowUnicode
SetRect
GetClientRect
IsZoomed
GetMessagePos
GetAsyncKeyState
UpdateWindow
FindWindowA
GetSysColor
GetClassNameA
InvalidateRect
EndPaint
IsWindow
BeginPaint
ReleaseCapture
DispatchMessageA
GetIconInfo
InflateRect
GetDC
GetCursorPos
GetCursor
ClientToScreen
EnumChildWindows
GetActiveWindow
RegisterClassExA
LoadCursorA
GetCapture
CharUpperA
CharLowerA
RegisterWindowMessageA
LoadBitmapA
LoadIconA
GetWindowDC
GetMessageA
ReleaseDC
TranslateMessage
SendMessageA
SetFocus
FindWindowExA
GetWindow
GetWindowThreadProcessId
GetForegroundWindow
LoadStringA
MessageBoxA
RegisterClassA
CreateWindowExA
SetWindowLongA
GetWindowLongA
DefWindowProcA
SetCapture
DestroyWindow
PostQuitMessage
EnumWindows
IsWindowEnabled
PostMessageA
SetTimer
KillTimer
SendMessageTimeoutA
IsWindowVisible
ShowWindow
GetWindowPlacement
SetRectEmpty
IsRectEmpty
IsIconic
GetClassNameW
GetParent
SetForegroundWindow
SetWindowPlacement

ole32

CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoInitialize
CoUninitialize
CoRegisterClassObject
CoRevokeClassObject

oleaut32

VariantInit
VarUI4FromStr

Exports

Exports

_resetstkoflw

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 600B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cdata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

517da41289359674af9cc7c225885446

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

61:47:52:ba:00:00:00:00:00:04Certificate

Extended Key Usages

Key Usages

61:47:52:ba:00:00:00:00:00:04Certificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:baCertificate

Extended Key Usages

Key Usages

61:46:9e:cb:00:04:00:00:00:65Certificate

Extended Key Usages

Key Usages

00:c7:b1:0c:e7:94:3e:b7:12:6f:27:10:53:ec:45:d9:46:9d:c7:f3Signer

Signature Validations

Verification

19/04/2007, 21:07 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

gdi32

kernel32

shlwapi

msvcrt

user32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 44KB

.data Size: 512B - Virtual size: 600B

.cdata Size: 512B - Virtual size: 4B

.rsrc Size: 36KB - Virtual size: 36KB

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

61:47:52:ba:00:00:00:00:00:04
Certificate

61:47:52:ba:00:00:00:00:00:04
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

61:46:9e:cb:00:04:00:00:00:65
Certificate

00:c7:b1:0c:e7:94:3e:b7:12:6f:27:10:53:ec:45:d9:46:9d:c7:f3
Signer

19/04/2007, 21:07
Valid: false

.text
Size: 44KB - Virtual size: 44KB

.data
Size: 512B - Virtual size: 600B

.cdata
Size: 512B - Virtual size: 4B

.rsrc
Size: 36KB - Virtual size: 36KB