c0b8779bb67b6baea9953d12d5ea5b2473a3bf4f552ae0f5fbc0f0e9f78eae5f

Sharing

Copy URL Twitter E-mail

General

Target

c0b8779bb67b6baea9953d12d5ea5b2473a3bf4f552ae0f5fbc0f0e9f78eae5f
Size

427KB
MD5

76aac39e10c2c874f59f013c40b14586
SHA1

f31c308661b643fdf2beca6722fa008edbf01255
SHA256

c0b8779bb67b6baea9953d12d5ea5b2473a3bf4f552ae0f5fbc0f0e9f78eae5f
SHA512

c862ba95b8d15d9e6e64dafd5b05bc7cf4b33eea45a787997600e52106c188371ac82f2935fc5c919efaaeeef804b261b794592af798778f5c8e7f43e9c8f414
SSDEEP

12288:Na2BJR+zEnAtoZdMXRgZ6nACH2kLH4dIkWrTsJ+T+30:PAtoZdMXRgZBy2kkdIVTo+q30

Score

N/A

Malware Config

Signatures

Files

c0b8779bb67b6baea9953d12d5ea5b2473a3bf4f552ae0f5fbc0f0e9f78eae5f
.exe windows x86

f102fbe2a6ce5a6c65b56957826948ea

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5c:2f:97:a3:1a:bc:32:b0:8c:ac:01:00:59:8f:32:f6
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

16/11/2011, 00:00

Not After

15/12/2012, 23:59

Subject

CN=Neowiz CORPORATION,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Neowiz CORPORATION,L=Gangnam,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f1:99:c8:83:20:df:c1:56:3a:53:96:83:87:8f:39:01:f7:31:bd:69
Signer

Actual PE Digest

f1:99:c8:83:20:df:c1:56:3a:53:96:83:87:8f:39:01:f7:31:bd:69

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Neowiz CORPORATION,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Neowiz CORPORATION,L=Gangnam,ST=Seoul,C=KR

15/05/2012, 02:26
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

__WSAFDIsSet
WSASetLastError
WSAGetLastError
select
connect
ioctlsocket
socket
closesocket
shutdown
send
recv
WSAStartup
WSACleanup
gethostbyname
getsockopt
inet_addr
htons

iphlpapi

GetAdaptersInfo
GetIpForwardTable

kernel32

LCMapStringW
HeapSize
GetTimeZoneInformation
CloseHandle
ReadFile
CreateFileW
LockResource
LoadResource
SizeofResource
FindResourceW
UnmapViewOfFile
IsBadStringPtrA
MapViewOfFile
CreateFileMappingW
lstrcpynW
lstrcpyW
MultiByteToWideChar
WideCharToMultiByte
RaiseException
EnterCriticalSection
LeaveCriticalSection
FlushInstructionCache
GetCurrentProcess
GetLastError
lstrlenA
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
lstrlenW
GetProcAddress
GetModuleHandleW
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
SetLastError
FreeLibrary
LoadLibraryExW
GetModuleFileNameW
FindClose
FileTimeToDosDateTime
FileTimeToLocalFileTime
FindFirstFileA
Sleep
GetTickCount
OutputDebugStringW
SetEndOfFile
SetFilePointer
DeleteFileW
SetFileAttributesW
GetPrivateProfileStringW
GetFullPathNameW
GetCurrentDirectoryW
RemoveDirectoryW
FindNextFileW
FindFirstFileW
LocalFree
CreateFileA
WriteFile
InterlockedCompareExchange
InterlockedPushEntrySList
HeapFree
GetProcessHeap
HeapAlloc
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
InterlockedPopEntrySList
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
ExitProcess
GetFileInformationByHandle
SetUnhandledExceptionFilter
FindFirstFileExW
GetDriveTypeW
FileTimeToSystemTime
DecodePointer
EncodePointer
GetSystemTimeAsFileTime
HeapReAlloc
GetFileAttributesW
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetCommandLineW
GetFileType
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
HeapCreate
QueryPerformanceCounter
GetCurrentProcessId
TerminateProcess
PeekNamedPipe
GetStringTypeW
LoadLibraryW
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
SetStdHandle
FlushFileBuffers
GetConsoleMode
GetConsoleCP
IsDebuggerPresent
UnhandledExceptionFilter
SetHandleCount

user32

UnregisterClassA
DefWindowProcW
DestroyWindow
CharNextW
GetActiveWindow
DialogBoxParamW
EndPaint
BeginPaint
SendDlgItemMessageW
SendMessageW
LoadBitmapW
SetRect
GetWindow
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
SetWindowPos
GetDlgItem
GetClientRect
PostMessageW
GetWindowLongW
SetWindowLongW
EndDialog
GetParent
GetWindowRect

advapi32

RegQueryInfoKeyW
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCloseKey
RegDeleteValueW

ole32

CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
CoUninitialize
CoTaskMemAlloc
CoInitializeSecurity
CoInitialize

oleaut32

VarUI4FromStr
SysFreeString
SysAllocString
VariantInit
VariantCopy
VariantChangeType
VariantClear

shlwapi

PathRemoveBackslashW
PathFileExistsW
PathFileExistsA
PathAddBackslashW
PathRemoveFileSpecW

comctl32

InitCommonControlsEx

gdi32

GetObjectW
BitBlt
DeleteObject
DeleteDC
CreateCompatibleDC
SelectObject

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

dbghelp

MiniDumpReadDumpStream

Sections

.text
Size: 216KB - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f102fbe2a6ce5a6c65b56957826948ea

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

5c:2f:97:a3:1a:bc:32:b0:8c:ac:01:00:59:8f:32:f6Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

f1:99:c8:83:20:df:c1:56:3a:53:96:83:87:8f:39:01:f7:31:bd:69Signer

Signature Validations

Verification

15/05/2012, 02:26 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

iphlpapi

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

comctl32

gdi32

version

dbghelp

Sections

.text Size: 216KB - Virtual size: 216KB

.rdata Size: 39KB - Virtual size: 39KB

.data Size: 16KB - Virtual size: 28KB

.rsrc Size: 136KB - Virtual size: 136KB

.reloc Size: 13KB - Virtual size: 13KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

5c:2f:97:a3:1a:bc:32:b0:8c:ac:01:00:59:8f:32:f6
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

f1:99:c8:83:20:df:c1:56:3a:53:96:83:87:8f:39:01:f7:31:bd:69
Signer

15/05/2012, 02:26
Valid: false

.text
Size: 216KB - Virtual size: 216KB

.rdata
Size: 39KB - Virtual size: 39KB

.data
Size: 16KB - Virtual size: 28KB

.rsrc
Size: 136KB - Virtual size: 136KB

.reloc
Size: 13KB - Virtual size: 13KB