221e3b9b8bdf602924ca3cd850e66b44028236d70612d90e5850749e34285a05

Sharing

Copy URL Twitter E-mail

General

Target

221e3b9b8bdf602924ca3cd850e66b44028236d70612d90e5850749e34285a05
Size

740KB
MD5

69341f3c0e2e921bd1982967e584332c
SHA1

517f3a20f7020061f462f2dfad386ed3c7171ba8
SHA256

221e3b9b8bdf602924ca3cd850e66b44028236d70612d90e5850749e34285a05
SHA512

507d7a89a3cab5f0df19e3bdc1de757004d416f2dde7a4a4e954de560ba127e9f25000e081dff8f2d6da8c70e865e7e15ee4a22494edd8acaadf150cd9082a79
SSDEEP

12288:fQe3xMLd3+4X8hf6/1c54cbosJY3iCoJOuwi+ytDlDX9dXkx/FzXOY0FCjoEVYVe:UsPlnT/jhPsJh2GPe+vPxEYwk

Score

N/A

Malware Config

Signatures

Files

221e3b9b8bdf602924ca3cd850e66b44028236d70612d90e5850749e34285a05
.exe windows x86

57cafac75c901b30b55e65053d6c3a3c

Code Sign

19:ba:cb:05:0c:f1:bb:47:90:16:0b:76:ab:90:c6:26
Certificate

Issuer

CN=Thawte Personal Freemail Issuing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

02/07/2008, 19:33

Not After

02/07/2009, 19:33

Subject

CN=Thawte Freemail Member,1.2.840.113549.1.9.1=#0c1363727970746f40647662706f7274616c2e6465

Certificate

Issuer

CN=Thawte Personal Freemail CA,OU=Certification Services Division,O=Thawte Consulting,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c1c706572736f6e616c2d667265656d61696c407468617774652e636f6d

Not Before

01/01/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Personal Freemail CA,OU=Certification Services Division,O=Thawte Consulting,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c1c706572736f6e616c2d667265656d61696c407468617774652e636f6d

0d
Certificate

Issuer

CN=Thawte Personal Freemail CA,OU=Certification Services Division,O=Thawte Consulting,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c1c706572736f6e616c2d667265656d61696c407468617774652e636f6d

Not Before

17/07/2003, 00:00

Not After

16/07/2013, 23:59

Subject

CN=Thawte Personal Freemail Issuing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

htons
htonl
ntohl
ntohs

kernel32

VirtualAlloc
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetTempFileNameA
GetLastError
HeapFree
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
HeapReAlloc
GetProcAddress
GetModuleHandleA
ExitProcess
CloseHandle
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileInformationByHandle
PeekNamedPipe
GetFileType
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
GetFileAttributesA
GetCommandLineA
GetVersionExA
GetProcessHeap
CreateFileA
SetEndOfFile
MultiByteToWideChar
ReadFile
SetFilePointer
GetTimeFormatA
GetDateFormatA
MoveFileA
DeleteFileA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetHandleCount
GetStdHandle
GetStartupInfoA
DeleteCriticalSection
HeapDestroy
HeapCreate
VirtualFree
GetModuleFileNameA
Sleep
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapSize
LoadLibraryA
InitializeCriticalSection
SetStdHandle
RtlUnwind
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
RaiseException
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTimeZoneInformation
LCMapStringA
LCMapStringW
FlushFileBuffers
GetStringTypeA
GetStringTypeW
GetLocaleInfoA

Sections

.text
Size: 364KB - Virtual size: 360KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

57cafac75c901b30b55e65053d6c3a3c

Code Sign

19:ba:cb:05:0c:f1:bb:47:90:16:0b:76:ab:90:c6:26Certificate

Certificate

0dCertificate

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

ws2_32

kernel32

Sections

.text Size: 364KB - Virtual size: 360KB

.rdata Size: 84KB - Virtual size: 83KB

.data Size: 16KB - Virtual size: 23KB

.rsrc Size: 4KB - Virtual size: 176B

19:ba:cb:05:0c:f1:bb:47:90:16:0b:76:ab:90:c6:26
Certificate

0d
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

.text
Size: 364KB - Virtual size: 360KB

.rdata
Size: 84KB - Virtual size: 83KB

.data
Size: 16KB - Virtual size: 23KB

.rsrc
Size: 4KB - Virtual size: 176B