b3c1296f8ff2e88cbe2635fc1a5a0e123cdae333d9ef42788c430ebc46e1a346

Sharing

Copy URL Twitter E-mail

General

Target

b3c1296f8ff2e88cbe2635fc1a5a0e123cdae333d9ef42788c430ebc46e1a346
Size

530KB
MD5

49ed4cbdc32200abbb83a9cd123fe880
SHA1

1a90101b6d87b5269601a068a8c02c07ee9346f9
SHA256

b3c1296f8ff2e88cbe2635fc1a5a0e123cdae333d9ef42788c430ebc46e1a346
SHA512

34f0598c88d8cc2e9b54bee0fa27a5e4140afce1dd44a3c8ccea8ffb6bf28315ddf2ac196d3961aef39a4fa72162ec75988ba9e897ef751d66d96b1e019730ce
SSDEEP

6144:tj4XDY4eazg4AGCrDFLItcK4wGVvkFHYwDTrS7GACUfNaRv/G49AIpgNup:5kY4eaz+GqFbKkvyDTep6TqIuNu

Score

N/A

Malware Config

Signatures

Files

b3c1296f8ff2e88cbe2635fc1a5a0e123cdae333d9ef42788c430ebc46e1a346
.exe windows x86

87f12ba92e0317c5a47b5ae7bb6c97d8

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:1f:8c:ab:92:ac:ea:92:ba:3f:c6:fd:29:0f:01:bb
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

30/05/2006, 00:00

Not After

15/06/2007, 23:59

Subject

CN=ACD Systems Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Development,O=ACD Systems Ltd,L=Saanichton,ST=BC,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

_TrackMouseEvent
ImageList_Draw
ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

shellintmgr31

ShlInt_VerifyAssociations_XMLFile
ShlInt_PerformAssociations_XMLFile

msimg32

GradientFill

kernel32

WideCharToMultiByte
FindResourceExA
FindResourceA
LoadResource
FreeLibrary
CloseHandle
FindFirstFileA
FindNextFileA
FindClose
Sleep
GetCurrentProcessId
TlsAlloc
TlsFree
GetCurrentThreadId
TlsGetValue
TlsSetValue
SetEvent
FindFirstChangeNotificationA
WaitForMultipleObjects
FindNextChangeNotification
FindCloseChangeNotification
EnterCriticalSection
LeaveCriticalSection
GetFileAttributesA
SystemTimeToTzSpecificLocalTime
GetDateFormatA
GetTimeFormatA
FileTimeToSystemTime
CreateEventA
LockResource
CreateSemaphoreA
ReleaseSemaphore
lstrcpynA
GetModuleFileNameA
LoadLibraryA
GetStartupInfoA
ExitProcess
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
TerminateThread
SuspendThread
GetCurrentThread
SetFileTime
GetUserDefaultLangID
MoveFileA
SetFileAttributesA
FreeResource
GetTempFileNameA
DeleteFileA
LocalFree
FormatMessageA
GetFullPathNameA
GetFileTime
OutputDebugStringA
LoadLibraryExA
ResetEvent
SetThreadPriority
ResumeThread
QueryPerformanceFrequency
QueryPerformanceCounter
GlobalAlloc
UnmapViewOfFile
CreateFileMappingA
MapViewOfFile
GetFileSize
MulDiv
GetCurrentDirectoryA
SetCurrentDirectoryA
GlobalLock
GlobalUnlock
GlobalFree
WaitForSingleObject
SystemTimeToFileTime
SetThreadLocale
lstrcpyA
GetModuleHandleA
GetProcAddress
lstrlenA
lstrcmpiA
DeleteCriticalSection
InitializeCriticalSection
RaiseException
MultiByteToWideChar
CreateMutexA
GetLastError
SetErrorMode
GetSystemTimeAsFileTime
CompareFileTime
lstrcmpA
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
lstrcatA
CreateFileA
GetTickCount

user32

RegisterWindowMessageA
SetWindowTextA
IsRectEmpty
ClientToScreen
DrawFrameControl
TrackPopupMenu
TrackPopupMenuEx
GetMenuItemInfoA
SetMenuItemInfoA
EnumWindows
GetWindowThreadProcessId
MapWindowPoints
GetSubMenu
CallWindowProcA
ScreenToClient
GetMenuItemCount
GetMenuStringA
GetClassNameA
GetUpdateRect
DrawTextA
GetDC
ReleaseDC
GetKeyState
GetFocus
GetCursorPos
SetFocus
LockWindowUpdate
SetWindowPos
KillTimer
GetCursor
SetCursor
CheckMenuItem
GetClassInfoA
RegisterClassA
DestroyMenu
LoadMenuA
MonitorFromWindow
GetMonitorInfoA
EnableMenuItem
LoadBitmapA
SetRect
SetWindowPlacement
GetClientRect
IsWindowVisible
DialogBoxParamA
FillRect
FrameRect
SetWindowLongA
GetWindowLongA
CheckDlgButton
EnableWindow
GetDlgItem
wsprintfA
SetDlgItemTextA
SendDlgItemMessageA
GetDlgItemTextA
EndDialog
IsDlgButtonChecked
InvalidateRect
SetWindowsHookExA
CallNextHookEx
CreateWindowExA
LoadIconA
LoadCursorA
GetClassInfoExA
CreateDialogParamA
SetRectEmpty
PtInRect
SetCursorPos
MessageBeep
ShowCursor
DestroyCursor
InflateRect
DrawFocusRect
SetCapture
ReleaseCapture
GetCapture
GetSysColor
CloseClipboard
RegisterClipboardFormatA
SetClipboardData
EmptyClipboard
OpenClipboard
EqualRect
SetWindowRgn
GetSysColorBrush
GetDesktopWindow
CharNextA
InvalidateRgn
ScrollWindowEx
DialogBoxIndirectParamA
IsDialogMessageA
RegisterClassExA
SetParent
GetParent
IsChild
MoveWindow
ShowWindow
UpdateWindow
DefWindowProcA
BeginPaint
EndPaint
LoadImageA
DestroyIcon
DestroyWindow
UnhookWindowsHookEx
TranslateMessage
DispatchMessageA
PeekMessageA
SendMessageA
GetMessageA
LoadStringA
MessageBoxA
PostQuitMessage
SetTimer
OffsetRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetSystemMetrics
PostMessageA
SetForegroundWindow
CharUpperA
CharLowerA
FindWindowA
IsWindow

gdi32

SetStretchBltMode
SaveDC
CreateCompatibleDC
CreateBitmap
MaskBlt
RestoreDC
GetDeviceCaps
DeleteDC
GetObjectA
SetTextColor
SetBkMode
GetTextExtentPoint32A
SelectObject
CreatePen
MoveToEx
LineTo
CreateFontIndirectA
CreateSolidBrush
DeleteObject
GetStockObject
CreatePalette
DeleteEnhMetaFile
CreateDIBSection
GetDIBColorTable
SetDIBitsToDevice
SelectClipRgn
CombineRgn
CreateRectRgn
BitBlt
SetBrushOrgEx
Rectangle
SetBkColor
PlayEnhMetaFile
RealizePalette
SelectPalette
SetEnhMetaFileBits
GetEnhMetaFileBits
SetDIBColorTable
GetPaletteEntries
GetCurrentObject
StretchBlt
Arc
CreateEllipticRgn
CreateCompatibleBitmap

comdlg32

GetOpenFileNameA
ChooseColorA
GetFileTitleA
GetSaveFileNameA

advapi32

RegCreateKeyExA
RegDeleteKeyA
RegEnumKeyA
RegDeleteValueA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegEnumKeyExA
RegCloseKey
RegOpenKeyA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA

shell32

SHFileOperationA
SHGetFolderPathA
ExtractIconExA
ShellExecuteA
SHGetFileInfoA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
ord2
SHGetMalloc
ord4

msvcp71

?_Nomemory@std@@YAXXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z

shlwapi

PathFileExistsA

msvcr71

_itoa
_strcmpi
_hypot
_stricmp
??3@YAXPAX@Z
_vscprintf
vsprintf
memmove
_CxxThrowException
__CxxFrameHandler
malloc
free
_except_handler3
??0exception@@QAE@ABV0@@Z
_mbsrchr
sscanf
??_V@YAXPAX@Z
qsort
strrchr
_mbscmp
sprintf
_stat
??1exception@@UAE@XZ
??0exception@@QAE@XZ
atof
strstr
strchr
_mbsstr
floor
_mbsicmp
_splitpath
_mbschr
rand
_mbsnbicmp
atoi
_purecall
_beginthreadex
realloc
printf
__RTDynamicCast
_CIpow
ceil
calloc
_endthreadex
strncpy
wcslen
_mbsbtype
_stricoll
_strnicoll
isleadbyte
memchr
_callnewh
memset
__security_error_handler
??1type_info@@UAE@XZ
__dllonexit
_onexit
_c_exit
_exit
_XcptFilter
_ismbblead
_cexit
exit
_acmdln
_amsg_exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
_controlfp

imagehlp

ImageEnumerateCertificates
ImageGetCertificateHeader
ImageGetCertificateData
ImageGetDigestStream

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

ole32

CoCreateInstance

Sections

.text
Size: 360KB - Virtual size: 359KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

87f12ba92e0317c5a47b5ae7bb6c97d8

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

2e:1f:8c:ab:92:ac:ea:92:ba:3f:c6:fd:29:0f:01:bbCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

comctl32

shellintmgr31

msimg32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

msvcp71

shlwapi

msvcr71

imagehlp

version

ole32

Sections

.text Size: 360KB - Virtual size: 359KB

.rdata Size: 44KB - Virtual size: 41KB

.data Size: 20KB - Virtual size: 29KB

.tls Size: 4KB - Virtual size: 4B

.rsrc Size: 98KB - Virtual size: 98KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

2e:1f:8c:ab:92:ac:ea:92:ba:3f:c6:fd:29:0f:01:bb
Certificate

.text
Size: 360KB - Virtual size: 359KB

.rdata
Size: 44KB - Virtual size: 41KB

.data
Size: 20KB - Virtual size: 29KB

.tls
Size: 4KB - Virtual size: 4B

.rsrc
Size: 98KB - Virtual size: 98KB