08f75245fb933d85879529940d792b65b8f58eceff4814c6a185bf10e1724e8a

Sharing

Copy URL Twitter E-mail

General

Target

08f75245fb933d85879529940d792b65b8f58eceff4814c6a185bf10e1724e8a
Size

597KB
MD5

92002b06688a0d299313997cde341078
SHA1

e43c28047c9be804d098498825782dc225fff0f4
SHA256

08f75245fb933d85879529940d792b65b8f58eceff4814c6a185bf10e1724e8a
SHA512

f58d9367765befa6d8e788cf70c1610280a4934b92ee5068b3dfbb8f54104ff788dca4fe7ddbe751a6b571df760b3f5933654b16ffc2c6966579497d50dd63f0
SSDEEP

12288:FK+j3QhLcgc1QJKV69Cmo+tL7iK9OiozM9MnlkQ7:FKiQ9cgc1QwV69Cmo4iK9zozMenyQ7

Score

N/A

Malware Config

Signatures

Files

08f75245fb933d85879529940d792b65b8f58eceff4814c6a185bf10e1724e8a
.exe windows x86

6b1ae41dc34d34f4317741729ada6954

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:1b:a0:26:c4:c9:b6:89:6e:df:ad:00:00:3f:f5:3b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

29/08/2007, 00:00

Not After

11/10/2008, 23:59

Subject

CN=Lavasoft AB,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Security Division,O=Lavasoft AB,L=Gothenburg,ST=Vaestra Goetaland,C=SE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ae:c9:86:22:15:1c:7d:40:82:f2:14:b4:05:82:9b:92:c4:c2:55:ec
Signer

Actual PE Digest

ae:c9:86:22:15:1c:7d:40:82:f2:14:b4:05:82:9b:92:c4:c2:55:ec

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Lavasoft AB,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Security Division,O=Lavasoft AB,L=Gothenburg,ST=Vaestra Goetaland,C=SE

18/10/2022, 20:47
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ceapi

CE_DeleteQuarantinedInfection
CE_RestoreQuarantinedInfection
CE_CleanPrivacy
CE_UnloadDB
CE_GetDBInfo
CE_GetDefFileVersions
CE_LoadDefFilesToDB
CE_RegisterProgressHooks
CE_RegisterSystemInfectionHooks
CE_LoadEngine
CE_ExtendedSettings
CE_GetEngineStatus
CE_ScanTargetLocations
CE_GetFamilyInfo
CE_ClearInfectionList
CE_SetBrowserHijackPages
CE_CleanInfections
CE_UnloadEngine
CE_QuarantineInfections
_CE_GetVersion@12

kernel32

SetFilePointer
lstrcmpiW
CreateThread
lstrcpyW
SetProcessWorkingSetSize
GetLogicalDrives
GetDriveTypeW
lstrlenW
GetTempPathW
GetTickCount
CopyFileW
GetPrivateProfileIntW
OpenFileMappingW
OpenMutexW
MapViewOfFile
CreateFileMappingW
CreateMutexW
ReleaseMutex
UnmapViewOfFile
FormatMessageW
ExitProcess
GetVersionExA
OutputDebugStringA
MultiByteToWideChar
GetFileAttributesW
SetLastError
GetModuleFileNameA
GetCurrentThreadId
WriteFile
WideCharToMultiByte
SetUnhandledExceptionFilter
CreateToolhelp32Snapshot
Process32FirstW
Module32FirstW
Module32NextW
Process32NextW
ReadFile
GetLocaleInfoA
QueryPerformanceCounter
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
VirtualAlloc
VirtualFree
HeapCreate
GetStartupInfoA
GetStdHandle
SetHandleCount
SetStdHandle
GetFileType
IsValidCodePage
GetOEMCP
GetACP
FlushFileBuffers
GetConsoleCP
GetUserDefaultLCID
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
CreateFileA
GetStringTypeW
GetStringTypeA
GetCPInfo
LCMapStringW
GetModuleHandleA
GetCurrentDirectoryW
GetModuleFileNameW
GetCurrentProcess
CreateFileW
FreeLibrary
LoadLibraryW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GlobalMemoryStatusEx
GetSystemInfo
GetComputerNameW
CreateDirectoryW
FileTimeToLocalFileTime
FileTimeToSystemTime
LocalFree
GetCommandLineW
SetThreadPriority
CreateEventW
CloseHandle
CreateProcessW
ResetEvent
GetLastError
WaitForSingleObject
lstrcmpW
GetCurrentProcessId
GetVersionExW
OpenEventW
Sleep
FindClose
WaitForMultipleObjects
OpenProcess
FindNextFileW
GetModuleHandleW
FindFirstFileW
SetEvent
GetProcAddress
GetLocalTime
LCMapStringA
RtlUnwind
DeleteFileW
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
ExitThread
GetSystemTimeAsFileTime
GetTimeZoneInformation
SetEnvironmentVariableW
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
GetNumberOfConsoleInputEvents
PeekConsoleInputA
GetConsoleMode
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
LoadLibraryA
IsValidLocale
EnumSystemLocalesA
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
RaiseException
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap

user32

UpdateWindow
ShowWindow
MessageBoxW
EnableWindow
SetWindowTextW
DestroyWindow
SendMessageW
EndPaint
BeginPaint
DefWindowProcW
DispatchMessageW
TranslateMessage
GetMessageW
CreateWindowExW
RegisterClassExW
GetSystemMetrics
CharUpperW
PostQuitMessage
UnregisterClassA

gdi32

CreateFontW

advapi32

SetServiceStatus
DuplicateTokenEx
LookupPrivilegeValueW
RegOpenKeyExW
AdjustTokenPrivileges
RegDeleteValueW
SetTokenInformation
RegCloseKey
CreateProcessAsUserW
OpenSCManagerW
OpenServiceW
ChangeServiceConfigW
CloseServiceHandle
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetUserNameW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
DeleteService
ControlService
QueryServiceStatus
CreateServiceW
RegisterServiceCtrlHandlerW
ChangeServiceConfig2W
StartServiceCtrlDispatcherW
RevertToSelf
ImpersonateLoggedOnUser
OpenProcessToken

shell32

SHGetFolderPathW
Shell_NotifyIconW
CommandLineToArgvW

shlwapi

PathAppendW
SHDeleteKeyW
PathRemoveFileSpecW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

rpcrt4

UuidCreate

psapi

GetProcessMemoryInfo

ws2_32

socket
gethostbyname
htons
connect
send
closesocket
WSAStartup

Sections

.text
Size: 464KB - Virtual size: 460KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6b1ae41dc34d34f4317741729ada6954

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

25:1b:a0:26:c4:c9:b6:89:6e:df:ad:00:00:3f:f5:3bCertificate

Extended Key Usages

Key Usages

ae:c9:86:22:15:1c:7d:40:82:f2:14:b4:05:82:9b:92:c4:c2:55:ecSigner

Signature Validations

Verification

18/10/2022, 20:47 Valid: false

Headers

File Characteristics

Imports

ceapi

kernel32

user32

gdi32

advapi32

shell32

shlwapi

userenv

rpcrt4

psapi

ws2_32

Sections

.text Size: 464KB - Virtual size: 460KB

.rdata Size: 108KB - Virtual size: 107KB

.data Size: 8KB - Virtual size: 18KB

.rsrc Size: 8KB - Virtual size: 5KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

25:1b:a0:26:c4:c9:b6:89:6e:df:ad:00:00:3f:f5:3b
Certificate

ae:c9:86:22:15:1c:7d:40:82:f2:14:b4:05:82:9b:92:c4:c2:55:ec
Signer

18/10/2022, 20:47
Valid: false

.text
Size: 464KB - Virtual size: 460KB

.rdata
Size: 108KB - Virtual size: 107KB

.data
Size: 8KB - Virtual size: 18KB

.rsrc
Size: 8KB - Virtual size: 5KB