b4b61f7202dc09bd7a8aec440068e0712d570a2430dd4ae65bf4feeebd0728ac

Sharing

Copy URL Twitter E-mail

General

Target

b4b61f7202dc09bd7a8aec440068e0712d570a2430dd4ae65bf4feeebd0728ac
Size

781KB
MD5

90dff172c6e44b8c23ba3d0b68b334e0
SHA1

c5a825bd8da389ea926e4b75a383161cea09e8d0
SHA256

b4b61f7202dc09bd7a8aec440068e0712d570a2430dd4ae65bf4feeebd0728ac
SHA512

65e402459d3c5ad243935a7ca1393d53f57497ecf7d43b339a04bf668f7392ce63f6bdb73533f29a8a42bd88d878bcd9afe8b791387b4d43ebcdd7db5f171721
SSDEEP

12288:E3awRSOXnJXYq43x3Orj2WeWszKVyRQO8/86ZbF9CI6:E3FZZohixetEy4xF4

Score

N/A

Malware Config

Signatures

Files

b4b61f7202dc09bd7a8aec440068e0712d570a2430dd4ae65bf4feeebd0728ac
.exe windows x86

cb95b9e36c4eb33d908be8ae4d1ec6cd

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

12:d5:c9:e2:94:9d:48:ab:ac:cd:35:14:f0:fb:22:ad
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

03/08/2009, 00:00

Not After

03/08/2012, 23:59

Subject

CN=ASUSTeK Computer Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Quality Testing Department,O=ASUSTeK Computer Inc.,L=Taipei / Peitou,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

86:e3:95:6b:0d:64:23:1c:73:7e:91:99:28:e7:99:b0:78:23:ca:fa
Signer

Actual PE Digest

86:e3:95:6b:0d:64:23:1c:73:7e:91:99:28:e7:99:b0:78:23:ca:fa

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=ASUSTeK Computer Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Quality Testing Department,O=ASUSTeK Computer Inc.,L=Taipei / Peitou,ST=Taiwan,C=TW

16/02/2012, 08:01
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileType
HeapSize
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
LCMapStringA
LCMapStringW
FatalAppExitA
QueryPerformanceCounter
SetStdHandle
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
IsBadWritePtr
GetTimeZoneInformation
GetOEMCP
GetCPInfo
IsBadReadPtr
IsBadCodePtr
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
GetStringTypeW
SetConsoleCtrlHandler
CompareStringA
CompareStringW
SetEnvironmentVariableA
ExitThread
TerminateProcess
Sleep
CreateProcessW
HeapReAlloc
HeapFree
HeapAlloc
ExitProcess
RtlUnwind
GetStartupInfoW
GetDiskFreeSpaceW
GetTempFileNameW
LocalLock
LocalUnlock
SetErrorMode
GetFileTime
GetFileAttributesW
SetFileAttributesW
SetFileTime
LocalFileTimeToFileTime
FileTimeToLocalFileTime
GetShortPathNameW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetStringTypeExW
DeleteFileW
MoveFileW
GetCurrentDirectoryW
FindResourceExW
SystemTimeToFileTime
FileTimeToSystemTime
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
GlobalFlags
lstrcmpiW
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GlobalGetAtomNameW
SuspendThread
SetEvent
ResumeThread
SetThreadPriority
GetCurrentThread
lstrcmpA
lstrcmpiA
ConvertDefaultLocale
EnumResourceLanguagesW
GetLocaleInfoW
VirtualProtect
WideCharToMultiByte
SetLastError
CopyFileW
MulDiv
lstrcpyW
GlobalSize
GlobalAlloc
FormatMessageW
LocalFree
lstrcpynW
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetModuleHandleA
LoadLibraryA
lstrlenW
lstrcatW
lstrcmpW
GetVersionExA
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
GetExitCodeThread
InterlockedDecrement
lstrlenA
GetVersion
WaitForSingleObject
FreeLibrary
LoadLibraryW
MultiByteToWideChar
GetUserDefaultUILanguage
GetPrivateProfileStringW
GetLocalTime
GetPrivateProfileSectionNamesW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetProcAddress
GetCurrentProcess
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetModuleFileNameW
CreateThread
CreateEventW
GetLastError
CreateFileW
CloseHandle
GetModuleHandleW
FindResourceW
LoadResource
LockResource
GetTickCount
SizeofResource

user32

GetKeyNameTextW
CharUpperW
DeleteMenu
GetSysColorBrush
GetDialogBaseUnits
SystemParametersInfoW
GetMenuItemInfoW
InflateRect
UnpackDDElParam
ReuseDDElParam
LoadMenuW
DestroyMenu
ReleaseCapture
LoadAcceleratorsW
InvalidateRect
InsertMenuItemW
SetRectEmpty
BringWindowToTop
SetMenu
TranslateAcceleratorW
wsprintfW
GetMessageW
TranslateMessage
ValidateRect
ShowOwnedPopups
SetCursor
PostQuitMessage
MapDialogRect
GetAsyncKeyState
EndPaint
BeginPaint
GetWindowDC
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetMenuStringW
InsertMenuW
RemoveMenu
SetMenuItemBitmaps
ModifyMenuW
GetMenuState
EnableMenuItem
GetMenuCheckMarkDimensions
LoadBitmapW
ScrollWindowEx
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemTextW
SetDlgItemInt
GetDlgItemTextW
GetDlgItemInt
CheckRadioButton
CheckDlgButton
WinHelpW
GetCapture
CreateWindowExW
SetWindowsHookExW
CallNextHookEx
GetClassInfoExW
GetClassLongW
GetClassNameW
SetPropW
GetPropW
MapVirtualKeyW
SendDlgItemMessageW
SendDlgItemMessageA
GetFocus
SetFocus
IsChild
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
FillRect
PostMessageW
UnregisterClassA
GetClientRect
SetTimer
KillTimer
EnableWindow
SetLayeredWindowAttributes
LoadCursorW
UnregisterDeviceNotification
SendMessageW
RegisterDeviceNotificationW
UpdateWindow
LoadIconW
GetKeyState
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
IsWindowVisible
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
GetClassInfoW
IsRectEmpty
UnionRect
SetParent
GetSystemMenu
SetCapture
LockWindowUpdate
GetDCEx
RegisterClassW
UnregisterClassW
SetWindowPlacement
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
SetWindowLongW
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
CopyRect
GetTabbedTextExtentW
MessageBeep
IsClipboardFormatAvailable
WindowFromPoint
RemovePropW
SetRect
MessageBoxW
CreatePopupMenu
AppendMenuW
CheckMenuItem
SetMenuDefaultItem
SetForegroundWindow
DestroyIcon
LoadImageW
FindWindowW
GetCursorPos
RegisterWindowMessageW
GetParent
GetSysColor
GetDC
ReleaseDC
RedrawWindow
EndDialog
GetNextDlgTabItem
IsWindowEnabled
GetDlgItem
GetWindowLongW
IsWindow
DestroyWindow
CreateDialogIndirectParamW
PtInRect
GetWindow
GetDesktopWindow
GetActiveWindow
SetActiveWindow
GetSystemMetrics
ClientToScreen

gdi32

SetRectRgn
CombineRgn
GetMapMode
PatBlt
DPtoLP
GetTextMetricsW
EnumFontFamiliesExW
StretchDIBits
CreateRectRgnIndirect
CreateFontW
GetBkColor
StartPage
EndPage
SetAbortProc
AbortDoc
EndDoc
CreateCompatibleBitmap
CreateHatchBrush
CreateSolidBrush
ExtCreatePen
CreatePen
PlayMetaFile
EnumMetaFile
GetObjectType
PlayMetaFileRecord
SelectPalette
GetStockObject
CreateCompatibleDC
CreateDIBPatternBrushPt
DeleteDC
ExtSelectClipRgn
PolyBezierTo
PolylineTo
PolyDraw
ArcTo
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
GetCharWidthW
CreatePatternBrush
RectVisible
PtVisible
StartDocW
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
SelectClipPath
CreateRectRgn
GetClipRgn
SelectClipRgn
SetColorAdjustment
SetArcDirection
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
SetMapMode
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
CreateDCW
CopyMetaFileW
GetDeviceCaps
CreateBitmap
GetObjectW
SetBkColor
SetTextColor
GetClipBox
GetDCOrgEx
GetTextExtentPoint32W
CreateFontIndirectW
DeleteObject
TextOutW

comdlg32

FindTextW
CommDlgExtendedError
ReplaceTextW
GetOpenFileNameW
GetSaveFileNameW
GetFileTitleW
PageSetupDlgW
PrintDlgW

winspool.drv

GetJobW
OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

SetFileSecurityW
RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
FreeSid
LookupAccountSidA
AllocateAndInitializeSid
RegSetValueW
RegOpenKeyW
RegDeleteKeyW
RegEnumKeyW
RegQueryValueW
RegCreateKeyExW
GetFileSecurityW
RegDeleteValueW
RegCreateKeyW

shell32

SHGetFileInfoW
ShellExecuteW
Shell_NotifyIconW
DragFinish
DragQueryFileW
SHGetSpecialFolderPathW
ExtractIconW

comctl32

ord17
PropertySheetW
DestroyPropertySheetPage
CreatePropertySheetPageW
ImageList_Draw
ImageList_GetImageInfo
ord13
ImageList_Read
ImageList_Write
ord14
ImageList_Destroy
ImageList_Create
ImageList_LoadImageW
ImageList_Merge

shlwapi

PathRemoveExtensionW
PathFindFileNameW
PathStripToRootW
PathFindExtensionW
PathIsUNCW

ole32

CoUninitialize
CoInitialize
CreateStreamOnHGlobal
CoCreateInstance
StgCreateDocfile
CreateBindCtx
CoInitializeSecurity
CoInitializeEx
CoTaskMemFree
SetConvertStg
WriteFmtUserTypeStg
WriteClassStg
OleRegGetUserType
ReadFmtUserTypeStg
ReadClassStg
CoTaskMemAlloc
ReleaseStgMedium
OleDuplicateData
StringFromCLSID
CoTreatAsClass
CoDisconnectObject
StringFromGUID2
CLSIDFromString

oleaut32

VariantInit
SysFreeString
SysAllocString
SysAllocStringLen
VariantChangeType
SysStringLen
CreateErrorInfo
SysAllocStringByteLen
SysStringByteLen
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
SafeArrayRedim
VariantCopy
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayCopy
SafeArrayGetElement
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
VariantTimeToSystemTime
SystemTimeToVariantTime
VarDateFromStr
SysReAllocStringLen
VarBstrFromDec
VarDecFromStr
VarCyFromStr
VarBstrFromCy
VarBstrFromDate
GetErrorInfo
SetErrorInfo
VariantClear

gdiplus

GdipSetPixelOffsetMode
GdipSetTextRenderingHint
GdipGetImageGraphicsContext
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDrawString
GdipDisposeImage
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCloneImage
GdipCloneBrush
GdiplusShutdown
GdipFree
GdipAlloc
GdipDeleteBrush
GdipCreateStringFormat
GdipDeleteStringFormat
GdipDeleteGraphics
GdipCreateFontFamilyFromName
GdipGetGenericFontFamilySansSerif
GdipDeleteFontFamily
GdipCreateFont
GdipDeleteFont
GdipGetImageWidth
GdipGetImageHeight
GdipCreateHBITMAPFromBitmap
GdiplusStartup
GdipCreateSolidFill

wtsapi32

WTSRegisterSessionNotification
WTSUnRegisterSessionNotification

Sections

.text
Size: 344KB - Virtual size: 341KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 305KB - Virtual size: 305KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cb95b9e36c4eb33d908be8ae4d1ec6cd

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

12:d5:c9:e2:94:9d:48:ab:ac:cd:35:14:f0:fb:22:adCertificate

Extended Key Usages

Key Usages

86:e3:95:6b:0d:64:23:1c:73:7e:91:99:28:e7:99:b0:78:23:ca:faSigner

Signature Validations

Verification

16/02/2012, 08:01 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

gdiplus

wtsapi32

Sections

.text Size: 344KB - Virtual size: 341KB

.rdata Size: 112KB - Virtual size: 110KB

.data Size: 16KB - Virtual size: 29KB

.rsrc Size: 305KB - Virtual size: 305KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

12:d5:c9:e2:94:9d:48:ab:ac:cd:35:14:f0:fb:22:ad
Certificate

86:e3:95:6b:0d:64:23:1c:73:7e:91:99:28:e7:99:b0:78:23:ca:fa
Signer

16/02/2012, 08:01
Valid: false

.text
Size: 344KB - Virtual size: 341KB

.rdata
Size: 112KB - Virtual size: 110KB

.data
Size: 16KB - Virtual size: 29KB

.rsrc
Size: 305KB - Virtual size: 305KB