6d4ff48d73c5247fef362a11396a70f9287847a200762d3ea5b2529ff3722503

Sharing

Copy URL Twitter E-mail

General

Target

6d4ff48d73c5247fef362a11396a70f9287847a200762d3ea5b2529ff3722503
Size

374KB
MD5

791da5695e69a89061b984ffdd98c8ff
SHA1

3bea2a1bbe8fdcf9495bc7689533e476d90659b9
SHA256

6d4ff48d73c5247fef362a11396a70f9287847a200762d3ea5b2529ff3722503
SHA512

c7b1b6be8a30e38194b3aaa280dd4614b3f8c4fb433d973634542bcecbeaf86b06067c7c5a06a87c777f7dac6eac9144ffd39c0986287ba02db478c2a8486c95
SSDEEP

6144:KGb8OmtYuTi3TtgKII0mzeEmTR+TOznNhXWQgXdJ/:1I8D3Bg3/E4+MNg/

Score

N/A

Malware Config

Signatures

Files

6d4ff48d73c5247fef362a11396a70f9287847a200762d3ea5b2529ff3722503
.exe windows x86

a69e3f0f0a011db492ea024e2d632c88

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

37:d3:74:0f:b0:4d:b7:fa:54:df:df:35:8b:ef:6d:5f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

17/02/2009, 00:00

Not After

12/04/2012, 23:59

Subject

CN=CyberLink,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=CyberLink,L=Taipei,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b6:50:ea:8d:fb:b1:1c:6b:3f:bd:f7:83:66:96:b9:dd:14:d0:e7:90
Signer

Actual PE Digest

b6:50:ea:8d:fb:b1:1c:6b:3f:bd:f7:83:66:96:b9:dd:14:d0:e7:90

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=CyberLink,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=CyberLink,L=Taipei,ST=Taiwan,C=TW

01/12/2009, 08:40
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeLibrary
LoadLibraryW
IsValidLocale
GetLocaleInfoW
EnumResourceLanguagesW
GetPrivateProfileStringW
GetUserDefaultLCID
GetUserDefaultUILanguage
SetThreadPriority
RaiseException
DeleteCriticalSection
LocalFree
MultiByteToWideChar
FlushFileBuffers
CreateFileA
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeW
GetStringTypeA
LoadLibraryA
GetConsoleMode
GetConsoleCP
SetFilePointer
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
GetModuleFileNameW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetModuleHandleW
CloseHandle
SearchPathW
EnterCriticalSection
LeaveCriticalSection
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
InterlockedExchange
GetCommandLineW
OpenMutexW
WaitForSingleObject
ReleaseMutex
CreateEventW
CreateProcessW
WriteConsoleW
InterlockedDecrement
FreeEnvironmentStringsW
GetEnvironmentStrings
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetProcAddress
FreeEnvironmentStringsA
Sleep
LCMapStringW
WideCharToMultiByte
LCMapStringA
IsValidCodePage
GetOEMCP
GetCPInfo
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
HeapCreate
VirtualAlloc
VirtualFree
InitializeCriticalSection
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetACP
GetLocaleInfoA
GetThreadLocale
RtlUnwind
GetLastError
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
CreateThread
GetCurrentThreadId
GetStartupInfoW
GetModuleHandleA

user32

DrawTextW
FindWindowW
PostMessageW
GetWindowRect
UnregisterClassW
SendMessageW
KillTimer
DefWindowProcW
RegisterClassExW
EndPaint
ReleaseDC
GetDC
BeginPaint
SetTimer
SetLayeredWindowAttributes
SetWindowLongW
GetWindowLongW
DispatchMessageW
GetMessageW
TranslateMessage
CreateWindowExW
DialogBoxParamW
UnregisterClassA
InvalidateRect
EndDialog
MonitorFromRect
GetMonitorInfoW
MoveWindow
SetWindowRgn

gdi32

CreateFontIndirectW
SetTextColor
CreateRoundRectRgn
SetStretchBltMode
DeleteObject
CreateDIBSection
BitBlt
GetObjectW
SelectObject
DeleteDC
CreateCompatibleDC
SetBkMode

advapi32

RegSetValueExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW

shell32

CommandLineToArgvW

ole32

CreateStreamOnHGlobal

shlwapi

PathAppendW
PathRemoveFileSpecW
PathCombineW
PathAddBackslashW

gdiplus

GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc
GdipDeleteGraphics
GdipLoadImageFromStream
GdipDisposeImage
GdipGetImageBounds
GdipGetImageWidth
GdipGetImageHeight
GdipCreateFromHDC
GdipDrawImageRect

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a69e3f0f0a011db492ea024e2d632c88

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

37:d3:74:0f:b0:4d:b7:fa:54:df:df:35:8b:ef:6d:5fCertificate

Extended Key Usages

Key Usages

b6:50:ea:8d:fb:b1:1c:6b:3f:bd:f7:83:66:96:b9:dd:14:d0:e7:90Signer

Signature Validations

Verification

01/12/2009, 08:40 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

gdiplus

Sections

.text Size: 80KB - Virtual size: 79KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 104KB - Virtual size: 100KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

37:d3:74:0f:b0:4d:b7:fa:54:df:df:35:8b:ef:6d:5f
Certificate

b6:50:ea:8d:fb:b1:1c:6b:3f:bd:f7:83:66:96:b9:dd:14:d0:e7:90
Signer

01/12/2009, 08:40
Valid: false

.text
Size: 80KB - Virtual size: 79KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 104KB - Virtual size: 100KB