2703e9c57602a83a20733d8839b237f3be86c726cf6c0dba3cbe5596f55830fa

Sharing

Copy URL Twitter E-mail

General

Target

2703e9c57602a83a20733d8839b237f3be86c726cf6c0dba3cbe5596f55830fa
Size

339KB
MD5

158fc2009e367d63f06592bc3aaf2998
SHA1

b6a7a819e93bcd65143e83bfc87f53e283efdb07
SHA256

2703e9c57602a83a20733d8839b237f3be86c726cf6c0dba3cbe5596f55830fa
SHA512

3f0650ae269ebdc4acb9e2c96ed201d621e06fa8aac738a8f4ec0f759f4ffe8dc0271dfa24657d7b0605d007a66c46e0c5ad1285ec7c1af989ec52543a245a2a
SSDEEP

6144:EnkBbY+2MszJXdCz5toUlS0xcimUfZnNeT+WAeAbkZwTagAP3WNJjc9hk1Z:hROzJX0z5toCZci3MT+WoQZwTaFP3WNB

Score

N/A

Malware Config

Signatures

Files

2703e9c57602a83a20733d8839b237f3be86c726cf6c0dba3cbe5596f55830fa
.exe windows x86

a7ebe4627d7ca4804a734f32e1ea8016

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:54:8d:34:bc:72:7d:ed:eb:3c:b1:d4:52:ba:3f:fb
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

16/08/2010, 00:00

Not After

16/08/2011, 23:59

Subject

CN=RealNetworks\, Inc.,OU=Media Web Services,O=RealNetworks\, Inc.,L=Seattle,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

26:86:91:d6:13:c0:3d:61:e7:65:4e:30:a4:fe:94:fa:2a:a6:af:1f
Signer

Actual PE Digest

26:86:91:d6:13:c0:3d:61:e7:65:4e:30:a4:fe:94:fa:2a:a6:af:1f

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=RealNetworks\, Inc.,OU=Media Web Services,O=RealNetworks\, Inc.,L=Seattle,ST=Washington,C=US

23/10/2010, 00:28
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoInitialize
CoCreateInstance
CoUninitialize

shlwapi

SHDeleteValueA

wininet

InternetOpenA
HttpQueryInfoA
InternetReadFile
InternetSetOptionA
InternetCloseHandle
InternetOpenUrlA

user32

CharPrevA
CharNextA
GetSystemMetrics
MessageBoxA
GetShellWindow
GetWindowThreadProcessId
wsprintfA

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString

advapi32

ConvertStringSidToSidW
LookupAccountSidW
RegCreateKeyA
RegSetValueExA
IsValidSid
GetLengthSid
InitializeAcl
AddAccessDeniedAce
AddAccessAllowedAce
DuplicateTokenEx
InitializeSecurityDescriptor
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
OpenProcessToken
GetTokenInformation
RegSetValueA
RegQueryValueA
FreeSid
GetUserNameA
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
LookupAccountNameA
AllocateAndInitializeSid
ConvertSidToStringSidW

shell32

ShellExecuteExA
SHGetSpecialFolderPathA

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

secur32

GetUserNameExW

kernel32

GetCurrentProcessId
QueryPerformanceCounter
SetUnhandledExceptionFilter
TlsSetValue
TlsFree
GetTimeZoneInformation
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
IsBadReadPtr
IsBadCodePtr
FlushFileBuffers
SetEnvironmentVariableA
GetFullPathNameA
GetCurrentDirectoryA
TlsGetValue
GetModuleFileNameA
GetCurrentThreadId
SetLastError
TlsAlloc
TerminateProcess
VirtualFree
HeapCreate
SetFilePointer
InterlockedExchange
MultiByteToWideChar
WideCharToMultiByte
RaiseException
GetLastError
InitializeCriticalSection
DeleteCriticalSection
lstrlenA
lstrcpyA
CloseHandle
ReadFile
PeekNamedPipe
WriteFile
ConnectNamedPipe
CreateNamedPipeA
CreateProcessA
OpenProcess
GetVersionExA
FreeLibrary
GetProcAddress
LoadLibraryA
IsBadWritePtr
FindClose
DeleteFileA
MoveFileExA
FindFirstFileA
CreateRemoteThread
OutputDebugStringA
WriteProcessMemory
SetEnvironmentVariableW
DuplicateHandle
GetCurrentProcess
GetModuleHandleA
VirtualAllocEx
GetFileSize
CreateFileA
CompareStringA
CompareStringW
GetPrivateProfileStringA
GetLocaleInfoA
CopyFileA
Sleep
GetTickCount
LocalFree
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
GetDriveTypeA
GetFileAttributesA
CreateDirectoryA
GetTempPathA
InterlockedIncrement
InterlockedDecrement
GetSystemInfo
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetTempFileNameA
GetACP
EnterCriticalSection
LeaveCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
SetEndOfFile
GetFileType
GetFileInformationByHandle
FileTimeToLocalFileTime
VirtualProtect
VirtualAlloc
VirtualQuery
RtlUnwind
ExitProcess
GetSystemTimeAsFileTime
GetStartupInfoA
GetCommandLineA
GetOEMCP
GetCPInfo
FileTimeToSystemTime

Sections

.text
Size: 120KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a7ebe4627d7ca4804a734f32e1ea8016

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6dCertificate

Key Usages

4c:54:8d:34:bc:72:7d:ed:eb:3c:b1:d4:52:ba:3f:fbCertificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

26:86:91:d6:13:c0:3d:61:e7:65:4e:30:a4:fe:94:fa:2a:a6:af:1fSigner

Signature Validations

Verification

23/10/2010, 00:28 Valid: false

Headers

File Characteristics

Imports

ole32

shlwapi

wininet

user32

oleaut32

advapi32

shell32

version

secur32

kernel32

Sections

.text Size: 120KB - Virtual size: 116KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 8KB - Virtual size: 10KB

.rsrc Size: 28KB - Virtual size: 24KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

4c:54:8d:34:bc:72:7d:ed:eb:3c:b1:d4:52:ba:3f:fb
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

26:86:91:d6:13:c0:3d:61:e7:65:4e:30:a4:fe:94:fa:2a:a6:af:1f
Signer

23/10/2010, 00:28
Valid: false

.text
Size: 120KB - Virtual size: 116KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 8KB - Virtual size: 10KB

.rsrc
Size: 28KB - Virtual size: 24KB