c35364ffe24a423471e7d035a8b0a87f326718b4c54a96378ff0db99016652cd

Sharing

Copy URL

Twitter E-mail

General

Target

c35364ffe24a423471e7d035a8b0a87f326718b4c54a96378ff0db99016652cd
Size

897KB
MD5

70cfc6523ccd8e1e7ddba098232f924a
SHA1

fce2a6409c6fff6b390f748581f316ebb3d514e2
SHA256

c35364ffe24a423471e7d035a8b0a87f326718b4c54a96378ff0db99016652cd
SHA512

221c26c40e5bb2ae7409556404383bf89c0b2d27859b6e16593df9441e4a70858a490b552150451375965f85e1e4f8fa62c5db0918a14fde3fd759ee4ab754ba
SSDEEP

12288:2Zbo/2S2XbZnEfEo4/ofxCmhHGUDYo9JrxDWAxcsyq69EfEEFTtH2h1aN:Z/z2rv/ofxCmBGUDH9JNkSfEE3KEN

Score

N/A

Malware Config

Signatures

Files

c35364ffe24a423471e7d035a8b0a87f326718b4c54a96378ff0db99016652cd
.exe windows x86

525cf47d52a7d66e10a4a80cfd1c0378

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:a2:30:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:01

Not After

25/07/2013, 19:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

82:60:c9:a0:47:d0:d8:e4:9d:9a:33:78:44:88:6c:9e:f3:f8:e4:03
Signer

Actual PE Digest

82:60:c9:a0:47:d0:d8:e4:9d:9a:33:78:44:88:6c:9e:f3:f8:e4:03

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

17/04/2010, 09:11
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegCreateKeyW
RegEnumValueW

kernel32

FreeLibrary
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleHandleW
GetProcAddress
Sleep
CompareStringW
SetErrorMode
GetCommandLineW
HeapSetInformation
GetCurrentProcessId
LoadLibraryW
GetFileAttributesW
DeleteFileW
CreateFileW
GetSystemTimeAsFileTime
RemoveDirectoryW
GetDriveTypeW
LockResource
EnumResourceLanguagesW
GetTickCount
MulDiv
SetFileTime
GetVersionExW
GetFileSize
CompareFileTime
lstrcmpW
SetLastError
GlobalAlloc
GlobalLock
GlobalUnlock
CreateDirectoryW
lstrlenA
CreateEventW
MultiByteToWideChar
GetCurrentProcess
FlushInstructionCache
WaitForSingleObject
GetModuleFileNameW
lstrcmpiW
CreateMutexW
HeapSize
HeapReAlloc
HeapDestroy
CloseHandle
FormatMessageW
LocalFree
HeapAlloc
RaiseException
EnterCriticalSection
LeaveCriticalSection
ReleaseMutex
InterlockedIncrement
InterlockedDecrement
SetEvent
lstrlenW
InitializeCriticalSection
DeleteCriticalSection
GetCurrentThreadId
GetVersionExA
InterlockedCompareExchange
GetLastError
MoveFileExW
GetProcessHeap
GetModuleHandleA
GetVersion
OutputDebugStringA
ExpandEnvironmentStringsW
HeapFree
GetTempPathW
GetUserDefaultLCID
GetDiskFreeSpaceW
WideCharToMultiByte
FindNextFileW
ReadFile
SetThreadExecutionState
GetVolumeInformationW
FindFirstFileW
FindClose
GetDateFormatW
GetTimeFormatW
GetFullPathNameW
GetUserDefaultUILanguage
EnumUILanguagesW
CreateThread
GetLocaleInfoW
WaitForMultipleObjects
GetDiskFreeSpaceExW
GetFileSizeEx
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetStartupInfoA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA

gdi32

Rectangle
SetTextColor
CreateFontIndirectW
SetBkColor
ExtTextOutW
GetStockObject
CreateSolidBrush
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteDC
DeleteObject
GetObjectW
CreatePen

user32

DestroyWindow
LoadStringW
IsWindow
IsWindowEnabled
GetDlgCtrlID
GetDlgItemInt
GetLastActivePopup
SendMessageW
GetNextDlgTabItem
UpdateWindow
PostMessageW
GetSysColorBrush
CreateDialogParamW
IsWindowVisible
GetCapture
LoadBitmapW
KillTimer
EnableWindow
ShowWindow
DrawFrameControl
BringWindowToTop
SetCursor
SetTimer
AllowSetForegroundWindow
SetProcessDefaultLayout
GetSystemMetrics
GetKeyState
LoadIconW
GetWindowRect
SystemParametersInfoW
MapWindowPoints
EndDialog
CreateAcceleratorTableW
CreateWindowExW
GetFocus
GetWindow
SetFocus
DestroyAcceleratorTable
GetDesktopWindow
BeginPaint
EndPaint
FillRect
ReleaseCapture
GetClassNameW
GetDlgItem
GetWindowLongW
IsChild
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
ScreenToClient
ClientToScreen
GetClientRect
SetWindowPos
MoveWindow
DialogBoxParamW
GetSysColor
RegisterWindowMessageW
MessageBeep
LoadCursorW
RegisterClassExW
GetWindowTextLengthW
GetWindowTextW
UnregisterClassA
CopyRect
IsRectEmpty
SetRectEmpty
EqualRect
FindWindowExW
CharUpperBuffW
CharUpperW
SetWindowTextW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
GetClassInfoExW
PostThreadMessageW
CharNextW
MessageBoxW
SetForegroundWindow
GetActiveWindow
GetForegroundWindow
DefWindowProcW
FlashWindow
FindWindowW
SetWindowLongW
FlashWindowEx
GetParent
LoadImageW
CallWindowProcW

msvcr80

wcscat_s
_snwprintf_s
_wtoi
swscanf_s
??3@YAXPAX@Z
_CxxThrowException
__CxxFrameHandler3
??_V@YAXPAX@Z
??_U@YAPAXI@Z
memcpy
free
??2@YAPAXI@Z
_recalloc
memcpy_s
malloc
wcsncpy_s
calloc
wcsstr
memmove
_beginthreadex
memset
wcscpy_s
fclose
fputws
_setmode
_fileno
_wfopen
_purecall
swprintf_s
_vsnwprintf
iswspace
wcspbrk
memmove_s
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_wcsicmp

shell32

CommandLineToArgvW
ShellExecuteExW
SHGetSpecialFolderPathW
SHGetDiskFreeSpaceExW
SHGetDesktopFolder
ord747
SHFileOperationW
SHCreateQueryCancelAutoPlayMoniker
SHPathPrepareForWriteW

ole32

OleInitialize
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CreateStreamOnHGlobal
CoFileTimeNow
StringFromCLSID
OleFlushClipboard
OleIsCurrentClipboard
CoCreateInstance
OleUninitialize
StringFromGUID2
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoCreateGuid
CoResumeClassObjects
GetRunningObjectTable

oleaut32

SysAllocString
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
VariantClear
VariantInit
SysStringByteLen
VarUI4FromStr
SysAllocStringLen
SysStringLen
SysFreeString
VarBstrCmp
SafeArrayGetLBound
SafeArrayCopy
SafeArrayGetElement
VariantCopy
SysAllocStringByteLen
SafeArrayCreateVector
SafeArrayPutElement
SafeArrayDestroy
VarCmp

comctl32

ImageList_Add
InitCommonControlsEx
DestroyPropertySheetPage
ImageList_Destroy
CreatePropertySheetPageW
ImageList_AddMasked
ImageList_Create
PropertySheetW

shlwapi

PathFindFileNameW
PathStripToRootW
PathFileExistsW
PathRemoveFileSpecW
PathAppendW

msi

ord90

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

uxtheme

GetThemeColor
SetWindowTheme
OpenThemeData
CloseThemeData

setupapi

SetupDiCreateDeviceInfoList
SetupDiOpenDeviceInterfaceW
SetupDiGetDeviceInterfaceAlias
SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList

wlxvideotrim

CreateAVICopierDirect

rpcrt4

UuidFromStringW
UuidEqual
RpcStringFreeW
UuidToStringW
UuidCreate

wmvcore

WMCreateProfileManager

d3d9

Direct3DCreate9

gdiplus

GdipSetInterpolationMode
GdipGetImageGraphicsContext
GdipGetImageEncodersSize
GdipDrawImageRectI
GdipCloneImage
GdipCreateBitmapFromGdiDib
GdipCreateBitmapFromScan0
GdipGetImageThumbnail
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipGetImageEncoders
GdipAlloc
GdiplusShutdown
GdiplusStartup
GdipFree
GdipDeleteGraphics
GdipDisposeImage
GdipSaveImageToFile
GdipGetImageWidth
GdipGetImageHeight

Sections

.text
Size: 501KB - Virtual size: 500KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 23KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 124KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

525cf47d52a7d66e10a4a80cfd1c0378

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:01:cf:3e:00:00:00:00:00:0fCertificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

61:05:a2:30:00:00:00:00:00:08Certificate

Extended Key Usages

Key Usages

82:60:c9:a0:47:d0:d8:e4:9d:9a:33:78:44:88:6c:9e:f3:f8:e4:03Signer

Signature Validations

Verification

17/04/2010, 09:11 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

msvcr80

shell32

ole32

oleaut32

comctl32

shlwapi

msi

version

uxtheme

setupapi

wlxvideotrim

rpcrt4

wmvcore

d3d9

gdiplus

Sections

.text Size: 501KB - Virtual size: 500KB

.data Size: 23KB - Virtual size: 28KB

.rsrc Size: 124KB - Virtual size: 128KB

.reloc Size: 88KB - Virtual size: 88KB

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:01:cf:3e:00:00:00:00:00:0f
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:05:a2:30:00:00:00:00:00:08
Certificate

82:60:c9:a0:47:d0:d8:e4:9d:9a:33:78:44:88:6c:9e:f3:f8:e4:03
Signer

17/04/2010, 09:11
Valid: false

.text
Size: 501KB - Virtual size: 500KB

.data
Size: 23KB - Virtual size: 28KB

.rsrc
Size: 124KB - Virtual size: 128KB

.reloc
Size: 88KB - Virtual size: 88KB