701ae31aecc7ba69170232c9377fc2e47bf0db645c69a4eaff5a77fd88bba93c

Sharing

Copy URL

Twitter E-mail

General

Target

701ae31aecc7ba69170232c9377fc2e47bf0db645c69a4eaff5a77fd88bba93c
Size

1009KB
MD5

5ff0f4babd66312e8a18af759b6fec30
SHA1

3acc1960fa9be36686361cd89699c29204e3d70b
SHA256

701ae31aecc7ba69170232c9377fc2e47bf0db645c69a4eaff5a77fd88bba93c
SHA512

a46e02cd257ac300ef255158290dc1db6893548cfdcb44b5402d98bb21dbab42bd05d9fd8c2187d21e71ce02e68407fb2bd4deb8fec93b360ee4dc2a4f4ce732
SSDEEP

24576:Fcnb/+NPS/snsjLcvdEo++O2+u9A99Js:sirsjLcvdEopOxuejJ

Score

N/A

Malware Config

Signatures

Files

701ae31aecc7ba69170232c9377fc2e47bf0db645c69a4eaff5a77fd88bba93c
.exe windows x86

b921dc9576481ab7343e2c58fd338061

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:ee:2c:9d:ad:71:45:09:44:a1:13:71:a8:0c:00:69
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

21/03/2008, 00:00

Not After

23/04/2011, 23:59

Subject

CN=Intel Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=ISWQL,O=Intel Corporation,L=Folsom,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

88:20:29:9f:2f:82:5d:c0:2c:c3:67:48:8e:12:5c:7e:dd:31:ec:17
Signer

Actual PE Digest

88:20:29:9f:2f:82:5d:c0:2c:c3:67:48:8e:12:5c:7e:dd:31:ec:17

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Intel Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=ISWQL,O=Intel Corporation,L=Folsom,ST=California,C=US

30/03/2011, 06:27
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CopyFileW
SetFileAttributesW
LocalFree
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
LoadLibraryW
CreateFileW
GetFileSize
ReadFile
MultiByteToWideChar
GetFileTime
GetPrivateProfileStringW
GetModuleFileNameA
WriteFile
CreateMutexW
CreateThread
GetLocalTime
GetCommandLineW
GetTickCount
SetFilePointer
EnumResourceLanguagesW
GetUserDefaultLangID
GetUserDefaultUILanguage
GetVersion
ConvertDefaultLocale
GetLocaleInfoW
GetVersionExW
GetCurrentProcess
GetSystemInfo
GetSystemWow64DirectoryW
OpenProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
TerminateProcess
GetExitCodeProcess
GlobalAlloc
GlobalLock
GlobalUnlock
GetTempFileNameW
ExitProcess
CreateEventW
SetEvent
SetErrorMode
SetEndOfFile
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
FlushFileBuffers
LoadLibraryA
GetOEMCP
GetACP
HeapSize
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStartupInfoA
SetHandleCount
GetCurrentThreadId
TlsFree
GetFileType
GetStdHandle
HeapCreate
GetTempPathW
MoveFileExW
DeleteFileW
GetEnvironmentVariableW
GetSystemDirectoryW
GetCurrentDirectoryW
FreeLibrary
GetProcAddress
GlobalFree
LoadLibraryExW
RemoveDirectoryW
MoveFileW
Sleep
GetFileAttributesW
CompareFileTime
GetWindowsDirectoryW
WaitForSingleObject
CreateProcessW
FindNextFileW
FindClose
FindFirstFileW
TlsGetValue
SetLastError
VerifyVersionInfoW
VerSetConditionMask
GetModuleFileNameW
WideCharToMultiByte
CloseHandle
GetLastError
CreateFileA
SizeofResource
LockResource
LoadResource
HeapDestroy
HeapReAlloc
VirtualAlloc
VirtualFree
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetCPInfo
FindResourceW
GetModuleHandleW
TlsAlloc
TlsSetValue
SetFileAttributesA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
RaiseException
RtlUnwind
GetStartupInfoW
GetProcessHeap
GetVersionExA
GetModuleHandleA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetConsoleMode
GetConsoleCP
HeapFree
HeapAlloc
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedExchange
InterlockedCompareExchange
InterlockedDecrement
InterlockedIncrement
LocalAlloc

user32

MessageBoxIndirectW
GetDlgItem
SendMessageW
ShowWindow
EndDialog
MessageBoxW
DialogBoxParamW
SetDlgItemTextW
ReleaseDC
GetDC
SetFocus
DialogBoxIndirectParamW
SetWindowPos
GetClientRect
MonitorFromWindow
GetMonitorInfoW
OffsetRect
GetWindowLongW
AdjustWindowRect
GetWindowRect
SetWindowTextW
DrawTextW
wsprintfW
LoadIconW
LoadImageW
SetRectEmpty
PostMessageW
EnableWindow
SendMessageTimeoutW
ExitWindowsEx
EnumWindows
GetWindowThreadProcessId
GetWindowModuleFileNameW
LoadStringW
KillTimer
SendDlgItemMessageW
SetTimer

gdi32

SetBkMode
SetTextColor
DeleteDC
GetTextExtentPoint32W
SelectObject
CreateCompatibleDC
DeleteObject
CreateFontW
GetStockObject

advapi32

RegDeleteValueW
RegQueryValueExW
RegSetValueExW
RegOpenKeyExW
RegEnumValueW
RegCloseKey
GetNamedSecurityInfoW
SetNamedSecurityInfoW
IsTextUnicode
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
DeleteService
ControlService
StartServiceW
CloseServiceHandle
ChangeServiceConfigW
ChangeServiceConfig2W
CreateServiceW
OpenServiceW
OpenSCManagerW
QueryServiceStatus
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegCreateKeyExW

shell32

SHCreateDirectoryExW
SHCreateDirectoryExA
SHGetFolderPathW

ole32

CoCreateInstance
CLSIDFromString
CoInitialize
CoUninitialize

cabinet

ord22
ord23
ord20
ord21

setupapi

SetupDiGetDeviceRegistryPropertyW
SetupOpenInfFileW
SetupCloseInfFile
SetupFindFirstLineW
SetupGetLineTextW
SetupGetStringFieldW
SetupFindNextLine
SetupDiGetINFClassW
SetupDiGetClassDevsW
SetupDiSetClassInstallParamsW
SetupDiEnumDeviceInfo
SetupDiCallClassInstaller
SetupDiGetDeviceInstallParamsW
SetupDiDestroyDeviceInfoList

shlwapi

PathAppendW
PathFindFileNameA
PathAddBackslashA
PathRemoveFileSpecA
PathAppendA
PathFindFileNameW
PathFileExistsW
SHDeleteKeyW
PathRenameExtensionW
PathRemoveBackslashW
PathIsRootW
PathMatchSpecA
PathIsSystemFolderW
PathStripToRootW
PathIsDirectoryW
PathAddBackslashW
PathFindExtensionW
PathCombineW
PathRemoveFileSpecW
PathStripPathW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

psapi

GetModuleFileNameExW
EnumProcessModules

Sections

.text
Size: 332KB - Virtual size: 330KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 593KB - Virtual size: 593KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b921dc9576481ab7343e2c58fd338061

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

48:ee:2c:9d:ad:71:45:09:44:a1:13:71:a8:0c:00:69Certificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

88:20:29:9f:2f:82:5d:c0:2c:c3:67:48:8e:12:5c:7e:dd:31:ec:17Signer

Signature Validations

Verification

30/03/2011, 06:27 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

cabinet

setupapi

shlwapi

version

psapi

Sections

.text Size: 332KB - Virtual size: 330KB

.rdata Size: 72KB - Virtual size: 68KB

.data Size: 8KB - Virtual size: 19KB

.rsrc Size: 593KB - Virtual size: 593KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

48:ee:2c:9d:ad:71:45:09:44:a1:13:71:a8:0c:00:69
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

88:20:29:9f:2f:82:5d:c0:2c:c3:67:48:8e:12:5c:7e:dd:31:ec:17
Signer

30/03/2011, 06:27
Valid: false

.text
Size: 332KB - Virtual size: 330KB

.rdata
Size: 72KB - Virtual size: 68KB

.data
Size: 8KB - Virtual size: 19KB

.rsrc
Size: 593KB - Virtual size: 593KB