b61e93421c9781ed1053e2947a043c7d7c6d5f7f442f0762e9af26488154065a

Sharing

Copy URL Twitter E-mail

General

Target

b61e93421c9781ed1053e2947a043c7d7c6d5f7f442f0762e9af26488154065a
Size

224KB
MD5

7af5f97eff77f36b525e604e9f54d2f4
SHA1

94a98263b368263fda322eb39e8c7327e556a26e
SHA256

b61e93421c9781ed1053e2947a043c7d7c6d5f7f442f0762e9af26488154065a
SHA512

59ce2619be4151d7cd977c2b25b1ebcd493ac1538059ea3cbace2048f82a2a79d3279b78556fd3b8cef7a6dca43a70b9a2732fea616be2769d0ef2f531a2cdfb
SSDEEP

6144:36sQwGgGMtOYAfddsy+v4rd2xDZ1UUGrvS6mcg6:qXDgFODFN+v4rUxl1NGG6I6

Score

N/A

Malware Config

Signatures

Files

b61e93421c9781ed1053e2947a043c7d7c6d5f7f442f0762e9af26488154065a
.exe windows x86

67c2c12c83c3af167146b388c4af4578

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:47:b0:da:73:5e:fb:4b:02:0f:c8:38:ad:98:21:16
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

20/07/2010, 00:00

Not After

18/08/2011, 23:59

Subject

CN=Immunet Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Immunet Corporation,L=Woodside,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8f:c5:1b:0c:75:a6:41:44:05:4f:74:62:ae:1a:6f:ec:55:5b:33:12
Signer

Actual PE Digest

8f:c5:1b:0c:75:a6:41:44:05:4f:74:62:ae:1a:6f:ec:55:5b:33:12

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Immunet Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Immunet Corporation,L=Woodside,ST=California,C=US

18/07/2011, 23:04
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

BeginUpdateResourceA
lstrcpyA
OpenEventA
GetFullPathNameA
IsDebuggerPresent
SearchPathA
GetLongPathNameW
GetProcessHeap
GetShortPathNameA
ReplaceFileW
CreateMutexW
GetTimeFormatW
lstrcmpi
OpenSemaphoreA
GetFileAttributesA
FreeLibrary
GetLocaleInfoW
FindAtomW
OpenMutexW
GetDiskFreeSpaceA
FindAtomA
AddAtomW
WaitForSingleObject
GetCurrentThread
QueryPerformanceCounter
IsBadStringPtrA
CreateMailslotA
GetModuleFileNameA
SetCalendarInfoW
GetLocalTime
lstrcmp
WaitForMultipleObjects
ReplaceFileA
IsBadReadPtr
IsValidLocale
GetFileAttributesW
GetUserDefaultLCID
CopyFileExA
MulDiv
EnumDateFormatsW
GetTempFileNameA
GetModuleFileNameW
GetModuleHandleA
Beep
RaiseException
LoadLibraryA
AddAtomA
FindResourceA
CreatePipe
FileTimeToDosDateTime
GetLogicalDriveStringsA
GetProcAddress

user32

GetMenuItemRect
EmptyClipboard
wvsprintfW
DialogBoxParamA
CopyIcon
ShowCursor
SetCursor
SendDlgItemMessageA
LoadImageA
SetDlgItemInt
GetSubMenu
GetCapture
EnumClipboardFormats
LoadCursorW
LoadBitmapW
LoadBitmapA
TrackPopupMenuEx
GetMenuItemID
GetFocus
MessageBoxIndirectA
SetWindowPos
FindWindowW
GetDesktopWindow
SetDlgItemTextA
GetScrollPos
EndMenu
DefWindowProcA
PostMessageA
RegisterClassExA
LoadIconW
MessageBeep
DestroyMenu
GetMessageA
FindWindowA
CharNextW
MonitorFromWindow
GetClassInfoA
CharUpperW
SetWindowTextA
PeekMessageA
GetMenuState
RemoveMenu
GetMenuItemInfoW
InvalidateRect
CharPrevW

gdi32

CreateICA
CreateFontW
CreateDIBSection
AddFontResourceA
CreateFontA
CreateFontIndirectW
GetMetaFileA

advapi32

OpenBackupEventLogA
BackupEventLogA

comctl32

ImageList_GetIconSize
ImageList_Write
ImageList_SetBkColor
MakeDragList
ImageList_DrawIndirect
ImageList_GetIcon
CreateToolbarEx
GetMUILanguage
ShowHideMenuCtl
FlatSB_SetScrollRange
CreateToolbar

sqlunirl

_GetClassLong_@8
_GlobalGetAtomName_@12
_CreateAcceleratorTable_@8

wsock32

GetAddressByNameA
TransmitFile
setsockopt
WSAAsyncGetHostByName
recvfrom
NPLoadNameSpaces
WSAAsyncGetServByName
sethostname
WSAIsBlocking

crypt32

CryptSIPRetrieveSubjectGuidForCatalogFile
CryptMsgCalculateEncodedLength
CryptCreateKeyIdentifierFromCSP
CryptStringToBinaryW
CryptEnumProvidersU
I_CryptFindLruEntryData
CertEnumSubjectInSortedCTL
I_CryptCreateLruEntry
CertFreeCertificateChain
CryptHashToBeSigned
CryptCloseAsyncHandle
CertEnumSystemStore
CertFindCertificateInStore
CryptSIPRemoveSignedDataMsg
CertDuplicateCRLContext
CryptSIPCreateIndirectData
CertFindCRLInStore
CertEnumCRLContextProperties
CertCloseStore

Sections

.UNZXNJ
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ve
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.iqA
Size: 512B - Virtual size: 494KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.c
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.yjQwTB
Size: 1024B - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.BIdsh
Size: 4KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.py
Size: 3KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.kS
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bG
Size: 10KB - Virtual size: 245KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

67c2c12c83c3af167146b388c4af4578

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

25:47:b0:da:73:5e:fb:4b:02:0f:c8:38:ad:98:21:16Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

8f:c5:1b:0c:75:a6:41:44:05:4f:74:62:ae:1a:6f:ec:55:5b:33:12Signer

Signature Validations

Verification

18/07/2011, 23:04 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

comctl32

sqlunirl

wsock32

crypt32

Sections

.UNZXNJ Size: 4KB - Virtual size: 3KB

.ve Size: 86KB - Virtual size: 86KB

.iqA Size: 512B - Virtual size: 494KB

.c Size: 14KB - Virtual size: 14KB

.yjQwTB Size: 1024B - Virtual size: 81KB

.BIdsh Size: 4KB - Virtual size: 34KB

.py Size: 3KB - Virtual size: 168KB

.kS Size: 84KB - Virtual size: 83KB

.bG Size: 10KB - Virtual size: 245KB

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 1024B - Virtual size: 1024B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

25:47:b0:da:73:5e:fb:4b:02:0f:c8:38:ad:98:21:16
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

8f:c5:1b:0c:75:a6:41:44:05:4f:74:62:ae:1a:6f:ec:55:5b:33:12
Signer

18/07/2011, 23:04
Valid: false

.UNZXNJ
Size: 4KB - Virtual size: 3KB

.ve
Size: 86KB - Virtual size: 86KB

.iqA
Size: 512B - Virtual size: 494KB

.c
Size: 14KB - Virtual size: 14KB

.yjQwTB
Size: 1024B - Virtual size: 81KB

.BIdsh
Size: 4KB - Virtual size: 34KB

.py
Size: 3KB - Virtual size: 168KB

.kS
Size: 84KB - Virtual size: 83KB

.bG
Size: 10KB - Virtual size: 245KB

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 1024B - Virtual size: 1024B