d3c649e83e6d5fd9ce18704853540aaf667b9bdbb00bfa17ff6aa1df2fcd0697

Sharing

Copy URL Twitter E-mail

General

Target

d3c649e83e6d5fd9ce18704853540aaf667b9bdbb00bfa17ff6aa1df2fcd0697
Size

815KB
MD5

811ef278bb84c8dc24f4e0b5a43760e0
SHA1

0d47b16912f383f93973c566a567d0f17d06da11
SHA256

d3c649e83e6d5fd9ce18704853540aaf667b9bdbb00bfa17ff6aa1df2fcd0697
SHA512

c656119a97fc527fa0ea78f902fe45a2b7e1db57fdff2e5e54f6da80e1d0b291516e136bdf79bac75b37698bf238ca313be8ec6a768f19ad80dc1dc166418478
SSDEEP

24576:qSP5hhoxR6c1ZhCUTBofo+3qyCHRkKhaf3LpUuI3n/X:r5QR5yfhxwkKhaNUp3/X

Score

N/A

Malware Config

Signatures

Files

d3c649e83e6d5fd9ce18704853540aaf667b9bdbb00bfa17ff6aa1df2fcd0697
.exe windows x64

c7c87f58605fd817141d6693a2fc4c61

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:11:26:c5:a4:5d:51:53:1c:0b:91:37:50:eb:a7:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

21/07/2010, 00:00

Not After

21/08/2013, 23:59

Subject

CN=Duplex Secure Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Duplex Secure Ltd,ST=Nevis,C=KN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3e:1e:dc:c2:e7:af:56:db:73:89:63:da:9d:99:c6:aa:05:d7:dd:09
Signer

Actual PE Digest

3e:1e:dc:c2:e7:af:56:db:73:89:63:da:9d:99:c6:aa:05:d7:dd:09

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Duplex Secure Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Duplex Secure Ltd,ST=Nevis,C=KN

03/03/2012, 20:51
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegSetValueExA
RegQueryValueExA
RegDeleteKeyA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegCreateKeyExA
RegOpenKeyExA
RegGetKeySecurity
RegDeleteValueA
AllocateAndInitializeSid
FreeSid
RegSetKeySecurity
RegCloseKey

kernel32

HeapReAlloc
HeapAlloc
GetCurrentProcess
HeapFree
WaitForSingleObject
GetTickCount
VirtualFree
GetProcessHeap
GetCommandLineA
GetLastError
GetProcAddress
VirtualAlloc
LoadLibraryA
LocalAlloc
GetModuleHandleA
CreateMutexA
ReleaseMutex
CloseHandle
LocalFree
CreateThread
Sleep
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
GetStartupInfoW
UnhandledExceptionFilter

user32

DialogBoxParamA
EndDialog
GetDlgItem
MessageBoxA
SendMessageA
SendDlgItemMessageA
EnableWindow

msvcrt

fclose
_fsopen
__getmainargs
__C_specific_handler
_XcptFilter
_exit
_ismbblead
_cexit
exit
_acmdln
_initterm
_amsg_exit
__setusermatherr
_commode
_fmode
__set_app_type
memset
_unlink
?terminate@@YAXXZ
memmove
_tempnam
sprintf
_mbsicmp
rename
fwrite
_mbsnbicmp
srand
rand
_errno
free

Exports

Exports

A0DB34FC6FE35D429A28ADDE5467D4D7

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 549KB - Virtual size: 551KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sptd0
Size: 195KB - Virtual size: 195KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

CODEINIT
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

�rűSIGN
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c7c87f58605fd817141d6693a2fc4c61

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

62:11:26:c5:a4:5d:51:53:1c:0b:91:37:50:eb:a7:5cCertificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

3e:1e:dc:c2:e7:af:56:db:73:89:63:da:9d:99:c6:aa:05:d7:dd:09Signer

Signature Validations

Verification

03/03/2012, 20:51 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

Exports

Exports

Sections

.text Size: 15KB - Virtual size: 15KB

.data Size: 549KB - Virtual size: 551KB

.pdata Size: 512B - Virtual size: 372B

.idata Size: 3KB - Virtual size: 2KB

.sptd0 Size: 195KB - Virtual size: 195KB

.rsrc Size: 7KB - Virtual size: 6KB

CODEINIT Size: 512B - Virtual size: 32B

�rűSIGN Size: 4KB - Virtual size: 4KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

62:11:26:c5:a4:5d:51:53:1c:0b:91:37:50:eb:a7:5c
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

3e:1e:dc:c2:e7:af:56:db:73:89:63:da:9d:99:c6:aa:05:d7:dd:09
Signer

03/03/2012, 20:51
Valid: false

.text
Size: 15KB - Virtual size: 15KB

.data
Size: 549KB - Virtual size: 551KB

.pdata
Size: 512B - Virtual size: 372B

.idata
Size: 3KB - Virtual size: 2KB

.sptd0
Size: 195KB - Virtual size: 195KB

.rsrc
Size: 7KB - Virtual size: 6KB

CODEINIT
Size: 512B - Virtual size: 32B

�rűSIGN
Size: 4KB - Virtual size: 4KB