713aac9b26f517d8ebda60d5b7b37c78d8af42e8e123ac998545ff7835653718

Sharing

Copy URL Twitter E-mail

General

Target

713aac9b26f517d8ebda60d5b7b37c78d8af42e8e123ac998545ff7835653718
Size

3.3MB
MD5

04bd32a6a178779e07531797c7894400
SHA1

005e3081be238d845e2e14f50c5786a24e176062
SHA256

713aac9b26f517d8ebda60d5b7b37c78d8af42e8e123ac998545ff7835653718
SHA512

854d9465b66ee9c4afd94b5871bfe70035ddeae833d8bdaf0be330c7548658a344becc1d7aafe9eaeed532292ea7a50713b40fcd8ed37b167636f8d592305e29
SSDEEP

98304:IcYiLP9WspdG83NSXFx4irHUFEHbICfJZ37AYTXGse:IcZLPjrG83NSXFx4irHUFEHbIQJZ8yWJ

Score

N/A

Malware Config

Signatures

Files

713aac9b26f517d8ebda60d5b7b37c78d8af42e8e123ac998545ff7835653718
.dll windows x86

5654f6bff0dd174f50c057d3f5682311

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4d:4a:a1:fd:f2:6f:9f:33:53:d6:26:14:ed:a6:62:37
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/09/2012, 00:00

Not After

01/10/2015, 23:59

Subject

CN=Adobe Systems Incorporated,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Universal Client,O=Adobe Systems Incorporated,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e8:b0:ea:0a:41:61:02:e3:b2:62:68:45:b3:b3:9c:19:38:0c:5c:80
Signer

Actual PE Digest

e8:b0:ea:0a:41:61:02:e3:b2:62:68:45:b3:b3:9c:19:38:0c:5c:80

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Adobe Systems Incorporated,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Universal Client,O=Adobe Systems Incorporated,ST=California,C=US

29/10/2012, 04:24
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetLocaleInfoW
CreateFileA
SetHandleCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetTimeZoneInformation
CreateFileW
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetFilePointer
ReadFile
GetOEMCP
GetACP
HeapSize
GetModuleFileNameA
GetStdHandle
WriteFile
SetLastError
lstrlenA
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
HeapCreate
HeapDestroy
GetStringTypeW
GetStringTypeA
DeleteFileA
GetFileSize
GetFileTime
SetFileTime
CompareFileTime
GetSystemInfo
LocalFree
GlobalFree
FormatMessageA
ReleaseMutex
CreateMutexA
LCMapStringW
LCMapStringA
GetCPInfo
RaiseException
RtlUnwind
GetProcessHeap
GetVersionExA
GetCommandLineA
GetCurrentThreadId
ExitProcess
GetSystemTimeAsFileTime
HeapReAlloc
HeapAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapFree
GetLastError
MultiByteToWideChar
InterlockedExchange
InterlockedCompareExchange
WideCharToMultiByte
VirtualFree
VirtualAlloc
InterlockedDecrement
InterlockedIncrement
LoadLibraryA
GetCurrentProcess
GetModuleHandleA
GetProcAddress
CreateThread
CloseHandle
DeleteCriticalSection
EnterCriticalSection
ExitThread
LeaveCriticalSection
CreateEventA
Sleep
InitializeCriticalSection
SetEvent
WaitForSingleObject
GetCurrentThread
GetTickCount
SetStdHandle

user32

GetCursorPos

advapi32

CryptAcquireContextW
CryptImportKey
CryptDecrypt
CryptGetUserKey
CryptDestroyKey
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyA
RegCloseKey
RegSetValueExA
CryptReleaseContext
CryptSetKeyParam
CryptGenRandom
CryptAcquireContextA
CryptSetProvParam
CryptGetProvParam

wininet

InternetCloseHandle
HttpOpenRequestA
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetConnectA
InternetSetOptionA
InternetSetStatusCallback
InternetOpenA
InternetReadFile
HttpAddRequestHeadersA
HttpQueryInfoA
HttpSendRequestA
InternetQueryOptionA

ws2_32

getsockopt
shutdown
closesocket
select
inet_addr
gethostbyname
WSAGetLastError
WSAStartup
connect
ioctlsocket
htons
setsockopt
socket
recv
__WSAFDIsSet
send
accept

crypt32

CryptMsgOpenToDecode
CryptMsgGetParam
CryptDecodeObject
CertFindCertificateInStore
CertEnumCertificatesInStore
CryptMsgUpdate
CryptMsgOpenToEncode
CryptMsgClose
CertGetEnhancedKeyUsage
CertAddCertificateContextToStore
CertDuplicateCertificateContext
CryptImportPublicKeyInfo
CertFreeCertificateContext
CertFindExtension
CertSetCertificateContextProperty
CertGetCertificateContextProperty
CertGetNameStringW
CertGetNameStringA
CryptProtectData
CryptUnprotectData
CertCloseStore
CertDeleteCertificateFromStore
CertOpenStore
CryptFindLocalizedName
CryptAcquireCertificatePrivateKey
CertAddEncodedCertificateToStore

Exports

Exports

AdobeCPGetAPI
C_EDCAuthenticationManager_allowHttpConnection
C_EDCAuthenticationManager_deleteUserCredentials
C_EDCAuthenticationManager_getAuthenticatedPrincipal
C_EDCAuthenticationManager_getClientVersion
C_EDCAuthenticationManager_getSAMLToken
C_EDCAuthenticationManager_getServerVersion
C_EDCAuthenticationManager_getUserCredentials
C_EDCAuthenticationManager_isAllowHttpConnection
C_EDCAuthenticationManager_isLoggedIn
C_EDCAuthenticationManager_isUserCredentialsCachingEnabled
C_EDCAuthenticationManager_login
C_EDCAuthenticationManager_logout
C_EDCAuthenticationManager_setSAMLToken
C_EDCByteBuffer_delete
C_EDCByteBuffer_getBytes
C_EDCByteBuffer_getLength
C_EDCCertificateInfoList_delete
C_EDCClientCallbacks_new
C_EDCClient_terminate
C_EDCConsumer_DownloadVoucher
C_EDCConsumer_delete
C_EDCConsumer_getBackgroundSyncFrequency
C_EDCConsumer_getDocHistoryURL
C_EDCConsumer_getLicenseId
C_EDCConsumer_getRevocationURL
C_EDCConsumer_getSecureTime
C_EDCConsumer_getSynchronizationProgress
C_EDCConsumer_getURL
C_EDCConsumer_isAnonymous
C_EDCConsumer_isOffline
C_EDCConsumer_isSyncing
C_EDCConsumer_iterate
C_EDCConsumer_logCustomEvents
C_EDCConsumer_logEvents
C_EDCConsumer_new
C_EDCConsumer_newFromIterationResponse
C_EDCConsumer_newFromPublishAsResponse
C_EDCConsumer_publishAs
C_EDCConsumer_requestAccess
C_EDCConsumer_setBackgroundSyncFrequency
C_EDCConsumer_setOffline
C_EDCConsumer_startSynchronization
C_EDCDecryptor_decryptBytes
C_EDCDecryptor_delete
C_EDCDecryptor_getDecryptionKey
C_EDCDecryptor_setDecryptionKey
C_EDCDeleteString
C_EDCPermSet_delete
C_EDCRevocationData_delete
C_EDCVoucherPropList_delete
C_EDCVoucherStore_get
C_EDCVoucherStore_new
C_EDCVoucherStore_put
C_EDCVoucherStore_remove
C_EDCVoucherStore_removeFromDisk
C_EDCVoucher_canRevoke
C_EDCVoucher_canViewAuditHistory
C_EDCVoucher_delete
C_EDCVoucher_getAuthenticatedUserFriendlyName
C_EDCVoucher_getAuthenticatedUserId
C_EDCVoucher_getClockSkew
C_EDCVoucher_getDecryptor
C_EDCVoucher_getEncryptor
C_EDCVoucher_getExpirationDate
C_EDCVoucher_getExtendedVoucherProperties
C_EDCVoucher_getExternalAuthLeasePeriod
C_EDCVoucher_getFirstPlaybackDate
C_EDCVoucher_getLicenseId
C_EDCVoucher_getOfflineLeasePeriodExpirationDate
C_EDCVoucher_getOfflineLeasePeriodRemaining
C_EDCVoucher_getOfflineLeaseStartDate
C_EDCVoucher_getPermissions
C_EDCVoucher_getPlaybackWindowExpirationDate
C_EDCVoucher_getPolicy
C_EDCVoucher_getRevocationData
C_EDCVoucher_getStartDate
C_EDCVoucher_getWatermark
C_EDCVoucher_isAudited
C_EDCVoucher_isExternalAuthorizationSet
C_EDCVoucher_isRevoked
C_EDCWatermarkTemplate_delete
C_EDCvoucherStore_delete
C_PDRLPolicyPropertyList_delete
C_PDRLPolicy_addPolicyEntry
C_PDRLPolicy_clearPolicyEntries
C_PDRLPolicy_countPolicyEntries
C_PDRLPolicy_delete
C_PDRLPolicy_getCreationDate
C_PDRLPolicy_getEncryptionMethod
C_PDRLPolicy_getInstanceVersionNum
C_PDRLPolicy_getLastModifiedDate
C_PDRLPolicy_getOfflineLeasePeriod
C_PDRLPolicy_getPolicyDescription
C_PDRLPolicy_getPolicyEntry
C_PDRLPolicy_getPolicyId
C_PDRLPolicy_getPolicyName
C_PDRLPolicy_getPolicyType
C_PDRLPolicy_getProperty
C_PDRLPolicy_getSchemaVersion
C_PDRLPolicy_getValidityPeriod
C_PDRLPolicy_getWatermarkId
C_PDRLPolicy_isAudited
C_PDRLPolicy_isCertifiedMode
C_PDRLPolicy_isEncryptAttachments
C_PDRLPolicy_isPlaintextMetadata
C_PDRLPolicy_isWatermarked
C_PDRLPolicy_new
C_PDRLPolicy_policyFromXML
C_PDRLPolicy_removePolicyEntry
C_PDRLPolicy_setAudited
C_PDRLPolicy_setCertifiedMode
C_PDRLPolicy_setEncryptAttachments
C_PDRLPolicy_setEncryptionMethod
C_PDRLPolicy_setOfflineLeasePeriod
C_PDRLPolicy_setPlaintextMetadata
C_PDRLPolicy_setPolicyDescription
C_PDRLPolicy_setPolicyName
C_PDRLPolicy_setProperty
C_PDRLPolicy_setValidityPeriod
C_PDRLPolicy_setWatermarkId
C_PDRLPolicy_toXML

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 468KB - Virtual size: 465KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 588KB - Virtual size: 597KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 4KB - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 156KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5654f6bff0dd174f50c057d3f5682311

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

4d:4a:a1:fd:f2:6f:9f:33:53:d6:26:14:ed:a6:62:37Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

e8:b0:ea:0a:41:61:02:e3:b2:62:68:45:b3:b3:9c:19:38:0c:5c:80Signer

Signature Validations

Verification

29/10/2012, 04:24 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

advapi32

wininet

ws2_32

crypt32

Exports

Exports

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 468KB - Virtual size: 465KB

.data Size: 588KB - Virtual size: 597KB

.data1 Size: 4KB - Virtual size: 84B

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 156KB - Virtual size: 154KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

4d:4a:a1:fd:f2:6f:9f:33:53:d6:26:14:ed:a6:62:37
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

e8:b0:ea:0a:41:61:02:e3:b2:62:68:45:b3:b3:9c:19:38:0c:5c:80
Signer

29/10/2012, 04:24
Valid: false

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 468KB - Virtual size: 465KB

.data
Size: 588KB - Virtual size: 597KB

.data1
Size: 4KB - Virtual size: 84B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 156KB - Virtual size: 154KB