5ea7f95e28f7adaef35b118b24eb622fd123f6e863fb13afa7caa4ce13aeacf7

Sharing

Copy URL Twitter E-mail

General

Target

5ea7f95e28f7adaef35b118b24eb622fd123f6e863fb13afa7caa4ce13aeacf7
Size

4.6MB
MD5

091359eb339f7cdff1bb0961c11c0845
SHA1

40af5c8935bd18cc2a1bc0757c7c5fe09864809a
SHA256

5ea7f95e28f7adaef35b118b24eb622fd123f6e863fb13afa7caa4ce13aeacf7
SHA512

0156ab5fa383fc5856e67aea909f5d9422cdc96e278950ec249c2d6b9a5277228dc1ded05018bd3eb8d23157f86bfe1cd94556a7a903bbee16d4195a185fc0ba
SSDEEP

98304:VwoUfHAw8prWgR5KorcVvRSAZ81xrCusHfKM+rj2v2LDWX3v7:K+xLKucVvRgxrEiM+3K8u

Score

N/A

Malware Config

Signatures

Files

5ea7f95e28f7adaef35b118b24eb622fd123f6e863fb13afa7caa4ce13aeacf7
.dll windows x86

ace0d8b7f4672550c80161c56f9bfdf0

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4d:4a:a1:fd:f2:6f:9f:33:53:d6:26:14:ed:a6:62:37
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/09/2012, 00:00

Not After

01/10/2015, 23:59

Subject

CN=Adobe Systems Incorporated,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Universal Client,O=Adobe Systems Incorporated,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

64:be:f2:f7:47:be:dc:5a:e6:14:40:1c:49:84:75:b0:a0:e2:f1:4c
Signer

Actual PE Digest

64:be:f2:f7:47:be:dc:5a:e6:14:40:1c:49:84:75:b0:a0:e2:f1:4c

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Adobe Systems Incorporated,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Universal Client,O=Adobe Systems Incorporated,ST=California,C=US

29/10/2012, 04:24
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TlsSetValue
TlsFree
SetLastError
GetModuleHandleA
Sleep
SetHandleCount
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
GetCurrentProcessId
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetConsoleCP
TlsAlloc
GetFullPathNameA
GetCurrentDirectoryA
GetFullPathNameW
FlushFileBuffers
LCMapStringA
LCMapStringW
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetLocaleInfoA
InterlockedExchange
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringA
SetEnvironmentVariableA
SetEndOfFile
GetProcessHeap
TlsGetValue
GetModuleFileNameA
GetStdHandle
GetFileType
SetStdHandle
CreateDirectoryA
FindFirstFileW
GetDriveTypeW
FindFirstFileA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RaiseException
GetDateFormatA
GetTimeFormatA
LeaveCriticalSection
EnterCriticalSection
GetTimeZoneInformation
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetCommandLineA
GetCurrentThreadId
GetSystemTimeAsFileTime
GetModuleHandleW
LoadLibraryW
FormatMessageW
LocalFree
GetFileAttributesA
lstrlenA
ExitProcess
GetVersionExW
GetLocaleInfoW
MultiByteToWideChar
GetLastError
GetCurrentDirectoryW
SetCurrentDirectoryW
LoadLibraryExW
FreeLibrary
GetProcAddress
GetFileAttributesExW
CreateFileW
GetFileSize
ReadFile
FoldStringW
GetCurrentThread
GetThreadTimes
GetSystemInfo
VirtualFree
VirtualAlloc
QueryPerformanceFrequency
QueryPerformanceCounter
DeleteFileA
CreateFileA
SetFilePointer
WriteFile
CloseHandle
InterlockedDecrement
InterlockedIncrement
GetTickCount
GetConsoleMode
CompareStringW

user32

SystemParametersInfoW
GetDC
ReleaseDC
GetLastInputInfo
SendMessageW
GetPropW
ReleaseCapture
SetCapture
CallWindowProcW
SetParent
CreateWindowExW
DefWindowProcA
SetWindowLongA
SetPropW
SetWindowRgn
MoveWindow
DestroyWindow
FillRect
InvalidateRect
GetFocus
IsChild
GetUpdateRect
IntersectRect
EqualRect
GetWindowRgn
DefWindowProcW
LoadCursorW
RegisterClassExW
GetKeyboardState
SetKeyboardState
ShowWindow
SetFocus
GetWindowRect
ClientToScreen
GetWindowLongW
SetWindowLongW
UpdateWindow

gdi32

GetFontData
GetGlyphIndicesW
GetCharWidthI
GetTextMetricsW
GetGlyphOutlineW
GetOutlineTextMetricsW
AddFontMemResourceEx
CreateEnhMetaFileW
CloseEnhMetaFile
EnumEnhMetaFile
DeleteEnhMetaFile
GetStockObject
GetFontUnicodeRanges
EnumFontFamiliesExW
GetTextFaceW
CreateFontIndirectW
RemoveFontMemResourceEx
GetObjectW
IntersectClipRect
ModifyWorldTransform
RestoreDC
SaveDC
CreateCompatibleDC
CreateDIBSection
SelectObject
SetGraphicsMode
GetWorldTransform
SetWorldTransform
GetClipBox
CreateRectRgn
GetRgnBox
DeleteObject
GetDeviceCaps
StretchBlt
SetStretchBltMode
StretchDIBits
GetClipRgn
GetGraphicsMode
SelectClipRgn
ExtSelectClipRgn
ExtCreateRegion
PatBlt
SetBrushOrgEx
CreatePatternBrush
CreateSolidBrush
ExtTextOutW
SetBkMode
SetTextAlign
SetTextColor
CreateCompatibleBitmap
SetMapMode
GetCharWidth32W
ExtEscape
SelectClipPath
EndPath
CloseFigure
MoveToEx
BeginPath
LineTo
PolyBezierTo
SetPolyFillMode
WidenPath
StrokePath
ExtCreatePen
SetMiterLimit
FillPath
BitBlt
GdiFlush
DeleteDC

usp10

ScriptXtoCP
ScriptPlace
ScriptItemize
ScriptFreeCache
ScriptStringFree
ScriptStringOut
ScriptStringAnalyse
ScriptShape

urlmon

FindMimeFromData

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

msimg32

GradientFill

winmm

timeEndPeriod
timeBeginPeriod

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW

ole32

CoCreateGuid
CoTaskMemFree
CoCreateInstance

Exports

Exports

WebKitGetAPI
cairo_append_path
cairo_arc
cairo_arc_negative
cairo_clip
cairo_clip_extents
cairo_clip_preserve
cairo_close_path
cairo_copy_clip_rectangle_list
cairo_copy_page
cairo_copy_path
cairo_copy_path_flat
cairo_create
cairo_curve_to
cairo_debug_reset_static_data
cairo_destroy
cairo_device_acquire
cairo_device_destroy
cairo_device_finish
cairo_device_flush
cairo_device_get_reference_count
cairo_device_get_type
cairo_device_get_user_data
cairo_device_reference
cairo_device_release
cairo_device_set_user_data
cairo_device_status
cairo_device_to_user
cairo_device_to_user_distance
cairo_fill
cairo_fill_extents
cairo_fill_preserve
cairo_font_extents
cairo_font_face_destroy
cairo_font_face_get_reference_count
cairo_font_face_get_type
cairo_font_face_get_user_data
cairo_font_face_reference
cairo_font_face_set_user_data
cairo_font_face_status
cairo_font_options_copy
cairo_font_options_create
cairo_font_options_destroy
cairo_font_options_equal
cairo_font_options_get_antialias
cairo_font_options_get_hint_metrics
cairo_font_options_get_hint_style
cairo_font_options_get_subpixel_order
cairo_font_options_hash
cairo_font_options_merge
cairo_font_options_set_antialias
cairo_font_options_set_hint_metrics
cairo_font_options_set_hint_style
cairo_font_options_set_subpixel_order
cairo_font_options_status
cairo_format_stride_for_width
cairo_get_antialias
cairo_get_current_point
cairo_get_dash
cairo_get_dash_count
cairo_get_fill_rule
cairo_get_font_face
cairo_get_font_matrix
cairo_get_font_options
cairo_get_group_target
cairo_get_line_cap
cairo_get_line_join
cairo_get_line_width
cairo_get_matrix
cairo_get_miter_limit
cairo_get_operator
cairo_get_reference_count
cairo_get_scaled_font
cairo_get_source
cairo_get_target
cairo_get_tolerance
cairo_get_user_data
cairo_glyph_allocate
cairo_glyph_extents
cairo_glyph_free
cairo_glyph_path
cairo_has_current_point
cairo_identity_matrix
cairo_image_surface_create
cairo_image_surface_create_for_data
cairo_image_surface_create_from_png
cairo_image_surface_create_from_png_stream
cairo_image_surface_get_data
cairo_image_surface_get_format
cairo_image_surface_get_height
cairo_image_surface_get_stride
cairo_image_surface_get_width
cairo_in_clip
cairo_in_fill
cairo_in_stroke
cairo_line_to
cairo_mask
cairo_mask_surface
cairo_matrix_init
cairo_matrix_init_identity
cairo_matrix_init_rotate
cairo_matrix_init_scale
cairo_matrix_init_translate
cairo_matrix_invert
cairo_matrix_multiply
cairo_matrix_rotate
cairo_matrix_scale
cairo_matrix_transform_distance
cairo_matrix_transform_point
cairo_matrix_translate
cairo_move_to
cairo_new_path
cairo_new_sub_path
cairo_paint
cairo_paint_with_alpha
cairo_path_destroy
cairo_path_extents
cairo_pattern_add_color_stop_rgb
cairo_pattern_add_color_stop_rgba
cairo_pattern_create_for_surface
cairo_pattern_create_linear
cairo_pattern_create_radial
cairo_pattern_create_rgb
cairo_pattern_create_rgba
cairo_pattern_destroy
cairo_pattern_get_color_stop_count
cairo_pattern_get_color_stop_rgba
cairo_pattern_get_extend
cairo_pattern_get_filter
cairo_pattern_get_linear_points
cairo_pattern_get_matrix
cairo_pattern_get_radial_circles
cairo_pattern_get_reference_count
cairo_pattern_get_rgba
cairo_pattern_get_surface
cairo_pattern_get_type
cairo_pattern_get_user_data
cairo_pattern_reference
cairo_pattern_set_extend
cairo_pattern_set_filter
cairo_pattern_set_matrix
cairo_pattern_set_user_data
cairo_pattern_status
cairo_pop_group
cairo_pop_group_to_source
cairo_push_group
cairo_push_group_with_content
cairo_recording_surface_create
cairo_recording_surface_ink_extents
cairo_rectangle
cairo_rectangle_list_destroy
cairo_reference
cairo_region_contains_point
cairo_region_contains_rectangle
cairo_region_copy
cairo_region_create
cairo_region_create_rectangle
cairo_region_create_rectangles
cairo_region_destroy
cairo_region_equal
cairo_region_get_extents
cairo_region_get_rectangle
cairo_region_intersect
cairo_region_intersect_rectangle
cairo_region_is_empty
cairo_region_num_rectangles
cairo_region_reference
cairo_region_status
cairo_region_subtract
cairo_region_subtract_rectangle
cairo_region_translate
cairo_region_union
cairo_region_union_rectangle
cairo_region_xor
cairo_region_xor_rectangle
cairo_rel_curve_to
cairo_rel_line_to
cairo_rel_move_to
cairo_reset_clip
cairo_restore
cairo_rotate
cairo_save
cairo_scale
cairo_scaled_font_create
cairo_scaled_font_destroy
cairo_scaled_font_extents
cairo_scaled_font_get_ctm
cairo_scaled_font_get_font_face
cairo_scaled_font_get_font_matrix
cairo_scaled_font_get_font_options
cairo_scaled_font_get_reference_count
cairo_scaled_font_get_scale_matrix
cairo_scaled_font_get_type
cairo_scaled_font_get_user_data
cairo_scaled_font_glyph_extents
cairo_scaled_font_reference
cairo_scaled_font_set_user_data
cairo_scaled_font_status
cairo_scaled_font_text_extents
cairo_scaled_font_text_to_glyphs
cairo_select_font_face
cairo_set_antialias
cairo_set_dash
cairo_set_fill_rule
cairo_set_font_face
cairo_set_font_matrix
cairo_set_font_options
cairo_set_font_size
cairo_set_line_cap
cairo_set_line_join
cairo_set_line_width
cairo_set_matrix
cairo_set_miter_limit
cairo_set_operator
cairo_set_scaled_font
cairo_set_source
cairo_set_source_rgb
cairo_set_source_rgba
cairo_set_source_surface
cairo_set_tolerance
cairo_set_user_data
cairo_show_glyphs
cairo_show_page
cairo_show_text
cairo_show_text_glyphs
cairo_status
cairo_status_to_string
cairo_stroke
cairo_stroke_extents
cairo_stroke_preserve
cairo_surface_copy_page
cairo_surface_create_similar
cairo_surface_destroy
cairo_surface_finish
cairo_surface_flush
cairo_surface_get_content
cairo_surface_get_device
cairo_surface_get_device_offset
cairo_surface_get_fallback_resolution
cairo_surface_get_font_options
cairo_surface_get_mime_data
cairo_surface_get_reference_count
cairo_surface_get_type
cairo_surface_get_user_data
cairo_surface_has_show_text_glyphs
cairo_surface_mark_dirty
cairo_surface_mark_dirty_rectangle
cairo_surface_reference
cairo_surface_set_device_offset
cairo_surface_set_fallback_resolution
cairo_surface_set_mime_data
cairo_surface_set_user_data
cairo_surface_show_page
cairo_surface_status
cairo_surface_write_to_png
cairo_surface_write_to_png_stream
cairo_text_cluster_allocate
cairo_text_cluster_free
cairo_text_extents
cairo_text_path
cairo_toy_font_face_create
cairo_toy_font_face_get_family
cairo_toy_font_face_get_slant
cairo_toy_font_face_get_weight
cairo_transform
cairo_translate
cairo_user_font_face_create
cairo_user_font_face_get_init_func
cairo_user_font_face_get_render_glyph_func
cairo_user_font_face_get_text_to_glyphs_func
cairo_user_font_face_get_unicode_to_glyph_func
cairo_user_font_face_set_init_func
cairo_user_font_face_set_render_glyph_func
cairo_user_font_face_set_text_to_glyphs_func
cairo_user_font_face_set_unicode_to_glyph_func
cairo_user_to_device
cairo_user_to_device_distance
cairo_win32_font_face_create_for_hfont
cairo_win32_font_face_create_for_logfontw
cairo_win32_font_face_create_for_logfontw_hfont
cairo_win32_printing_surface_create
cairo_win32_scaled_font_done_font
cairo_win32_scaled_font_get_device_to_logical
cairo_win32_scaled_font_get_logical_to_device
cairo_win32_scaled_font_get_metrics_factor
cairo_win32_scaled_font_select_font
cairo_win32_surface_create
cairo_win32_surface_create_with_ddb
cairo_win32_surface_create_with_dib
cairo_win32_surface_get_dc
cairo_win32_surface_get_image

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 850KB - Virtual size: 850KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.unwante
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 226KB - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ace0d8b7f4672550c80161c56f9bfdf0

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

4d:4a:a1:fd:f2:6f:9f:33:53:d6:26:14:ed:a6:62:37Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

64:be:f2:f7:47:be:dc:5a:e6:14:40:1c:49:84:75:b0:a0:e2:f1:4cSigner

Signature Validations

Verification

29/10/2012, 04:24 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

usp10

urlmon

version

msimg32

winmm

advapi32

ole32

Exports

Exports

Sections

.text Size: 3.5MB - Virtual size: 3.5MB

.rdata Size: 850KB - Virtual size: 850KB

.data Size: 29KB - Virtual size: 56KB

.unwante Size: 2KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 226KB - Virtual size: 226KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

4d:4a:a1:fd:f2:6f:9f:33:53:d6:26:14:ed:a6:62:37
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

64:be:f2:f7:47:be:dc:5a:e6:14:40:1c:49:84:75:b0:a0:e2:f1:4c
Signer

29/10/2012, 04:24
Valid: false

.text
Size: 3.5MB - Virtual size: 3.5MB

.rdata
Size: 850KB - Virtual size: 850KB

.data
Size: 29KB - Virtual size: 56KB

.unwante
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 226KB - Virtual size: 226KB