8491ac8ab82407b020425eaed31f5834c3830871c0bf56f033139aa9220f0c48

Sharing

Copy URL

Twitter E-mail

General

Target

8491ac8ab82407b020425eaed31f5834c3830871c0bf56f033139aa9220f0c48
Size

120KB
MD5

00055b92745a1c6bd6342fa5292c7770
SHA1

c86b09c1171107d5ec06c9ac01bd03558ce0aa97
SHA256

8491ac8ab82407b020425eaed31f5834c3830871c0bf56f033139aa9220f0c48
SHA512

254fecf725297741325d73b8648bd01ed36f97a5c3168bf51b4ad27ed2974213801770fda2290e937eade8cb7bfeb129eda70540f24cba3434c5110b97247e96
SSDEEP

1536:q9yhQIpC6LFOt4abRt8i2e8i2y8i2m8i2V8i2u8i278i2p8i208i2E8i2R8i278H:fh1pCEOt4aV1VF2xMWr720h9o3vA

Score

N/A

Malware Config

Signatures

Files

8491ac8ab82407b020425eaed31f5834c3830871c0bf56f033139aa9220f0c48
.exe windows x86

2a9f7865717f525d6640e9cde5ca9b2f

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:c9:e1:05:41:51:47:7d:af:5a:6e:0f:90:83:72:0f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

22-08-2011 00:00

Not After

20-08-2014 23:59

Subject

CN=Dassault Systemes SolidWorks Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Dassault Systemes SolidWorks Corp.,L=Concord,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
CloseHandle
WaitForSingleObject
CreateThread
OpenProcess
GetModuleFileNameW
GetModuleHandleW
GetCommandLineW
InterlockedExchange
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep

sldgcu

?get@gcEnvironment_c@@SAPAV1@XZ
??1swUtilsCThreadProcess_c@@UAE@XZ
?run@swUtilsCThreadProcess_c@@UAEHXZ
??0swUtilsCThreadProcess_c@@QAE@HV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?SetSmoothEdgeDisplayTolerance@gcEnvironment_c@@QAEXN@Z
??0gcParasolidChecksDisabler@@QAE@H@Z
?gc_StopEngine@@YAXXZ
??1swUtilsAssmHiddenLineProcess_c@@UAE@XZ
?run@swUtilsAssmHiddenLineProcess_c@@UAEHXZ
?gc_StartEngine@@YAXHHH@Z
?SetGOMemoryTargetTrigger@gcEnvironment_c@@QAEXH@Z
??0swUtilsAssmHiddenLineProcess_c@@QAE@HV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z

sldmfcu

??_7suPtrArray@@6B@
??1suPtrArray@@UAE@XZ
?gTheExecutablePath@@3V?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@A

sldmgu

??4mgXform_c@@QAEABV0@ABV0@@Z
??1mgBBox_c@@QAE@XZ
??4mgBBox_c@@QAEAAV0@ABV0@@Z
??1mgXform_c@@QAE@XZ
??0mgXform_c@@QAE@ABV0@@Z

swccu

??0su_CPtrArray@@QAE@XZ
??1su_CPtrArray@@UAE@XZ
?Append@su_CPtrArray@@QAEHABV1@@Z

msvcp90

?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

mfc90u

ord286
ord4405
ord813
ord935
ord799
ord3220
ord1271
ord3185
ord909
ord1607
ord811
ord280
ord600
ord801
ord589
ord794
ord285
ord5979

msvcr90

__p__fmode
__p__commode
__set_app_type
__setusermatherr
_configthreadlocale
?terminate@@YAXXZ
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_invoke_watson
_controlfp_s
_adjust_fdiv
??0exception@std@@QAE@XZ
_initterm_e
_initterm
__winitenv
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
_wtol
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
??1exception@std@@UAE@XZ
__CxxFrameHandler3
_invalid_parameter_noinfo

Exports

Exports

??0gcCThreadBodies@@QAE@XZ
??0gcEnvironment_c@@QAE@ABV0@@Z
??1gcCThreadBodies@@QAE@XZ
??1gcEnvironment_c@@QAE@XZ
??4gcCancelRegenController_c@@QAEAAV0@ABV0@@Z
??4gcDoSW98plusFaceMerge@@QAEAAV0@ABV0@@Z
??4gcEnvironment_c@@QAEAAV0@ABV0@@Z
??4gcExtRefsWarnDisabler@@QAEAAV0@ABV0@@Z
??4gcExtRefsWarnOnceEnabler@@QAEAAV0@ABV0@@Z
??4gcPMarkCreationDisabler@@QAEAAV0@ABV0@@Z
??4gcParasolidCrashTrapper@@QAEAAV0@ABV0@@Z
??_FgcParasolidChecksDisabler@@QAEXXZ
?GetGOMemoryTargetTrigger@gcEnvironment_c@@QAEHXZ
?GetNotifyData@gcEnvironment_c@@QAEHXZ
?GetSmoothEdgeDisplayTolerance@gcEnvironment_c@@QAENXZ
?getAppName@gcEnvironment_c@@QBEABV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?getArrowDirsArrayForAlignedSectionView@gcCosThreadHelper_c@@QAEAAVsuPtrArray@@XZ
?getBCurveNonRationalOutputTol@gcTolerances_c@@QBENXZ
?getBCurveOutputTol@gcTolerances_c@@QBENXZ
?getBodyCheckingOn@gcEnvironment_c@@QBEHXZ
?getBucket@gcCosThreadHelper_c@@QAEPAVgcBucket_c@@XZ
?getCThreadVsBodiesMap@gcCosThreadHelper_c@@QAEAAV?$map@PAXPAVgcCThreadBodies@@U?$less@PAX@std@@V?$allocator@U?$pair@QAXPAVgcCThreadBodies@@@std@@@3@@std@@XZ
?getCanUseCachedData@gcCosThreadHelper_c@@QBEHXZ
?getCheckWrongPartition@gcEnvironment_c@@QAEHXZ
?getCommandLineCode@gcEnvironment_c@@QAEIXZ
?getCompanyName@gcEnvironment_c@@QBEABV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?getCurveChordTessellationTol@gcTolerances_c@@QBENXZ
?getCurveFittingState@gcEnvironment_c@@QAEHXZ
?getCustomizedImportTolerance@gcEnvironment_c@@QAENXZ
?getDateCode@gcEnvironment_c@@QBEHXZ
?getDebugOffsetShellThickenState@gcEnvironment_c@@QAEHXZ
?getDisablePMarkCreation@gcEnvironment_c@@QBEHXZ
?getDoingRelightWeight@gcEnvironment_c@@QAEHXZ
?getDrawingBodyArray@gcCosThreadHelper_c@@QAEAAVsuPtrArray@@XZ
?getDumpParaInfo@gcEnvironment_c@@QAEHXZ
?getDumpParaInfoForNewFeature@gcEnvironment_c@@QAEHXZ
?getEnableAbsorbRollback@gcEnvironment_c@@QAEHXZ
?getEnableAtomRegen@gcEnvironment_c@@QAEHXZ
?getEnableBreakHardParent@gcEnvironment_c@@QAEHXZ
?getEnableCancelRegen@gcEnvironment_c@@QAEHXZ
?getEnableContourSelection@gcEnvironment_c@@QAEHXZ
?getEnableConvertToSM@gcEnvironment_c@@QAEHXZ
?getEnableDraftEnhancements@gcEnvironment_c@@QAEHXZ
?getEnableFreezePart@gcEnvironment_c@@QAEHXZ
?getEnableHelicalSweepPerf@gcEnvironment_c@@QAEHXZ
?getEnableHoleWizard@gcEnvironment_c@@QAEHXZ
?getEnableManyCurvSurf@gcEnvironment_c@@QAEHXZ
?getEnableNonManifoldVertex@gcEnvironment_c@@QAEHXZ
?getEnablePSFacePattern@gcEnvironment_c@@QAEHXZ
?getEnableParentChild@gcEnvironment_c@@QAEHXZ
?getEnablePunchToolSelOther@gcEnvironment_c@@QAEHXZ
?getEnableRefCurveValidityCheck@gcEnvironment_c@@QAEHXZ
?getEnableRefPlaneAutoSize@gcEnvironment_c@@QAEHXZ
?getEnableRegionSelection@gcEnvironment_c@@QAEHXZ
?getEnableRemoveDetail@gcEnvironment_c@@QAEHXZ
?getEnableShadedPreviewGraphics@gcEnvironment_c@@QAEHXZ
?getEnableSheetMetalPhase2@gcEnvironment_c@@QAEHXZ
?getEnableSmartReorder@gcEnvironment_c@@QAEHXZ
?getEnableSweepBodyForPattern@gcEnvironment_c@@QAEHXZ
?getEnableTWGraphics@gcEnvironment_c@@QAEHXZ
?getEnableVertexSelection@gcEnvironment_c@@QAEHXZ
?getExplodeLine@gcThreadData_c@@QBEHXZ
?getExpressImport@gcEnvironment_c@@QAEHXZ
?getExtRefsWarningTrigger@gcEnvironment_c@@QAEHXZ
?getFeatInProgress@gcEnvironment_c@@QAEPAXXZ
?getHelicalSweepState@gcEnvironment_c@@QAEHXZ
?getIgnoreSMFSelfInterCheck@gcEnvironment_c@@QBEHXZ
?getInitGapBoundWidth@gcTolerances_c@@QBENXZ
?getMatchBodies@gcEnvironment_c@@QAEHXZ
?getMonitorBody@gcEnvironment_c@@QAEHXZ
?getMonitorBodyTag@gcEnvironment_c@@QAEHXZ
?getNominalGeometryState@gcEnvironment_c@@QAEHXZ
?getNumThreadBodies@gcCosThreadHelper_c@@QBEHXZ
?getOldStyleKnitWanted@gcEnvironment_c@@QAEHXZ
?getOrientationForCompRefs@gcEnvironment_c@@QBEHXZ
?getPKloftedBodyState@gcEnvironment_c@@QAEHXZ
?getProcessId@gcThreadData_c@@QBEKXZ
?getProcessSuccess@gcThreadData_c@@QBEHXZ
?getPropergateSketchTol@gcEnvironment_c@@QAEHXZ
?getPropogateFaceIdIncrementalAttribWhenCopy@gcEnvironment_c@@QAEHXZ
?getRegenCancelledByUser@gcEnvironment_c@@QAEHXZ
?getSaveDeltasWithPartition@gcEnvironment_c@@QBEHXZ
?getSaveMode@gcEnvironment_c@@QAEHXZ
?getSavePartitionRBDataOn@gcEnvironment_c@@QBEHXZ
?getSharedTessellationMethod@gcEnvironment_c@@QAEHXZ
?getStatusArray@gcEnvironment_c@@QAEPAXH@Z
?getSurfAngularTessellationTol@gcTolerances_c@@QBENXZ
?getSurfChordTessellationTol@gcTolerances_c@@QBENXZ
?getSysTolerances@gcEnvironment_c@@QBEABVgcTolerances_c@@XZ
?getThread@gcThreadData_c@@QBEPAXXZ
?getThreadData@gcThreadData_c@@QBEPAXXZ
?getThreadDataArray@gcCosThreadHelper_c@@QAEAAV?$vector@PAVgcCosThreadData@@V?$allocator@PAVgcCosThreadData@@@std@@@std@@XZ
?getThreadTerminate@gcThreadData_c@@QBEHXZ
?getToolArrayForAlignedSectionView@gcCosThreadHelper_c@@QAEAAVsuPtrArray@@XZ
?getUVCurveOutputTol@gcTolerances_c@@QBENXZ
?getUseCustomizedImportTolerance@gcEnvironment_c@@QAEHXZ
?getUserTolerances@gcEnvironment_c@@QBEABVgcTolerances_c@@XZ
?getUserTolerancesToUpdate@gcEnvironment_c@@QAEPAVgcTolerances_c@@XZ
?getXformArrayForAlignedSectionView@gcCosThreadHelper_c@@QAEAAVsuPtrArray@@XZ
?isLightweightDrawingsEnabled@gcEnvironment_c@@QAEHXZ
?isSharedTessellationEnabled@gcEnvironment_c@@QAEHXZ
?isTrapParasolidCrashEnabled@gcEnvironment_c@@QAEHXZ
?setAlignedSectionBodyVsXformMap@gcCosThreadHelper_c@@QAEXABV?$map@PAVgcBody_w@@VmgXform_c@@U?$less@PAVgcBody_w@@@std@@V?$allocator@U?$pair@QAVgcBody_w@@VmgXform_c@@@std@@@4@@std@@@Z
?setBCurveNonRationalOutputTol@gcTolerances_c@@QAEXN@Z
?setBCurveOutputTol@gcTolerances_c@@QAEXN@Z
?setBodies@gcCosThreadHelper_c@@QAEXAAVsuPtrArray@@@Z
?setBucket@gcCosThreadHelper_c@@QAEXPAVgcBucket_c@@@Z
?setCanUseCachedData@gcCosThreadHelper_c@@QAEXH@Z
?setContourBBox@gcCosThreadHelper_c@@QAEXVmgBBox_c@@@Z
?setCurveChordTessellationTol@gcTolerances_c@@QAEXN@Z
?setDrViewContourXform@gcCosThreadHelper_c@@QAEXVmgXform_c@@@Z
?setDrViewXform@gcCosThreadHelper_c@@QAEXVmgXform_c@@@Z
?setExplodeLine@gcThreadData_c@@QAEXH@Z
?setHLRXform@gcCosThreadHelper_c@@QAEXVmgXform_c@@@Z
?setInitGapBoundWidth@gcTolerances_c@@QAEXN@Z
?setInvDrXformForAlignSection@gcCosThreadHelper_c@@QAEXVmgXform_c@@@Z
?setIsANSI@gcCosThreadHelper_c@@QAEXXZ
?setIsAssemblyDrawingView@gcCosThreadHelper_c@@QAEXH@Z
?setIsRelativeView@gcCosThreadHelper_c@@QAEXH@Z
?setNoHiddenEdges@gcCosThreadHelper_c@@QAEXH@Z
?setNumAlignedExcludedBodies@gcCosThreadHelper_c@@QAEXH@Z
?setNumThreadBodies@gcCosThreadHelper_c@@QAEXH@Z
?setPerspectiveInfo@gcCosThreadHelper_c@@QAEXPAVmgModelPerspInfo_c@@@Z
?setProcessSuccess@gcThreadData_c@@QAEXH@Z
?setProcessingInBackground@gcCosThreadHelper_c@@QAEXH@Z
?setRunoutLength@gcCosThreadHelper_c@@QAEXN@Z
?setShowHidden@gcCosThreadHelper_c@@QAEXH@Z
?setStatusArray@gcEnvironment_c@@QAEXHPAX@Z
?setSurfAngularTessellationTol@gcTolerances_c@@QAEXN@Z
?setSurfChordTessellationTol@gcTolerances_c@@QAEXN@Z
?setThreadData@gcThreadData_c@@QAEXPAX@Z
?setThreadHelper@swUtilsCThreadProcess_c@@QAEXPAVgcCosThreadHelper_c@@@Z
?setThreadTerminate@gcThreadData_c@@QAEXH@Z
?setUVCurveOutputTol@gcTolerances_c@@QAEXN@Z

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2a9f7865717f525d6640e9cde5ca9b2f

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

41:c9:e1:05:41:51:47:7d:af:5a:6e:0f:90:83:72:0fCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

sldgcu

sldmfcu

sldmgu

swccu

msvcp90

mfc90u

msvcr90

Exports

Exports

Sections

.text Size: 14KB - Virtual size: 13KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 90KB - Virtual size: 90KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

41:c9:e1:05:41:51:47:7d:af:5a:6e:0f:90:83:72:0f
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

.text
Size: 14KB - Virtual size: 13KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 90KB - Virtual size: 90KB