846b2569c9ded9fc6d16ae163ffb57003099b6afadb0f7e2aac3903732ba4084

Sharing

Copy URL

Twitter E-mail

General

Target

846b2569c9ded9fc6d16ae163ffb57003099b6afadb0f7e2aac3903732ba4084
Size

601KB
MD5

0bbb01f1026ffb7f445ca425913ab6e0
SHA1

7f3f5cea83fac66066a78a390c03c5e2f2f14c5f
SHA256

846b2569c9ded9fc6d16ae163ffb57003099b6afadb0f7e2aac3903732ba4084
SHA512

f3a2ed0582a5ef1fb647a1c70b1cba9d4f12799dd7754566b108b8b242226804f8cb7610dea1f31900e6836bfe45cd366ba0abcb5aa9b23bafdc6c6c6cb12f84
SSDEEP

12288:xwmW48mG0/qnzwFdGOOZTjjOM0z4VgMD:kdEOZTnNRgMD

Score

N/A

Malware Config

Signatures

Files

846b2569c9ded9fc6d16ae163ffb57003099b6afadb0f7e2aac3903732ba4084
.exe windows x64

92e198b10133fdf323e3e5561348c27b

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01-05-2012 00:00

Not After

31-12-2012 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:d3:9d:ec:b1:e5:d4:11:52:bb:34:6e:53:a9:20:22
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28-06-2012 00:00

Not After

28-06-2013 23:59

Subject

CN=BUFFALO INC.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Production Dept.,O=BUFFALO INC.,L=30-20\,Ohsu 3-chome\,Naka-ku\,Nagoya,ST=Aichi,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

26:60:79:a4:d5:79:cc:f5:5d:f0:48:71:eb:98:3d:90:0a:a3:cc:a4
Signer

Actual PE Digest

26:60:79:a4:d5:79:cc:f5:5d:f0:48:71:eb:98:3d:90:0a:a3:cc:a4

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=BUFFALO INC.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Production Dept.,O=BUFFALO INC.,L=30-20\,Ohsu 3-chome\,Naka-ku\,Nagoya,ST=Aichi,C=JP

12-09-2012 12:23
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetVolumeInformationW
FileTimeToLocalFileTime
GetFileSizeEx
GetFileTime
GlobalFlags
WritePrivateProfileStringW
SetErrorMode
GetStartupInfoW
GetTimeZoneInformation
GetSystemTimeAsFileTime
ExitProcess
HeapAlloc
HeapFree
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
HeapReAlloc
SetStdHandle
GetFileType
ExitThread
CreateThread
HeapSize
HeapQueryInformation
SetUnhandledExceptionFilter
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetStartupInfoA
EncodePointer
DecodePointer
FlsGetValue
FindFirstFileW
FlsFree
FlsAlloc
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetTickCount
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetExitCodeProcess
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetProcessHeap
CreateFileA
SetEnvironmentVariableA
SetEnvironmentVariableW
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
FileTimeToSystemTime
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
GlobalHandle
GlobalReAlloc
TlsAlloc
InitializeCriticalSection
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
ReleaseSemaphore
CreateSemaphoreW
GetCurrentProcessId
SetThreadPriority
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
CompareStringA
FreeResource
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LoadLibraryA
lstrcmpW
GetVersionExA
lstrlenA
lstrcmpA
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
WideCharToMultiByte
SetEvent
CreateEventW
ResumeThread
SuspendThread
GetTempFileNameW
GetTempPathW
DeleteVolumeMountPointW
SetLastError
DeviceIoControl
CreateFileW
RemoveDirectoryW
CopyFileW
GetPrivateProfileSectionNamesW
GetPrivateProfileIntW
MoveFileExW
FreeLibrary
LoadLibraryW
GetFullPathNameW
lstrlenW
CreateDirectoryW
DeleteFileW
Sleep
MulDiv
GetModuleHandleW
GetProcAddress
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetCurrentProcess
GetLocaleInfoW
GetVolumeNameForVolumeMountPointW
MultiByteToWideChar
FormatMessageW
GetLastError
SetFileAttributesW
GetFileAttributesW
LocalFree
GetVersionExW
ReadFile
CloseHandle
WaitForSingleObject
CreateProcessW
GetModuleFileNameW
FindResourceW
LoadResource
LockResource
SizeofResource
FlsSetValue
GetPrivateProfileStringW

user32

CharUpperW
LoadCursorW
GetSysColorBrush
DestroyMenu
SetWindowTextW
IsDialogMessageW
SetCursor
GetMessageW
TranslateMessage
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
CheckMenuItem
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
PostQuitMessage
RegisterWindowMessageW
SendDlgItemMessageA
SendDlgItemMessageW
WinHelpW
GetCapture
SetWindowsHookExW
UnregisterClassW
GetClassNameW
GetClassLongPtrW
SetPropW
GetPropW
RemovePropW
IsWindow
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageW
GetDlgItem
GetWindowLongPtrW
SetWindowLongPtrW
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
GetKeyState
SetMenu
GetDC
ReleaseDC
IsWindowVisible
UpdateWindow
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
GetParent
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
CopyRect
PtInRect
CallNextHookEx
SendMessageW
EnableWindow
LoadIconW
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
SetTimer
KillTimer
GetSystemMenu
EnableMenuItem
PostMessageW
GetTopWindow
GetWindowThreadProcessId
GetWindow
CharPrevW
CharNextW
MessageBoxW
FindWindowExW
DestroyWindow
EnumWindows
GetMenu
GetWindowLongW
SetWindowLongW
SetWindowPos
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetSysColor
EndPaint
BeginPaint
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
CreateWindowExW
ShowWindow
IsWindowEnabled
SetForegroundWindow
GetFocus

gdi32

GetStockObject
CreateBitmap
DeleteDC
GetDeviceCaps
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
DeleteObject
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
GetObjectW

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
CloseServiceHandle
OpenSCManagerW
RegCloseKey
RegQueryValueExW

shell32

CommandLineToArgvW
SHGetFolderPathW
ord232
ShellExecuteW

comctl32

InitCommonControlsEx

shlwapi

PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathFileExistsW

ole32

CoUninitialize
CoInitialize

oleaut32

VariantClear
VariantChangeType
VariantInit

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

setupapi

SetupDiGetDeviceInfoListDetailW
CM_Get_Device_ID_ExW
SetupDiGetDeviceRegistryPropertyW
SetupDiClassGuidsFromNameExW
SetupDiGetClassDevsExW
SetupDiCreateDeviceInfoListExW
SetupDiOpenDeviceInfoW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiSetClassInstallParamsW
SetupDiCallClassInstaller
SetupDiGetDeviceInstallParamsW

Sections

.text
Size: 285KB - Virtual size: 284KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 139KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

92e198b10133fdf323e3e5561348c27b

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

71:d3:9d:ec:b1:e5:d4:11:52:bb:34:6e:53:a9:20:22Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

26:60:79:a4:d5:79:cc:f5:5d:f0:48:71:eb:98:3d:90:0a:a3:cc:a4Signer

Signature Validations

Verification

12-09-2012 12:23 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

version

setupapi

Sections

.text Size: 285KB - Virtual size: 284KB

.rdata Size: 96KB - Virtual size: 95KB

.data Size: 12KB - Virtual size: 38KB

.pdata Size: 19KB - Virtual size: 19KB

.rsrc Size: 139KB - Virtual size: 138KB

.reloc Size: 11KB - Virtual size: 10KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

71:d3:9d:ec:b1:e5:d4:11:52:bb:34:6e:53:a9:20:22
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

26:60:79:a4:d5:79:cc:f5:5d:f0:48:71:eb:98:3d:90:0a:a3:cc:a4
Signer

12-09-2012 12:23
Valid: false

.text
Size: 285KB - Virtual size: 284KB

.rdata
Size: 96KB - Virtual size: 95KB

.data
Size: 12KB - Virtual size: 38KB

.pdata
Size: 19KB - Virtual size: 19KB

.rsrc
Size: 139KB - Virtual size: 138KB

.reloc
Size: 11KB - Virtual size: 10KB