6ecd45a26e77ad7a83cb87ff6689987b0a01fead08212cc0f78a962f2f0ee64d

Sharing

Copy URL Twitter E-mail

General

Target

6ecd45a26e77ad7a83cb87ff6689987b0a01fead08212cc0f78a962f2f0ee64d
Size

510KB
MD5

0bafcad6ff88f1f0390747e7e548f2b5
SHA1

6c5773d0bb443b5dc70e9adb95e7bbf1877facab
SHA256

6ecd45a26e77ad7a83cb87ff6689987b0a01fead08212cc0f78a962f2f0ee64d
SHA512

474aae03f1c432dea61d868f506f38f8743daeb57f3b18c84c918d3f86fa8fb3f75a865d7053739101fd74544af2c06c19166aff320245f898eee47caea084be
SSDEEP

12288:CTOA0bbXTYx9xsx6F25VEgcGrkVEBU3L:BJkCx6FgRcuk2ML

Score

N/A

Malware Config

Signatures

Files

6ecd45a26e77ad7a83cb87ff6689987b0a01fead08212cc0f78a962f2f0ee64d
.exe windows x86

ce9daefbb71b8d71d7e3625cf58dfb01

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:2f:9c:58:b6:1e:1d:98:33:71:9f:44:9e:43:66:8a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

18/05/2009, 00:00

Not After

18/05/2010, 23:59

Subject

CN=Canon Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Inkjet System Development Center,O=Canon Inc.,L=Kawasaki-shi,ST=Kanagawa,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

26:3c:a4:c9:62:e8:74:9f:c1:21:57:d1:ec:d1:7e:4b:ad:ce:9f:a0
Signer

Actual PE Digest

26:3c:a4:c9:62:e8:74:9f:c1:21:57:d1:ec:d1:7e:4b:ad:ce:9f:a0

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Canon Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Inkjet System Development Center,O=Canon Inc.,L=Kawasaki-shi,ST=Kanagawa,C=JP

02/04/2010, 00:53
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

kernel32

WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
GetVolumeInformationW
GetFullPathNameW
FileTimeToSystemTime
FileTimeToLocalFileTime
CompareStringA
GetLocaleInfoW
lstrcmpA
EnumResourceLanguagesW
GetVersion
ConvertDefaultLocale
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
InterlockedIncrement
lstrlenA
GlobalFlags
GetFileTime
GetTickCount
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
ExitProcess
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetCurrentDirectoryA
GetDriveTypeA
CreateFileA
SetEnvironmentVariableA
LockResource
LoadResource
FindResourceW
InterlockedDecrement
MultiByteToWideChar
HeapReAlloc
HeapAlloc
GetProcessHeap
HeapFree
lstrcmpiW
lstrcmpW
GetWindowsDirectoryW
GetSystemDirectoryW
FreeLibrary
GetProcAddress
LoadLibraryW
DeleteFileW
SetFileAttributesW
CloseHandle
LocalFree
LocalAlloc
GetCurrentProcess
GetLastError
GetCurrentThread
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
GetShortPathNameW
GetModuleHandleW
GetDiskFreeSpaceExW
GetTempPathW
WritePrivateProfileStringW
WritePrivateProfileSectionW
GetPrivateProfileSectionW
lstrlenW
CreateDirectoryW
ReadFile
GetTempFileNameW
GetFileAttributesW
CopyFileW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetSystemDefaultLCID
GetSystemDefaultLangID
RemoveDirectoryW
MoveFileExW
Sleep
OpenProcess
MoveFileW
CreateFileW
OpenMutexW
CreateMutexW
FormatMessageW
GetVersionExW
FindClose
FindNextFileW
FindFirstFileW
GetExitCodeThread
CreateThread
GetDriveTypeW
GetModuleFileNameW
SetErrorMode
SetEvent
CreateEventW
ResetEvent
InterlockedExchange
LoadLibraryA
RaiseException
SetLastError
MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalFree
WideCharToMultiByte
GetVersionExA
CompareStringW
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
SizeofResource
GetCurrentThreadId
FreeResource
GetModuleHandleA
GetCurrentProcessId
GetThreadLocale

user32

SetWindowsHookExW
GetCapture
IsChild
WinHelpW
SendDlgItemMessageA
SendDlgItemMessageW
LoadIconW
RegisterWindowMessageW
CheckMenuItem
EnableMenuItem
ModifyMenuW
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
SetWindowTextW
MoveWindow
ShowWindow
IsWindowEnabled
EndDialog
GetNextDlgTabItem
CreateDialogIndirectParamW
GetActiveWindow
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
ClientToScreen
GetWindowDC
BeginPaint
EndPaint
CharUpperW
PostQuitMessage
ValidateRect
GetCursorPos
GetMessageW
SetCursor
MapDialogRect
SetWindowContextHelpId
GetSysColorBrush
LoadCursorW
DestroyMenu
UnregisterClassW
SetCapture
ReleaseCapture
CharNextW
CopyAcceleratorTableW
IsRectEmpty
SetRect
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
RegisterClipboardFormatW
PostThreadMessageW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
IsWindow
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
GetKeyState
UnregisterClassA
SetForegroundWindow
IsWindowVisible
UpdateWindow
GetClientRect
GetMenu
PostMessageW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
ScreenToClient
EqualRect
CopyRect
PtInRect
DefWindowProcW
CallWindowProcW
GetWindowLongW
SetWindowLongW
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
GetWindow
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
ExitWindowsEx
PeekMessageW
IsDialogMessageW
TranslateMessage
DispatchMessageW
LoadStringW
GetWindowThreadProcessId
GetParent
MessageBoxW
GetDesktopWindow
InvalidateRect
ReleaseDC
GetDC
GetWindowRect
SendMessageW
EnableWindow
GetFocus
GetDlgCtrlID

gdi32

GetRgnBox
GetTextColor
GetBkColor
GetMapMode
CreateRectRgnIndirect
GetStockObject
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
DeleteObject
SetMapMode
RestoreDC
SaveDC
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
GetTextExtentPoint32W
GetObjectW
CreateFontIndirectW

comdlg32

GetFileTitleW

oledlg

OleUIBusyW

ole32

CLSIDFromString
CoTaskMemFree
CoUninitialize
CoCreateInstance
CoInitialize
OleRun
CoTaskMemAlloc
CLSIDFromProgID
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

Sections

.text
Size: 364KB - Virtual size: 364KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ce9daefbb71b8d71d7e3625cf58dfb01

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

44:2f:9c:58:b6:1e:1d:98:33:71:9f:44:9e:43:66:8aCertificate

Extended Key Usages

Key Usages

26:3c:a4:c9:62:e8:74:9f:c1:21:57:d1:ec:d1:7e:4b:ad:ce:9f:a0Signer

Signature Validations

Verification

02/04/2010, 00:53 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

version

kernel32

user32

gdi32

comdlg32

oledlg

ole32

Sections

.text Size: 364KB - Virtual size: 364KB

.rdata Size: 84KB - Virtual size: 84KB

.data Size: 28KB - Virtual size: 44KB

.rsrc Size: 32KB - Virtual size: 36KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

44:2f:9c:58:b6:1e:1d:98:33:71:9f:44:9e:43:66:8a
Certificate

26:3c:a4:c9:62:e8:74:9f:c1:21:57:d1:ec:d1:7e:4b:ad:ce:9f:a0
Signer

02/04/2010, 00:53
Valid: false

.text
Size: 364KB - Virtual size: 364KB

.rdata
Size: 84KB - Virtual size: 84KB

.data
Size: 28KB - Virtual size: 44KB

.rsrc
Size: 32KB - Virtual size: 36KB