6a176a11a0e9a130af9b4f631529c12191762d156f9f179e5f8dac094090544d

Sharing

Copy URL Twitter E-mail

General

Target

6a176a11a0e9a130af9b4f631529c12191762d156f9f179e5f8dac094090544d
Size

245KB
MD5

a3866e79e9ac8b167bd48fc3d81fdc67
SHA1

79811a40a618f0aa1669af0590c1107c961c7c41
SHA256

6a176a11a0e9a130af9b4f631529c12191762d156f9f179e5f8dac094090544d
SHA512

69b13e7a42d695108b999c021cdb4a91a1ce9ffc8b21d6467ba8e523e6ac18b23821f564cb2e1d63dd9e2a839be7a44e620a2321346bc7105eb0533069492c03
SSDEEP

6144:b/sczdbT7pOHQNyAh/Ey2rf1cmG62PhOLwfB:zBdf7wAxEy2r1cmueMB

Score

N/A

Malware Config

Signatures

Files

6a176a11a0e9a130af9b4f631529c12191762d156f9f179e5f8dac094090544d
.exe windows x86

92f6159e92e091db00a1debd029d24db

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

19:70:1c:92:ef:79:94:48:1b:6a:28:a6:86:ab:ab:f5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

11/09/2009, 00:00

Not After

07/11/2012, 23:59

Subject

CN=Absolute Software Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Development,O=Absolute Software Corp.,L=Vancouver,ST=British Columbia,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

11:07:da:1f:c6:88:59:d8:cf:ec:8a:01:94:65:5e:ca:a5:61:d1:e3
Signer

Actual PE Digest

11:07:da:1f:c6:88:59:d8:cf:ec:8a:01:94:65:5e:ca:a5:61:d1:e3

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Absolute Software Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Development,O=Absolute Software Corp.,L=Vancouver,ST=British Columbia,C=CA

10/08/2010, 18:15
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrCmpW
StrStrW

kernel32

LoadLibraryW
GetProcAddress
GetFileSize
CompareFileTime
GetSystemTime
SystemTimeToFileTime
FileTimeToSystemTime
DeleteFileA
SetFilePointer
SetEndOfFile
GetCurrentProcess
LocalFree
SetFileAttributesW
WriteFile
CopyFileW
GetFileAttributesW
CreateFileW
SetLastError
GetLocalTime
LocalAlloc
GetCurrentThreadId
ReadFile
FlushFileBuffers
GetFileTime
CreateFileA
GetTempFileNameA
GetTempPathA
GetCommandLineW
WaitForMultipleObjects
SetEvent
CreateEventA
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
CreateThread
TerminateThread
GetExitCodeProcess
FreeLibrary
GetCurrentProcessId
GetModuleHandleW
CreateProcessA
TerminateProcess
ReleaseMutex
CreateMutexA
GetCommandLineA
HeapFree
GetVersionExA
GetProcessHeap
InterlockedExchange
LoadLibraryA
GetSystemTimeAsFileTime
WideCharToMultiByte
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStdHandle
GetModuleFileNameA
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
IsDebuggerPresent
RaiseException
HeapSize
ExitProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetLocaleInfoA
VirtualAlloc
HeapReAlloc
GetConsoleCP
GetConsoleMode
RtlUnwind
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetOverlappedResult
WaitForSingleObject
DeviceIoControl
GetModuleFileNameW
CloseHandle
Sleep
GetSystemDirectoryW
DeleteFileW
GetTickCount
FindFirstFileW
FindNextFileW
FindClose
CreateProcessW
GetLastError
HeapAlloc

advapi32

GetLengthSid
OpenProcessToken
OpenServiceA
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptGetKeyParam
CryptSetKeyParam
CryptDecrypt
CryptEncrypt
CryptImportKey
CopySid
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerExW
OpenServiceW
CreateServiceW
StartServiceW
QueryServiceStatus
CloseServiceHandle
DeleteService
OpenSCManagerW
ControlService
FreeSid
IsValidSid
SetEntriesInAclW
AllocateAndInitializeSid
SetNamedSecurityInfoW
RegCloseKey
RegDeleteKeyW
RegOpenKeyW
RegCreateKeyW
GetExplicitEntriesFromAclW
GetNamedSecurityInfoW
EqualSid
GetTokenInformation

shell32

SHGetSpecialFolderPathW
SHCreateDirectoryExW
CommandLineToArgvW

ole32

CoCreateInstance
CoUninitialize
CoInitializeEx

ws2_32

WSACleanup
WSAStartup

wininet

InternetOpenA
InternetOpenUrlA
InternetCloseHandle
InternetReadFile

oleaut32

SafeArrayDestroy
SysFreeString
SysAllocString

Exports

Exports

GetCheckTdtVersion
GetTdtAvailability
GetTdtAvailabilityEx

Sections

.text
Size: 168KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

92f6159e92e091db00a1debd029d24db

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

19:70:1c:92:ef:79:94:48:1b:6a:28:a6:86:ab:ab:f5Certificate

Extended Key Usages

Key Usages

11:07:da:1f:c6:88:59:d8:cf:ec:8a:01:94:65:5e:ca:a5:61:d1:e3Signer

Signature Validations

Verification

10/08/2010, 18:15 Valid: false

Headers

File Characteristics

Imports

shlwapi

kernel32

advapi32

shell32

ole32

ws2_32

wininet

oleaut32

Exports

Exports

Sections

.text Size: 168KB - Virtual size: 165KB

.rdata Size: 56KB - Virtual size: 52KB

.data Size: 8KB - Virtual size: 16KB

.rsrc Size: 4KB - Virtual size: 2KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

19:70:1c:92:ef:79:94:48:1b:6a:28:a6:86:ab:ab:f5
Certificate

11:07:da:1f:c6:88:59:d8:cf:ec:8a:01:94:65:5e:ca:a5:61:d1:e3
Signer

10/08/2010, 18:15
Valid: false

.text
Size: 168KB - Virtual size: 165KB

.rdata
Size: 56KB - Virtual size: 52KB

.data
Size: 8KB - Virtual size: 16KB

.rsrc
Size: 4KB - Virtual size: 2KB