a5a07bbc77f47e35812f33444fad55b58a325540a3e6ddccf5a8b4126ce09194

Sharing

Copy URL Twitter E-mail

General

Target

a5a07bbc77f47e35812f33444fad55b58a325540a3e6ddccf5a8b4126ce09194
Size

49KB
MD5

58ae84960d1e64cd2b7f7c23827693dd
SHA1

53944535178d6f92004a5743c34cd35e14a911dd
SHA256

a5a07bbc77f47e35812f33444fad55b58a325540a3e6ddccf5a8b4126ce09194
SHA512

089834327e943c10960e9e94658515bed4634a7fc495f78da2cbc8852e9831cdae10547e0686ee3fb94363d9652d0a2adf81faaf9c38c45852201369d9119ba4
SSDEEP

1536:j/ZFUGsTyAO9hSTZpvdxcLhf9FcQQN2iCSDd8i2:bjUGAyD9CvdxcDFfQN77

Score

N/A

Malware Config

Signatures

Files

a5a07bbc77f47e35812f33444fad55b58a325540a3e6ddccf5a8b4126ce09194
.exe windows x86

36cb831ad25374f76e5353fa73398e33

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0c:4d:17:73:c9:51:7e:e2:00:e8:40:3f:6a:06:c5:c2
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

13/09/2010, 00:00

Not After

28/10/2013, 23:59

Subject

CN=VMware\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Marketing,O=VMware\, Inc.,L=Palo Alto,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

56:6a:e1:5b:12:4b:18:96:e0:66:22:0b:a6:16:59:ff:55:22:a9:7f
Signer

Actual PE Digest

56:6a:e1:5b:12:4b:18:96:e0:66:22:0b:a6:16:59:ff:55:22:a9:7f

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=VMware\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Marketing,O=VMware\, Inc.,L=Palo Alto,ST=California,C=US

14/07/2012, 18:39
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegSetValueExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegEnumKeyExW
DuplicateTokenEx
OpenProcessToken

user32

EnumDisplaySettingsW
EnumDisplayDevicesW
CloseDesktop
SetThreadDesktop
OpenInputDesktop
GetThreadDesktop
ChangeDisplaySettingsW
GetSystemMetrics
ChangeDisplaySettingsExW
DispatchMessageW
TranslateMessage
PeekMessageW
GetMonitorInfoW
EnumDisplayMonitors
MsgWaitForMultipleObjects

gdi32

CreateDCW
DeleteDC

msvcr90

_initterm_e
_controlfp_s
_invoke_watson
_except_handler4_common
memset
free
calloc
memcpy
swscanf
strrchr
wcsncmp
_stricmp
_access
malloc
_beginthreadex
swscanf_s
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
__winitenv
_initterm
_decode_pointer
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_crt_debugger_hook
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit

glib-2.0

g_logv
g_key_file_free

vmtools

Str_Sprintf
ProcMgr_ExecSync
Win32U_RegOpenKeyEx
GuestApp_GetInstallPath
Str_Snprintf
Warning
Hostinfo_GetOSType
DynBuf_Init
DynBuf_Append
DynBuf_Destroy
Unicode_AllocWithLength
VMTools_LoadConfig
VMTools_ConfigLogging
Debug
Win32U_GetModuleFileName
Str_Snwprintf

psapi

GetModuleBaseNameA
EnumProcesses

kernel32

IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
QueryPerformanceCounter
InterlockedCompareExchange
InterlockedExchange
GetCurrentProcess
CreateEventW
SetEvent
GetCurrentThreadId
ProcessIdToSessionId
OpenProcess
CloseHandle
GetTickCount
GetLastError
Sleep
FreeLibrary
LoadLibraryW
GetProcAddress
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 940B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

36cb831ad25374f76e5353fa73398e33

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0c:4d:17:73:c9:51:7e:e2:00:e8:40:3f:6a:06:c5:c2Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

56:6a:e1:5b:12:4b:18:96:e0:66:22:0b:a6:16:59:ff:55:22:a9:7fSigner

Signature Validations

Verification

14/07/2012, 18:39 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

user32

gdi32

msvcr90

glib-2.0

vmtools

psapi

kernel32

Sections

.text Size: 17KB - Virtual size: 17KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 512B - Virtual size: 940B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 13KB - Virtual size: 13KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0c:4d:17:73:c9:51:7e:e2:00:e8:40:3f:6a:06:c5:c2
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

56:6a:e1:5b:12:4b:18:96:e0:66:22:0b:a6:16:59:ff:55:22:a9:7f
Signer

14/07/2012, 18:39
Valid: false

.text
Size: 17KB - Virtual size: 17KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 512B - Virtual size: 940B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 13KB - Virtual size: 13KB