012b2736981f3d4e6b2613bbaf7a0b8638935e8546260b6bcea3c1d479d35cf0

Sharing

Copy URL

Twitter E-mail

General

Target

012b2736981f3d4e6b2613bbaf7a0b8638935e8546260b6bcea3c1d479d35cf0
Size

143KB
MD5

84776416aeccfb1a1320f339cbe5b077
SHA1

1bb8a47a0f09068e48535aaab7c792d169a8646d
SHA256

012b2736981f3d4e6b2613bbaf7a0b8638935e8546260b6bcea3c1d479d35cf0
SHA512

fe6d0d5b4cc3f7910bfe6360d9ff5e7b34c1a357de930139d06ec0587f0064a257f91f38daab7f1a6f27624de91d912f22e188fec217b271aa7c561280cfd679
SSDEEP

1536:bNN8QJ4PNkVG0PekzF/9zisKldRZ/SQu/Xx1isKldR:bNedz0PekzF/eVJmoV

Score

N/A

Malware Config

Signatures

Files

012b2736981f3d4e6b2613bbaf7a0b8638935e8546260b6bcea3c1d479d35cf0
.exe windows x86

45febbc84d545c4a979ed068f8a39300

Code Sign

02:3a:64
Certificate

Issuer

CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US

Not Before

18/10/2012, 14:38

Not After

20/05/2022, 14:38

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7e:1f:df:72:99:e8:d2:45:a1:5d:0b:a8:e5:b1:59:ba
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

19/05/2022, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

20:0a:7d:1c:4c:0e:f3:83:11:1d:1c:1c:e0:2c:96:08
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

18/07/2011, 00:00

Not After

17/08/2013, 23:59

Subject

CN=Skype Technologies SA,OU=Information Security+OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Skype Technologies SA,L=Luxembourg,ST=Luxembourg,C=LU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:84:6a:fa:05:d3:67:5a:fd:6a:02:c6:1e:9c:64:b0:91:14:fe:99
Signer

Actual PE Digest

4c:84:6a:fa:05:d3:67:5a:fd:6a:02:c6:1e:9c:64:b0:91:14:fe:99

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Skype Technologies SA,OU=Information Security+OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Skype Technologies SA,L=Luxembourg,ST=Luxembourg,C=LU

13/12/2012, 14:27
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

EnumProcesses

msi

ord205
ord111
ord129

kernel32

InitializeCriticalSectionAndSpinCount
GetStringTypeW
MultiByteToWideChar
GetProcAddress
GetModuleHandleA
ReadProcessMemory
OpenProcess
CloseHandle
WaitForSingleObject
LCMapStringW
HeapReAlloc
HeapAlloc
GetLastError
HeapFree
GetCommandLineW
HeapSetInformation
GetStartupInfoW
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
ExitProcess
DecodePointer
WriteFile
GetStdHandle
GetModuleFileNameW
HeapCreate
EncodePointer
IsProcessorFeaturePresent
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
LoadLibraryW
RtlUnwind
Sleep
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
WideCharToMultiByte

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

cchmriu
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

45febbc84d545c4a979ed068f8a39300

Code Sign

02:3a:64Certificate

Extended Key Usages

Key Usages

7e:1f:df:72:99:e8:d2:45:a1:5d:0b:a8:e5:b1:59:baCertificate

Extended Key Usages

Key Usages

20:0a:7d:1c:4c:0e:f3:83:11:1d:1c:1c:e0:2c:96:08Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

4c:84:6a:fa:05:d3:67:5a:fd:6a:02:c6:1e:9c:64:b0:91:14:fe:99Signer

Signature Validations

Verification

13/12/2012, 14:27 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

psapi

msi

kernel32

Sections

.text Size: 27KB - Virtual size: 27KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 3KB - Virtual size: 6KB

.rsrc Size: 48KB - Virtual size: 47KB

.reloc Size: 44KB - Virtual size: 45KB

cchmriu Size: 6KB - Virtual size: 6KB

02:3a:64
Certificate

7e:1f:df:72:99:e8:d2:45:a1:5d:0b:a8:e5:b1:59:ba
Certificate

20:0a:7d:1c:4c:0e:f3:83:11:1d:1c:1c:e0:2c:96:08
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

4c:84:6a:fa:05:d3:67:5a:fd:6a:02:c6:1e:9c:64:b0:91:14:fe:99
Signer

13/12/2012, 14:27
Valid: false

.text
Size: 27KB - Virtual size: 27KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 48KB - Virtual size: 47KB

.reloc
Size: 44KB - Virtual size: 45KB

cchmriu
Size: 6KB - Virtual size: 6KB