88d29dfb48bbcf39701467842e24a919a52cbec3661c46ee99968ce7c28307f9

Sharing

Copy URL Twitter E-mail

General

Target

88d29dfb48bbcf39701467842e24a919a52cbec3661c46ee99968ce7c28307f9
Size

207KB
MD5

212854460e57d6d65bf4406612b4a9c0
SHA1

667ee42020fb7b418da114952079b5d0432b5cfd
SHA256

88d29dfb48bbcf39701467842e24a919a52cbec3661c46ee99968ce7c28307f9
SHA512

87045e2556c3dfe1c118c8dae459e547320a98dd35521af35f309045a91e21010526ec7957c92e4ee791adc17f2a1013dc8955508d7ba21d96e4e51e619a24ce
SSDEEP

6144:H0Szr8JdDRA08vfJmFYSF6bejzOtQEm8H:H0SzrMdDR4gU6OQW

Score

N/A

Malware Config

Signatures

Files

88d29dfb48bbcf39701467842e24a919a52cbec3661c46ee99968ce7c28307f9
.exe windows x64

1698bc632c6532761ea7360457c0c164

Code Sign

33:00:00:00:5a:ed:2f:f4:e4:20:99:3f:3a:00:00:00:00:00:5a
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2014, 17:13

Not After

23/08/2015, 17:13

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:ca:6c:d5:32:12:35:c4:e1:55:00:01:00:00:00:ca
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/04/2014, 17:39

Not After

22/07/2015, 17:39

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1c:bc:7a:f8:0c:1d:9b:b9:78:6c:91:67:57:37:31:b4:a6:f4:b3:cf
Signer

Actual PE Digest

1c:bc:7a:f8:0c:1d:9b:b9:78:6c:91:67:57:37:31:b4:a6:f4:b3:cf

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

06/10/2014, 23:03
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

EventWrite
EventUnregister
EventRegister
GetSidSubAuthority
OpenThreadToken
SetSecurityDescriptorGroup
GetTokenInformation
GetAclInformation
CopySid
GetSecurityDescriptorControl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
MakeAbsoluteSD
InitializeAcl
SetSecurityDescriptorOwner
GetSecurityDescriptorOwner
IsValidSid
GetSidLengthRequired
InitializeSid
AddAce
OpenProcessToken
GetSecurityDescriptorSacl
GetLengthSid
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
ConvertSidToStringSidW

kernel32

LocalFree
CloseHandle
GetProcAddress
GetProcessHeap
GetCurrentThread
GetModuleHandleW
HeapFree
HeapAlloc
CloseThreadpoolCleanupGroup
InitializeCriticalSection
CreateThreadpool
SetThreadpoolThreadMaximum
LeaveCriticalSection
GetLastError
Sleep
GetStartupInfoW
EncodePointer
DecodePointer
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CloseThreadpoolWork
CreateThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
EnterCriticalSection
SetThreadpoolThreadMinimum
HeapSetInformation
CloseThreadpool
DeleteCriticalSection
GetCurrentThreadId
DebugBreak
HeapSize
HeapReAlloc
HeapDestroy

user32

DispatchMessageW
TranslateMessage
GetMessageW

msvcp100

?_Getlconv@_Locinfo@std@@QEBAPEBUlconv@@XZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
??0_Locinfo@std@@QEAA@PEBD@Z
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
??Bid@locale@std@@QEAA_KXZ
?_Incref@facet@locale@std@@QEAAXXZ
?_Decref@facet@locale@std@@QEAAPEAV123@XZ
??1facet@locale@std@@UEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
_Mbrtowc
?_Init@locale@std@@CAPEAV_Locimp@12@XZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?id@?$numpunct@_W@std@@2V0locale@2@A
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
??1_Locinfo@std@@QEAA@XZ

msvcr100

__dllonexit
memset
_CxxThrowException
memcpy
memcpy_s
_resetstkoflw
malloc
calloc
free
_wcsicmp
memmove_s
_stricmp
?what@exception@std@@UEBAPEBDXZ
??1exception@std@@UEAA@XZ
??0exception@std@@QEAA@AEBQEBD@Z
??0exception@std@@QEAA@AEBQEBDH@Z
??0exception@std@@QEAA@AEBV01@@Z
_purecall
??3@YAXPEAX@Z
__CxxFrameHandler3
??_V@YAXPEAX@Z
memmove
??0bad_cast@std@@QEAA@AEBV01@@Z
??0bad_cast@std@@QEAA@PEBD@Z
??1bad_cast@std@@UEAA@XZ
strrchr
??2@YAPEAX_K@Z
_amsg_exit
__wgetmainargs
__C_specific_handler
_XcptFilter
_exit
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__crt_debugger_hook
?terminate@@YAXXZ
_onexit
_lock
memcmp
_unlock
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_cexit

ole32

CoInitializeEx
CoCreateInstance
CoUninitialize

rpcrt4

RpcBindingInqAuthClientW
NdrServerCall2
NdrServerCallAll
RpcImpersonateClient
RpcServerRegisterIf2
RpcServerRegisterAuthInfoW
RpcServerUnregisterIf
RpcServerUseProtseqEpW
RpcRevertToSelf
RpcServerListen

shell32

SHCreateItemFromParsingName
SHChangeNotify

userenv

UnloadUserProfile

Sections

.text
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

-�
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1698bc632c6532761ea7360457c0c164

Code Sign

33:00:00:00:5a:ed:2f:f4:e4:20:99:3f:3a:00:00:00:00:00:5aCertificate

Extended Key Usages

33:00:00:00:ca:6c:d5:32:12:35:c4:e1:55:00:01:00:00:00:caCertificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

1c:bc:7a:f8:0c:1d:9b:b9:78:6c:91:67:57:37:31:b4:a6:f4:b3:cfSigner

Signature Validations

Verification

06/10/2014, 23:03 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcp100

msvcr100

ole32

rpcrt4

shell32

userenv

Sections

.text Size: 172KB - Virtual size: 172KB

.data Size: 3KB - Virtual size: 4KB

.pdata Size: 4KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

-� Size: 12KB - Virtual size: 11KB

33:00:00:00:5a:ed:2f:f4:e4:20:99:3f:3a:00:00:00:00:00:5a
Certificate

33:00:00:00:ca:6c:d5:32:12:35:c4:e1:55:00:01:00:00:00:ca
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

1c:bc:7a:f8:0c:1d:9b:b9:78:6c:91:67:57:37:31:b4:a6:f4:b3:cf
Signer

06/10/2014, 23:03
Valid: false

.text
Size: 172KB - Virtual size: 172KB

.data
Size: 3KB - Virtual size: 4KB

.pdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

-�
Size: 12KB - Virtual size: 11KB