1a9d0450e06b1af4676902a30dad63de90466d656950852a16943e08df17fd4e

Sharing

Copy URL Twitter E-mail

General

Target

1a9d0450e06b1af4676902a30dad63de90466d656950852a16943e08df17fd4e
Size

1.2MB
MD5

09471ac7e8087b59dded91f784638630
SHA1

caff35c08ad36582e8e3e1ce6dcbba04b4c61af6
SHA256

1a9d0450e06b1af4676902a30dad63de90466d656950852a16943e08df17fd4e
SHA512

5894b1730d30927b419ec621d9512d77aee93901018cd543c2f3898900254c2170d0154418ae0ed538912d27de8340fd15a15059f21b6f437819ff6c22582d30
SSDEEP

24576:TO7Nr4o3DN4yDH2zNPy9sQUD78EiVl+ojgdKPVpo:cr44DN4yWzFy9sQUDKVLjgdKP3o

Score

N/A

Malware Config

Signatures

Files

1a9d0450e06b1af4676902a30dad63de90466d656950852a16943e08df17fd4e
.exe windows x86

8c8332869c9239115fc0db58cf0137e8

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

30/09/2010, 00:00

Not After

01/01/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:e2:8b:26:db:59:3e:c4:e7:32:86:b6:64:99:c3:70
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

14/11/2011, 00:00

Not After

13/11/2014, 23:59

Subject

CN=Google Inc,OU=Digital ID Class 3 - Java Object Signing,O=Google Inc,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

9c:36:dc:7f:8c:56:c0:d4:9f:b0:be:ef:08:65:27:32:70:4d:34:33
Signer

Actual PE Digest

9c:36:dc:7f:8c:56:c0:d4:9f:b0:be:ef:08:65:27:32:70:4d:34:33

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Google Inc,OU=Digital ID Class 3 - Java Object Signing,O=Google Inc,L=Mountain View,ST=California,C=US

11/05/2012, 01:11
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathRemoveFileSpecW
PathFileExistsW

kernel32

WaitForSingleObject
PostQueuedCompletionStatus
SetLastError
GetLastError
InitializeCriticalSection
TerminateJobObject
GetCurrentThreadId
UnregisterWaitEx
SetEvent
GetQueuedCompletionStatus
ResetEvent
CreateThread
CreateEventW
CreateIoCompletionPort
DeleteCriticalSection
RegisterWaitForSingleObject
DuplicateHandle
GetProcessId
InterlockedExchange
SignalObjectAndWait
SetHandleInformation
GetProcessHandleCount
VirtualFree
LocalFree
ResumeThread
FreeLibrary
WriteProcessMemory
VirtualAllocEx
VirtualQueryEx
GetThreadContext
AssignProcessToJobObject
GetExitCodeProcess
MapViewOfFile
CreateFileMappingW
InterlockedIncrement
InterlockedDecrement
VirtualFreeEx
VirtualProtectEx
CreateFileW
GetLongPathNameW
GetFileAttributesW
QueryDosDeviceW
CreateJobObjectW
CreateMutexW
GetCurrentProcessId
CreateNamedPipeW
OpenEventW
OpenProcess
SearchPathW
GetCurrentDirectoryW
DebugBreak
lstrlenW
VirtualQuery
ReadProcessMemory
SuspendThread
ReleaseSemaphore
RtlCaptureContext
CreateSemaphoreW
WaitNamedPipeW
WaitForMultipleObjects
WriteFile
TransactNamedPipe
SetNamedPipeHandleState
ExpandEnvironmentStringsW
SetEnvironmentVariableW
GetUserDefaultLangID
SystemTimeToFileTime
QueryPerformanceCounter
GetSystemTimeAsFileTime
TzSpecificLocalTimeToSystemTime
QueryPerformanceFrequency
SetFilePointer
FormatMessageA
ReleaseMutex
WideCharToMultiByte
MultiByteToWideChar
GetNativeSystemInfo
GetVersionExW
RaiseException
IsDebuggerPresent
SetInformationJobObject
InitializeCriticalSectionAndSpinCount
TlsGetValue
TlsSetValue
TlsAlloc
TlsFree
ReadFile
GetStdHandle
GetSystemInfo
RtlCaptureStackBackTrace
VirtualAlloc
SizeofResource
LockResource
LoadResource
FindResourceW
GetFileTime
WTSGetActiveConsoleSessionId
UnhandledExceptionFilter
HeapFree
ExitProcess
GetStartupInfoW
LoadLibraryA
HeapAlloc
GetConsoleCP
GetConsoleMode
HeapReAlloc
SetStdHandle
GetFileType
LCMapStringA
LCMapStringW
GetCPInfo
RtlUnwind
GetStringTypeW
HeapCreate
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStartupInfoA
HeapSize
GetACP
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoA
GetStringTypeA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
CreateFileA
CompareStringA
CompareStringW
UnmapViewOfFile
LeaveCriticalSection
EnterCriticalSection
GetTickCount
GetModuleHandleW
GetUserDefaultUILanguage
GetSystemDirectoryW
GetWindowsDirectoryW
SetEndOfFile
LocalAlloc
GetProcessHeap
GetThreadLocale
GetModuleHandleA
SetCurrentDirectoryW
LoadLibraryExW
GetEnvironmentVariableA
SetEnvironmentVariableA
LoadLibraryW
GetProcAddress
GetModuleFileNameW
GetTempPathW
GetEnvironmentVariableW
GetCommandLineW
CreateProcessW
CloseHandle
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchangeAdd

user32

GetUserObjectInformationW
GetThreadDesktop
SetProcessWindowStation
CreateDesktopW
GetProcessWindowStation
CreateWindowStationW
CloseDesktop
CloseWindowStation
MessageBoxW
CharUpperW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

wtsapi32

WTSQueryUserToken

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

winmm

timeGetTime

advapi32

InitializeSecurityDescriptor
DuplicateToken
DuplicateTokenEx
CreateRestrictedToken
RegCreateKeyExW
OpenProcessToken
CreateProcessAsUserW
SetThreadToken
ConvertStringSidToSidW
GetLengthSid
SetTokenInformation
ConvertStringSecurityDescriptorToSecurityDescriptorW
RevertToSelf
RegDisablePredefinedCache
RegOpenKeyExW
RegCloseKey
GetTokenInformation
LookupPrivilegeValueW
SetSecurityDescriptorDacl
CopySid
CreateWellKnownSid
GetSecurityInfo
SetEntriesInAclW
RegQueryValueExW
RegQueryInfoKeyW
RegDeleteValueW
RegEnumKeyExW
RegSetValueExW
ConvertSidToStringSidW
GetTraceEnableFlags
GetTraceLoggerHandle
TraceEvent
UnregisterTraceGuids
GetTraceEnableLevel
RegisterTraceGuidsW
SetFileSecurityW
ConvertSecurityDescriptorToStringSecurityDescriptorW
GetFileSecurityW
EqualSid

Exports

Exports

CrashForException
DumpProcess
DumpProcessWithoutCrash
SetActiveURL
SetClientId
SetCommandLine
SetExperimentList
SetExtensionID
SetGpuInfo
SetNumberOfExtensions
SetNumberOfViews
SetPrinterInfo

Sections

.text
Size: 637KB - Virtual size: 636KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 356KB - Virtual size: 355KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 171KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 51KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8c8332869c9239115fc0db58cf0137e8

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4Certificate

Extended Key Usages

Key Usages

09:e2:8b:26:db:59:3e:c4:e7:32:86:b6:64:99:c3:70Certificate

Extended Key Usages

Key Usages

9c:36:dc:7f:8c:56:c0:d4:9f:b0:be:ef:08:65:27:32:70:4d:34:33Signer

Signature Validations

Verification

11/05/2012, 01:11 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

user32

userenv

wtsapi32

version

winmm

advapi32

Exports

Exports

Sections

.text Size: 637KB - Virtual size: 636KB

.rdata Size: 356KB - Virtual size: 355KB

.data Size: 10KB - Virtual size: 31KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 171KB - Virtual size: 171KB

.reloc Size: 51KB - Virtual size: 70KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

09:e2:8b:26:db:59:3e:c4:e7:32:86:b6:64:99:c3:70
Certificate

9c:36:dc:7f:8c:56:c0:d4:9f:b0:be:ef:08:65:27:32:70:4d:34:33
Signer

11/05/2012, 01:11
Valid: false

.text
Size: 637KB - Virtual size: 636KB

.rdata
Size: 356KB - Virtual size: 355KB

.data
Size: 10KB - Virtual size: 31KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 171KB - Virtual size: 171KB

.reloc
Size: 51KB - Virtual size: 70KB