3a6e7f16a8ec86f3bd51ffe8b73342bcbe32b4bfad8dfedcc129a66381b83363

Sharing

Copy URL Twitter E-mail

General

Target

3a6e7f16a8ec86f3bd51ffe8b73342bcbe32b4bfad8dfedcc129a66381b83363
Size

795KB
MD5

30a814f2f3327467f1236ed151ffd480
SHA1

5060dd6fc457e33de3a29478d2872a47f7806d74
SHA256

3a6e7f16a8ec86f3bd51ffe8b73342bcbe32b4bfad8dfedcc129a66381b83363
SHA512

3e6573c3f7cfc18159aaa4ee7c52855593ff6663aa9c42b1c9bd2cb485474666628538b6ddb1e60ece7149f6b2faccf4e3309669ad662a8b368116a8962b9d4e
SSDEEP

24576:LSP5hhoxR6c1ZhCUTBofo+3qyCHRkKhaf3LpUuI3n/X:W5QR5yfhxwkKhaNUp3/X

Score

N/A

Malware Config

Signatures

Files

3a6e7f16a8ec86f3bd51ffe8b73342bcbe32b4bfad8dfedcc129a66381b83363
.exe windows x64

c7c87f58605fd817141d6693a2fc4c61

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:11:26:c5:a4:5d:51:53:1c:0b:91:37:50:eb:a7:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

21/07/2010, 00:00

Not After

21/08/2013, 23:59

Subject

CN=Duplex Secure Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Duplex Secure Ltd,ST=Nevis,C=KN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

81:38:7f:02:48:6c:90:9f:15:0d:64:82:0f:90:9f:71:cc:63:8a:3a
Signer

Actual PE Digest

81:38:7f:02:48:6c:90:9f:15:0d:64:82:0f:90:9f:71:cc:63:8a:3a

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Duplex Secure Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Duplex Secure Ltd,ST=Nevis,C=KN

03/03/2012, 20:51
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegSetValueExA
RegQueryValueExA
RegDeleteKeyA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegCreateKeyExA
RegOpenKeyExA
RegGetKeySecurity
RegDeleteValueA
AllocateAndInitializeSid
FreeSid
RegSetKeySecurity
RegCloseKey

kernel32

HeapReAlloc
HeapAlloc
GetCurrentProcess
HeapFree
WaitForSingleObject
GetTickCount
VirtualFree
GetProcessHeap
GetCommandLineA
GetLastError
GetProcAddress
VirtualAlloc
LoadLibraryA
LocalAlloc
GetModuleHandleA
CreateMutexA
ReleaseMutex
CloseHandle
LocalFree
CreateThread
Sleep
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
GetStartupInfoW
UnhandledExceptionFilter

user32

DialogBoxParamA
EndDialog
GetDlgItem
MessageBoxA
SendMessageA
SendDlgItemMessageA
EnableWindow

msvcrt

fclose
_fsopen
__getmainargs
__C_specific_handler
_XcptFilter
_exit
_ismbblead
_cexit
exit
_acmdln
_initterm
_amsg_exit
__setusermatherr
_commode
_fmode
__set_app_type
memset
_unlink
?terminate@@YAXXZ
memmove
_tempnam
sprintf
_mbsicmp
rename
fwrite
_mbsnbicmp
srand
rand
_errno
free

Exports

Exports

A0DB34FC6FE35D429A28ADDE5467D4D7

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 549KB - Virtual size: 551KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sptd0
Size: 195KB - Virtual size: 195KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

CODEINIT
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

�$űSIGN
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c7c87f58605fd817141d6693a2fc4c61

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

62:11:26:c5:a4:5d:51:53:1c:0b:91:37:50:eb:a7:5cCertificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

81:38:7f:02:48:6c:90:9f:15:0d:64:82:0f:90:9f:71:cc:63:8a:3aSigner

Signature Validations

Verification

03/03/2012, 20:51 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

Exports

Exports

Sections

.text Size: 15KB - Virtual size: 15KB

.data Size: 549KB - Virtual size: 551KB

.pdata Size: 512B - Virtual size: 372B

.idata Size: 3KB - Virtual size: 2KB

.sptd0 Size: 195KB - Virtual size: 195KB

.rsrc Size: 7KB - Virtual size: 6KB

CODEINIT Size: 512B - Virtual size: 32B

�$űSIGN Size: 4KB - Virtual size: 4KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

62:11:26:c5:a4:5d:51:53:1c:0b:91:37:50:eb:a7:5c
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

81:38:7f:02:48:6c:90:9f:15:0d:64:82:0f:90:9f:71:cc:63:8a:3a
Signer

03/03/2012, 20:51
Valid: false

.text
Size: 15KB - Virtual size: 15KB

.data
Size: 549KB - Virtual size: 551KB

.pdata
Size: 512B - Virtual size: 372B

.idata
Size: 3KB - Virtual size: 2KB

.sptd0
Size: 195KB - Virtual size: 195KB

.rsrc
Size: 7KB - Virtual size: 6KB

CODEINIT
Size: 512B - Virtual size: 32B

�$űSIGN
Size: 4KB - Virtual size: 4KB