b7a8f20d636c6abe5c4d4858552dc8370bf80e57fe01bf82ab776a0760b5c885

Sharing

Copy URL Twitter E-mail

General

Target

b7a8f20d636c6abe5c4d4858552dc8370bf80e57fe01bf82ab776a0760b5c885
Size

213KB
MD5

083512393802e80777b18763cdd3ed82
SHA1

ace701dd2b426b35726d190e88ae41a46adade59
SHA256

b7a8f20d636c6abe5c4d4858552dc8370bf80e57fe01bf82ab776a0760b5c885
SHA512

be7aaed0344badafc56f506570e1f657f339cda3c32db280883bdb4603103877783712c207524ae37417d6d19038cb2460a9540e0053a1f7f58cc9e1a703851c
SSDEEP

6144:Ri9viUFIkfl1k85+F8/RV5Tum8JWIqEBFu:c96+fPB5M0tCJWIhBs

Score

N/A

Malware Config

Signatures

Files

b7a8f20d636c6abe5c4d4858552dc8370bf80e57fe01bf82ab776a0760b5c885
.exe windows x86

6fa72d4ed1bdd9b61d3c0cd997baf916

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1c:2d:d6:1a:35:e6:5d:f6:29:97:01:ff:9b:e5:ca:44
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

20/01/2010, 00:00

Not After

24/01/2012, 23:59

Subject

CN=BITDEFENDER LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BITDEFENDER LLC,L=Fort Lauderdale,ST=Florida,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:f7:32:a1:2d:0a:17:5a:52:b8:ea:4f:e1:8e:14:67:56:22:5a:0e
Signer

Actual PE Digest

69:f7:32:a1:2d:0a:17:5a:52:b8:ea:4f:e1:8e:14:67:56:22:5a:0e

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=BITDEFENDER LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BITDEFENDER LLC,L=Fort Lauderdale,ST=Florida,C=US

07/05/2010, 16:02
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenMutexA
SetLocaleInfoW
lstrlenA
GetModuleFileNameA
MulDiv
LoadResource
EnumCalendarInfoA
lstrlen
GetNumberFormatW
GetModuleFileNameW
SetPriorityClass
IsValidCodePage
GetProcAddress
GetPriorityClass
QueryPerformanceCounter
GetTempPathW
GetSystemDirectoryW
LocalAlloc
GetLocaleInfoW
GetVersionExW
MultiByteToWideChar
lstrcmpW
FindResourceA
DosDateTimeToFileTime
IsBadCodePtr
FreeLibrary
MoveFileW
GetUserDefaultLangID
GetSystemDefaultLangID
GetAtomNameW
lstrcat
GetTempPathA
IsBadReadPtr
SetUnhandledExceptionFilter
EnumCalendarInfoW
ReadDirectoryChangesW
OpenMutexW
ExitThread
GetCalendarInfoW
EnumTimeFormatsA
GetWindowsDirectoryW
GetNumberFormatA
GlobalFindAtomA
GetTempFileNameW
MoveFileA
RemoveDirectoryA
IsValidLocale
OpenFile
GetModuleHandleA
GetExpandedNameW
FileTimeToDosDateTime

user32

PostQuitMessage
GetKeyboardType
GetClassInfoExA
IsMenu
DialogBoxParamA
InsertMenuA
GetAsyncKeyState
EnumChildWindows
CreateMenu
SetCursor
MessageBoxIndirectA
LoadMenuA
PostMessageA
DrawIcon
DialogBoxParamW
InsertMenuItemW
GetActiveWindow
GetMenu
GetDlgItemTextW
SendDlgItemMessageA
IsWindow
ClientToScreen
GetClassLongW
DrawTextA
EnumDesktopsW
CreateAcceleratorTableW
ShowCaret
CheckMenuRadioItem
GetMenuStringW
SetDlgItemTextA
ReleaseDC
SendDlgItemMessageW
GetSysColorBrush
GetMenuState
EnumDesktopsA
GetDCEx
EnableWindow
IsIconic
FindWindowA
CreatePopupMenu
GetMessageW
DestroyWindow
TrackPopupMenuEx
GetSystemMetrics

gdi32

SetAbortProc
CloseEnhMetaFile
CreateBitmap
SetBkMode
BeginPath
CreateDIBPatternBrush
SaveDC
ScaleWindowExtEx
GetViewportOrgEx

advapi32

RegQueryInfoKeyW
RegSaveKeyW
RegCreateKeyExW
RegRestoreKeyW
RegQueryValueW
RegFlushKey
RegQueryInfoKeyA

comdlg32

PageSetupDlgW
ReplaceTextA
GetOpenFileNameA
GetOpenFileNameW

ws2_32

WSAGetLastError
WSACreateEvent

wininet

FtpRemoveDirectoryA
InternetCheckConnectionA
FtpGetFileSize
InternetInitializeAutoProxyDll

oledlg

OleUIChangeSourceW

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.Myw
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qit
Size: 1024B - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.w
Size: 3KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.aBmU
Size: 2KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.jsu
Size: 1KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.AHfW
Size: 2KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.E
Size: 2KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.J
Size: 2KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lK
Size: 2KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 163KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6fa72d4ed1bdd9b61d3c0cd997baf916

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

1c:2d:d6:1a:35:e6:5d:f6:29:97:01:ff:9b:e5:ca:44Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

69:f7:32:a1:2d:0a:17:5a:52:b8:ea:4f:e1:8e:14:67:56:22:5a:0eSigner

Signature Validations

Verification

07/05/2010, 16:02 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

comdlg32

ws2_32

wininet

oledlg

Sections

.text Size: 12KB - Virtual size: 12KB

.Myw Size: 1KB - Virtual size: 9KB

.qit Size: 1024B - Virtual size: 15KB

.w Size: 3KB - Virtual size: 38KB

.aBmU Size: 2KB - Virtual size: 16KB

.jsu Size: 1KB - Virtual size: 27KB

.AHfW Size: 2KB - Virtual size: 25KB

.data Size: 11KB - Virtual size: 11KB

.E Size: 2KB - Virtual size: 12KB

.J Size: 2KB - Virtual size: 31KB

.lK Size: 2KB - Virtual size: 156KB

.rsrc Size: 163KB - Virtual size: 163KB

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

1c:2d:d6:1a:35:e6:5d:f6:29:97:01:ff:9b:e5:ca:44
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

69:f7:32:a1:2d:0a:17:5a:52:b8:ea:4f:e1:8e:14:67:56:22:5a:0e
Signer

07/05/2010, 16:02
Valid: false

.text
Size: 12KB - Virtual size: 12KB

.Myw
Size: 1KB - Virtual size: 9KB

.qit
Size: 1024B - Virtual size: 15KB

.w
Size: 3KB - Virtual size: 38KB

.aBmU
Size: 2KB - Virtual size: 16KB

.jsu
Size: 1KB - Virtual size: 27KB

.AHfW
Size: 2KB - Virtual size: 25KB

.data
Size: 11KB - Virtual size: 11KB

.E
Size: 2KB - Virtual size: 12KB

.J
Size: 2KB - Virtual size: 31KB

.lK
Size: 2KB - Virtual size: 156KB

.rsrc
Size: 163KB - Virtual size: 163KB