3d730349896b09f06f16653155b8f5dfec238f9ef33d63734c528fa8685f5d7e

Sharing

Copy URL Twitter E-mail

General

Target

3d730349896b09f06f16653155b8f5dfec238f9ef33d63734c528fa8685f5d7e
Size

327KB
MD5

22e11c003000b61a6d2ae6c3b66375a9
SHA1

fbd49304f11b72a00f6f9c8e9ae7edeb65f3d1f2
SHA256

3d730349896b09f06f16653155b8f5dfec238f9ef33d63734c528fa8685f5d7e
SHA512

601fbe61697f83408188a4ac9535804f3adc22d3fe7ca8e52b6eef0a9d71d46c8e53baca269fa42c3919da7604b12e0c0952a75a6711715cdc3c0b582159d808
SSDEEP

6144:iEIzTPn/I5EswVWAirYTvXhE8dvXSqQKdZYmmQSy3I9AX4kejAYJdrirEvm+:sPn/fWAaYTpEOSqvDYi3IiX4kejAYJd3

Score

N/A

Malware Config

Signatures

Files

3d730349896b09f06f16653155b8f5dfec238f9ef33d63734c528fa8685f5d7e
.exe windows x86

ba6a2681204c8eab97723ded13686108

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1c:2d:d6:1a:35:e6:5d:f6:29:97:01:ff:9b:e5:ca:44
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

20/01/2010, 00:00

Not After

24/01/2012, 23:59

Subject

CN=BITDEFENDER LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BITDEFENDER LLC,L=Fort Lauderdale,ST=Florida,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:2b:6d:a1:dd:fb:22:5f:48:32:63:4b:4c:c8:bf:26:fe:04:79:ea
Signer

Actual PE Digest

2b:2b:6d:a1:dd:fb:22:5f:48:32:63:4b:4c:c8:bf:26:fe:04:79:ea

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=BITDEFENDER LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BITDEFENDER LLC,L=Fort Lauderdale,ST=Florida,C=US

07/05/2010, 16:02
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemDirectoryW
GetProcAddress
GlobalFindAtomA
OpenWaitableTimerW
GetLastError
SetCalendarInfoW
GetTempFileNameW
CompareStringW
GetVersionExW
CreateFileMappingW
ExitProcess
EnumCalendarInfoW
GetSystemDefaultLCID
AddAtomA
GetCommandLineW
GetUserDefaultLangID
CreateSemaphoreA
GetEnvironmentStringsA
GetLocaleInfoA
OpenSemaphoreW
TlsAlloc
EnumDateFormatsA
lstrcpy

user32

RegisterClassExW
LoadCursorW
LoadMenuIndirectW
SendDlgItemMessageW
DestroyCursor
DestroyIcon
GetDesktopWindow
GetCaretPos
GetWindowRgn
GetDlgItemTextW
SetActiveWindow
RegisterWindowMessageA
DefWindowProcW
GetSubMenu
GetWindowLongA
GetClassInfoExA
RegisterClassExA
GetClassInfoW
CreateDesktopA
InsertMenuItemW
CharUpperA
CharPrevA
PostQuitMessage
CascadeWindows
DialogBoxIndirectParamA
CreateWindowExA
SetWindowTextA
GetWindowRect
SetTimer
CharNextW
MonitorFromWindow
GetDC
MoveWindow
AdjustWindowRect
CharLowerA
InvalidateRgn
PostMessageW
EnumWindows
GetActiveWindow
GetForegroundWindow
MonitorFromPoint
EnumDesktopWindows
CreateDialogParamA
IsWindowEnabled

gdi32

GetGlyphOutlineW
GetGlyphOutlineA
GetTextCharacterExtra
GetTextColor
GetRasterizerCaps
CreateEnhMetaFileW
ScaleViewportExtEx
PlayMetaFile
SetPaletteEntries
GetLogColorSpaceA
CombineRgn
EnumFontFamiliesA
BeginPath
PolyDraw

advapi32

RegCreateKeyExW
RegFlushKey
RegDeleteKeyA
RegEnumValueA
RegRestoreKeyA
RegSaveKeyA
RegOpenKeyA

shell32

SHGetFileInfoW

shlwapi

SHGetValueW

comdlg32

GetSaveFileNameW
ChooseFontW

ole32

CoGetCurrentProcess
CoGetMalloc
CreateErrorInfo
CoInitializeEx
CoUninitialize
CoFreeLibrary
CoGetInstanceFromIStorage
CoDeactivateObject

opengl32

glColor4ub
glVertex3f
glNormal3fv

ws2_32

sendto
getpeername
WSADuplicateSocketW
WSAGetLastError
gethostbyaddr
WSAStartup
WSARecvDisconnect
WSAIoctl
WSASendTo

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.KxzcP
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.oBV
Size: 1KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.HHAFm
Size: 2KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.WAK
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ZdJ
Size: 3KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.uRPZK
Size: 1024B - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.HfWiUH
Size: 1KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.FsOO
Size: 512B - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.LdOe
Size: 1024B - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rG
Size: 1KB - Virtual size: 235KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 230KB - Virtual size: 229KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ba6a2681204c8eab97723ded13686108

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

1c:2d:d6:1a:35:e6:5d:f6:29:97:01:ff:9b:e5:ca:44Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

2b:2b:6d:a1:dd:fb:22:5f:48:32:63:4b:4c:c8:bf:26:fe:04:79:eaSigner

Signature Validations

Verification

07/05/2010, 16:02 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

comdlg32

ole32

opengl32

ws2_32

Sections

.text Size: 11KB - Virtual size: 11KB

.KxzcP Size: 512B - Virtual size: 4KB

.oBV Size: 1KB - Virtual size: 44KB

.HHAFm Size: 2KB - Virtual size: 27KB

.WAK Size: 1024B - Virtual size: 8KB

.ZdJ Size: 3KB - Virtual size: 49KB

.uRPZK Size: 1024B - Virtual size: 13KB

.HfWiUH Size: 1KB - Virtual size: 18KB

.data Size: 14KB - Virtual size: 14KB

.FsOO Size: 512B - Virtual size: 13KB

.LdOe Size: 1024B - Virtual size: 38KB

.rG Size: 1KB - Virtual size: 235KB

.rsrc Size: 230KB - Virtual size: 229KB

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

1c:2d:d6:1a:35:e6:5d:f6:29:97:01:ff:9b:e5:ca:44
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

2b:2b:6d:a1:dd:fb:22:5f:48:32:63:4b:4c:c8:bf:26:fe:04:79:ea
Signer

07/05/2010, 16:02
Valid: false

.text
Size: 11KB - Virtual size: 11KB

.KxzcP
Size: 512B - Virtual size: 4KB

.oBV
Size: 1KB - Virtual size: 44KB

.HHAFm
Size: 2KB - Virtual size: 27KB

.WAK
Size: 1024B - Virtual size: 8KB

.ZdJ
Size: 3KB - Virtual size: 49KB

.uRPZK
Size: 1024B - Virtual size: 13KB

.HfWiUH
Size: 1KB - Virtual size: 18KB

.data
Size: 14KB - Virtual size: 14KB

.FsOO
Size: 512B - Virtual size: 13KB

.LdOe
Size: 1024B - Virtual size: 38KB

.rG
Size: 1KB - Virtual size: 235KB

.rsrc
Size: 230KB - Virtual size: 229KB