3dfeab83f62177790804ad4866d970b92653b89d5989e9b522f13d05a88e53db

Sharing

Copy URL Twitter E-mail

General

Target

3dfeab83f62177790804ad4866d970b92653b89d5989e9b522f13d05a88e53db
Size

477KB
MD5

074d0b727640ddd6607c532ac2d27549
SHA1

b362d3aa37d73422004fd3b0ddfda7dcb9a30918
SHA256

3dfeab83f62177790804ad4866d970b92653b89d5989e9b522f13d05a88e53db
SHA512

35f4bb4bf82052c3793cdd86897acb60733146ddc63bfeae6d819e1b09dc6e186f67421c9ec9e9d07e923f5eda6aefb5ec8e9d54784e4a2725059951a9c2fed9
SSDEEP

12288:YOJMztDK05Gcw6KuPBttrRPPS22orDGt/Ojn7MQL:YOJMN5oupDrH2orA4wQL

Score

N/A

Malware Config

Signatures

Files

3dfeab83f62177790804ad4866d970b92653b89d5989e9b522f13d05a88e53db
.exe windows x86

6fc4560525f94f41cd00ef63d8effbf9

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:a2:30:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:01

Not After

25/07/2013, 19:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

95:25:5e:7a:1b:0c:c7:12:df:8c:1f:da:83:fe:52:fa:e4:cb:15:39
Signer

Actual PE Digest

95:25:5e:7a:1b:0c:c7:12:df:8c:1f:da:83:fe:52:fa:e4:cb:15:39

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

01/04/2010, 05:41
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
LookupPrivilegeValueW
CreateWellKnownSid
IsValidSid
CopySid
GetLengthSid
GetTokenInformation
EqualSid
AddAce
GetAce
AddAccessAllowedAce
InitializeAcl
GetAclInformation
OpenProcessToken
SetTokenInformation
GetSecurityDescriptorDacl
GetKernelObjectSecurity
CreateProcessAsUserW
CreateRestrictedToken
RegDeleteKeyW
RegEnumKeyW
RegOpenKeyW
RegQueryValueW
RegCreateKeyExW
RegSetValueExW

kernel32

FindClose
FindFirstFileW
GetVolumeInformationW
GetFullPathNameW
SetErrorMode
FileTimeToLocalFileTime
GetFileAttributesW
GetFileSizeEx
GetFileTime
HeapFree
HeapAlloc
GetProcessHeap
RtlUnwind
HeapValidate
IsBadReadPtr
RaiseException
WriteFile
ExitProcess
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetSystemTimeAsFileTime
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
DuplicateHandle
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
GetModuleFileNameA
UnhandledExceptionFilter
TerminateProcess
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
LCMapStringA
LCMapStringW
HeapReAlloc
GetTimeZoneInformation
GetLocaleInfoA
DebugBreak
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
CreateFileA
SetEnvironmentVariableA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
WritePrivateProfileStringW
lstrlenA
GetModuleHandleA
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
FormatMessageW
LocalFree
MulDiv
GlobalFlags
GetTickCount
GlobalFree
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
InterlockedDecrement
GlobalAlloc
InterlockedIncrement
FileTimeToSystemTime
GetThreadLocale
FreeResource
GetCurrentThreadId
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LoadLibraryA
lstrcmpW
MultiByteToWideChar
GetVersionExA
lstrlenW
GlobalLock
GlobalUnlock
GetCurrentProcessId
GlobalGetAtomNameW
GlobalAddAtomW
SetLastError
WideCharToMultiByte
FindResourceW
LoadResource
LockResource
SizeofResource
GetStartupInfoW
GetModuleFileNameW
GetCurrentProcess
GetCommandLineW
IsDebuggerPresent
FreeLibrary
GetProcAddress
LoadLibraryW
GetVersionExW
GetModuleHandleW
CreateFileW
GetFileSize
ReadFile
CloseHandle
SetFilePointer
GetStdHandle
GetLastError
SetEnvironmentVariableW
RemoveDirectoryW

gdi32

GetTextColor
GetBkColor
GetMapMode
CreateSolidBrush
GetStockObject
CreatePatternBrush
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutW
RectVisible
PtVisible
GetPixel
GetWindowExtEx
GetViewportExtEx
SetMapMode
SetBkMode
RestoreDC
SaveDC
GetDeviceCaps
DeleteObject
GetRgnBox
CreateRectRgnIndirect
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
GetTextExtentPoint32W
ExtTextOutW
BitBlt
CreateFontIndirectW
GetObjectW
CreateCompatibleDC
CreateCompatibleBitmap
CreateRoundRectRgn
CreateRectRgn

user32

WinHelpW
DestroyMenu
LoadMenuW
ReuseDDElParam
UnpackDDElParam
GetSysColor
GetClassNameW
InflateRect
GetMenuItemInfoW
SystemParametersInfoW
SendDlgItemMessageW
IsDialogMessageW
SetWindowTextW
MoveWindow
GetFocus
GetWindowTextW
GetWindowPlacement
SystemParametersInfoA
PtInRect
CallWindowProcW
DefWindowProcW
SetWindowPlacement
DeferWindowPos
ScreenToClient
RegisterClassW
GetClassInfoExW
CreateWindowExW
GetClientRect
SetForegroundWindow
TrackPopupMenu
MapWindowPoints
GetMessagePos
GetMessageTime
UnhookWindowsHookEx
DestroyWindow
GetTopWindow
EndDeferWindowPos
BeginDeferWindowPos
DispatchMessageW
GetForegroundWindow
RemovePropW
GetPropW
SetPropW
GetParent
SetWindowPos
SetWindowsHookExW
IsChild
SendDlgItemMessageA
CheckMenuItem
GetMenuState
ModifyMenuW
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
CopyAcceleratorTableW
IsRectEmpty
SetRect
GetDC
ReleaseDC
InvalidateRgn
SetCapture
ValidateRect
GetCursorPos
TranslateMessage
GetMessageW
PostQuitMessage
ShowOwnedPopups
MapDialogRect
SetWindowContextHelpId
RegisterClipboardFormatW
ClientToScreen
FillRect
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
GetWindowDC
BeginPaint
EndPaint
GetSysColorBrush
LoadCursorW
CharNextW
UnregisterClassW
CharUpperW
GetNextDlgGroupItem
GetNextDlgTabItem
MessageBeep
PostThreadMessageW
EndDialog
CreateDialogIndirectParamW
IsWindowVisible
InvalidateRect
InsertMenuItemW
GetSubMenu
SetFocus
GetWindowThreadProcessId
GetActiveWindow
IsWindowEnabled
EqualRect
GetDlgItem
GetDlgCtrlID
SetWindowLongW
GetKeyState
LoadIconW
SetCursor
PeekMessageW
GetCapture
ReleaseCapture
CallNextHookEx
LoadAcceleratorsW
GetMenuItemID
GetMenuItemCount
CreatePopupMenu
GetClassInfoW
IntersectRect
OffsetRect
SetRectEmpty
CopyRect
GetMenu
GetLastActivePopup
BringWindowToTop
SetMenu
GetDesktopWindow
GetWindow
ShowWindow
GetWindowLongW
IsWindow
TranslateAcceleratorW
WaitForInputIdle
RegisterWindowMessageW
MessageBoxW
UpdateWindow
LoadImageW
AdjustWindowRectEx
GetSystemMetrics
MonitorFromWindow
GetMonitorInfoW
EnableWindow
GetWindowInfo
FlashWindow
SetActiveWindow
GetWindowRect
SetWindowRgn
IsZoomed
IsIconic
GetSystemMenu
DrawMenuBar
SetMenuDefaultItem
EnableMenuItem
GetClassLongW
PostMessageW
SendMessageW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

shlwapi

PathStripToRootW
PathFindFileNameW
PathFindExtensionW
PathRemoveFileSpecW
PathCombineW
PathIsUNCW

shell32

SHGetFolderPathW
DragQueryFileW
DragFinish
CommandLineToArgvW
SHFileOperationW

ole32

OleInitialize
OleUninitialize
CLSIDFromProgID
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromString
CoUninitialize
CoInitialize
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoRegisterMessageFilter
CoFreeUnusedLibraries

comdlg32

GetFileTitleW

oleaut32

SysAllocStringLen
VariantChangeType
VariantInit
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
SysFreeString
SysAllocString
OleCreateFontIndirect
VariantClear

oledlg

OleUIBusyW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

Exports

Exports

GetWindowInterface

Sections

.text
Size: 399KB - Virtual size: 399KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6fc4560525f94f41cd00ef63d8effbf9

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:01:cf:3e:00:00:00:00:00:0fCertificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

61:05:a2:30:00:00:00:00:00:08Certificate

Extended Key Usages

Key Usages

95:25:5e:7a:1b:0c:c7:12:df:8c:1f:da:83:fe:52:fa:e4:cb:15:39Signer

Signature Validations

Verification

01/04/2010, 05:41 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

winspool.drv

shlwapi

shell32

ole32

comdlg32

oleaut32

oledlg

version

Exports

Exports

Sections

.text Size: 399KB - Virtual size: 399KB

.data Size: 11KB - Virtual size: 26KB

.rsrc Size: 16KB - Virtual size: 16KB

.reloc Size: 43KB - Virtual size: 43KB

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:01:cf:3e:00:00:00:00:00:0f
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:05:a2:30:00:00:00:00:00:08
Certificate

95:25:5e:7a:1b:0c:c7:12:df:8c:1f:da:83:fe:52:fa:e4:cb:15:39
Signer

01/04/2010, 05:41
Valid: false

.text
Size: 399KB - Virtual size: 399KB

.data
Size: 11KB - Virtual size: 26KB

.rsrc
Size: 16KB - Virtual size: 16KB

.reloc
Size: 43KB - Virtual size: 43KB