2c2f9249416d8f1136fb61a32f3295e6b6b50779a88148c4e1470dbd1f4e265d

Sharing

Copy URL Twitter E-mail

General

Target

2c2f9249416d8f1136fb61a32f3295e6b6b50779a88148c4e1470dbd1f4e265d
Size

205KB
MD5

08d9d5fc8f00ae0f1b5a6fd7f66802d0
SHA1

70049b0ea9ffbb38fff044bff058cefbc6bce1d0
SHA256

2c2f9249416d8f1136fb61a32f3295e6b6b50779a88148c4e1470dbd1f4e265d
SHA512

1fda4ddbcc737c61743f2f469a62c0381d908f3dfc28e69503be7e282da4c544b1a60d9635d964386fa06e4f5933b8376483f2ea6c8c3ff994e8da5141cf7817
SSDEEP

3072:5wKHFXJwhz6cx3SUGF3o5rza8Rw8V0yIB5wlpo5kIGBmdDQ+rI5zlalX+wx8EV:WZz6SNGF45HaqeyIBbOzciQXdP

Score

N/A

Malware Config

Signatures

Files

2c2f9249416d8f1136fb61a32f3295e6b6b50779a88148c4e1470dbd1f4e265d
.exe windows x86

07f9e4fba7416dba41df5545b585f5a5

Code Sign

6d:a2:7a:e9:29:2e:b6:dd:c0:a8:00:1d:47:6e:3b:69
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

03/12/2001, 00:00

Not After

02/12/2011, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2001 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

19:e6:08:cc:c6:7b:c9:cd:6d:63:3e:a9:98:78:f8:32
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2001 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Not Before

04/09/2003, 00:00

Not After

22/09/2004, 23:59

Subject

CN=Autodesk\, Inc,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Design Solutions Division,O=Autodesk\, Inc,L=San Rafael,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

adui16

??1CERutil@@UAE@XZ
??0CERutil@@QAE@XZ
?makeRegistryVersion@CERutil@@UAE?AV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@HH@Z
?getInstalledProductKey@CERutil@@UBE?AV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?getInstalledProductName@CERutil@@UBE?AV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?makeBuildVersion@CERutil@@UAE?AV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@HHHH@Z
?getVersionNumber@CERutil@@UAE?AV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PADAAH111@Z
?setTheCERutil@CERutil@@SA_NPAV1@@Z

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

shlwapi

PathCanonicalizeA
PathFindFileNameA
PathRemoveFileSpecA
PathFindExtensionA

userdata

?GetHelpFileName@@YGIPADK@Z
?GetContextFileName@@YGIPADK@Z
?GetProductRegistryRootKey@@YGIPADK@Z

mfc70

ord3750
ord5002
ord4985
ord3445
ord4958
ord5666
ord1272
ord4043
ord4975
ord546
ord3993
ord4516
ord4671
ord4361
ord1870
ord1523
ord1522
ord1403
ord300
ord2990
ord682
ord705
ord686
ord977
ord1081
ord1472
ord1469
ord4267
ord3748
ord4025
ord4933
ord1760
ord4854
ord5989
ord3966
ord3208
ord4503
ord4063
ord1452
ord5714
ord812
ord817
ord821
ord819
ord823
ord2239
ord2223
ord2242
ord2237
ord2214
ord2216
ord2234
ord2026
ord2675
ord2020
ord1377
ord5993
ord3610
ord5991
ord3890
ord3152
ord4748
ord1234
ord4954
ord1814
ord1508
ord1507
ord1451
ord4972
ord2201
ord2024
ord4996
ord2846
ord2896
ord1871
ord571
ord331
ord2865
ord2864
ord2199
ord1416
ord362
ord1406
ord3003
ord4013
ord1936
ord1397
ord2972
ord2766
ord4019
ord1942
ord3679
ord3683
ord2679
ord5631
ord5629
ord5624
ord1493
ord1423
ord3037
ord1646
ord650
ord447
ord4015
ord1781
ord1344
ord3884
ord1939
ord2712
ord1399
ord2979
ord257
ord4530
ord4021
ord1945
ord1443
ord3124
ord5473
ord5760
ord503
ord1626
ord3886
ord1944
ord5880
ord1155
ord1097
ord1805
ord3051
ord1744
ord956
ord2799
ord5669
ord1273
ord1755
ord4986
ord4101
ord5591
ord2012
ord3565
ord5815
ord2474
ord518
ord703
ord5474
ord302
ord656
ord1495
ord1433
ord3099
ord1267
ord5838
ord5007
ord5005
ord2219
ord2229
ord2227
ord2225
ord2221
ord2244
ord2232
ord2741
ord1770
ord532
ord1077
ord1014
ord599
ord3140
ord512
ord3640
ord5152
ord5933
ord4883
ord899
ord3614
ord5339
ord1868
ord1913
ord4107
ord5990
ord3609
ord5992
ord4322
ord2096
ord5322
ord4349
ord4998
ord3814
ord698
ord3487
ord3832
ord528
ord982
ord561
ord592
ord957
ord4042
ord4262
ord3751
ord2461
ord3513
ord3523
ord3522
ord2352
ord2463
ord2359
ord2651
ord2529
ord4088
ord2648
ord2546
ord2356
ord1180
ord2200

msvcr70

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
?terminate@@YAXXZ
_onexit
__dllonexit
__CxxFrameHandler
_mbscmp
_tzname
_tzset
_ismbcspace
strchr
_mbsicoll
_mbsicmp
_vscprintf
atof
_mbsinc
_mbsrchr
malloc
free
memmove
vsprintf
??1type_info@@UAE@XZ
_setmbcp
_CxxThrowException

kernel32

LocalFree
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetModuleHandleA
MultiByteToWideChar
GetEnvironmentVariableA
SizeofResource
WideCharToMultiByte
LoadResource
FreeLibrary
lstrlenA
FindResourceA
LoadLibraryA
LockResource
GetModuleFileNameA
GetVersion
GetComputerNameA
InterlockedDecrement
GetTimeFormatA
GetDateFormatA
GetFileAttributesA
GetTimeZoneInformation
FindFirstFileA
SetFileAttributesA
FindClose
FindNextFileA
GetCurrentDirectoryA
CreateFileA
SetFilePointer
IsDBCSLeadByte
ReadFile
GetLastError
CloseHandle
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
FileTimeToSystemTime
GetProcAddress

user32

GetFocus
GetSubMenu
IsIconic
GetWindowRect
PeekMessageA
PostQuitMessage
LoadMenuA
WinHelpA
LoadIconA
GetSysColor
GetSystemMetrics
GetKeyState
MessageBoxA
GetDesktopWindow
EnableWindow
DrawIcon
GetClientRect
SendMessageA
EnableMenuItem
PtInRect

advapi32

RegQueryValueExA
RegCloseKey
RegEnumValueA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA

shell32

DragQueryFileA
ShellExecuteExA
DragFinish
SHBrowseForFolderA
SHGetMalloc
SHGetPathFromIDListA
ShellExecuteA

comctl32

ImageList_ReplaceIcon

ole32

CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemFree

oleaut32

SysFreeString
VariantClear
SysAllocString

Sections

.text
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

�\C
Size: 89KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

07f9e4fba7416dba41df5545b585f5a5

Code Sign

6d:a2:7a:e9:29:2e:b6:dd:c0:a8:00:1d:47:6e:3b:69Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

19:e6:08:cc:c6:7b:c9:cd:6d:63:3e:a9:98:78:f8:32Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

adui16

version

shlwapi

userdata

mfc70

msvcr70

kernel32

user32

advapi32

shell32

comctl32

ole32

oleaut32

Sections

.text Size: 53KB - Virtual size: 52KB

.rdata Size: 20KB - Virtual size: 20KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 35KB - Virtual size: 35KB

�\C Size: 89KB - Virtual size: 92KB

6d:a2:7a:e9:29:2e:b6:dd:c0:a8:00:1d:47:6e:3b:69
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

19:e6:08:cc:c6:7b:c9:cd:6d:63:3e:a9:98:78:f8:32
Certificate

.text
Size: 53KB - Virtual size: 52KB

.rdata
Size: 20KB - Virtual size: 20KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 35KB - Virtual size: 35KB

�\C
Size: 89KB - Virtual size: 92KB