aaf9bff14304a8e272f597b2c920e50b30de32b5b17a8331ad9bfc243adf0f95

Sharing

Copy URL Twitter E-mail

General

Target

aaf9bff14304a8e272f597b2c920e50b30de32b5b17a8331ad9bfc243adf0f95
Size

456KB
MD5

102d5d8db645fbec70957951f7d33269
SHA1

843d14a19171a4fc1fca8e0d9be8d82c2e152b45
SHA256

aaf9bff14304a8e272f597b2c920e50b30de32b5b17a8331ad9bfc243adf0f95
SHA512

f4facbe378420a8ff5f4c6306cd16aed41add83eadc3782c00c1ce32ee47eb5a3907542b0578928d0a6a8ae898ecf271e5bad9ab9d00a37458c3526168fadb7e
SSDEEP

12288:EE5fx8OLhvlQtsamBydMCQ3xygXEF9zHmqwCi:E6aovlMsamBNCQ3xNQz1wL

Score

N/A

Malware Config

Signatures

Files

aaf9bff14304a8e272f597b2c920e50b30de32b5b17a8331ad9bfc243adf0f95
.exe windows x86

7d2830940ad4dd43b07675fa94f37812

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6c:9a:3e:9b:9c:f2:3e:f5:de:a3:d5:8a:6d:cd:16:8a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

05/08/2010, 00:00

Not After

04/08/2012, 23:59

Subject

CN=Level Eleven Pte. Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Level Eleven Pte. Ltd.,L=Singapore,ST=Singapore,C=SG

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:e4:e4:40:67:2e:32:75:cb:66:f0:fa:67:6a:dd:8f:ff:92:24:cd
Signer

Actual PE Digest

44:e4:e4:40:67:2e:32:75:cb:66:f0:fa:67:6a:dd:8f:ff:92:24:cd

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Level Eleven Pte. Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Level Eleven Pte. Ltd.,L=Singapore,ST=Singapore,C=SG

11/08/2010, 12:53
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileW
GetProcAddress
GetFileSize
ReadFile
GetVolumePathNameW
GetModuleFileNameW
CreateDirectoryW
FindNextFileA
WideCharToMultiByte
GetModuleHandleA
FindClose
CreateMutexA
MultiByteToWideChar
CopyFileW
GetLocalTime
SetFilePointer
FormatMessageW
lstrcpyA
lstrlenA
lstrcpynA
lstrcpynW
GetFileAttributesW
lstrlenW
GetPrivateProfileStringW
WriteFile
FreeLibrary
LoadLibraryA
LocalFree
DeviceIoControl
GetDriveTypeA
GetVolumeInformationA
SetEvent
CreateEventA
CreateFileMappingA
GetExitCodeThread
WaitForMultipleObjects
MapViewOfFile
UnmapViewOfFile
CreateThread
GetLastError
SetEndOfFile
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
CreateSemaphoreA
CreateFileW
RemoveDirectoryW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetStdHandle
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoA
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetFileType
SetHandleCount
HeapSize
HeapCreate
HeapDestroy
VirtualAlloc
VirtualFree
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
DeleteCriticalSection
GetStdHandle
InterlockedDecrement
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
RtlUnwind
FindFirstFileA
GetVersionExA
FormatMessageA
GetFileAttributesA
ReleaseMutex
CreateDirectoryA
OutputDebugStringA
GetComputerNameA
GetModuleFileNameA
WaitForSingleObject
CopyFileA
CreateProcessA
OpenProcess
RemoveDirectoryA
DeleteFileA
lstrcmpiA
GetTempPathA
GetCurrentProcessId
GetTempFileNameA
CloseHandle
CreateProcessW
Sleep
CreateFileA
ReleaseSemaphore
RaiseException
GetStartupInfoA
GetProcessHeap
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
HeapFree
HeapReAlloc
GetCurrentThreadId
ExitThread
HeapAlloc
ExitProcess

user32

OffsetRect
GetWindowDC
ChildWindowFromPoint
GetWindowRect
SetWindowLongW
TranslateMessage
GetMessageA
IsDialogMessageA
GetDlgCtrlID
LoadCursorA
AdjustWindowRect
ReleaseDC
EnumDisplayDevicesA
DefWindowProcW
UpdateWindow
MapWindowPoints
IsWindowEnabled
GetSystemMetrics
RegisterClassW
GetWindowLongW
MessageBoxW
LoadIconA
DispatchMessageA
InvalidateRect
CreateWindowExW
SetWindowLongA
RegisterClassA
CreateWindowExA
DestroyWindow
DefWindowProcA
SetWindowPos
PeekMessageA
ShowWindow
MessageBoxA
wsprintfA
wsprintfW
wvsprintfA
GetActiveWindow
CopyRect
SetFocus
PostThreadMessageA
GetDC
PostMessageA
EnumDisplaySettingsA
SetWindowTextA
EnableWindow

gdi32

CreateDIBSection
GetDIBits
DeleteObject
SelectObject
BitBlt
CreateCompatibleDC
GetDeviceCaps
DeleteDC

advapi32

RegSetValueW
RegQueryValueW
RegCreateKeyExW
RegEnumKeyW
RegOpenKeyExW
RegSetValueA
RegSetValueExW
RegQueryValueExW
FreeSid
RegOpenKeyExA
GetUserNameA
RegCreateKeyExA
RegCloseKey
RegQueryValueExA
RegSetValueExA

shell32

SHChangeNotify
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetMalloc
SHGetFolderPathW
ShellExecuteA

ole32

CoCreateInstance
CoCreateGuid
CoTaskMemAlloc
OleUninitialize
CoInitialize
CoUninitialize
OleInitialize
OleCreate
OleSetContainedObject
CLSIDFromProgID
CoTaskMemFree
StringFromIID

oleaut32

SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreateVector
VariantCopy
VariantChangeType
SysAllocStringLen
SysStringLen
SysFreeString
VariantClear
VariantInit
SysAllocString

wsock32

gethostbyname
WSAStartup
closesocket
send
htons
WSAGetLastError
select
recv
socket
WSACleanup
inet_ntoa
connect
ioctlsocket

wininet

HttpQueryInfoA
InternetCombineUrlA
InternetCrackUrlW
InternetCrackUrlA
InternetReadFile
InternetConnectA
InternetQueryDataAvailable
InternetGetLastResponseInfoA
InternetOpenUrlA
InternetOpenUrlW
InternetOpenW
InternetCloseHandle
InternetOpenA
HttpSendRequestA
HttpAddRequestHeadersA
InternetGetConnectedState
HttpOpenRequestA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

shlwapi

UrlGetPartA
PathCanonicalizeW
SHDeleteKeyA
PathAppendW

sensapi

IsNetworkAlive

urlmon

CoInternetGetSession

Sections

.text
Size: 176KB - Virtual size: 174KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7d2830940ad4dd43b07675fa94f37812

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

6c:9a:3e:9b:9c:f2:3e:f5:de:a3:d5:8a:6d:cd:16:8aCertificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

44:e4:e4:40:67:2e:32:75:cb:66:f0:fa:67:6a:dd:8f:ff:92:24:cdSigner

Signature Validations

Verification

11/08/2010, 12:53 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

wsock32

wininet

version

shlwapi

sensapi

urlmon

Sections

.text Size: 176KB - Virtual size: 174KB

.rdata Size: 32KB - Virtual size: 30KB

.data Size: 36KB - Virtual size: 57KB

.rsrc Size: 4KB - Virtual size: 3KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

6c:9a:3e:9b:9c:f2:3e:f5:de:a3:d5:8a:6d:cd:16:8a
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

44:e4:e4:40:67:2e:32:75:cb:66:f0:fa:67:6a:dd:8f:ff:92:24:cd
Signer

11/08/2010, 12:53
Valid: false

.text
Size: 176KB - Virtual size: 174KB

.rdata
Size: 32KB - Virtual size: 30KB

.data
Size: 36KB - Virtual size: 57KB

.rsrc
Size: 4KB - Virtual size: 3KB