ce47efad5dd8cc3cbb7945a1885c6a121405cfb8e68af7848cf8d819f97f737f

Sharing

Copy URL Twitter E-mail

General

Target

ce47efad5dd8cc3cbb7945a1885c6a121405cfb8e68af7848cf8d819f97f737f
Size

1.5MB
MD5

0d7b7a60b5f5c2d95fc8348c3c933f1b
SHA1

44abbcd530dc19fb652f3b8f1f6c97edd4be6034
SHA256

ce47efad5dd8cc3cbb7945a1885c6a121405cfb8e68af7848cf8d819f97f737f
SHA512

140087d7c79979b0ff472bb3a8153ee2690330664195a9bdd8cf5af762d4dcd0566866d4f4639cc52d6443323648ae1475e2ab621c654dffc5a7d0174baed629
SSDEEP

24576:nMtvl4d2oHKGrHUuoQGOZMgH2rYN4wUq6n3vJGBHlC7/qrwU/jU/jkxWF1fOlPIS:k7MH/TN0co34tJ

Score

N/A

Malware Config

Signatures

Files

ce47efad5dd8cc3cbb7945a1885c6a121405cfb8e68af7848cf8d819f97f737f
.exe windows x86

18bde9afb291467b9d051e88b0647bbd

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:2b:73:95:83:1c:fa:9c:ec:1e:cb:70:68:80:ed
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

12/03/2009, 00:00

Not After

23/05/2011, 23:59

Subject

CN=Cisco Systems\, Inc.,OU=Endpoint Security Engineering,O=Cisco Systems\, Inc.,L=Boxborough,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

32:8b:96:9e:87:23:ad:77:93:59:d6:68:ac:a3:1f:87:f0:e4:90:cc
Signer

Actual PE Digest

32:8b:96:9e:87:23:ad:77:93:59:d6:68:ac:a3:1f:87:f0:e4:90:cc

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Cisco Systems\, Inc.,OU=Endpoint Security Engineering,O=Cisco Systems\, Inc.,L=Boxborough,ST=Massachusetts,C=US

24/08/2009, 03:41
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

vpnapi

vpn_get_service_start_event

wsock32

inet_ntoa
select
WSAStartup
WSACleanup
recv
recvfrom
send
sendto
shutdown
listen
connect
socket
setsockopt
bind
closesocket
ntohs
gethostname
gethostbyname
WSASetLastError
getsockname
accept
WSAGetLastError
ioctlsocket
inet_addr
__WSAFDIsSet
htons
htonl
ntohl

kernel32

GetCurrentThreadId
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
GetComputerNameA
GlobalFree
HeapAlloc
HeapFree
GetProcessHeap
GetVersionExA
CreateProcessA
TerminateProcess
OpenProcess
GetExitCodeProcess
ReadFile
PeekNamedPipe
WriteFile
GetStartupInfoA
DuplicateHandle
GetCurrentProcess
SetStdHandle
CreatePipe
GetStdHandle
CreateDirectoryA
RemoveDirectoryA
DeleteFileA
MoveFileA
GetCurrentDirectoryA
SetCurrentDirectoryA
FindFirstFileA
SetConsoleCtrlHandler
FindClose
CopyFileA
GetExitCodeThread
CreateThread
LocalFree
LocalAlloc
lstrlenA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetWindowsDirectoryA
MultiByteToWideChar
OutputDebugStringA
WideCharToMultiByte
GetTickCount
QueryPerformanceCounter
GetLocalTime
GetProcessTimes
GetThreadTimes
GetCurrentThread
GlobalMemoryStatus
GetProcessWorkingSetSize
GetModuleHandleA
GetCurrentProcessId
SetEndOfFile
SetFilePointer
GetFileAttributesA
FlushFileBuffers
LockFile
UnlockFile
ReleaseMutex
CreateMutexA
CreateEventA
WaitForSingleObject
ResetEvent
GetModuleFileNameA
OpenEventA
Sleep
CreateFileA
DeviceIoControl
GetLastError
CloseHandle
SetEvent
GetFileSize
GetDiskFreeSpaceA
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InterlockedExchange
LCMapStringA
FindNextFileA
LCMapStringW
RaiseException

rasapi32

RasEnumEntriesA

wininet

InternetSetOptionA
InternetQueryOptionA

msvcirt

??6ostream@@QAEAAV0@F@Z
?hex@@YAAAVios@@AAV1@@Z
?dec@@YAAAVios@@AAV1@@Z
??6ostream@@QAEAAV0@PBX@Z
?cout@@3Vostream_withassign@@A
??6ostream@@QAEAAV0@H@Z
??6ostream@@QAEAAV0@K@Z
??6ostream@@QAEAAV0@G@Z
?endl@@YAAAVostream@@AAV1@@Z
_mtlock
_mtunlock
??6ostream@@QAEAAV0@PBD@Z
?ends@@YAAAVostream@@AAV1@@Z
??0ostrstream@@QAE@XZ
?str@strstreambuf@@QAEPADXZ
??1ostrstream@@UAE@XZ
??1ios@@UAE@XZ
??_Dostrstream@@QAEXXZ

msvcrt

fputc
rewind
wcslen
_mbsnbcpy
_mbsrchr
getchar
_getch
_putch
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_isctype
__dllonexit
_onexit
_controlfp
tolower
_beginthread
strspn
_CIpow
isalnum
fread
_iob
_mbctoupper
_ismbcspace
fwrite
fputs
isdigit
printf
sprintf
_mbsstr
_mbscspn
sscanf
_mbstok
localtime
_strdate
fseek
ftell
_write
_read
fclose
_close
_open
fopen
malloc
mbstowcs
_ftime
qsort
atoi
_ftol
_strdup
calloc
memmove
realloc
free
time
__CxxFrameHandler
??2@YAPAXI@Z
??3@YAXPAX@Z
strstr
strtod
_purecall
_vsnprintf
fprintf
fgets
isspace
ctime
_mbscmp
atol
_mbsicmp
strrchr
strchr
_itoa
strtok
_stricmp
remove
getenv
strncat
isprint
strncpy
_stat
_getpid
_chmod
strncmp
exit
_except_handler3
rename
atof
strtoul
_atoi64
wcscpy
_wcsicmp
_getcwd
_getdrive
_getdcwd
toupper
_access
memcmp
_fdopen

msvcp60

?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z

mfc42

ord6663
ord2915
ord858
ord537
ord540
ord538
ord2614
ord939
ord2818
ord941
ord5572
ord860
ord535
ord5710
ord4129
ord6283
ord6282
ord2763
ord940
ord4277
ord1099
ord4204
ord800
ord2764
ord926
ord2784
ord6929

crypt32

CryptMsgClose
CertFreeCertificateContext
CertGetNameStringA
CertFindCertificateInStore
CryptMsgGetParam
CryptQueryObject
CertAddCertificateContextToStore
CertSetCertificateContextProperty
CertCreateCertificateContext
CertOpenStore
CertAddEncodedCertificateToStore
CertGetSubjectCertificateFromStore
CertEnumCertificatesInStore
CertDeleteCertificateFromStore
CertAddEncodedCRLToStore
CertFreeCRLContext
CertGetCRLFromStore
CertDeleteCRLFromStore
CertGetCertificateContextProperty
CertCloseStore

Exports

Exports

IsdGetCapability
IsdGetRandomNumber
IsdGetStatistic
IsdTestRandomGenerator

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 184KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

18bde9afb291467b9d051e88b0647bbd

Code Sign

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

33:2b:73:95:83:1c:fa:9c:ec:1e:cb:70:68:80:edCertificate

Extended Key Usages

32:8b:96:9e:87:23:ad:77:93:59:d6:68:ac:a3:1f:87:f0:e4:90:ccSigner

Signature Validations

Verification

24/08/2009, 03:41 Valid: false

Headers

File Characteristics

Imports

vpnapi

wsock32

kernel32

rasapi32

wininet

msvcirt

msvcrt

msvcp60

mfc42

crypt32

Exports

Exports

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 80KB - Virtual size: 78KB

.data Size: 184KB - Virtual size: 205KB

.data1 Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 2KB

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

33:2b:73:95:83:1c:fa:9c:ec:1e:cb:70:68:80:ed
Certificate

32:8b:96:9e:87:23:ad:77:93:59:d6:68:ac:a3:1f:87:f0:e4:90:cc
Signer

24/08/2009, 03:41
Valid: false

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 80KB - Virtual size: 78KB

.data
Size: 184KB - Virtual size: 205KB

.data1
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 2KB