5724dd06e421ec93b2c84df5e9bfd41b930d3a112a0df1af6b226f57d8b300bf

Sharing

Copy URL Twitter E-mail

General

Target

5724dd06e421ec93b2c84df5e9bfd41b930d3a112a0df1af6b226f57d8b300bf
Size

542KB
MD5

30345d230e2564812d3fc3ad22d7edb0
SHA1

202659cd34cf748a96d0fbe0fd0d3991acdbde56
SHA256

5724dd06e421ec93b2c84df5e9bfd41b930d3a112a0df1af6b226f57d8b300bf
SHA512

64880b27f508f0110c34a2b846da696e63f59d1b79edacd65be25d6ebb135cd61690db2afae5872319fd71da627c5607c44802a79cf73de4869c455ce280f5bb
SSDEEP

12288:8Rh4iCFaQeliAk9SlhOXe8RooNuDNGYRD+KUwg:2h4iQaTlfkkXuRSoeNGK/g

Score

N/A

Malware Config

Signatures

Files

5724dd06e421ec93b2c84df5e9bfd41b930d3a112a0df1af6b226f57d8b300bf
.exe windows x86

eac80491b8034417923fbf2bf773701a

Code Sign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:35:64:05:60:9a:b9:5f:8d:db:13:16:4b:82:f9:6d:e5
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

29/05/2012, 17:52

Not After

30/05/2015, 17:52

Subject

CN=Disc Soft Ltd,O=Disc Soft Ltd,L=Belize city,ST=Belize,C=BZ,1.2.840.113549.1.9.1=#0c1366696e707240646973632d736f66742e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:00

Not After

23/05/2016, 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b9:dd:45:f1:fd:d5:fb:26:f9:a9:b8:56:c8:9a:98:7d:5a:0d:66:48
Signer

Actual PE Digest

b9:dd:45:f1:fd:d5:fb:26:f9:a9:b8:56:c8:9a:98:7d:5a:0d:66:48

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Disc Soft Ltd,O=Disc Soft Ltd,L=Belize city,ST=Belize,C=BZ,1.2.840.113549.1.9.1=#0c1366696e707240646973632d736f66742e636f6d

10/09/2013, 20:58
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

FreeSid
EqualSid
GetTokenInformation
OpenProcessToken
OpenThreadToken
AllocateAndInitializeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey
RegSetKeySecurity
RegGetKeySecurity
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegQueryValueExA
RegDeleteKeyA

kernel32

GetCurrentProcess
GetLastError
GetCurrentThread
LoadLibraryA
GetSystemDirectoryA
VerSetConditionMask
GetProcAddress
GetModuleHandleA
LocalFree
CreateMutexA
LocalAlloc
HeapFree
HeapAlloc
HeapReAlloc
CloseHandle
CreateThread
ReleaseMutex
GetTickCount
WaitForSingleObject
GetCommandLineA
VirtualFree
VirtualAlloc
GetProcessHeap
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
SetUnhandledExceptionFilter
RtlUnwind
GetStartupInfoA
InterlockedCompareExchange
Sleep
InterlockedExchange

user32

MessageBoxA
EnableWindow
GetDlgItem
SendDlgItemMessageA
SendMessageA
DialogBoxParamA
EndDialog

msvcrt

rand
memmove
srand
_except_handler3
memset
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_amsg_exit
__setusermatherr
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
_controlfp
_fsopen
sprintf
??3@YAXPAX@Z
??2@YAPAXI@Z
_mbsnbicmp
_mbsicmp
_tempnam
rename
_errno
free
_unlink
fwrite
fclose

Exports

Exports

A0DB34FC6FE35D429A28ADDE5467D4D7

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 318KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sptd0
Size: 155KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

CODEINIT
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CODESIGN
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eac80491b8034417923fbf2bf773701a

Code Sign

04:00:00:00:00:01:20:19:c1:90:66Certificate

Key Usages

04:00:00:00:00:01:2f:4e:e1:35:5cCertificate

Extended Key Usages

Key Usages

01:00:00:00:00:01:25:b0:b4:cc:01Certificate

Extended Key Usages

Key Usages

11:21:35:64:05:60:9a:b9:5f:8d:db:13:16:4b:82:f9:6d:e5Certificate

Extended Key Usages

Key Usages

61:0b:7f:6b:00:00:00:00:00:19Certificate

Key Usages

b9:dd:45:f1:fd:d5:fb:26:f9:a9:b8:56:c8:9a:98:7d:5a:0d:66:48Signer

Signature Validations

Verification

10/09/2013, 20:58 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

Exports

Exports

Sections

.text Size: 14KB - Virtual size: 14KB

.data Size: 318KB - Virtual size: 320KB

.idata Size: 2KB - Virtual size: 2KB

.sptd0 Size: 155KB - Virtual size: 155KB

.rsrc Size: 7KB - Virtual size: 6KB

CODEINIT Size: 512B - Virtual size: 32B

CODESIGN Size: 4KB - Virtual size: 4KB

04:00:00:00:00:01:20:19:c1:90:66
Certificate

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

11:21:35:64:05:60:9a:b9:5f:8d:db:13:16:4b:82:f9:6d:e5
Certificate

61:0b:7f:6b:00:00:00:00:00:19
Certificate

b9:dd:45:f1:fd:d5:fb:26:f9:a9:b8:56:c8:9a:98:7d:5a:0d:66:48
Signer

10/09/2013, 20:58
Valid: false

.text
Size: 14KB - Virtual size: 14KB

.data
Size: 318KB - Virtual size: 320KB

.idata
Size: 2KB - Virtual size: 2KB

.sptd0
Size: 155KB - Virtual size: 155KB

.rsrc
Size: 7KB - Virtual size: 6KB

CODEINIT
Size: 512B - Virtual size: 32B

CODESIGN
Size: 4KB - Virtual size: 4KB