47b8d1faa99c636653fbf368df05034e5d5f15b075dd7d8933d96d72c475fb8e

Sharing

Copy URL Twitter E-mail

General

Target

47b8d1faa99c636653fbf368df05034e5d5f15b075dd7d8933d96d72c475fb8e
Size

722KB
MD5

1030c746e7d3f40c6f13d8dc216c52a8
SHA1

675bc2608ac20f820269103a4e57d4793d2f4f54
SHA256

47b8d1faa99c636653fbf368df05034e5d5f15b075dd7d8933d96d72c475fb8e
SHA512

b2f8a1f0e4e5609ef6f92e9fd243bffa1c55a484983a9e5c339d4f9bba823132df17e9d6d48ecc6ebabd70c1c3102b9bdbd1c8c4271d950994f3560151980931
SSDEEP

12288:L4/M4BBnrYOHPjv2Xr3M5zxehzblEOGSEzUWzblE4wEQRUcl:L404BBnrYOHPC7c5zxeh+O2+Hl

Score

N/A

Malware Config

Signatures

Files

47b8d1faa99c636653fbf368df05034e5d5f15b075dd7d8933d96d72c475fb8e
.exe windows x86

cbdf7b9dd296893b09c7f863083681dd

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:ee:2c:9d:ad:71:45:09:44:a1:13:71:a8:0c:00:69
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

21/03/2008, 00:00

Not After

23/04/2011, 23:59

Subject

CN=Intel Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=ISWQL,O=Intel Corporation,L=Folsom,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7d:c0:d4:85:f3:ec:29:b9:0e:a1:b6:a0:ec:f7:63:92:cf:ec:68:e8
Signer

Actual PE Digest

7d:c0:d4:85:f3:ec:29:b9:0e:a1:b6:a0:ec:f7:63:92:cf:ec:68:e8

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Intel Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=ISWQL,O=Intel Corporation,L=Folsom,ST=California,C=US

04/11/2009, 21:46
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentDirectoryW
CreateFileW
GetFileSize
ReadFile
MultiByteToWideChar
GetFileTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
LoadLibraryW
CreateMutexW
GetModuleFileNameA
WriteFile
GetLocalTime
GetCommandLineW
GetTickCount
SetFilePointer
BeginUpdateResourceW
EndUpdateResourceA
FindResourceW
LoadResource
SizeofResource
LockResource
UpdateResourceW
EnumResourceLanguagesW
GetUserDefaultLangID
GetUserDefaultUILanguage
GetVersion
ConvertDefaultLocale
GetLocaleInfoW
GetVersionExW
GetModuleHandleW
GetCurrentProcess
GetSystemInfo
GetSystemWow64DirectoryW
OpenProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
TerminateProcess
GetExitCodeProcess
RemoveDirectoryW
SetEvent
CreateThread
GlobalAlloc
GlobalLock
LoadLibraryExW
GlobalFree
ExitProcess
CompareStringW
CompareStringA
SetEndOfFile
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
FlushFileBuffers
LoadLibraryA
HeapSize
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStartupInfoA
SetHandleCount
GetFileType
GetStdHandle
HeapCreate
HeapDestroy
HeapReAlloc
VirtualAlloc
MoveFileW
GetTempFileNameW
GetTempPathW
GetFileAttributesW
CompareFileTime
GetEnvironmentVariableW
GetSystemDirectoryW
FreeLibrary
CreateEventW
GetProcAddress
SetErrorMode
Sleep
SetFileAttributesW
MoveFileExW
DeleteFileW
WaitForSingleObject
CreateProcessW
SetLastError
VerifyVersionInfoW
VerSetConditionMask
GetWindowsDirectoryW
FindNextFileW
FindClose
GetLastError
FindFirstFileW
lstrcpyW
LocalFree
WriteProfileStringW
LocalAlloc
GetProfileStringW
GetModuleFileNameW
WideCharToMultiByte
SetFileAttributesA
SetFileTime
LocalFileTimeToFileTime
VirtualFree
GetCurrentThreadId
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetOEMCP
DosDateTimeToFileTime
GetFileAttributesA
FileTimeToDosDateTime
FileTimeToLocalFileTime
CloseHandle
GetFileInformationByHandle
CreateFileA
CopyFileW
GlobalUnlock
GetACP
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetCPInfo
RtlUnwind
RaiseException
GetStartupInfoW
GetProcessHeap
GetVersionExA
GetModuleHandleA
DeleteFileA
GetConsoleMode
GetConsoleCP
HeapFree
HeapAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
InterlockedExchange
InterlockedCompareExchange
SetEnvironmentVariableA

user32

SetTimer
DialogBoxParamW
LoadStringW
GetWindowModuleFileNameW
GetWindowThreadProcessId
SendMessageW
EnumWindows
DialogBoxIndirectParamW
MonitorFromWindow
GetMonitorInfoW
OffsetRect
GetWindowLongW
AdjustWindowRect
GetWindowRect
DrawTextW
LoadIconW
SetRectEmpty
SetDlgItemTextW
PostMessageW
EnableWindow
wsprintfW
ReleaseDC
GetDC
KillTimer
SetFocus
EndDialog
ShowWindow
SetWindowPos
GetClientRect
GetDlgItem
SetWindowTextW
MessageBoxIndirectW
LoadImageW
ExitWindowsEx

gdi32

SetBkMode
SetTextColor
DeleteDC
GetTextExtentPoint32W
SelectObject
CreateCompatibleDC
DeleteObject
CreateFontW
GetStockObject

advapi32

OpenSCManagerW
RegSetValueExW
RegCloseKey
ChangeServiceConfig2W
RegQueryValueExW
RegOpenKeyExW
RegEnumValueW
IsTextUnicode
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
DeleteService
ControlService
StartServiceW
CloseServiceHandle
ChangeServiceConfigW
CreateServiceW
OpenServiceW
QueryServiceStatus
RegEnumKeyExW
RegDeleteValueW
RegQueryInfoKeyW
RegCreateKeyExW

shell32

SHCreateDirectoryExW
SHGetFolderPathW
SHCreateDirectoryExA

ole32

CoCreateInstance
CoInitialize
CoUninitialize

cabinet

ord11
ord13
ord14
ord20
ord22
ord23
ord10

msports

ComDBClose
ComDBReleasePort
ComDBClaimPort
ComDBGetCurrentPortUsage
ComDBOpen

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiSetDeviceRegistryPropertyW
SetupDiOpenDevRegKey
SetupDiGetDeviceRegistryPropertyW
SetupDiSetClassInstallParamsW
SetupFindNextLine
SetupGetStringFieldW
SetupGetLineTextW
SetupDiCallClassInstaller
SetupDiGetClassDevsW
SetupDiGetINFClassW
SetupOpenInfFileW
SetupCloseInfFile
SetupFindFirstLineW

shlwapi

PathAppendW
PathFileExistsW
PathFindFileNameW
PathRemoveFileSpecA
PathAddBackslashA
PathAppendA
PathRenameExtensionW
PathStripToRootW
PathIsRelativeW
PathRemoveBackslashW
PathIsRootW
PathIsDirectoryW
PathCombineW
PathFindExtensionW
PathStripPathW
SHDeleteKeyW
PathRemoveFileSpecW
PathFindFileNameA
PathAddBackslashW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

psapi

EnumProcessModules
GetModuleFileNameExW

Sections

.text
Size: 308KB - Virtual size: 305KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 332KB - Virtual size: 331KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cbdf7b9dd296893b09c7f863083681dd

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

48:ee:2c:9d:ad:71:45:09:44:a1:13:71:a8:0c:00:69Certificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

7d:c0:d4:85:f3:ec:29:b9:0e:a1:b6:a0:ec:f7:63:92:cf:ec:68:e8Signer

Signature Validations

Verification

04/11/2009, 21:46 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

cabinet

msports

setupapi

shlwapi

version

psapi

Sections

.text Size: 308KB - Virtual size: 305KB

.rdata Size: 64KB - Virtual size: 63KB

.data Size: 8KB - Virtual size: 19KB

.rsrc Size: 332KB - Virtual size: 331KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

48:ee:2c:9d:ad:71:45:09:44:a1:13:71:a8:0c:00:69
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

7d:c0:d4:85:f3:ec:29:b9:0e:a1:b6:a0:ec:f7:63:92:cf:ec:68:e8
Signer

04/11/2009, 21:46
Valid: false

.text
Size: 308KB - Virtual size: 305KB

.rdata
Size: 64KB - Virtual size: 63KB

.data
Size: 8KB - Virtual size: 19KB

.rsrc
Size: 332KB - Virtual size: 331KB