c044cfc4870398c623fd5c873385b1e4dc97d0a814be19e2c889d2e6f0023df4

Sharing

Copy URL Twitter E-mail

General

Target

c044cfc4870398c623fd5c873385b1e4dc97d0a814be19e2c889d2e6f0023df4
Size

239KB
MD5

432a081f60baeeff9727dc083554bb20
SHA1

0451076e61c24bf0c19fe02726c6a580d73c5473
SHA256

c044cfc4870398c623fd5c873385b1e4dc97d0a814be19e2c889d2e6f0023df4
SHA512

e683438f102f3cc1733a5e90f612b1739c8877f76252648c77a5d7f64d67478dc897d2234885605cb9f6fc297ba29d0860c192c584d1a3fab60af9d13cb0a24c
SSDEEP

6144:flSLFyBsNsYIHFYEfvlD+Vy60YHjRAxA0bYRHaEck7Ng3V:wLMyNgHF51yVytYlF0bYR6EcCm3V

Score

N/A

Malware Config

Signatures

Files

c044cfc4870398c623fd5c873385b1e4dc97d0a814be19e2c889d2e6f0023df4
.exe windows x86

f3acfc71ddc3cdaf90f92fc361fa6b76

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

22:5c:8b:52:64:05:84:16:3e:c1:83:50:17:de:d7:81
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

30/01/2007, 00:00

Not After

15/02/2008, 23:59

Subject

CN=Trend Micro\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=RD,O=Trend Micro\, Inc.,L=Taipei,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpi
GetLocalTime
LoadLibraryExA
GetModuleHandleA
RemoveDirectoryW
GetACP
GetCPInfo
lstrlenA
SearchPathA
FindAtomA
GetCurrentProcess
GetProcAddress
lstrcpynA
CreateNamedPipeA
IsBadWritePtr
DisconnectNamedPipe
GetLastError
FileTimeToDosDateTime
GetThreadPriority
GlobalFindAtomW
SetUnhandledExceptionFilter
GlobalFindAtomA
RemoveDirectoryA
GetTempFileNameA
CreateDirectoryA
lstrcmpiW
OpenEventA
GetSystemInfo

user32

LoadMenuW
SetParent
SetWindowPos
MonitorFromRect
CreateDialogParamW
SetDlgItemInt
PostMessageA
SetWindowLongW
InsertMenuItemW
IsWindow
SetMenu
GetMenu
DestroyMenu
EnableWindow
IsDlgButtonChecked
SetWindowRgn
MessageBoxA
UnregisterClassA
RegisterClassA
SetCapture
UpdateLayeredWindow
CreatePopupMenu
PeekMessageA
GetForegroundWindow
EmptyClipboard
CopyIcon
UnregisterClassW
DestroyIcon
LoadIconW
SendDlgItemMessageA
GetClassInfoA
DefWindowProcW
GetKeyState
SetDlgItemTextW
PostMessageW
FindWindowW
GetCursorPos
GetWindowRgn
FindWindowA
GetCapture
GetMenuStringW
GetMenuState
GetCapture
SetForegroundWindow
EndDialog
EndMenu
DestroyCursor
CreateWindowExW
CreateAcceleratorTableW
MessageBoxIndirectA
wvsprintfA
GetSysColor
GetDlgItemInt
ShowWindow
WaitForInputIdle
GetAsyncKeyState
LoadMenuIndirectA
SetFocus
InvalidateRgn
GetKeyboardLayout
GetActiveWindow
GetMessageW
CreateAcceleratorTableA
CharUpperW
GetClassInfoExW
TrackPopupMenuEx
PostQuitMessage
EnableMenuItem
LoadIconA
TrackPopupMenu
DialogBoxParamA
AppendMenuA
SetTimer
GetMenuStringA
GetTopWindow

gdi32

CreatePolyPolygonRgn
GetMetaFileW
CreateMetaFileA
CreateRoundRectRgn
CreateHatchBrush
SelectBrushLocal
SetEnhMetaFileBits
CreateCompatibleDC
CreateScalableFontResourceW
GetStockObject
StretchDIBits
CreateMetaFileW
GetTextExtentPointA
GetMetaFileA
RemoveFontResourceExW
AddFontResourceA
CreateFontW
GetRasterizerCaps
CreateDIBPatternBrush
CreateEllipticRgn
CreateBitmapIndirect

shell32

StrRStrIW
SHGetDiskFreeSpaceExA
StrRChrIA
ExtractAssociatedIconW
ShellExecuteExW
FreeIconList
StrStrA
SHGetDesktopFolder
Shell_NotifyIcon
StrStrW
ExtractIconExW
ExtractIconExA

oleaut32

SafeArrayDestroy
VarCyInt
SysAllocStringByteLen
VarR4FromDisp
GetVarConversionLocaleSetting
VarI2FromCy
VarBstrFromI1
VarUI2FromBool
VarUI4FromCy

wininet

DeleteIE3Cache
InternetSetPerSiteCookieDecisionA
UnlockUrlCacheEntryFileA
FtpSetCurrentDirectoryA
InternetTimeFromSystemTime
GopherGetLocatorTypeW
InternetSetOptionA
FtpGetFileEx
SetUrlCacheConfigInfoW

mprapi

MprAdminUserOpen
MprAdminUserClose

inetcomm

EssKeyExchPreferenceDecodeEx
HrAttachDataFromFile
CreateIMAPTransport2
CreateIMAPTransport
CreateRangeList
MimeOleGetCertsFromThumbprints
EssSignCertificateDecodeEx
MimeOleGetBodyPropW
MimeOleCreateHashTable
MimeOleParseRfc822Address
HrSaveAttachmentAs
MimeOleGetRelatedSection
MimeOleOpenFileStream
MimeOleGetContentTypeExt
HrGetAttachIconByFile
HrSaveAttachToFile
MimeOleSMimeCapsToDlg
MimeOleGetInternat

Sections

.mamLDz
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.BRzw
Size: 3KB - Virtual size: 401KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vcqygM
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.CmYQd
Size: 1024B - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdaOS
Size: 2KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.p
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.FHDJQ
Size: 5KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qkjMHC
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Jpk
Size: 15KB - Virtual size: 294KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MZAl
Size: 1024B - Virtual size: 431KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.oa
Size: 3KB - Virtual size: 230KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f3acfc71ddc3cdaf90f92fc361fa6b76

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

22:5c:8b:52:64:05:84:16:3e:c1:83:50:17:de:d7:81Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

oleaut32

wininet

mprapi

inetcomm

Sections

.mamLDz Size: 2KB - Virtual size: 1KB

.BRzw Size: 3KB - Virtual size: 401KB

.vcqygM Size: 92KB - Virtual size: 91KB

.CmYQd Size: 1024B - Virtual size: 154KB

.rdaOS Size: 2KB - Virtual size: 324KB

.p Size: 10KB - Virtual size: 10KB

.FHDJQ Size: 5KB - Virtual size: 34KB

.qkjMHC Size: 90KB - Virtual size: 90KB

.Jpk Size: 15KB - Virtual size: 294KB

.MZAl Size: 1024B - Virtual size: 431KB

.oa Size: 3KB - Virtual size: 230KB

.rsrc Size: 8KB - Virtual size: 7KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

22:5c:8b:52:64:05:84:16:3e:c1:83:50:17:de:d7:81
Certificate

.mamLDz
Size: 2KB - Virtual size: 1KB

.BRzw
Size: 3KB - Virtual size: 401KB

.vcqygM
Size: 92KB - Virtual size: 91KB

.CmYQd
Size: 1024B - Virtual size: 154KB

.rdaOS
Size: 2KB - Virtual size: 324KB

.p
Size: 10KB - Virtual size: 10KB

.FHDJQ
Size: 5KB - Virtual size: 34KB

.qkjMHC
Size: 90KB - Virtual size: 90KB

.Jpk
Size: 15KB - Virtual size: 294KB

.MZAl
Size: 1024B - Virtual size: 431KB

.oa
Size: 3KB - Virtual size: 230KB

.rsrc
Size: 8KB - Virtual size: 7KB