cfad70e81b58e4a86c7e63d940cfda6ff6a70e85044b185de7d76cf8f7a837a1

Sharing

Copy URL Twitter E-mail

General

Target

cfad70e81b58e4a86c7e63d940cfda6ff6a70e85044b185de7d76cf8f7a837a1
Size

439KB
MD5

5c17ebb02e5dac8abda8d40e86346620
SHA1

ddc15505770cd6c05b716f1282903867aea56856
SHA256

cfad70e81b58e4a86c7e63d940cfda6ff6a70e85044b185de7d76cf8f7a837a1
SHA512

c92162e1c4ef446997c76e301b438c5dc6ddad2d39203a45d042472121476900501a6d96dc83427b2af8e71ebc71538d8d66d71afc27cec5e5b87749bc17c66f
SSDEEP

12288:S8oWhHRStWS1MdVIGyT0+bXZam120geUcUwn:jkKVb+LZarNo

Score

N/A

Malware Config

Signatures

Files

cfad70e81b58e4a86c7e63d940cfda6ff6a70e85044b185de7d76cf8f7a837a1
.exe windows x86

66d393fa34b0621a17a3594529534c4f

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:97:1f:f2:38:d2:b8:66:f2:7f:c3:fe:6c:9a:d5:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/07/2011, 00:00

Not After

19/07/2014, 23:59

Subject

CN=Avira Operations GmbH & Co. KG,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Avira Operations GmbH & Co. KG,L=Tettnang,ST=Baden Wuerttemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc100u

ord12157
ord5826
ord374
ord12944
ord945
ord5468
ord897
ord3397
ord11982
ord2184
ord6096
ord5799
ord2614
ord5229
ord2939
ord2824
ord5558
ord12610
ord2418
ord11210
ord6086
ord1226
ord9525
ord13132
ord6711
ord8509
ord788
ord1212
ord10081
ord3261
ord3260
ord2185
ord5801
ord3446
ord296
ord4290
ord1450
ord1987
ord902
ord5862
ord1298
ord10058
ord12951
ord11123
ord8179
ord10412
ord2981
ord2980
ord2756
ord5556
ord12606
ord2887
ord2884
ord7385
ord2417
ord14146
ord14148
ord14147
ord14145
ord14149
ord14132
ord14059
ord14060
ord8277
ord11081
ord3402
ord10937
ord13380
ord8112
ord11163
ord6247
ord10045
ord8393
ord2853
ord12724
ord11246
ord11244
ord1501
ord1508
ord1514
ord12628
ord1519
ord11493
ord11511
ord11870
ord11786
ord12007
ord11999
ord12182
ord12871
ord12548
ord12933
ord8036
ord12930
ord11933
ord12940
ord11936
ord4606
ord3846
ord1312
ord11974
ord12186
ord1310
ord4139
ord6870
ord7973
ord4355
ord6117
ord8273
ord2844
ord3763
ord1266
ord5846
ord970
ord1302
ord7618
ord4805
ord1479
ord13047
ord2763
ord2062
ord1721
ord286
ord917
ord6145
ord5802
ord7929
ord8264
ord2746
ord6080
ord4356
ord7967
ord4360
ord3746
ord6318
ord337
ord6243
ord11940
ord7529
ord11998
ord4388
ord4425
ord4396
ord4408
ord4404
ord4400
ord4430
ord4421
ord4392
ord4434
ord4413
ord4379
ord4383
ord4416
ord3999
ord14067
ord3992
ord2665
ord13382
ord7109
ord13388
ord6156
ord10725
ord12557
ord5276
ord2339
ord11116
ord3491
ord2952
ord2951
ord2852
ord11159
ord5143
ord9333
ord8347
ord5828
ord381
ord948
ord1895
ord3627
ord266
ord7624
ord7548
ord11784
ord13854
ord4744
ord2164
ord11476
ord11477
ord13381
ord7108
ord13387
ord8530
ord3684
ord3625
ord11864
ord7126
ord1739
ord14162
ord10976
ord13267
ord11469
ord7179
ord13570
ord13567
ord13572
ord13569
ord13571
ord13568
ord3416
ord4802
ord12015
ord11516
ord5261
ord11228
ord11236
ord2089
ord2068
ord2064
ord280
ord11997
ord7391
ord9498
ord7006
ord8599
ord7512
ord3781
ord1947
ord10409
ord1296
ord3428
ord5855
ord2629
ord285
ord5264
ord4478
ord4512
ord6661
ord2078
ord13133
ord1950
ord10122
ord6073
ord12001
ord919
ord2509
ord341
ord265
ord1905
ord2220
ord3996
ord13206
ord7913
ord7524
ord4150
ord479
ord1512
ord11240
ord11209
ord11845
ord4642
ord4923
ord5115
ord8483
ord4901
ord5118
ord4645
ord4794
ord4623
ord5467
ord6931
ord6932
ord6922
ord4792
ord7393
ord9328
ord8346
ord6140
ord890
ord1292
ord1934
ord1300

msvcr100

_recalloc
_localtime64_s
_mktime64
_strnicmp
atoi
strstr
wcsspn
strncpy_s
strcat_s
iswdigit
isspace
wcspbrk
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_controlfp_s
_invoke_watson
?terminate@@YAXXZ
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
__iob_func
fwprintf
qsort
_purecall
__RTDynamicCast
_wsetlocale
toupper
_chdrive
_getdrive
printf
realloc
_errno
calloc
strtoul
_wsopen
_lseek
_close
_read
_filelength
_chsize
wcscat
wcsncat
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
memcpy
_wcsnicmp
_wcsupr_s
mbstowcs_s
iswalnum
iswspace
memset
_wfopen_s
fclose
srand
rand
_waccess
_time64
swscanf_s
wcsncat_s
_wcsicmp
wcschr
wcsrchr
_wtoi
malloc
wcsncmp
wcscmp
_wsplitpath_s
wcscat_s
memcpy_s
memmove_s
wcslen
wcsnlen
__CxxFrameHandler3
free
swprintf_s
wcscpy
_snwprintf_s
wcscpy_s
_beginthreadex
_wtol
wcsncpy_s
wcsstr
wmemcpy_s
_vscwprintf
vswprintf_s

kernel32

CloseHandle
UnmapViewOfFile
CreateEventW
InterlockedDecrement
InterlockedIncrement
GetModuleFileNameW
GetProcAddress
SetLastError
GetModuleHandleW
LoadLibraryExW
GetCommandLineW
lstrlenW
lstrcpynW
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
InitializeCriticalSectionAndSpinCount
ExpandEnvironmentStringsA
LoadLibraryA
GetFullPathNameW
MultiByteToWideChar
DecodePointer
IsProcessorFeaturePresent
UnhandledExceptionFilter
QueryPerformanceCounter
SetUnhandledExceptionFilter
FreeLibrary
EncodePointer
HeapSetInformation
InterlockedCompareExchange
InterlockedExchange
OutputDebugStringW
GetPrivateProfileIntW
DeleteCriticalSection
GetFileTime
EnterCriticalSection
MoveFileW
ExitThread
LeaveCriticalSection
TerminateThread
InitializeCriticalSection
LockFile
UnlockFile
TryEnterCriticalSection
SetFilePointer
LocalFileTimeToFileTime
GetCurrentThreadId
GetLocalTime
FileTimeToSystemTime
GetTimeFormatW
GetTickCount
GetDateFormatW
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
IsDebuggerPresent
GetWindowsDirectoryW
GetSystemDirectoryW
SystemTimeToFileTime
GetSystemTime
GetCurrentDirectoryW
ReadFile
RemoveDirectoryW
WideCharToMultiByte
GetShortPathNameW
FindClose
FindNextFileW
FindFirstFileW
GetDriveTypeW
CreateDirectoryW
GetFileAttributesExW
GlobalLock
GlobalUnlock
MulDiv
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetCurrentThread
LocalAlloc
CreateMutexW
FormatMessageW
GetComputerNameW
GlobalAlloc
GlobalFree
GetCurrentProcessId
SetProcessWorkingSetSize
LocalFree
GetStartupInfoW
GetCurrentProcess
GetPriorityClass
OpenProcess
SetPriorityClass
TerminateProcess
LoadLibraryW
GetSystemInfo
GetVersionExW
VerSetConditionMask
VerifyVersionInfoW
WriteFile
GetFileAttributesW
SetFileAttributesW
CreateProcessW
Sleep
GetExitCodeProcess
DeleteFileW
CreateFileW
GetPrivateProfileStringW
WritePrivateProfileStringW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
WaitForMultipleObjects
OpenFileMappingW
GetLastError
MapViewOfFile
SetEvent
WaitForSingleObject
ResetEvent

user32

GetClientRect
UpdateWindow
EnableWindow
GetSystemMetrics
LoadStringW
InvalidateRect
RedrawWindow
DrawTextW
DrawTextExW
GrayStringW
GetSysColor
IsWindow
SetRect
GetWindowRect
IsIconic
ReleaseDC
DestroyIcon
GetForegroundWindow
DispatchMessageW
TranslateMessage
PeekMessageW
ExitWindowsEx
GetWindowTextW
EnumWindows
DrawStateW
CopyRect
InflateRect
FillRect
ScreenToClient
PostMessageW
SendMessageW
DrawIcon
GetDC
TabbedTextOutW
ReleaseCapture
SetCapture
PtInRect
SetWindowLongW
SetRectEmpty
GetDCEx
GetActiveWindow
GetLastActivePopup
MessageBoxW
GetKeyState
SystemParametersInfoW
GetIconInfo
TrackMouseEvent
SetCursor
GetWindowLongW
LoadCursorW
DrawFocusRect
OffsetRect
EqualRect
LoadIconW
DrawIconEx
GetParent
GetFocus
LoadImageW

gdi32

CreatePolygonRgn
CreateRectRgnIndirect
CreateFontIndirectW
GetObjectW
CreatePatternBrush
GetDeviceCaps
CreateSolidBrush
GetTextExtentPoint32W
SetPixel
GetPixel
RoundRect
FillRgn
GetStockObject
SelectObject
GetTextMetricsW
DeleteObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
BitBlt
CreateCompatibleDC
CreateRectRgn
CreateCompatibleBitmap
CreatePen
GetDIBColorTable
CreateHalftonePalette
CreatePalette
RealizePalette

advapi32

SetSecurityDescriptorOwner
RegEnumKeyExW
RegOpenKeyExA
RegQueryValueExA
SetSecurityInfo
SetEntriesInAclW
BuildExplicitAccessWithNameW
GetUserNameW
GetSecurityDescriptorDacl
GetSecurityInfo
OpenProcessToken
LookupAccountSidW
GetTokenInformation
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
FreeSid
RevertToSelf
AccessCheck
IsValidSecurityDescriptor
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
GetLengthSid
InitializeSecurityDescriptor
AllocateAndInitializeSid
OpenThreadToken
ImpersonateSelf
RegSetValueExW
AddAce
IsValidSid
GetAce
CopySid
GetAclInformation
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
CreateProcessAsUserW

shell32

SHGetSpecialFolderPathW
ShellExecuteW

comctl32

_TrackMouseEvent
ord17

ole32

CreateStreamOnHGlobal
CoTaskMemFree

oleaut32

SysFreeString

msvcp100

?_Xlength_error@std@@YAXPBD@Z

gdiplus

GdipAlloc
GdipDeleteGraphics
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromResource
GdipCreateFromHDC
GdipDrawImageRectRectI
GdipCloneImage
GdipSaveImageToFile
GdipGetImagePixelFormat
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromHICON
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipBitmapGetPixel
GdipBitmapSetPixel
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusStartup
GdiplusShutdown
GdipSetCompositingQuality
GdipSetInterpolationMode
GdipSetPixelOffsetMode
GdipDrawImageRect
GdipDrawImageRectI
GdipCloneBitmapAreaI
GdipFree

Sections

.text
Size: 206KB - Virtual size: 206KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 57KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

wioyrty
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

66d393fa34b0621a17a3594529534c4f

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

54:97:1f:f2:38:d2:b8:66:f2:7f:c3:fe:6c:9a:d5:77Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

mfc100u

msvcr100

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

oleaut32

msvcp100

gdiplus

Sections

.text Size: 206KB - Virtual size: 206KB

.rdata Size: 64KB - Virtual size: 63KB

.data Size: 6KB - Virtual size: 8KB

.rsrc Size: 26KB - Virtual size: 25KB

.reloc Size: 57KB - Virtual size: 60KB

wioyrty Size: 78KB - Virtual size: 78KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

54:97:1f:f2:38:d2:b8:66:f2:7f:c3:fe:6c:9a:d5:77
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

.text
Size: 206KB - Virtual size: 206KB

.rdata
Size: 64KB - Virtual size: 63KB

.data
Size: 6KB - Virtual size: 8KB

.rsrc
Size: 26KB - Virtual size: 25KB

.reloc
Size: 57KB - Virtual size: 60KB

wioyrty
Size: 78KB - Virtual size: 78KB