805b42745bdcc55433993168be1a17eeae0bd7f2596672f98bce2240a15079b1

Sharing

Copy URL Twitter E-mail

General

Target

805b42745bdcc55433993168be1a17eeae0bd7f2596672f98bce2240a15079b1
Size

217KB
MD5

51c9d286e6b2a84241bac787ce049817
SHA1

89a794e3d27f2c4d04f57d419b39322236b80d6e
SHA256

805b42745bdcc55433993168be1a17eeae0bd7f2596672f98bce2240a15079b1
SHA512

48a87f5ecb0e3aa1f0de757285d671b3fb34e2aaa9d5353e236afd9954774eb7d2ea8601c79e1dd4962bf4198cf80ba4f5dc0c31ac04b9e359e9db73b5877b0e
SSDEEP

6144:EJDB4YUbot+ND4FrsOo35UijARZpVV1hw2qBF7Ej8NjfBGmOUftagTT5:EJVvUq+NSj4DARZpVV1hw2qBF7EjItau

Score

N/A

Malware Config

Signatures

Files

805b42745bdcc55433993168be1a17eeae0bd7f2596672f98bce2240a15079b1
.exe windows x86

17b79918681d99a38f4b39bc16858986

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

79:1b:65:d8:5d:38:39:06:69:75:69:1c:25:37:36:ef
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

02/03/2011, 00:00

Not After

01/03/2012, 23:59

Subject

CN=Motorola Mobility Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Mobile Devices,O=Motorola Mobility Inc.,L=Libertyville,ST=Illinois,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

87:4d:75:d8:ee:23:eb:bb:e0:2b:82:84:65:95:9e:14:45:8f:60:55
Signer

Actual PE Digest

87:4d:75:d8:ee:23:eb:bb:e0:2b:82:84:65:95:9e:14:45:8f:60:55

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Motorola Mobility Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Mobile Devices,O=Motorola Mobility Inc.,L=Libertyville,ST=Illinois,C=US

25/03/2011, 19:22
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

pst

PSTGetInterfaceHandle
PSTGetProductStringDescriptor
PSTReleaseInterfaceHandle
PSTGetInterfaceMapping
PSTFindInterfaceHandle
PSTUninitialize
PSTGetUSBDeviceDescriptor
PSTGetBLANDeviceIPAddress
PSTInitializeAndRegisterEx
PSTSendCommand

kernel32

InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetEvent
GetModuleFileNameA
OpenProcess
Sleep
WTSGetActiveConsoleSessionId
LoadLibraryA
Process32Next
ProcessIdToSessionId
Process32First
CreateToolhelp32Snapshot
CreateProcessA
DeleteFileA
GetLocalTime
ResetEvent
GlobalFree
GetCommandLineW
GetModuleHandleA
InterlockedDecrement
InterlockedIncrement
OutputDebugStringA
ReleaseMutex
GetTickCount
GetPrivateProfileStringA
WritePrivateProfileStringA
GetLocaleInfoA
GetUserDefaultLangID
GetTimeZoneInformation
GetSystemTime
CloseHandle
GetProcAddress
GetStartupInfoA
InterlockedCompareExchange
GetProcessHeap
HeapFree
GetModuleFileNameW
lstrlenA
GetCurrentThreadId
WaitForSingleObject
GetLastError
WideCharToMultiByte
MultiByteToWideChar
InterlockedExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
FreeLibrary
CreateEventA
GetVersionExA
GetSystemTimeAsFileTime
GetACP
GetThreadLocale
CreateMutexA

user32

RegisterWindowMessageA
GetMessageA
TranslateMessage
DispatchMessageA
PostThreadMessageA
DestroyWindow
PostQuitMessage
DefWindowProcA
RegisterClassExA
LoadCursorA
PeekMessageA
CreateWindowExA
ShowWindow
UpdateWindow
LoadIconA

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

wtsapi32

WTSQueryUserToken

secur32

GetUserNameExA

psapi

EnumProcesses
EnumProcessModules
GetModuleBaseNameA

winhttp

WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpGetIEProxyConfigForCurrentUser
WinHttpOpenRequest
WinHttpConnect
WinHttpOpen
WinHttpSetOption
WinHttpCloseHandle
WinHttpSendRequest
WinHttpCrackUrl
WinHttpDetectAutoProxyConfigUrl
WinHttpGetProxyForUrl

mfc80

ord762
ord6297
ord262
ord5331
ord1159
ord301
ord1580
ord764
ord1187
ord1185
ord1191
ord266
ord304
ord578
ord781
ord3997
ord5529
ord784
ord310
ord2272
ord4081
ord1486
ord5403
ord2468
ord265
ord297
ord911
ord1489
ord299
ord6703
ord6118
ord2346
ord907
ord1482
ord2322
ord2475
ord5563
ord305
ord5710
ord2451
ord308
ord3952
ord4109
ord2131
ord1248
ord783
ord300
ord4085
ord2306
ord1181
ord2259
ord3514
ord3255
ord5320
ord6286
ord1211

msvcr80

_time64
_snprintf_s
sprintf_s
strcpy
atoi
fclose
fread
rewind
ftell
fseek
fopen_s
fwrite
strftime
exit
abs
__RTDynamicCast
memmove
_except_handler4_common
?terminate@@YAXXZ
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_invoke_watson
_controlfp_s
printf
_localtime64_s
_wcsicmp
strncpy_s
strncpy
memcpy
_beginthreadex
strlen
strcmp
_invalid_parameter_noinfo
_purecall
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
_mbscmp
_CxxThrowException
memset
wcsrchr
wcslen
_recalloc
calloc
__CxxFrameHandler3
wcscpy_s
free
malloc
memmove_s

gdi32

CreateSolidBrush

advapi32

ChangeServiceConfig2A
RegSetValueExA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerExA
StartServiceA
CloseServiceHandle
OpenServiceA
OpenSCManagerA
RevertToSelf
CreateProcessAsUserA
ImpersonateLoggedOnUser
DuplicateTokenEx
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
SetServiceStatus
CreateServiceA
DeleteService
QueryServiceStatus
ControlService
DeregisterEventSource
ReportEventA
RegisterEventSourceA

shell32

SHGetSpecialFolderPathA
ShellExecuteA
CommandLineToArgvW

shlwapi

PathFileExistsA

ole32

CoCreateInstance
CoUninitialize
CoSetProxyBlanket
CoInitializeSecurity
CoInitialize
StringFromGUID2

oleaut32

VariantClear
GetErrorInfo
VariantInit
SysStringByteLen
SysAllocStringByteLen
SysAllocString
SysFreeString

msvcp80

?allocate@?$allocator@D@std@@QAEPADI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?deallocate@?$allocator@D@std@@QAEXPADI@Z
?_Lock@_Mutex@std@@QAEXXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@XZ
?open@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXPBDHH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@XZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@JH@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@XZ
?open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXPBDHH@Z
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?_Copy_s@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPADIII@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEX_NI@Z
?length@?$char_traits@D@std@@SAIPBD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Unlock@_Mutex@std@@QAEXXZ

ws2_32

select
socket
listen
send
recv
WSAWaitForMultipleEvents
__WSAFDIsSet
WSAStartup
WSACreateEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACloseEvent
accept
closesocket
bind
WSAGetLastError
inet_addr
htons
WSACleanup

Sections

.text
Size: 132KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

17b79918681d99a38f4b39bc16858986

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

79:1b:65:d8:5d:38:39:06:69:75:69:1c:25:37:36:efCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

87:4d:75:d8:ee:23:eb:bb:e0:2b:82:84:65:95:9e:14:45:8f:60:55Signer

Signature Validations

Verification

25/03/2011, 19:22 Valid: false

Headers

File Characteristics

Imports

pst

kernel32

user32

userenv

wtsapi32

secur32

psapi

winhttp

mfc80

msvcr80

gdi32

advapi32

shell32

shlwapi

ole32

oleaut32

msvcp80

ws2_32

Sections

.text Size: 132KB - Virtual size: 129KB

.rdata Size: 68KB - Virtual size: 66KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 4KB - Virtual size: 3KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

79:1b:65:d8:5d:38:39:06:69:75:69:1c:25:37:36:ef
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

87:4d:75:d8:ee:23:eb:bb:e0:2b:82:84:65:95:9e:14:45:8f:60:55
Signer

25/03/2011, 19:22
Valid: false

.text
Size: 132KB - Virtual size: 129KB

.rdata
Size: 68KB - Virtual size: 66KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 3KB