2007bdf62a88a40c756e1534c88bf6f76c890654fb7c01b464cb98384f028727

Sharing

Copy URL Twitter E-mail

General

Target

2007bdf62a88a40c756e1534c88bf6f76c890654fb7c01b464cb98384f028727
Size

4.9MB
MD5

2a15e864145a4bc6d17c218bc13a3eb8
SHA1

3f12cdfddc70273eedf36b8ed59292379412a7c0
SHA256

2007bdf62a88a40c756e1534c88bf6f76c890654fb7c01b464cb98384f028727
SHA512

16cd2873904119d01c9e99d0641d030a9ab51112bd1d857bd9ab7cd4dc870c59552ab197e08dc3565e9743a364765744cce6d7a44a4810dd0d04c999eecd3dbd
SSDEEP

98304:yZFfk/QYCCyYdHjgDCe/ZgV/vovg9OKRwqbR3FNwoGr:yv8QhCyYdceV/voGOUbR3bRy

Score

N/A

Malware Config

Signatures

Files

2007bdf62a88a40c756e1534c88bf6f76c890654fb7c01b464cb98384f028727
.exe windows x86

e64dba496a2df8ad50c872d385a8f02a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

75:37:98:be:7f:17:9e:a9:62:92:57:13:e8:e5:a5:8c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

24/07/2006, 00:00

Not After

04/10/2008, 23:59

Subject

CN=Patchou,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Software Development,O=Patchou,L=Laval,ST=Quebec,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

SetFilePointer
WriteFile
GetLastError
GetFileAttributesA
CreateFileA
DeleteFileA
SetFileAttributesA
LockResource
LoadResource
SizeofResource
FindResourceA
GetTempPathA
IsValidCodePage
GetPrivateProfileIntA
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
FlushInstructionCache
GetCurrentProcess
GetCurrentThreadId
SetLastError
GetPrivateProfileStringA
GetVersionExA
CreateProcessA
GetModuleFileNameA
CreateThread
ReleaseMutex
WaitForSingleObject
CreateMutexA
CreateDirectoryA
GetTickCount
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
HeapCreate
Sleep
SetEndOfFile
GetFileSize
ReadFile
CloseHandle
RaiseException
HeapDestroy
FlushFileBuffers
GetFileType
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
GetProcAddress
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
InitializeCriticalSection
DeleteCriticalSection
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
HeapReAlloc
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
LCMapStringA
MultiByteToWideChar
LCMapStringW
HeapSize
ExitProcess
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount

user32

PeekMessageA
MsgWaitForMultipleObjects
TranslateMessage
DispatchMessageA
CreateDialogParamA
SendMessageA
ShowWindow
SetWindowTextA
DestroyWindow
GetActiveWindow
UnregisterClassA
SetWindowLongA
LoadImageA
GetParent
GetWindow
GetWindowRect
SystemParametersInfoA
GetClientRect
MapWindowPoints
SetWindowPos
GetWindowLongA
LoadCursorA
SetCursor
MessageBoxA

gdi32

CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
DeleteObject

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA

Exports

Exports

??0BlueZip@@QAE@PBD@Z
??0zList@@QAE@XZ
??1BlueZip@@QAE@XZ
??1zList@@QAE@XZ
??4BlueZip@@QAEAAV0@ABV0@@Z
??4zList@@QAEAAV0@ABV0@@Z
?GetFile@BlueZip@@QAE_NPAVzList@@PBD@Z
?Read@BlueZip@@QAE_NXZ
?ReadCentral@zList@@QAEXPAX@Z
?ReadEnd@BlueZip@@AAEXPAX@Z
?ScanZip@BlueZip@@AAE_NPAX@Z
?WriteCentral@zList@@QAEXPAX@Z
?WriteLocal@zList@@QAEXPAX@Z

Sections

.text
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e64dba496a2df8ad50c872d385a8f02a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

75:37:98:be:7f:17:9e:a9:62:92:57:13:e8:e5:a5:8cCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

version

kernel32

user32

gdi32

advapi32

Exports

Exports

Sections

.text Size: 64KB - Virtual size: 61KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 8KB - Virtual size: 60KB

.rsrc Size: 4.7MB - Virtual size: 4.7MB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

75:37:98:be:7f:17:9e:a9:62:92:57:13:e8:e5:a5:8c
Certificate

.text
Size: 64KB - Virtual size: 61KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 8KB - Virtual size: 60KB

.rsrc
Size: 4.7MB - Virtual size: 4.7MB