1a5558c8a6a28645c5f3a46707a675392d41f76ff5741d146c0c023c867bae97

Sharing

Copy URL Twitter E-mail

General

Target

1a5558c8a6a28645c5f3a46707a675392d41f76ff5741d146c0c023c867bae97
Size

2.1MB
MD5

4e523b610c80b77a21d6a5cde2e33cd5
SHA1

12db80fef97557ba7fddcd625f3c97915aee1b87
SHA256

1a5558c8a6a28645c5f3a46707a675392d41f76ff5741d146c0c023c867bae97
SHA512

deff140ba8664c2912f8cfee3149a75f657877ec875f2103920c25160dc3e73393895197ac863a7550690073769330e67a4510b967fbbbc47c48584652eaf4b1
SSDEEP

49152:cMVz80qLXaLwGYsJAC3fy69Bgp+QEvWZ9fFgc0JbhfVPrnCW:cwz80qLXaLwGYsJAC3fy69Bgp+QEvWZs

Score

N/A

Malware Config

Signatures

Files

1a5558c8a6a28645c5f3a46707a675392d41f76ff5741d146c0c023c867bae97
.exe windows x86

773b1ecb66704a6a9b276af22459a604

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

24:07:c2:09:fd:c7:8f:57:4d:4b:9b:f2:40:68:88:13
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

26/01/2013, 00:00

Not After

16/02/2015, 23:59

Subject

CN=Bitvise Limited,OU=Software Development,O=Bitvise Limited,L=Gibraltar,ST=Gibraltar,C=GI

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e1:b0:1d:13:76:ae:1d:06:78:fa:f3:cc:0f:c9:31:46:75:30:80:d3
Signer

Actual PE Digest

e1:b0:1d:13:76:ae:1d:06:78:fa:f3:cc:0f:c9:31:46:75:30:80:d3

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Bitvise Limited,OU=Software Development,O=Bitvise Limited,L=Gibraltar,ST=Gibraltar,C=GI

04/02/2013, 00:32
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
InterlockedExchange
RtlUnwind
RaiseException
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
HeapAlloc
HeapReAlloc
LCMapStringA
LCMapStringW
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
HeapSize
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
SetFilePointer
FlushFileBuffers
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
GetOEMCP
SetStdHandle
GetLocaleInfoW
CreateFileA
GetFileSize
WriteFile
LoadLibraryA
GetModuleHandleA
LocalFree
DeleteCriticalSection
InterlockedExchangeAdd
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetCurrentProcessId
ExitThread
GetFullPathNameA
GetModuleFileNameA
GetFullPathNameW
GetSystemDirectoryW
GetVersionExW
GetSystemTimeAsFileTime
GetLocalTime
SystemTimeToFileTime
lstrlenA
SetLastError
lstrcmpiA
MultiByteToWideChar
WideCharToMultiByte
GetCPInfo
FoldStringW
CreateFileW
CloseHandle
ReadFile
InterlockedDecrement
InterlockedIncrement
GlobalAlloc
GlobalLock
GlobalUnlock
GetModuleHandleW
GetCurrentThreadId
lstrcpyW
MulDiv
LoadLibraryW
FreeLibrary
GetProcAddress
GetLastError
GetACP
GetVersionExA
GetCommandLineW

user32

SetCapture
GetMessageTime
PtInRect
FrameRect
GetWindowTextW
IsWindowEnabled
GetDlgCtrlID
GetCursor
GetClipboardData
IsClipboardFormatAvailable
MapDialogRect
wsprintfA
MessageBoxA
ShowScrollBar
CharLowerBuffW
LoadImageW
GetClassNameA
GetWindowPlacement
GetCursorPos
SystemParametersInfoW
ScreenToClient
BeginPaint
EndPaint
GetDlgItem
GetKeyState
ClientToScreen
IsWindowVisible
SetTimer
DestroyWindow
GetWindowTextLengthW
TrackMouseEvent
OpenClipboard
ReleaseCapture
SetClipboardData
CloseClipboard
CallWindowProcW
IsZoomed
UnhookWindowsHookEx
DefDlgProcW
KillTimer
SetWindowsHookExW
CreateAcceleratorTableW
FindWindowExW
InflateRect
SetFocus
GetForegroundWindow
IsDialogMessageW
TranslateAcceleratorW
CallNextHookEx
GetClassNameW
EndDialog
LoadIconW
DialogBoxIndirectParamW
EnumChildWindows
RedrawWindow
FillRect
DrawTextW
GetDesktopWindow
GetDC
ReleaseDC
GetScrollInfo
ScrollWindow
SetScrollInfo
UpdateWindow
LoadCursorW
SetCursor
SetWindowTextW
MessageBeep
GetFocus
IsChild
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
SetPropA
GetPropA
EmptyClipboard
RemovePropA
GetWindowRect
MapWindowPoints
PostMessageW
EnableWindow
GetSysColor
GetSystemMetrics
CreateWindowExW
SendMessageW
GetWindow
GetWindowLongW
SetWindowLongW
GetClientRect
SetWindowPos
GetParent
CreateDialogIndirectParamW
InvalidateRect
ShowWindow
MessageBoxW
OffsetRect

comctl32

ord17

gdi32

DeleteDC
BitBlt
CreateCompatibleDC
CreateDIBitmap
RealizePalette
SelectPalette
CreatePalette
GetStockObject
GetObjectW
CreateBrushIndirect
CreateBitmapIndirect
GetTextMetricsW
CreateRectRgnIndirect
MoveToEx
CreatePatternBrush
CreateBitmap
CreateFontIndirectW
SetROP2
LPtoDP
ExtTextOutW
SetWindowOrgEx
DPtoLP
CreateCompatibleBitmap
GetClipBox
FillRgn
SelectObject
SetMapMode
CreatePen
RoundRect
Rectangle
GetTextExtentPoint32W
SetBkMode
SetBkColor
SetTextColor
GetDeviceCaps
LineTo
DeleteObject
CreateSolidBrush

comdlg32

GetOpenFileNameW

advapi32

RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
CryptGenRandom
CryptAcquireContextA

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteW

ole32

CoUninitialize
CoInitializeEx
CoTaskMemFree

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 220KB - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 212KB - Virtual size: 239KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

773b1ecb66704a6a9b276af22459a604

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

24:07:c2:09:fd:c7:8f:57:4d:4b:9b:f2:40:68:88:13Certificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

e1:b0:1d:13:76:ae:1d:06:78:fa:f3:cc:0f:c9:31:46:75:30:80:d3Signer

Signature Validations

Verification

04/02/2013, 00:32 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

comctl32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 220KB - Virtual size: 217KB

.data Size: 212KB - Virtual size: 239KB

.rsrc Size: 32KB - Virtual size: 29KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

24:07:c2:09:fd:c7:8f:57:4d:4b:9b:f2:40:68:88:13
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

e1:b0:1d:13:76:ae:1d:06:78:fa:f3:cc:0f:c9:31:46:75:30:80:d3
Signer

04/02/2013, 00:32
Valid: false

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 220KB - Virtual size: 217KB

.data
Size: 212KB - Virtual size: 239KB

.rsrc
Size: 32KB - Virtual size: 29KB