6147aab76d0611d3c96e509c7dcd02195ac025e0b0cd1db3febe912bb7d354ad

Sharing

Copy URL Twitter E-mail

General

Target

6147aab76d0611d3c96e509c7dcd02195ac025e0b0cd1db3febe912bb7d354ad
Size

2.5MB
MD5

87ca2cb829eaa8a6eaef27fdd085f91b
SHA1

39f0d64ea630a56139d5a6b7653ddb0d1096552a
SHA256

6147aab76d0611d3c96e509c7dcd02195ac025e0b0cd1db3febe912bb7d354ad
SHA512

b3f67018d22eab8447ac8d983a4979d4706106374f417f337420ffe094e7c2ddc122f3a20c6554353e00d4ad91f196349caaa55da8ebf8edee6e7bd355f38182
SSDEEP

24576:emmHpNk8PGKJYNF1ZBPxRTI3sfZmJGcDcUMAJr2+PC+74yUek90WFUAyPYEtWEfo:Mq4AQJV7897FBFdhdoobsK0pPr6

Score

N/A

Malware Config

Signatures

Files

6147aab76d0611d3c96e509c7dcd02195ac025e0b0cd1db3febe912bb7d354ad
.dll windows x86

d029457b46abc1de46cb4f9a80528e70

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7d:08:bf:ed:46:5d:41:bd:57:96:5c:b9:3a:21:e0:92
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

21/02/2008, 00:00

Not After

17/03/2011, 23:59

Subject

CN=ashampoo GmbH & Co. KG,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ashampoo GmbH & Co. KG,L=Oldenburg,ST=Lower Saxony,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

timeGetTime

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

GetProcAddress
GetModuleHandleA
GlobalMemoryStatus
SetLastError
GetLastError
GetFileSize
SetFilePointer
GetFullPathNameA
GetVolumeInformationW
SetErrorMode
GetModuleFileNameA
GetModuleFileNameW
MultiByteToWideChar
LoadLibraryA
GetLocaleInfoA
GetUserDefaultLCID
LeaveCriticalSection
GetCurrentThreadId
EnterCriticalSection
CloseHandle
CreateEventA
InitializeCriticalSection
DeleteCriticalSection
WaitForSingleObject
SetEvent
GetExitCodeThread
DuplicateHandle
GetCurrentThread
GetCurrentProcess
InterlockedIncrement
InterlockedDecrement
VirtualAlloc
VirtualFree
ResetEvent
VirtualLock
VirtualUnlock
ResumeThread
SetThreadPriority
GetThreadPriority
WaitForMultipleObjects
QueryPerformanceCounter
QueryPerformanceFrequency
GetVolumeInformationA
GetDriveTypeA
GetLogicalDrives
DeleteFileA
GetTempFileNameA
GetTempPathA
WriteFile
CreateFileA
GetFileAttributesA
GetLogicalDriveStringsA
WideCharToMultiByte
FindClose
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
FileTimeToSystemTime
FindNextFileA
FindFirstFileA
LocalFree
FormatMessageA
OutputDebugStringA
CreateSemaphoreA
ReleaseSemaphore
GetOverlappedResult
ReadFile
FlushFileBuffers
SetEndOfFile
SetPriorityClass
GetSystemInfo
SleepEx
GetSystemTime
GetLocalTime
DeleteFileW
FreeLibrary
Sleep
InterlockedExchange
GlobalLock
GlobalAlloc
GlobalFree
SetCurrentDirectoryA
GetDiskFreeSpaceA
QueryDosDeviceA
WinExec
FileTimeToLocalFileTime
GetCurrentDirectoryA
GetPrivateProfileStringA
WritePrivateProfileStringA
CreateFileW
GetWindowsDirectoryA
GetCommandLineA
GetVersion
RtlUnwind
CreateThread
TlsSetValue
ExitThread
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
RaiseException
ExitProcess
FatalAppExitA
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
HeapDestroy
HeapCreate
GetCPInfo
GetACP
GetOEMCP
UnhandledExceptionFilter
IsBadWritePtr
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
IsValidLocale
IsValidCodePage
EnumSystemLocalesA
SetConsoleCtrlHandler
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
VirtualProtect
VirtualQuery
GetStringTypeExA
GetStringTypeExW
InterlockedCompareExchange
lstrcmpiA
GetVersionExA
CreateDirectoryA
GetPriorityClass
GlobalUnlock

user32

PeekMessageA
MessageBoxA
LoadStringW
LoadStringA
TranslateMessage
DispatchMessageA

advapi32

RegCloseKey
RegOpenKeyExA
RegOpenKeyA
RegEnumKeyExA
RegSetValueExA
RegEnumValueA
RegQueryInfoKeyA
RegQueryValueExA

shell32

ShellExecuteA
SHGetSpecialFolderPathA
SHChangeNotify

ole32

CoTaskMemFree
CoInitialize

Exports

Exports

ACDW_Audio_CreateAudioCDDiscImageCreatorFactory
ACDW_Audio_CreateCDAudioStream
ACDW_Audio_CreateConstFormatSoundStream
ACDW_Audio_EnumSupportedAudioDecodingFileFormats
ACDW_Audio_GetMediaSourceInfo
ACDW_Audio_LoadDefaultPlugins
ACDW_Audio_LoadPlugin
ACDW_Audio_LoadPlugins
ACDW_Audio_RegisterIntegratedPlugins
ACDW_Audio_RegisterSourceStreamFactory
ACDW_Audio_SetManager
ACDW_CanDiscTypeBeFinalized
ACDW_Cleanup
ACDW_ClearDiscCacheByDrive
ACDW_ClearDiscCacheByDriveAddress
ACDW_CreateBLOBProperties
ACDW_CreateBuffer
ACDW_CreateFilesystemCopy
ACDW_CreateIsoFilesystem
ACDW_CreateIsoFilesystemEnumerator
ACDW_CreateMSISODiscImageCreatorFactory
ACDW_CreateManager
ACDW_CreateNameConverterStandard
ACDW_CreateNameConverterUnique
ACDW_CreatePopulateDirectory
ACDW_CreateProperties
ACDW_CreateSearchDirectory
ACDW_DiscTypesComePossiblyFromSameDisc
ACDW_EnumDiscCapacities
ACDW_EnumDiscTypes
ACDW_GetDefaultStatusDevice
ACDW_GetDiscTypeCategory
ACDW_GetGlobalLocMap
ACDW_GetIntFromDiscType
ACDW_GetIntFromDiscTypeCategory
ACDW_GetLastError
ACDW_GetLastErrorProperties
ACDW_GetMan
ACDW_GetMaxLabelLength
ACDW_GetMaximumDiscCapacity
ACDW_GetMaximumFileSize
ACDW_GetPrimaryDiscType
ACDW_GetStringFromDiscType
ACDW_GetStringFromDiscTypeCategory
ACDW_GetXMLFromMessageID
ACDW_HasDiscTypeTracksAfterErase
ACDW_IsDiscTypeEraseable
ACDW_IsDiscTypeFormatable
ACDW_IsDiscTypePreformatted
ACDW_IsDiscTypeRewriteable
ACDW_IsDiscTypeWriteable
ACDW_IsErrorMessage
ACDW_IsSaneKBSSpeed
ACDW_IsSaneXSpeed
ACDW_KBSSpeedToXSpeed
ACDW_Project_CreateAudioProject
ACDW_Project_CreateAudioProjectFactory
ACDW_Project_CreateBuildOptionsFilter
ACDW_Project_CreateCopyProject
ACDW_Project_CreateCopyProjectFactory
ACDW_Project_CreateDataProject
ACDW_Project_CreateDataProjectFactory
ACDW_Project_CreateDiscImageProject
ACDW_Project_CreateDiscImageProjectFactory
ACDW_Project_CreateDumpDiscImageProject
ACDW_Project_CreateDumpDiscImageProjectFactory
ACDW_Project_CreateEraseProject
ACDW_Project_CreateEraseProjectFactory
ACDW_Project_CreateFolderPopulator
ACDW_Project_CreateISO9660Settings
ACDW_Project_CreateNodeSourceChecker
ACDW_Project_CreateOptions
ACDW_Project_CreateOptionsFilterChain
ACDW_Project_CreateOptionsFilterProviderAndListener
ACDW_Project_CreateSessionedDiscImageWriter
ACDW_Project_CreateSimpleVideoProject
ACDW_Project_CreateSimpleVideoProjectFactory
ACDW_Project_CreateStandardOptionsFilter
ACDW_Project_CreateUDFSettings
ACDW_Project_GetGlobalDiscImageCreatorFactory
ACDW_Project_GetGlobalMultiStreamSerializer
ACDW_Project_GetGlobalMultiURLSerializer
ACDW_Project_GetMultiFactory
ACDW_Project_GetOverwriteCaps
ACDW_Project_SetManager
ACDW_SCSISenseToString
ACDW_SetLastError
ACDW_Video_CreateVideoCDDiscImageCreatorFactory
ACDW_Video_CreateVideoCDSourceAnalyzer
ACDW_Video_EnumSupportedVideoCDFileFormats
ACDW_Video_GetSimpleVideoSourceInfo
ACDW_Video_SetManager
ACDW_XSpeedToKBSSpeed

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 176KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 120KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d029457b46abc1de46cb4f9a80528e70

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

7d:08:bf:ed:46:5d:41:bd:57:96:5c:b9:3a:21:e0:92Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

winmm

version

kernel32

user32

advapi32

shell32

ole32

Exports

Exports

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 160KB - Virtual size: 157KB

.data Size: 176KB - Virtual size: 185KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 120KB - Virtual size: 116KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

7d:08:bf:ed:46:5d:41:bd:57:96:5c:b9:3a:21:e0:92
Certificate

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 160KB - Virtual size: 157KB

.data
Size: 176KB - Virtual size: 185KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 120KB - Virtual size: 116KB