74165a3e6b385b8ed7787f517a74e23c84f4e658d93abccb21c64fe9e7c91d3b

Sharing

Copy URL Twitter E-mail

General

Target

74165a3e6b385b8ed7787f517a74e23c84f4e658d93abccb21c64fe9e7c91d3b
Size

327KB
MD5

64932651bcd60a80cabd502992caf817
SHA1

60b99f2742eaeb5b2426fc9d917386202152e0c9
SHA256

74165a3e6b385b8ed7787f517a74e23c84f4e658d93abccb21c64fe9e7c91d3b
SHA512

557b433f48782f3bc9e93279a2d863b85d7332b94e351be5a6268720e313915f57121d89e952824b6324346ae1c6d016e71fedebd6ca754e544fd1e348ae10d1
SSDEEP

6144:u48dwigT5NFC3nbEHyvjRdz1Dz3VrqXiGStGHT/:uH2ikNFC3bzbRZ1DxOXka

Score

N/A

Malware Config

Signatures

Files

74165a3e6b385b8ed7787f517a74e23c84f4e658d93abccb21c64fe9e7c91d3b
.exe windows x86

917b92a40f4948e5478acc93f249dd21

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3a:e1:f8:34:fa:86:7f:f5:10:2f:be:94:ad:f8:63:84
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

06/10/2010, 00:00

Not After

06/10/2011, 23:59

Subject

CN=Lenovo(Japan)Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Research & Development 1,O=Lenovo(Japan)Ltd.,L=Yamato-shi,ST=Kanagawa,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ba:9a:89:a0:92:f5:cc:a7:74:7c:88:bf:ea:a6:8b:02:65:10:2b:7b
Signer

Actual PE Digest

ba:9a:89:a0:92:f5:cc:a7:74:7c:88:bf:ea:a6:8b:02:65:10:2b:7b

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Lenovo(Japan)Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Research & Development 1,O=Lenovo(Japan)Ltd.,L=Yamato-shi,ST=Kanagawa,C=JP

07/04/2011, 07:41
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenEventA
TerminateThread
GetExitCodeThread
CreateThread
CreateEventA
lstrcpyA
ReleaseMutex
FreeLibrary
lstrlenA
CreateMutexA
LoadLibraryA
lstrcmpA
OutputDebugStringA
GetPrivateProfileStringW
WideCharToMultiByte
GetModuleFileNameW
GetUserDefaultUILanguage
ReadFileEx
CancelIo
SetEvent
Sleep
GetModuleFileNameA
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
GetProcAddress
OpenProcess
VirtualAllocEx
CreateFileMappingA
GetLastError
RaiseException
LCMapStringW
LCMapStringA
CreateFileA
GetStringTypeW
GetStringTypeA
GetOEMCP
GetACP
GetCPInfo
SetStdHandle
MultiByteToWideChar
SetFilePointer
RtlUnwind
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
WriteFile
FlushFileBuffers
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
ExitProcess
GetVersion
GetCommandLineA
GetStartupInfoA
HeapFree
HeapAlloc
ReadFile
SetEndOfFile
WaitForMultipleObjectsEx
MapViewOfFile
ReadProcessMemory
VirtualFreeEx
CloseHandle
UnmapViewOfFile
GetVersionExA
LocalFree
LocalAlloc

advapi32

RegDeleteKeyA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegDeleteValueA
RegEnumValueA
RegQueryInfoKeyA
RegEnumKeyA
RegCloseKey
RegEnumKeyExA
RegCreateKeyA

user32

GetSysColor
GetDlgItem
SetWindowTextA
MoveWindow
SetWindowLongA
DialogBoxParamA
GetParent
GetSysColorBrush
IsDialogMessageA
DestroyIcon
PostQuitMessage
FindWindowA
SetTimer
IsDlgButtonChecked
EndDialog
GetDC
ReleaseDC
KillTimer
DestroyWindow
DefWindowProcA
wsprintfA
EnumDisplayDevicesA
LoadImageA
RegisterClassExA
CreateWindowExA
GetMessageA
TranslateMessage
DispatchMessageA
CreatePopupMenu
CheckMenuItem
GetCursorPos
TrackPopupMenuEx
DestroyMenu
MessageBeep
SetWindowPos
SetCursorPos
CreateDialogParamA
GetActiveWindow
AttachThreadInput
SetForegroundWindow
keybd_event
BringWindowToTop
WaitForInputIdle
MsgWaitForMultipleObjects
PeekMessageA
PostMessageA
GetForegroundWindow
GetWindowRect
SystemParametersInfoA
ChangeDisplaySettingsExA
EnumDisplaySettingsExA
GetMonitorInfoA
EnumDisplaySettingsA
ChangeDisplaySettingsA
EnumWindows
EnumDisplayMonitors
ShowWindow
GetSystemMetrics
PtInRect
IsWindow
SetWindowPlacement
ShowWindowAsync
GetWindowPlacement
GetWindow
GetWindowLongA
FindWindowExA
GetWindowThreadProcessId
SendMessageA
AppendMenuA

gdi32

SetTextColor
SetBkColor
SetDeviceGammaRamp
GetDeviceGammaRamp

shell32

Shell_NotifyIconA
ShellExecuteA
ShellExecuteExA

ddraw

DirectDrawEnumerateA
DirectDrawCreateEx

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiGetDeviceRegistryPropertyA

shlwapi

StrCmpNA
StrStrA
StrChrA

imm32

ImmDisableIME

Sections

.text
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 192KB - Virtual size: 1.3MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

917b92a40f4948e5478acc93f249dd21

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

3a:e1:f8:34:fa:86:7f:f5:10:2f:be:94:ad:f8:63:84Certificate

Extended Key Usages

Key Usages

ba:9a:89:a0:92:f5:cc:a7:74:7c:88:bf:ea:a6:8b:02:65:10:2b:7bSigner

Signature Validations

Verification

07/04/2011, 07:41 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

user32

gdi32

shell32

ddraw

setupapi

shlwapi

imm32

Sections

.text Size: 72KB - Virtual size: 72KB

.rdata Size: 15KB - Virtual size: 15KB

.data Size: 22KB - Virtual size: 27KB

.rsrc Size: 19KB - Virtual size: 18KB

.vmp0 Size: 192KB - Virtual size: 1.3MB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

3a:e1:f8:34:fa:86:7f:f5:10:2f:be:94:ad:f8:63:84
Certificate

ba:9a:89:a0:92:f5:cc:a7:74:7c:88:bf:ea:a6:8b:02:65:10:2b:7b
Signer

07/04/2011, 07:41
Valid: false

.text
Size: 72KB - Virtual size: 72KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 22KB - Virtual size: 27KB

.rsrc
Size: 19KB - Virtual size: 18KB

.vmp0
Size: 192KB - Virtual size: 1.3MB