97888311b4bde5d9acef061c74ff13890f41bdffc3545d98d9e9622ed5de8a9d

Sharing

Copy URL Twitter E-mail

General

Target

97888311b4bde5d9acef061c74ff13890f41bdffc3545d98d9e9622ed5de8a9d
Size

650KB
MD5

c7f61aa39f1928fa3fd713907bd93881
SHA1

7ace5812622d9a8aa07173a0b4729b76e0d919a1
SHA256

97888311b4bde5d9acef061c74ff13890f41bdffc3545d98d9e9622ed5de8a9d
SHA512

2514f6090d45aec9fd13fa68b677344e8335cd7524e71e88fbb3e00667382dc3efd83159c8eabf3f13aff97bf3d3433bbe19d953b881785a9cd7901574a7b1b6
SSDEEP

6144:PQB8IJTNH5/Fbdr05bW4Y1s43AfVQgvyAk/vTvUxfOc05aW1pKM:PQB8IJTNZ/FbdI5bLDfpk2On5H

Score

N/A

Malware Config

Signatures

Files

97888311b4bde5d9acef061c74ff13890f41bdffc3545d98d9e9622ed5de8a9d
.exe windows x86

8d92cd29403a3718ecf608ecab9e215b

Code Sign

33:00:00:00:59:d6:73:cd:51:8e:f0:22:c5:00:00:00:00:00:59
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2014, 17:13

Not After

23/08/2015, 17:13

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:ca:6c:d5:32:12:35:c4:e1:55:00:01:00:00:00:ca
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/04/2014, 17:39

Not After

22/07/2015, 17:39

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:56:58:73:7d:16:b5:61:65:eb:76:77:6d:87:43:95:ad:3c:c0:26
Signer

Actual PE Digest

0a:56:58:73:7d:16:b5:61:65:eb:76:77:6d:87:43:95:ad:3c:c0:26

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

18/01/2015, 19:15
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

netapi32

NetUserGetLocalGroups
NetShareGetInfo
NetShareEnum
NetApiBufferFree

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

LCMapStringW
Thread32Next
Thread32First
OpenThread
FindNextFileW
FindFirstFileW
GetFileAttributesW
FindClose
CreateFileW
Process32FirstW
CreateToolhelp32Snapshot
GetFullPathNameW
GetCurrentDirectoryW
ReadConsoleW
ExpandEnvironmentStringsW
GetModuleFileNameW
FormatMessageW
CloseHandle
SetLastError
GetLastError
GetCurrentThread
GetCurrentProcess
OpenProcess
GetVersion
GetCommandLineW
GetModuleHandleW
LoadLibraryW
LocalFree
LocalAlloc
GetProcAddress
LoadLibraryExW
OutputDebugStringW
SetFilePointerEx
HeapReAlloc
SetStdHandle
WriteConsoleW
ReadFile
Process32NextW
HeapFree
HeapAlloc
EncodePointer
DecodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
RaiseException
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCurrentThreadId
MultiByteToWideChar
GetProcessHeap
ExitProcess
GetModuleHandleExW
WideCharToMultiByte
GetStdHandle
WriteFile
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
DeleteCriticalSection
FlushFileBuffers
GetConsoleCP
GetConsoleMode
RtlUnwind
GetStringTypeW
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW

user32

SetWindowTextW
GetDlgItem
SetCursor
DialogBoxIndirectParamW
SendMessageW
GetSysColorBrush
InflateRect
LoadCursorW
EndDialog

gdi32

EndDoc
EndPage
StartPage
StartDocW
SetMapMode
GetDeviceCaps

comdlg32

PrintDlgW

advapi32

SetEntriesInAclW
RegOpenKeyExW
QueryServiceObjectSecurity
OpenServiceW
OpenSCManagerW
EnumServicesStatusW
CloseServiceHandle
GetSecurityInfo
DeleteAce
RegGetKeySecurity
RegEnumKeyW
RegCreateKeyExW
GetNamedSecurityInfoW
GetKernelObjectSecurity
LsaNtStatusToWinError
LsaEnumerateAccountRights
LsaEnumerateAccountsWithUserRight
LsaOpenPolicy
LsaClose
LsaFreeMemory
LookupPrivilegeDisplayNameW
LookupPrivilegeNameW
ConvertSecurityDescriptorToStringSecurityDescriptorW
GetEffectiveRightsFromAclW
DuplicateTokenEx
ImpersonateLoggedOnUser
LookupPrivilegeValueW
LookupAccountNameW
LookupAccountSidW
GetSecurityDescriptorOwner
SetSecurityDescriptorOwner
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
SetSecurityDescriptorDacl
GetSecurityDescriptorControl
InitializeSecurityDescriptor
GetAce
CopySid
GetLengthSid
GetSidSubAuthorityCount
GetSidSubAuthority
GetSidIdentifierAuthority
AllocateAndInitializeSid
EqualSid
IsValidSid
IsWellKnownSid
AdjustTokenPrivileges
GetTokenInformation
OpenThreadToken
OpenProcessToken
RevertToSelf
RegSetValueExW
RegQueryValueExW
RegCreateKeyW
RegCloseKey

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 134KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 356KB - Virtual size: 356KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8d92cd29403a3718ecf608ecab9e215b

Code Sign

33:00:00:00:59:d6:73:cd:51:8e:f0:22:c5:00:00:00:00:00:59Certificate

Extended Key Usages

33:00:00:00:ca:6c:d5:32:12:35:c4:e1:55:00:01:00:00:00:caCertificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

0a:56:58:73:7d:16:b5:61:65:eb:76:77:6d:87:43:95:ad:3c:c0:26Signer

Signature Validations

Verification

18/01/2015, 19:15 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

netapi32

version

kernel32

user32

gdi32

comdlg32

advapi32

Sections

.text Size: 100KB - Virtual size: 99KB

.rdata Size: 52KB - Virtual size: 51KB

.data Size: 134KB - Virtual size: 142KB

.rsrc Size: 356KB - Virtual size: 356KB

33:00:00:00:59:d6:73:cd:51:8e:f0:22:c5:00:00:00:00:00:59
Certificate

33:00:00:00:ca:6c:d5:32:12:35:c4:e1:55:00:01:00:00:00:ca
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

0a:56:58:73:7d:16:b5:61:65:eb:76:77:6d:87:43:95:ad:3c:c0:26
Signer

18/01/2015, 19:15
Valid: false

.text
Size: 100KB - Virtual size: 99KB

.rdata
Size: 52KB - Virtual size: 51KB

.data
Size: 134KB - Virtual size: 142KB

.rsrc
Size: 356KB - Virtual size: 356KB