ce4bc986acb8861b4883db1dc2511ec44523df5cff3977d5be46314a6e044d6c

Sharing

Copy URL Twitter E-mail

General

Target

ce4bc986acb8861b4883db1dc2511ec44523df5cff3977d5be46314a6e044d6c
Size

1.7MB
MD5

4b638d68cf47359999c5113d50d8ac58
SHA1

17781aa6738cf2a293de2cf7ba24733ab9ad4b39
SHA256

ce4bc986acb8861b4883db1dc2511ec44523df5cff3977d5be46314a6e044d6c
SHA512

17cbff91899cb70b389d51845c86b3bb0751d5777687e3fb2cbd8ac8a38f5c398b9c9fe0ef20b9746e5cab0346d40ae6876ba3580bf0af5045dcfac0b864bd35
SSDEEP

24576:mgqDozCwd/erHwWVNVHBTFm0oUmQq4ulxeq:mgzZ1yZNVHB40oeq4oYq

Score

N/A

Malware Config

Signatures

Files

ce4bc986acb8861b4883db1dc2511ec44523df5cff3977d5be46314a6e044d6c
.exe windows x86

6297e80bc3fd831894a9ae5aa2566b08

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3a:25:b9:63:80:fa:4f:27:d6:50:76:39:79:ae:10:52
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

18/10/2013, 00:00

Not After

17/12/2015, 23:59

Subject

CN=EbizNetWorks,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=EbizNetWorks,L=Seoul,ST=Gangnam-gu,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

iphlpapi

GetAdaptersInfo

winmm

mixerSetControlDetails
mixerGetLineInfoA
mixerGetLineControlsA
mixerGetControlDetailsA
mixerGetNumDevs
mixerOpen
mixerGetDevCapsA

shlwapi

PathSetDlgItemPathA
SHCopyKeyA
SHDeleteKeyA
SHDeleteValueA

kernel32

GetFileAttributesA
GetFileSize
GetFileTime
RtlUnwind
RaiseException
HeapFree
HeapAlloc
ExitProcess
GetFileType
CreateThread
ExitThread
GetStartupInfoA
GetCommandLineA
GetACP
GetTimeZoneInformation
GetSystemTime
GetLocalTime
SetStdHandle
HeapSize
HeapReAlloc
SetUnhandledExceptionFilter
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
CompareStringA
CompareStringW
SetHandleCount
GetStdHandle
GetOEMCP
GetStringTypeW
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
IsBadReadPtr
IsBadCodePtr
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetLocaleInfoW
SetEnvironmentVariableA
GetProfileStringA
InterlockedExchange
OutputDebugStringA
GetLogicalDriveStringsA
SetCurrentDirectoryA
GetCurrentDirectoryA
FindClose
FindNextFileA
FindFirstFileA
GetWindowsDirectoryA
GetVersionExA
GetPrivateProfileStringA
GetLastError
Sleep
MulDiv
GetCPInfo
GetProcessVersion
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
lstrcmpA
GetCurrentThread
GetFullPathNameA
GetVolumeInformationA
SetEndOfFile
DuplicateHandle
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LocalAlloc
EnterCriticalSection
GetThreadLocale
SetThreadPriority
FormatMessageA
LocalFree
SetLastError
MultiByteToWideChar
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
lstrlenA
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
FindResourceA
LoadResource
SizeofResource
LockResource
GlobalLock
GlobalUnlock
GetVersion
WritePrivateProfileStringA
ResumeThread
CreateDirectoryA
CopyFileA
DeleteFileA
CloseHandle
CreateProcessA
UnlockFile
GetTempPathA
SuspendThread
GlobalAlloc
GlobalFree
GetModuleFileNameA
FlushFileBuffers
ReadFile
WaitForMultipleObjects
GetOverlappedResult
CancelIo
SetEvent
CreateEventA
ResetEvent
WriteFile
SetNamedPipeHandleState
WaitNamedPipeA
lstrcpynA
GetExitCodeThread
TerminateThread
GetTickCount
FileTimeToLocalFileTime
FileTimeToSystemTime
GlobalMemoryStatus
GetDriveTypeA
GetDiskFreeSpaceExA
IsDBCSLeadByte
GetSystemInfo
IsProcessorFeaturePresent
GetModuleHandleA
LoadLibraryA
GetLongPathNameA
OpenProcess
GetPriorityClass
GetExitCodeProcess
TerminateProcess
WaitForSingleObject
ExpandEnvironmentStringsA
GetCurrentThreadId
lstrcpyA
lstrcatA
SetErrorMode
LoadLibraryExA
GetProcAddress
FreeLibrary
GetSystemDirectoryA
GetCurrentProcess
CreateFileA
SetFilePointer
LockFile
GetStringTypeA

user32

PostThreadMessageA
MapDialogRect
SetWindowContextHelpId
PostQuitMessage
WindowFromPoint
CharUpperA
CharNextA
GetMessageA
ValidateRect
InflateRect
EndDialog
GetActiveWindow
CreateDialogIndirectParamA
LoadStringA
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GetMenuCheckMarkDimensions
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetNextDlgTabItem
IsWindowEnabled
MoveWindow
SetWindowTextA
IsDialogMessageA
IsDlgButtonChecked
SetDlgItemTextA
CheckDlgButton
SendDlgItemMessageA
MapWindowPoints
GetFocus
SetActiveWindow
AdjustWindowRectEx
IsWindowVisible
GetScrollInfo
GetTopWindow
MessageBoxA
IsChild
GetCapture
WinHelpA
RegisterClassA
GetMenu
GetMenuItemCount
GetMenuItemID
GetWindowTextLengthA
GetKeyState
DestroyWindow
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
RemovePropA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetWindow
SetWindowPos
OffsetRect
IntersectRect
GetWindowPlacement
CopyRect
GetSysColor
LoadMenuA
GetSubMenu
SetMenuDefaultItem
GetCursorPos
TrackPopupMenu
ShowWindow
IsWindow
UpdateWindow
GrayStringA
DrawTextA
TabbedTextOutA
GetWindowTextA
EnumWindows
GetClassInfoA
FindWindowA
PeekMessageA
TranslateMessage
DispatchMessageA
GetParent
SetCursor
ReleaseCapture
SetCapture
FillRect
InvalidateRect
SetWindowRgn
LoadCursorA
GetSysColorBrush
RegisterClassExA
SetRect
GetDlgItem
ScreenToClient
ReleaseDC
GetDlgCtrlID
MessageBeep
GetWindowLongA
SetWindowLongA
GetWindowThreadProcessId
RegisterClipboardFormatA
GetNextDlgGroupItem
AttachThreadInput
GetForegroundWindow
GetAncestor
GetClassNameA
MonitorFromWindow
GetMonitorInfoA
GetDesktopWindow
SystemParametersInfoA
PostMessageA
SetFocus
SetForegroundWindow
ExitWindowsEx
PtInRect
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
RedrawWindow
IsIconic
GetSystemMetrics
DrawIcon
RegisterWindowMessageA
LoadIconA
GetWindowRect
IsZoomed
GetDC
wsprintfA
DestroyIcon
GetClientRect
EnableWindow
KillTimer
SetTimer
LoadBitmapA
SendMessageA
CopyAcceleratorTableA
DefWindowProcA
DestroyMenu
IsWindowUnicode
DefDlgProcA
DrawFocusRect
ExcludeUpdateRgn
ShowCaret
HideCaret
UnregisterClassA
CallWindowProcA

gdi32

SetWindowExtEx
ScaleWindowExtEx
IntersectClipRect
MoveToEx
LineTo
GetViewportExtEx
GetWindowExtEx
GetMapMode
DPtoLP
GetTextColor
GetBkColor
LPtoDP
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetBkMode
RestoreDC
SaveDC
CreateBitmap
PatBlt
SetBkColor
SetTextColor
GetClipBox
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateFontA
CreateDCA
GetPixel
CreateRectRgn
CombineRgn
CreateFontIndirectA
SelectObject
DeleteDC
GetStockObject
CreateCompatibleBitmap
CreatePen
Rectangle
GetDeviceCaps
CreateSolidBrush
GetObjectA
CreateCompatibleDC
BitBlt
StretchBlt
GetTextExtentPointA
CreateDIBitmap
DeleteObject

comdlg32

GetSaveFileNameA
GetOpenFileNameA
GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

CloseServiceHandle
CreateServiceA
OpenSCManagerA
OpenServiceA
ControlService
StartServiceA
RegCloseKey
RegSetValueExA
RegCreateKeyA
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
InitiateSystemShutdownA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCreateKeyExA
ChangeServiceConfig2A
GetTokenInformation
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
IsValidSecurityDescriptor
RegEnumKeyExA

shell32

ShellExecuteA
SHFileOperationA
SHGetSpecialFolderPathA
SHGetFileInfoA
Shell_NotifyIconA
ExtractIconExA

comctl32

ImageList_Remove
ImageList_GetImageCount
ImageList_ReplaceIcon
ImageList_AddMasked
_TrackMouseEvent
ord17
ImageList_Destroy
ImageList_Create
ImageList_DrawIndirect

oledlg

ord8

ole32

StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoTaskMemFree
CoGetClassObject
CoFreeUnusedLibraries
OleIsCurrentClipboard
OleFlushClipboard
CLSIDFromString
CLSIDFromProgID
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoRevokeClassObject
CoTaskMemAlloc
CoRegisterMessageFilter

olepro32

ord253
ord251

oleaut32

VariantTimeToSystemTime
SysAllocStringLen
SysFreeString
VariantChangeType
VariantCopy
SysStringLen
SysAllocStringByteLen
SysAllocString
VariantClear

wininet

InternetGetLastResponseInfoA
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetQueryDataAvailable
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenUrlA
InternetCloseHandle
InternetOpenA
InternetQueryOptionA
InternetCanonicalizeUrlA
InternetCrackUrlA

wsock32

WSACleanup
gethostbyname
WSAStartup

Sections

.text
Size: 700KB - Virtual size: 698KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 900KB - Virtual size: 896KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6297e80bc3fd831894a9ae5aa2566b08

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4aCertificate

Key Usages

3a:25:b9:63:80:fa:4f:27:d6:50:76:39:79:ae:10:52Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

version

iphlpapi

winmm

shlwapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

wininet

wsock32

Sections

.text Size: 700KB - Virtual size: 698KB

.rdata Size: 128KB - Virtual size: 124KB

.data Size: 44KB - Virtual size: 58KB

.rsrc Size: 900KB - Virtual size: 896KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

3a:25:b9:63:80:fa:4f:27:d6:50:76:39:79:ae:10:52
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

.text
Size: 700KB - Virtual size: 698KB

.rdata
Size: 128KB - Virtual size: 124KB

.data
Size: 44KB - Virtual size: 58KB

.rsrc
Size: 900KB - Virtual size: 896KB