0956e2d4a36d55dcea9e4e38601eb75f4f0597eb18181b902f9139e5357b99f6

Sharing

Copy URL Twitter E-mail

General

Target

0956e2d4a36d55dcea9e4e38601eb75f4f0597eb18181b902f9139e5357b99f6
Size

818KB
MD5

08585a902597ac748fb5ed0168a8c623
SHA1

30a6c781d5b4981b9a551c45c11ac92ff48f5fa6
SHA256

0956e2d4a36d55dcea9e4e38601eb75f4f0597eb18181b902f9139e5357b99f6
SHA512

dc586a7acb277bc5ac101f11d0f68036a9d245863f4ff680e58835d717d4c970394d5ab55666360f9e7bfda9056c2947c4becf52773d2a258a3923e776f808d8
SSDEEP

24576:8ScVnufZ3c2NZbiiexlHvmNiqVpJgXTAe96QnutnsmBTl:8ScVWlNZbBClHvmNiqVCTD6QMnsy

Score

N/A

Malware Config

Signatures

Files

0956e2d4a36d55dcea9e4e38601eb75f4f0597eb18181b902f9139e5357b99f6
.exe windows x86

d1775ca1ee29a48cbe5c19c0c653a05e

Code Sign

10:00:01
Certificate

Issuer

CN=EasyVPN,OU=EasyVPN,O=EasyVPN,L=London,ST=London,C=UK,1.2.840.113549.1.9.1=#0c1161646d696e406561737976706e2e62697a

Not Before

19/02/2015, 12:36

Not After

19/02/2016, 12:36

Subject

CN=EasyVPN,OU=EasyVPN,O=EasyVPN,ST=London,C=UK

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

91:31:78:52:c2:36:df:32:cd:00:01:33:42:01:91:24:36:51:02:05
Signer

Actual PE Digest

91:31:78:52:c2:36:df:32:cd:00:01:33:42:01:91:24:36:51:02:05

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=EasyVPN,OU=EasyVPN,O=EasyVPN,ST=London,C=UK

26/03/2015, 09:34
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CertCloseStore
CertOpenStore
CertAddEncodedCertificateToStore

shlwapi

SHGetValueW
SHSetValueW

imagehlp

ImageEnumerateCertificates
ImageGetCertificateData

advapi32

CryptDestroyHash
LookupPrivilegeValueW
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
OpenThreadToken
AdjustTokenPrivileges
GetSecurityInfo
AllocateAndInitializeSid
SetSecurityInfo
SetEntriesInAclW
FreeSid
OpenProcessToken

ws2_32

recvfrom
freeaddrinfo
getaddrinfo
gethostname
WSAIoctl
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
closesocket
bind
send
recv
WSASetLastError
select
__WSAFDIsSet
WSAGetLastError
WSACleanup
WSAStartup
accept
listen
ioctlsocket
sendto

wldap32

ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord60
ord211
ord46
ord143

kernel32

SystemTimeToTzSpecificLocalTime
LoadLibraryW
GetTimeZoneInformation
GetDriveTypeW
FindFirstFileExW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetModuleFileNameA
GetOEMCP
GetACP
SetEnvironmentVariableA
UnregisterWaitEx
InitializeSListHead
ReleaseSemaphore
FreeLibraryAndExitThread
GetThreadTimes
VirtualProtect
VirtualFree
VirtualAlloc
GetVersionExW
ReadConsoleW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
HeapSize
WriteFile
OutputDebugStringW
ExitProcess
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
CreateSemaphoreW
GetStartupInfoW
CreateEventW
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TlsGetValue
TlsSetValue
TlsFree
IsValidCodePage
UnregisterWait
CreateFileW
CloseHandle
CreateDirectoryW
GetModuleFileNameW
GetLastError
LocalFree
OutputDebugStringA
FreeResource
FindResourceW
LoadResource
CreateProcessW
GetCurrentProcess
WaitForSingleObject
SizeofResource
IsWow64Process
LockResource
GetVersion
Sleep
HeapAlloc
HeapFree
GetCurrentThread
GetProcessHeap
OpenProcess
TerminateProcess
SetLastError
GetProcAddress
Process32FirstW
Process32NextW
GetModuleHandleA
CreateToolhelp32Snapshot
GetCurrentProcessId
GetTickCount
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
VerSetConditionMask
SleepEx
VerifyVersionInfoA
FormatMessageA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
FreeLibrary
WaitForMultipleObjects
LoadLibraryA
ExpandEnvironmentStringsA
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
TlsAlloc
GetModuleHandleW
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetThreadPriority
SetThreadPriority
SwitchToThread
SignalObjectAndWait
WaitForSingleObjectEx
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
GetSystemTimeAsFileTime
DuplicateHandle
GetCurrentThreadId
EncodePointer
DecodePointer
GetCurrentDirectoryW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
GetFileInformationByHandle
GetFullPathNameW
RemoveDirectoryW
SetEndOfFile
SetFilePointerEx
DeviceIoControl
AreFileApisANSI
GetModuleHandleExW
WriteConsoleW
IsProcessorFeaturePresent
GetCPInfo
GetCommandLineA
HeapReAlloc
CreateThread
ExitThread
LoadLibraryExW
FileTimeToLocalFileTime
FileTimeToSystemTime
IsDebuggerPresent
RaiseException
RtlUnwind
CreateTimerQueue
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
SetEvent
GetLogicalProcessorInformation

shell32

SHGetSpecialFolderPathW
ShellExecuteW

ole32

CoInitialize
CoCreateInstance

oleaut32

SysFreeString
SysAllocString

Sections

.text
Size: 657KB - Virtual size: 657KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d1775ca1ee29a48cbe5c19c0c653a05e

Code Sign

10:00:01Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

91:31:78:52:c2:36:df:32:cd:00:01:33:42:01:91:24:36:51:02:05Signer

Signature Validations

Verification

26/03/2015, 09:34 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

shlwapi

imagehlp

advapi32

ws2_32

wldap32

kernel32

shell32

ole32

oleaut32

Sections

.text Size: 657KB - Virtual size: 657KB

.rdata Size: 134KB - Virtual size: 133KB

.data Size: 17KB - Virtual size: 35KB

.rsrc Size: 3KB - Virtual size: 2KB

10:00:01
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

91:31:78:52:c2:36:df:32:cd:00:01:33:42:01:91:24:36:51:02:05
Signer

26/03/2015, 09:34
Valid: false

.text
Size: 657KB - Virtual size: 657KB

.rdata
Size: 134KB - Virtual size: 133KB

.data
Size: 17KB - Virtual size: 35KB

.rsrc
Size: 3KB - Virtual size: 2KB