2de24084d577569e7415d3dc6244eb03eca5be1f8e347d96815f105186a7785c

Sharing

Copy URL Twitter E-mail

General

Target

2de24084d577569e7415d3dc6244eb03eca5be1f8e347d96815f105186a7785c
Size

8.5MB
MD5

91477416104dece22fb1a81148a9485e
SHA1

5ab8b20e60d5d59fe558e212b25f39994fbf759d
SHA256

2de24084d577569e7415d3dc6244eb03eca5be1f8e347d96815f105186a7785c
SHA512

0fa41e5f9b4539be41e33c8156b4ef503bf84c27fa2b5d95de9642ee75926e2bd3353c98321b0134cb26e6d343b61c3b9cfb05d4a30534192557ac88e9e25d8f
SSDEEP

98304:YUMr5F/KIBzhayepL87S/XNteNY9ut69c:YPFCIvpi47S/mNYfO

Score

N/A

Malware Config

Signatures

Files

2de24084d577569e7415d3dc6244eb03eca5be1f8e347d96815f105186a7785c
.exe windows x86

af556941c6e433cfbc3ea0ef3a391f44

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

bb:32:fd:e7:ce:2b:dc:dd:ee:c9:10:66:79:a5:5a:b6
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

27/02/2012, 00:00

Not After

26/02/2015, 23:59

Subject

CN=Tilf AB,O=Tilf AB,POSTALCODE=21125,STREET=Norra Vallgatan 20,L=Malmö,ST=skane,C=SE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

94:26:64:5f:71:95:b9:78:e0:cc:c1:78:4f:e4:74:bc:98:5d:e7:92
Signer

Actual PE Digest

94:26:64:5f:71:95:b9:78:e0:cc:c1:78:4f:e4:74:bc:98:5d:e7:92

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Tilf AB,O=Tilf AB,POSTALCODE=21125,STREET=Norra Vallgatan 20,L=Malmö,ST=skane,C=SE

11/04/2013, 10:41
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

HttpOpenRequestW
InternetCloseHandle
HttpSendRequestW
InternetOpenW
InternetConnectW

kernel32

IsDebuggerPresent
VirtualProtect
VirtualAlloc
VirtualQuery
HeapSize
GetCurrentDirectoryA
SetCurrentDirectoryA
SetEnvironmentVariableA
SetEnvironmentVariableW
SetCurrentDirectoryW
RtlUnwind
ExitThread
CreateThread
SetStdHandle
GetFileType
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
GetTimeFormatA
GetDateFormatA
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
LCMapStringA
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetDriveTypeA
SetUnhandledExceptionFilter
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SizeofResource
LockResource
LoadResource
FindResourceW
GlobalLock
GlobalUnlock
GlobalAlloc
Sleep
IsBadReadPtr
GetModuleHandleW
GetProcAddress
GetVersionExW
InitializeCriticalSection
DeleteCriticalSection
GetLastError
GetSystemDirectoryW
GetWindowsDirectoryW
GetFileAttributesW
lstrlenW
WideCharToMultiByte
GetLogicalDriveStringsW
GetCurrentThread
GetCurrentProcess
LocalAlloc
LocalFree
CloseHandle
lstrcpyW
SetLastError
LoadLibraryW
lstrlenA
MultiByteToWideChar
FreeResource
GetSystemTime
FormatMessageW
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleA
WaitForSingleObject
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetStartupInfoW
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
GlobalFlags
GetFullPathNameW
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetThreadLocale
GetFileTime
GetFileSizeEx
GetFileAttributesExW
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
GetVersionExA
GlobalFree
GetCurrentProcessId
RaiseException
GetSystemInfo
RemoveDirectoryW
CreateProcessW
MulDiv
GetTempFileNameW
GetShortPathNameW
SetThreadPriority
SetPriorityClass
QueryDosDeviceW
GetDiskFreeSpaceExW
GetVolumeInformationW
GetLogicalDrives
GlobalMemoryStatusEx
SetFileAttributesW
HeapReAlloc
HeapFree
GetProcessHeap
HeapAlloc
MoveFileW
WritePrivateProfileStringW
GetPrivateProfileStringW
FreeLibrary
GetComputerNameW
InterlockedDecrement
ReleaseMutex
CreateMutexW
GetModuleFileNameW
LoadLibraryA
ExpandEnvironmentStringsW
CopyFileW
lstrcmpW
ExitProcess
GetTickCount
GetLocalTime
UnmapViewOfFile
GetFileSize
GetFileInformationByHandle
SetFileTime
CreateDirectoryW
LocalFileTimeToFileTime
GetCurrentDirectoryW
SystemTimeToFileTime
FindNextFileW
InterlockedIncrement
InterlockedExchange
ReadFile
SetFilePointer
FindClose
FindFirstFileW
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrcmpiW
GetCPInfo
GetVersion
DeleteFileW
WriteFile
CreateFileW
TryEnterCriticalSection
ResumeThread
SuspendThread
SetEvent
ResetEvent
CreateEventW
SearchPathW
GetDriveTypeW

user32

GetMenuCheckMarkDimensions
CheckMenuItem
SendDlgItemMessageA
WinHelpW
IsChild
SetWindowsHookExW
CallNextHookEx
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
SetMenu
GetScrollPos
IsWindowVisible
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
EqualRect
DefWindowProcW
CallWindowProcW
GetMenu
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowTextLengthW
GetWindowTextW
GetFocus
SetWindowPos
SetWindowTextW
IsDialogMessageW
SendDlgItemMessageW
GetDlgItem
CheckDlgButton
UnhookWindowsHookEx
GetMenuStringW
IsWindowEnabled
ScreenToClient
GetWindowDC
RedrawWindow
SetActiveWindow
DrawAnimatedRects
SetParent
EnumChildWindows
GetClassNameW
RegisterWindowMessageW
IsIconic
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
MessageBoxW
SetMenuDefaultItem
GetSystemMenu
RegisterWindowMessageA
BringWindowToTop
SetWindowLongW
GetKeyState
GetLastActivePopup
SetMenuItemBitmaps
EnableMenuItem
SetMenuItemInfoW
LoadMenuW
GetWindowLongW
GetSubMenu
GetSysColorBrush
CreatePopupMenu
CreateMenu
GetMenuItemID
GetMenuState
ModifyMenuW
GetMenuItemCount
AppendMenuW
ReleaseDC
GetDC
GetDesktopWindow
DestroyIcon
DrawIconEx
GetMenuItemInfoW
SetRect
DrawEdge
SetFocus
FindWindowExW
SetForegroundWindow
ShowWindow
WaitForInputIdle
FindWindowW
GetDlgCtrlID
GetWindow
MoveWindow
AdjustWindowRectEx
ClientToScreen
EndPaint
EndDialog
GetNextDlgTabItem
CreateDialogIndirectParamW
GetActiveWindow
ValidateRect
CharUpperW
DestroyMenu
MapDialogRect
SetWindowContextHelpId
RegisterClipboardFormatW
WindowFromPoint
CopyAcceleratorTableW
BeginPaint
GetSystemMetrics
DrawFocusRect
FillRect
IsRectEmpty
InvalidateRgn
UnregisterClassW
CharNextW
GetNextDlgGroupItem
MessageBeep
PostThreadMessageW
GetSysColor
TranslateMessage
LoadIconW
PtInRect
ReleaseCapture
OffsetRect
DispatchMessageW
GetMessageW
PeekMessageW
GetCapture
SetCapture
GetCursorPos
SetTimer
KillTimer
PostQuitMessage
UpdateWindow
SystemParametersInfoW
IsWindow
GetWindowRect
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
PostMessageW
GetClientRect
GetAsyncKeyState
SetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
LoadImageW
CopyRect
SendMessageW
MapWindowPoints
GetParent
InvalidateRect
SetCursor
LoadCursorW
EnableWindow
LoadBitmapW
TrackPopupMenu

gdi32

LineTo
MoveToEx
SelectClipRgn
GetViewportExtEx
GetWindowExtEx
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
SetMapMode
ExtSelectClipRgn
CreateBitmap
GetStockObject
GetRgnBox
GetTextColor
GetClipBox
SetTextColor
SetBkMode
RestoreDC
SaveDC
SetBkColor
Rectangle
SetPixel
GetPixel
CreateDIBSection
Ellipse
GetTextExtentPoint32W
GetBkMode
CreatePen
GetDeviceCaps
DeleteObject
CreateFontW
GetTextExtentPointA
GetTextMetricsA
DeleteDC
SelectObject
CreateSolidBrush
PatBlt
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetBkColor
DPtoLP
GetMapMode
CreateCompatibleBitmap
LPtoDP
StretchBlt
CreateRectRgnIndirect
CreateFontIndirectW
BitBlt
CreateCompatibleDC
GetObjectW

comdlg32

GetFileTitleW

advapi32

OpenProcessToken
DuplicateToken
AllocateAndInitializeSid
RegQueryValueW
RegOpenKeyW
RegSaveKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegFlushKey
GetUserNameW
ChangeServiceConfigW
StartServiceW
ControlService
QueryServiceStatus
CloseServiceHandle
OpenServiceW
OpenSCManagerW
RegEnumKeyW
RegEnumValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
FreeSid
AccessCheck
IsValidSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
GetLengthSid
InitializeSecurityDescriptor
OpenThreadToken

shell32

SHGetSpecialFolderLocation
SHGetMalloc
SHFileOperationW
ShellExecuteExW
ShellExecuteW
SHBrowseForFolderW
SHGetFolderPathW
SHChangeNotify
DragAcceptFiles
Shell_NotifyIconW
SHAppBarMessage
SHGetPathFromIDListW

comctl32

ord17
ImageList_GetIconSize
_TrackMouseEvent

shlwapi

PathGetArgsW
PathIsFileSpecW
PathIsNetworkPathW
PathFindOnPathW
PathSearchAndQualifyW
SHCreateStreamOnFileW
PathAppendW
SHDeleteValueW
SHDeleteKeyW
PathFindFileNameW
PathFindNextComponentW
PathFindExtensionW
PathStripToRootW
PathIsUNCW
PathFileExistsW

oledlg

OleUIBusyW

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CoInitialize

oleaut32

OleCreateFontIndirect
SafeArrayCreate
SafeArrayGetElemsize
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
LoadRegTypeLi
DispCallFunc
VariantChangeType
SysStringLen
SysAllocStringLen
VarUdateFromDate
SystemTimeToVariantTime
VariantTimeToSystemTime
VarBstrFromDate
VarDateFromStr
VariantCopy
SysFreeString
SysAllocString
SysStringByteLen
VariantInit
SysAllocStringByteLen
VariantClear

urlmon

URLDownloadToFileW

sfc

SfcIsFileProtected

xmllite

CreateXmlWriter

secur32

GetUserNameExW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

ws2_32

closesocket
WSACleanup
WSAStartup
WSACloseEvent
freeaddrinfo
WSASetLastError
WSASocketW
WSAGetLastError
WSAConnect
WSAEnumNetworkEvents
WSAResetEvent
WSASend
WSAGetOverlappedResult
WSARecv
WSACreateEvent
WSASetEvent
getaddrinfo
WSAEventSelect

userenv

GetProfilesDirectoryW

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 395KB - Virtual size: 395KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6.3MB - Virtual size: 6.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

af556941c6e433cfbc3ea0ef3a391f44

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

bb:32:fd:e7:ce:2b:dc:dd:ee:c9:10:66:79:a5:5a:b6Certificate

Extended Key Usages

Key Usages

94:26:64:5f:71:95:b9:78:e0:cc:c1:78:4f:e4:74:bc:98:5d:e7:92Signer

Signature Validations

Verification

11/04/2013, 10:41 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

wininet

kernel32

user32

gdi32

comdlg32

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

urlmon

sfc

xmllite

secur32

version

ws2_32

userenv

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 395KB - Virtual size: 395KB

.data Size: 33KB - Virtual size: 68KB

.rsrc Size: 6.3MB - Virtual size: 6.3MB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

bb:32:fd:e7:ce:2b:dc:dd:ee:c9:10:66:79:a5:5a:b6
Certificate

94:26:64:5f:71:95:b9:78:e0:cc:c1:78:4f:e4:74:bc:98:5d:e7:92
Signer

11/04/2013, 10:41
Valid: false

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 395KB - Virtual size: 395KB

.data
Size: 33KB - Virtual size: 68KB

.rsrc
Size: 6.3MB - Virtual size: 6.3MB