a4d49518291b9e4f5d546506c17bbdee4bd40b95098e024d36e7cb61d6df61e2

Sharing

Copy URL Twitter E-mail

General

Target

a4d49518291b9e4f5d546506c17bbdee4bd40b95098e024d36e7cb61d6df61e2
Size

1.9MB
MD5

31bae84687f2f9baa6005abf00aa5242
SHA1

7956db6c1d9534acfb639d0912ef85fe81194bfa
SHA256

a4d49518291b9e4f5d546506c17bbdee4bd40b95098e024d36e7cb61d6df61e2
SHA512

28144a104ab4d16df5d4764e4974059a17034968aef5207c1d3bb01946edc7762ae86ffcea119612ba13f2da542a18ceac19dbda9c6ce337bf4af62d5155b34f
SSDEEP

24576:amauA3gwubnNnwB29ALqiOH3oygzVey8XLTIJw9QflKyWH+N+m:amah3gwuEOYfk5XLTIw9Qf0yWH+Z

Score

N/A

Malware Config

Signatures

Files

a4d49518291b9e4f5d546506c17bbdee4bd40b95098e024d36e7cb61d6df61e2
.exe windows x86

45f9545cc2c52c6715ecc637c2cc4aca

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:eb:6f:a7:c4:50:fb:11:e2:37:08:d0:4d:92:dd:17
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

10/02/2011, 00:00

Not After

08/03/2012, 23:59

Subject

CN=Babylon Ltd.,O=Babylon Ltd.,L=Or-Yehuda,ST=Or-Yehuda,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7d:05:5d:99:f7:80:30:2c:98:2c:ac:c7:f8:0e:95:35:8a:9d:7b:ef
Signer

Actual PE Digest

7d:05:5d:99:f7:80:30:2c:98:2c:ac:c7:f8:0e:95:35:8a:9d:7b:ef

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Babylon Ltd.,O=Babylon Ltd.,L=Or-Yehuda,ST=Or-Yehuda,C=IL

03/01/2012, 09:18
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

oleacc

AccessibleObjectFromWindow
AccessibleObjectFromEvent

iphlpapi

GetAdaptersInfo

kernel32

TlsAlloc
IsBadStringPtrW
TlsSetValue
TlsGetValue
GetFileSize
ReadFile
GetCurrentProcessId
SizeofResource
LoadResource
LockResource
FreeResource
InitializeCriticalSectionAndSpinCount
GetComputerNameW
GetLocalTime
GetWindowsDirectoryW
FormatMessageW
RemoveDirectoryW
DeleteFileW
CreateDirectoryW
WriteFile
SetFileTime
GetFileTime
VirtualFree
VirtualAlloc
SetEvent
ReleaseSemaphore
ResetEvent
CopyFileW
SetFileAttributesW
FlushFileBuffers
LocalFree
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
Module32FirstW
Module32NextW
GetVersionExW
GetSystemWow64DirectoryW
GetLocaleInfoW
GetStartupInfoW
CreateProcessW
GetExitCodeProcess
IsBadReadPtr
IsBadCodePtr
HeapAlloc
GetProcessHeap
HeapFree
ReleaseMutex
LoadLibraryExW
lstrcmpiW
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
FindResourceW
GetDriveTypeA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetModuleHandleA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetCurrentDirectoryA
SetStdHandle
SetHandleCount
LCMapStringW
LCMapStringA
SetFilePointer
GetDateFormatA
GetTimeFormatA
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
GetOEMCP
GetCPInfo
HeapSize
TlsFree
GetModuleFileNameA
GetStdHandle
ExitProcess
HeapCreate
RtlUnwind
GetStartupInfoA
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetFileType
PeekNamedPipe
GetFileInformationByHandle
FileTimeToLocalFileTime
MoveFileW
GetFullPathNameW
HeapReAlloc
VirtualQuery
GetSystemInfo
VirtualProtect
GetSystemTimeAsFileTime
CreateThread
ExitThread
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
CreateMutexW
WaitForMultipleObjects
FindClose
FindNextFileW
FindFirstFileW
GetShortPathNameW
lstrlenA
GetPrivateProfileIntW
GetFileAttributesW
GetTickCount
SetCurrentDirectoryW
GetModuleHandleW
GetDiskFreeSpaceExW
GetProcAddress
GetCommandLineW
IsValidCodePage
FreeLibrary
LoadLibraryW
GetVolumeInformationW
GetCurrentDirectoryW
MapViewOfFile
CreateFileMappingW
CreateFileW
MoveFileExW
SystemTimeToFileTime
GetSystemTime
FileTimeToSystemTime
GetTempPathW
GetSystemDirectoryW
TerminateProcess
OpenProcess
GetUserDefaultUILanguage
GetUserDefaultLCID
WaitForSingleObject
Sleep
GetPrivateProfileStringW
WideCharToMultiByte
GetACP
SetThreadPriority
CloseHandle
MultiByteToWideChar
lstrcmpW
GlobalAlloc
GlobalLock
GlobalUnlock
GetLastError
DeleteCriticalSection
SetLastError
RaiseException
InitializeCriticalSection
GetModuleFileNameW
MulDiv
lstrlenW
InterlockedDecrement
InterlockedIncrement
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess
LeaveCriticalSection
EnterCriticalSection
SetEndOfFile

user32

UpdateWindow
GetMessageW
TranslateMessage
DispatchMessageW
LoadIconW
UnregisterClassA
SetWindowLongW
GetWindowLongW
DefWindowProcW
CallWindowProcW
RedrawWindow
GetWindowRect
SetFocus
WindowFromPoint
SetWindowPos
GetClientRect
GetParent
GetWindow
GetDC
ReleaseDC
SendMessageW
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
SetWinEventHook
UnhookWinEvent
PostThreadMessageW
EnumChildWindows
IsWindowVisible
IsIconic
SetForegroundWindow
MessageBoxExW
GetKeyboardLayoutList
GetKeyboardLayout
LockSetForegroundWindow
AttachThreadInput
UnionRect
GetSystemMetrics
GetSystemMenu
EnableMenuItem
RemoveMenu
MessageBeep
SetRect
IsRectEmpty
DrawIconEx
MessageBoxW
PostQuitMessage
IsWindowEnabled
OffsetRect
PostMessageW
RegisterWindowMessageW
ShowWindow
IsWindow
DestroyWindow
RegisterClassExW
GetClassInfoExW
LoadCursorW
CreateWindowExW
EndDialog
GetDlgItem
DestroyAcceleratorTable
GetDesktopWindow
InvalidateRect
InvalidateRgn
FillRect
ReleaseCapture
SetCapture
MoveWindow
ScreenToClient
ClientToScreen
CreateAcceleratorTableW
CharNextW
GetSysColor
GetClassNameW
GetFocus
IsChild
EndPaint
BeginPaint
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
InflateRect
BringWindowToTop
SetParent
EnableWindow
SendDlgItemMessageW
GetForegroundWindow
SetDlgItemTextW
CreateDialogParamW
wsprintfW
SetTimer
KillTimer
MapWindowPoints
GetMonitorInfoW
MonitorFromWindow
SetClassLongW
GetKeyState
EnumWindows
GetSysColorBrush
DestroyIcon
CheckDlgButton
IsDlgButtonChecked
SendMessageTimeoutW
FindWindowW
GetWindowThreadProcessId
LoadImageW
DialogBoxParamW
SystemParametersInfoW

gdi32

GetCharacterPlacementW
CreateFontIndirectW
GetTextExtentPoint32W
GetObjectType
GetTextMetricsW
GetTextCharset
SelectObject
DeleteObject
GetDeviceCaps
GetStockObject
GetObjectW
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
CreateFontW
DeleteDC
GetTextFaceW

advapi32

RegOpenKeyExW
RegQueryValueExW
ConvertSidToStringSidW
IsValidSid
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
GetLengthSid
SetTokenInformation
DuplicateTokenEx
FreeSid
AllocateAndInitializeSid
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
SetEntriesInAclW
SetSecurityInfo
GetSecurityInfo
SetNamedSecurityInfoW
GetNamedSecurityInfoW
GetUserNameW
RegEnumValueW
RegQueryInfoKeyW
RegDeleteValueW
RegEnumKeyExW
RegSetValueExW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey

shell32

SHBrowseForFolderW
ShellExecuteW
SHFileOperationW
SHGetPathFromIDListW
SHGetFolderPathW
SHChangeNotify

ole32

CoTaskMemRealloc
CoSetProxyBlanket
CoCreateGuid
CoGetMalloc
CoTaskMemFree
CoUninitialize
CoInitialize
OleInitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CoCreateInstance
CreateStreamOnHGlobal
OleLockRunning
StringFromGUID2
CoTaskMemAlloc
OleUninitialize

oleaut32

VarUI4FromStr
SafeArrayUnlock
SafeArrayLock
SafeArrayCreate
SafeArrayDestroy
SafeArrayCopy
SafeArrayGetVartype
SysStringByteLen
SysAllocStringByteLen
VarBstrCmp
OleCreateFontIndirect
DispCallFunc
LoadTypeLi
LoadRegTypeLi
SysStringLen
VariantInit
SysAllocString
SysAllocStringLen
SysFreeString
VariantClear
VariantCopy
VariantChangeType

shlwapi

PathAddBackslashW
PathRemoveBackslashW
PathFindFileNameW
PathIsDirectoryW
PathFindFileNameA
PathFindExtensionW
StrStrIW

comctl32

ord17

gdiplus

GdiplusShutdown

ws2_32

WSACleanup
WSAStartup

wininet

InternetSetFilePointer
InternetReadFile
HttpQueryInfoW
InternetErrorDlg
HttpSendRequestW
InternetQueryOptionW
HttpOpenRequestW
InternetConnectW
InternetGetLastResponseInfoW
InternetSetCookieExW
InternetGetCookieExW
InternetCrackUrlW
InternetOpenUrlW
InternetSetOptionW
InternetOpenW
InternetCloseHandle

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

psapi

GetProcessImageFileNameW
EnumProcessModules
GetModuleFileNameExW

Sections

.text
Size: 999KB - Virtual size: 999KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 234KB - Virtual size: 234KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 366KB - Virtual size: 396KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

45f9545cc2c52c6715ecc637c2cc4aca

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

23:eb:6f:a7:c4:50:fb:11:e2:37:08:d0:4d:92:dd:17Certificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

7d:05:5d:99:f7:80:30:2c:98:2c:ac:c7:f8:0e:95:35:8a:9d:7b:efSigner

Signature Validations

Verification

03/01/2012, 09:18 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

oleacc

iphlpapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

ws2_32

wininet

version

psapi

Sections

.text Size: 999KB - Virtual size: 999KB

.rdata Size: 234KB - Virtual size: 234KB

.data Size: 366KB - Virtual size: 396KB

.rsrc Size: 140KB - Virtual size: 140KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

23:eb:6f:a7:c4:50:fb:11:e2:37:08:d0:4d:92:dd:17
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

7d:05:5d:99:f7:80:30:2c:98:2c:ac:c7:f8:0e:95:35:8a:9d:7b:ef
Signer

03/01/2012, 09:18
Valid: false

.text
Size: 999KB - Virtual size: 999KB

.rdata
Size: 234KB - Virtual size: 234KB

.data
Size: 366KB - Virtual size: 396KB

.rsrc
Size: 140KB - Virtual size: 140KB