99eaf5d7fdb9d064df31ae745766081a35b70300cd42c90bb0257978d58b3abb

Sharing

Copy URL Twitter E-mail

General

Target

99eaf5d7fdb9d064df31ae745766081a35b70300cd42c90bb0257978d58b3abb
Size

204KB
MD5

9efea28619c4196516a1d1f07f54d427
SHA1

8400a8a3716411dedacbe9b1c757446675dfa455
SHA256

99eaf5d7fdb9d064df31ae745766081a35b70300cd42c90bb0257978d58b3abb
SHA512

4ad71951b2468b10986d98bea5f66b1c250d2c06dcd5ae3dfff73f8eb5ded988a3e4802ff4c38c0110741ebef65a9ac00f49f0be8d546b71af082622d4fc8713
SSDEEP

3072:RmLO4VZyiKakfl1N+8LPNz3Ogyr8MWkohztL8zq/0ElumQRilTz6VgA2KddcIqE/:Mnkfl1k85+F8/RV5Tum8JWIqEGk

Score

N/A

Malware Config

Signatures

Files

99eaf5d7fdb9d064df31ae745766081a35b70300cd42c90bb0257978d58b3abb
.exe windows x86

656639e0c8889eb41a93ce562f686736

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1c:2d:d6:1a:35:e6:5d:f6:29:97:01:ff:9b:e5:ca:44
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

20/01/2010, 00:00

Not After

24/01/2012, 23:59

Subject

CN=BITDEFENDER LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BITDEFENDER LLC,L=Fort Lauderdale,ST=Florida,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:8b:2a:d9:5d:0a:29:e6:85:2a:93:c8:2d:0b:bb:c8:8c:88:bb:16
Signer

Actual PE Digest

09:8b:2a:d9:5d:0a:29:e6:85:2a:93:c8:2d:0b:bb:c8:8c:88:bb:16

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=BITDEFENDER LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BITDEFENDER LLC,L=Fort Lauderdale,ST=Florida,C=US

07/05/2010, 16:02
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpW
IsBadWritePtr
GetProcAddress
IsBadStringPtrW
ReplaceFileA
SearchPathA
GetCurrentProcess
RaiseException
GetStringTypeA
SuspendThread
GetUserDefaultLangID
OpenMutexA
GetModuleHandleW
GetStartupInfoW
SystemTimeToFileTime
WaitForMultipleObjects
GetModuleHandleA
CreateFileMappingW
CompareStringA
GetCurrentDirectoryA
GetOEMCP
LocalFree
TlsAlloc
GetFileTime
CompareStringW
CreateFileMappingA
GetUserDefaultLCID
CompareFileTime
GlobalFindAtomW
CopyFileExA
CreateSemaphoreW
GetStartupInfoA
IsBadStringPtrA
lstrcmpiA
FileTimeToSystemTime
lstrcpyA
GetCalendarInfoW
GlobalGetAtomNameW
FindResourceW
GetCurrentDirectoryW
SetErrorMode
OpenEventW
GlobalAlloc
GetThreadPriority
OpenSemaphoreW
WinExec

user32

GetClassInfoExA
LoadImageA
GetWindowTextW
InsertMenuW
SetCursor
InsertMenuItemA
CheckRadioButton
GetMenuItemID
CreateAcceleratorTableW
CreateDesktopA
GetMenuItemCount
CreatePopupMenu
GetWindowTextLengthW
SendDlgItemMessageW
CreateDesktopW
MonitorFromPoint
BringWindowToTop
CharUpperW
GetScrollPos
GetDlgItemTextW
GetWindowLongA
ShowWindow
SetTimer
ActivateKeyboardLayout
CreateMenu
wsprintfW
ChildWindowFromPoint
CharLowerW
LoadIconW
CreateWindowExA
GetWindowTextA
EnumDesktopWindows
GetDCEx
LoadCursorW
LoadIconA
RegisterClassExA
LoadMenuA
MessageBeep
SendMessageW
EnumWindows
GetMenuItemRect

gdi32

SetPaletteEntries
Arc
EqualRgn
BitBlt
SetLayout
RealizePalette
SetWindowExtEx
EndFormPage
GetBkMode
PolyBezier
EnumMetaFile

advapi32

RegCreateKeyExA
RegCreateKeyExW
RegQueryValueA
RegDeleteValueA
RegOpenKeyExA
RegRestoreKeyA

ws2_32

WSAGetLastError
WSACreateEvent

winspool.drv

DeletePrinterDriverW
EnumFormsW
QueryRemoteFonts
AddPrinterDriverExW
ConvertUnicodeDevModeToAnsiDevmode
GetJobA
GetPrinterDataExA
CreatePrinterIC

wsock32

ntohl
recv
WSASetLastError
rresvport
GetServiceW
NPLoadNameSpaces
listen
MigrateWinsockConfiguration
htonl

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.Bg
Size: 3KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.eCkC
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.l
Size: 2KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.TKR
Size: 1024B - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 163KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

656639e0c8889eb41a93ce562f686736

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

1c:2d:d6:1a:35:e6:5d:f6:29:97:01:ff:9b:e5:ca:44Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

09:8b:2a:d9:5d:0a:29:e6:85:2a:93:c8:2d:0b:bb:c8:8c:88:bb:16Signer

Signature Validations

Verification

07/05/2010, 16:02 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ws2_32

winspool.drv

wsock32

Sections

.text Size: 12KB - Virtual size: 11KB

.Bg Size: 3KB - Virtual size: 51KB

.data Size: 11KB - Virtual size: 11KB

.eCkC Size: 1024B - Virtual size: 8KB

.l Size: 2KB - Virtual size: 35KB

.TKR Size: 1024B - Virtual size: 264KB

.rsrc Size: 163KB - Virtual size: 163KB

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

1c:2d:d6:1a:35:e6:5d:f6:29:97:01:ff:9b:e5:ca:44
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

09:8b:2a:d9:5d:0a:29:e6:85:2a:93:c8:2d:0b:bb:c8:8c:88:bb:16
Signer

07/05/2010, 16:02
Valid: false

.text
Size: 12KB - Virtual size: 11KB

.Bg
Size: 3KB - Virtual size: 51KB

.data
Size: 11KB - Virtual size: 11KB

.eCkC
Size: 1024B - Virtual size: 8KB

.l
Size: 2KB - Virtual size: 35KB

.TKR
Size: 1024B - Virtual size: 264KB

.rsrc
Size: 163KB - Virtual size: 163KB