9377d5119e144f4cee4989907ce35ab6627f7d8df2f4f4127e06a637070de329

Sharing

Copy URL Twitter E-mail

General

Target

9377d5119e144f4cee4989907ce35ab6627f7d8df2f4f4127e06a637070de329
Size

257KB
MD5

a082c680093d5a9625664f4f5b01ffb8
SHA1

4ad25a75b0081a120281f25d0fca309f2e5651cf
SHA256

9377d5119e144f4cee4989907ce35ab6627f7d8df2f4f4127e06a637070de329
SHA512

874d0e63735da7a07990fd1f52fa1edf190b248c02c391852097f538545f64d7e3a44b9b8715d0a2f691e930fca06c92005bbe52d56fe1739ab0e75cbe9d47bf
SSDEEP

6144:GlyG16cztxoN2WJhb5oVGP8t6xEQOedDvs32WEV+mSIGH:G31X6RP5+QRqQOOs32WEgHIw

Score

N/A

Malware Config

Signatures

Files

9377d5119e144f4cee4989907ce35ab6627f7d8df2f4f4127e06a637070de329
.exe windows x86

aeac24939fc932e2ddd8560024768cf7

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1c:2d:d6:1a:35:e6:5d:f6:29:97:01:ff:9b:e5:ca:44
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

20/01/2010, 00:00

Not After

24/01/2012, 23:59

Subject

CN=BITDEFENDER LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BITDEFENDER LLC,L=Fort Lauderdale,ST=Florida,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

35:52:c9:d4:82:b7:f7:e4:93:27:a9:2e:29:26:61:de:36:d7:91:e8
Signer

Actual PE Digest

35:52:c9:d4:82:b7:f7:e4:93:27:a9:2e:29:26:61:de:36:d7:91:e8

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=BITDEFENDER LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BITDEFENDER LLC,L=Fort Lauderdale,ST=Florida,C=US

07/05/2010, 16:02
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
EnumDateFormatsA
FileTimeToDosDateTime
GetVersionExA
RemoveDirectoryW
GetTimeFormatA
OpenSemaphoreW
GetExitCodeThread
GetModuleHandleA
EnumCalendarInfoW
DuplicateHandle
GetTempPathW
CreateNamedPipeA
GetModuleFileNameA
WinExec
lstrcmpA
GetFullPathNameA
GetSystemInfo
GetHandleInformation
OpenWaitableTimerW
GetThreadPriority
WaitForMultipleObjects
Sleep
IsValidCodePage
GetFullPathNameW
CreateFileMappingW
lstrcmpi
SuspendThread
GetLastError
GetWindowsDirectoryA
OpenWaitableTimerA
GetFileAttributesA
GetProcAddress
IsDebuggerPresent
IsValidLocale
GetSystemDirectoryW
OpenSemaphoreA
SetCalendarInfoW
DosDateTimeToFileTime
FindAtomA
OpenProcess
GetEnvironmentStringsA
GetExpandedNameA
SetPriorityClass
ExpandEnvironmentStringsW
CreateEventW
EnumTimeFormatsA
SetComputerNameW

user32

GetSysColor
SetActiveWindow
UpdateLayeredWindow
CopyImage
GetSubMenu
PeekMessageA
LoadIconA
GetTopWindow
CreateDesktopW

gdi32

GetTextCharset
GetGlyphOutlineA
CombineRgn
SwapBuffers
GetOutlineTextMetricsW
StartDocA
SetMapperFlags
CreateDCA
SelectClipRgn
GetTextExtentPointA
Pie
RemoveFontResourceA
GetPaletteEntries
GetRasterizerCaps
StretchDIBits
EnumICMProfilesW
PtVisible
CreateScalableFontResourceW

advapi32

RegFlushKey
RegQueryValueW
RegOpenKeyA
RegCreateKeyExA

ole32

CoGetObject
GetConvertStg

opengl32

glTexCoord3s
glCallList
glColorPointer
glClearIndex
glIndexf
glGetTexEnviv
glMap1d
glRasterPos2i
glFinish

winspool.drv

EnumFormsW
AbortPrinter
StartDocDlgW
DeletePrinterDataA
EnumPrinterDataA
SetJobA
SetPrinterDataExW
SetDefaultPrinterA
DeletePrinterDriverW
GetPrinterA

sqlunirl

_GetTextExtentPoint@16
_GetWindowLong@8
_CreateIC_@16
_ModifyMenu_@20
_VerQueryValue_@16
AllocConvertMultiSZNameToA

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.YyVm
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.TNn
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.CV
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UbhI
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.RA
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.u
Size: 3KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eU
Size: 1024B - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UHC
Size: 1KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.VWNW
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.x
Size: 512B - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 216KB - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aeac24939fc932e2ddd8560024768cf7

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

1c:2d:d6:1a:35:e6:5d:f6:29:97:01:ff:9b:e5:ca:44Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

35:52:c9:d4:82:b7:f7:e4:93:27:a9:2e:29:26:61:de:36:d7:91:e8Signer

Signature Validations

Verification

07/05/2010, 16:02 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

opengl32

winspool.drv

sqlunirl

Sections

.text Size: 11KB - Virtual size: 10KB

.YyVm Size: 512B - Virtual size: 4KB

.TNn Size: 512B - Virtual size: 8KB

.CV Size: 512B - Virtual size: 4KB

.UbhI Size: 512B - Virtual size: 4KB

.RA Size: 512B - Virtual size: 8KB

.u Size: 3KB - Virtual size: 48KB

.eU Size: 1024B - Virtual size: 40KB

.data Size: 9KB - Virtual size: 8KB

.UHC Size: 1KB - Virtual size: 36KB

.VWNW Size: 1KB - Virtual size: 9KB

.x Size: 512B - Virtual size: 202KB

.rsrc Size: 216KB - Virtual size: 215KB

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

1c:2d:d6:1a:35:e6:5d:f6:29:97:01:ff:9b:e5:ca:44
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

35:52:c9:d4:82:b7:f7:e4:93:27:a9:2e:29:26:61:de:36:d7:91:e8
Signer

07/05/2010, 16:02
Valid: false

.text
Size: 11KB - Virtual size: 10KB

.YyVm
Size: 512B - Virtual size: 4KB

.TNn
Size: 512B - Virtual size: 8KB

.CV
Size: 512B - Virtual size: 4KB

.UbhI
Size: 512B - Virtual size: 4KB

.RA
Size: 512B - Virtual size: 8KB

.u
Size: 3KB - Virtual size: 48KB

.eU
Size: 1024B - Virtual size: 40KB

.data
Size: 9KB - Virtual size: 8KB

.UHC
Size: 1KB - Virtual size: 36KB

.VWNW
Size: 1KB - Virtual size: 9KB

.x
Size: 512B - Virtual size: 202KB

.rsrc
Size: 216KB - Virtual size: 215KB