89b5f98a5cada2a72e6075fc5fc283c5601a14ce877e7b5e353ac1eec85cfa81

Sharing

Copy URL Twitter E-mail

General

Target

89b5f98a5cada2a72e6075fc5fc283c5601a14ce877e7b5e353ac1eec85cfa81
Size

231KB
MD5

e0a9320e54d604abe0c3eea093e23856
SHA1

8d87c272a7a24aa7129b58b7d9efd156d2959a86
SHA256

89b5f98a5cada2a72e6075fc5fc283c5601a14ce877e7b5e353ac1eec85cfa81
SHA512

fb9709b9d8b88f15cc2f2f187e1bba46e47a1038fdd02abb9a67644c312deac490928cfa33639017dd328dd8b500a52efbdf0ec66a4629bbda188706c7afd55c
SSDEEP

3072:Dd2PHUXh5RidYASjd53qI02ojksuzwj42JpfmmJCZwgEE6pjTcTeuwClKWW3n/8Z:B2fOJyf+H9uAGhJkmwwjcTe+KL0Z

Score

N/A

Malware Config

Signatures

Files

89b5f98a5cada2a72e6075fc5fc283c5601a14ce877e7b5e353ac1eec85cfa81
.exe windows x86

1cdc80fdee083d3fb5d0897059ceff20

Code Sign

04:00:00:00:00:01:23:9e:0f:ac:b3
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:2b:f2:4a:45:3e
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

28/10/2010, 09:07

Not After

28/10/2013, 09:07

Subject

CN=BullGuard Ltd.,OU=IT,O=BullGuard Ltd.,L=Heathrow,ST=Middlesex,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:23:9e:0f:af:24
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 10:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a7:0a:c5:89:35:f2:fa:95:97:8a:5f:a5:cf:fd:ec:9c:45:a3:92:db
Signer

Actual PE Digest

a7:0a:c5:89:35:f2:fa:95:97:8a:5f:a5:cf:fd:ec:9c:45:a3:92:db

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=BullGuard Ltd.,OU=IT,O=BullGuard Ltd.,L=Heathrow,ST=Middlesex,C=GB

02/06/2011, 12:01
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

AddAtomA
CreateDirectoryA
GetLogicalDrives
GetCalendarInfoA
GetStringTypeA
GetExitCodeThread
GetComputerNameA
GetExpandedNameA
EnumDateFormatsW
WinExec
ConnectNamedPipe
Sleep
GetStartupInfoW
ReadDirectoryChangesW
SetLocaleInfoW
SleepEx
GetSystemDefaultLCID
ExpandEnvironmentStringsW
LoadLibraryExA
LocalAlloc
lstrcpy
GetVolumeInformationW
GetModuleHandleA
LocalFree
GetCPInfo
GetCurrentProcess
OpenEventA
GetUserDefaultLCID
GetLocaleInfoA
OpenSemaphoreA
CreateMutexW
IsBadWritePtr
BeginUpdateResourceW
DeleteAtom
GetWindowsDirectoryW
GetEnvironmentVariableA
GetDateFormatW
CreateNamedPipeA
lstrcat
RemoveDirectoryA
FreeLibrary
ExpandEnvironmentStringsA
CopyFileExA
WaitForMultipleObjects
GetNumberFormatA
EnumCalendarInfoA
GetModuleHandleW
FindAtomW
GetSystemTime
GetStartupInfoA
GetProcessHeap
GetLongPathNameA
CopyFileA
DisconnectNamedPipe
GetEnvironmentStringsA
GetEnvironmentStringsW
MoveFileA
GetProcAddress
GetTickCount
CreateSemaphoreW
CreateEventW
GetVersionExA
SetEvent
GetDiskFreeSpaceA
GetSystemDirectoryA
GetVersion
MultiByteToWideChar
SystemTimeToFileTime

user32

PostMessageW
CopyIcon
SetCursor
InvalidateRect
MessageBoxW
SetWindowLongW
GetDlgItemTextA
IsIconic
MessageBoxA
RegisterClassExA
LoadCursorW
GetMenuInfo
CharUpperW
EndDialog
InsertMenuA
InsertMenuItemW
LoadBitmapW
GetClassInfoW
SendDlgItemMessageW
LoadCursorA
RegisterWindowMessageW
FindWindowW
CopyRect
EnumWindows
EndMenu
GetSysColorBrush
EnableMenuItem
GetKeyState
GetDCEx
GetMenuItemCount
OffsetRect
AppendMenuW
CreatePopupMenu
wsprintfA
CharNextW
LoadBitmapA
DialogBoxIndirectParamA
SetWindowTextW
mouse_event
PeekMessageW
CharPrevW
CharNextA
LoadMenuIndirectA
GetDlgItemTextW
LoadMenuA
MonitorFromRect
WaitForInputIdle
SetWindowPos
GetKeyboardLayout
LoadMenuIndirectW
MessageBoxIndirectW
SetWindowRgn
SetMenu
GetMessageW
wvsprintfA
SetCapture
CreateAcceleratorTableA
keybd_event
MoveWindow
CreateMenu
WinHelpW
CreateDialogParamA

gdi32

CreateBitmapIndirect
CreateICW
CreateDIBSection
CreateRoundRectRgn
SelectBrushLocal
CreateMetaFileA
CreateBrushIndirect
GetEnhMetaFileW

advapi32

CryptContextAddRef

shell32

ShellExecuteEx
ShellExecuteA
SHGetDataFromIDListW
SHGetDataFromIDListA
Shell_NotifyIcon
SHCreateDirectoryExA
StrNCmpA

shlwapi

PathIsRelativeA
UrlUnescapeW
SHOpenRegStreamA
PathIsSameRootA
IntlStrEqWorkerA
PathIsUNCServerA
UrlIsNoHistoryW
UrlCreateFromPathW
SHEnumValueA
SHRegQueryInfoUSKeyW
AssocQueryStringW
PathCanonicalizeA
HashData
StrChrIA
UrlGetPartA
UrlHashW

Sections

.ZQPt
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qaC
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mPL
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vi
Size: 4KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.uJiHFf
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.A
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mfAbF
Size: 3KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1cdc80fdee083d3fb5d0897059ceff20

Code Sign

04:00:00:00:00:01:23:9e:0f:ac:b3Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:20:19:c1:90:66Certificate

Key Usages

01:00:00:00:00:01:25:b0:b4:cc:01Certificate

Extended Key Usages

Key Usages

01:00:00:00:00:01:2b:f2:4a:45:3eCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:23:9e:0f:af:24Certificate

Extended Key Usages

Key Usages

a7:0a:c5:89:35:f2:fa:95:97:8a:5f:a5:cf:fd:ec:9c:45:a3:92:dbSigner

Signature Validations

Verification

02/06/2011, 12:01 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

Sections

.ZQPt Size: 8KB - Virtual size: 8KB

.qaC Size: 92KB - Virtual size: 92KB

.mPL Size: 12KB - Virtual size: 12KB

.vi Size: 4KB - Virtual size: 21KB

.uJiHFf Size: 90KB - Virtual size: 90KB

.A Size: 5KB - Virtual size: 14KB

.mfAbF Size: 3KB - Virtual size: 140KB

.rsrc Size: 7KB - Virtual size: 6KB

04:00:00:00:00:01:23:9e:0f:ac:b3
Certificate

04:00:00:00:00:01:20:19:c1:90:66
Certificate

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

01:00:00:00:00:01:2b:f2:4a:45:3e
Certificate

04:00:00:00:00:01:23:9e:0f:af:24
Certificate

a7:0a:c5:89:35:f2:fa:95:97:8a:5f:a5:cf:fd:ec:9c:45:a3:92:db
Signer

02/06/2011, 12:01
Valid: false

.ZQPt
Size: 8KB - Virtual size: 8KB

.qaC
Size: 92KB - Virtual size: 92KB

.mPL
Size: 12KB - Virtual size: 12KB

.vi
Size: 4KB - Virtual size: 21KB

.uJiHFf
Size: 90KB - Virtual size: 90KB

.A
Size: 5KB - Virtual size: 14KB

.mfAbF
Size: 3KB - Virtual size: 140KB

.rsrc
Size: 7KB - Virtual size: 6KB