2fd3593bb49e90d0dc9d2541cfcd260d5174255af15668eb42032ef1f24c968d

Sharing

Copy URL Twitter E-mail

General

Target

2fd3593bb49e90d0dc9d2541cfcd260d5174255af15668eb42032ef1f24c968d
Size

475KB
MD5

1d696f1ad94731d1928f4f6f68ec5c40
SHA1

d1be714c91170bd970fe3ecc530e23e9474ae5c9
SHA256

2fd3593bb49e90d0dc9d2541cfcd260d5174255af15668eb42032ef1f24c968d
SHA512

149d62000d4435fbc3306392fed4ddda505272ae2cc24a130c2e995904318c8955389932c0b880d939b38d0435da52a90b7389911299b37aaa83db9f4dec556b
SSDEEP

12288:aF/ldT9b2xu5f7PS1dgwli9ImtTYOAD1u:aF/ldQxu5TPSnA/tTUDA

Score

N/A

Malware Config

Signatures

Files

2fd3593bb49e90d0dc9d2541cfcd260d5174255af15668eb42032ef1f24c968d
.exe windows x86

3dbe71f0681245da326b6ba62ede2c59

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

30:c7:32:88:9d:e0:ab:d5:bd:cd:ea:2d:89:e5:4a:cd:f3:37:7a:23
Signer

Actual PE Digest

30:c7:32:88:9d:e0:ab:d5:bd:cd:ea:2d:89:e5:4a:cd:f3:37:7a:23

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

30/10/2012, 07:43
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHRegSetUSValueA
SHRegGetUSValueA
StrDupW
StrStrW
PathFindFileNameW
PathIsRootW
PathAddBackslashW
PathIsDirectoryW
PathFileExistsW
PathRemoveFileSpecW
PathAppendW
StrCmpIW
SHGetValueW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wininet

InternetReadFile
InternetCrackUrlW
InternetOpenW
InternetSetCookieA
InternetSetCookieW
HttpQueryInfoW
InternetCloseHandle
InternetErrorDlg
InternetSetOptionW
InternetOpenUrlW

kernel32

GetLocalTime
FormatMessageW
GetSystemTime
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetTimeZoneInformation
SetEndOfFile
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
CloseHandle
Process32NextW
lstrcmpiW
lstrlenW
lstrcpyW
Process32FirstW
CreateToolhelp32Snapshot
GetProcAddress
LoadLibraryW
GetModuleHandleW
FreeLibrary
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
LocalFree
GetCommandLineW
GetModuleFileNameW
GetCurrentThreadId
GetLastError
InterlockedIncrement
InterlockedDecrement
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
ReadFile
CreateFileW
DeviceIoControl
GetVersionExW
lstrlenA
WideCharToMultiByte
lstrcpyA
OutputDebugStringA
DeleteFileW
GetTickCount
GetTempPathW
lstrcpynA
GlobalFree
GlobalAlloc
LockResource
GetEnvironmentVariableA
GetPrivateProfileIntW
CreateThread
CreateDirectoryW
GetLongPathNameW
GlobalUnlock
GlobalLock
GetVolumeInformationW
WaitForSingleObject
CreateProcessW
TerminateThread
SuspendThread
GetCurrentProcessId
MoveFileExW
SetFileAttributesW
RemoveDirectoryW
FindClose
FindNextFileW
FindFirstFileW
CopyFileW
GetStringTypeW
GetStringTypeA
LCMapStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CreateFileA
FlushFileBuffers
GetLocaleInfoA
GetLocaleInfoW
GetModuleHandleA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
ReleaseMutex
GetDiskFreeSpaceExW
OpenThread
CreateMutexA
SetFilePointerEx
GetFileSizeEx
LocalFileTimeToFileTime
SystemTimeToFileTime
GetCommandLineA
GetStartupInfoA
GetFileAttributesW
TlsGetValue
TlsAlloc
GetCPInfo
SetHandleCount
SetFilePointer
GetFileType
SetStdHandle
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
LoadLibraryA
InterlockedExchange
SetConsoleCtrlHandler
GetModuleFileNameA
GetStdHandle
GetSystemTimeAsFileTime
HeapAlloc
ExitProcess
TlsSetValue
WritePrivateProfileStringW
WriteFile
HeapReAlloc
VirtualAlloc
FatalAppExitA
VirtualFree
HeapDestroy
HeapCreate
HeapSize
GetCurrentThread
SetLastError
Sleep
IsDebuggerPresent
HeapFree
GetProcessHeap
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsFree

user32

TranslateMessage
DispatchMessageW
GetMessageW
PeekMessageW
FindWindowExW
GetWindowThreadProcessId
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetParent
GetWindowRect
GetSystemMetrics
SetWindowPos
MessageBoxW
GetDesktopWindow
DefWindowProcW
DestroyWindow
CharNextW

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExA
RegDeleteValueW
RegDeleteKeyW
RegQueryValueExW
RegCloseKey

shell32

CommandLineToArgvW
SHFileOperationW
ShellExecuteW
SHGetSpecialFolderPathW

ole32

CreateStreamOnHGlobal
CoInitialize
CoUninitialize
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

SysFreeString
VarUI4FromStr
CreateErrorInfo
VariantChangeType
VariantClear
VariantInit
SetErrorInfo
GetErrorInfo

comctl32

InitCommonControlsEx

gdiplus

GdipCloneImage
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipDisposeImage
GdipAlloc
GdipFree
GdiplusShutdown
GdiplusStartup

netapi32

Netbios

Sections

.text
Size: 335KB - Virtual size: 334KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 51KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

elwbspq
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3dbe71f0681245da326b6ba62ede2c59

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

30:c7:32:88:9d:e0:ab:d5:bd:cd:ea:2d:89:e5:4a:cd:f3:37:7a:23Signer

Signature Validations

Verification

30/10/2012, 07:43 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

version

wininet

kernel32

user32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

gdiplus

netapi32

Sections

.text Size: 335KB - Virtual size: 334KB

.rdata Size: 56KB - Virtual size: 55KB

.data Size: 8KB - Virtual size: 22KB

.rsrc Size: 16KB - Virtual size: 16KB

.reloc Size: 51KB - Virtual size: 52KB

elwbspq Size: 6KB - Virtual size: 6KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

30:c7:32:88:9d:e0:ab:d5:bd:cd:ea:2d:89:e5:4a:cd:f3:37:7a:23
Signer

30/10/2012, 07:43
Valid: false

.text
Size: 335KB - Virtual size: 334KB

.rdata
Size: 56KB - Virtual size: 55KB

.data
Size: 8KB - Virtual size: 22KB

.rsrc
Size: 16KB - Virtual size: 16KB

.reloc
Size: 51KB - Virtual size: 52KB

elwbspq
Size: 6KB - Virtual size: 6KB