c27dc89c553b36e79b9ba7294c374589fd1791895629640af6486a4bca4414e4

Sharing

Copy URL Twitter E-mail

General

Target

c27dc89c553b36e79b9ba7294c374589fd1791895629640af6486a4bca4414e4
Size

113KB
MD5

a5c71335b4115262ad2cb28c6ef878f6
SHA1

1270af048aadcc7a9fc0fd4a82b9864ace0b6fb6
SHA256

c27dc89c553b36e79b9ba7294c374589fd1791895629640af6486a4bca4414e4
SHA512

ef977f980c74088e97d56de566821cb3d98a9bbe19cf9ba5dca8dac9051f0e0add3b9a4affe5443b564c836d1c6c6a1bc090c6eafa02cae508d26a41a66464d2
SSDEEP

1536:jeI9sngxVKI06X6JvfjVxUorSa2h0pNZrQvJkknmKusbCwYeEOD7qx12QD:jDSyVf6JvBxcaD3BumKuKCwYeEOqx

Score

N/A

Malware Config

Signatures

Files

c27dc89c553b36e79b9ba7294c374589fd1791895629640af6486a4bca4414e4
.exe windows x86

a6aa8c75eb9e0b96a79de029fcceb624

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

63:ec:ec:49:92:77:4c:31:43:8c:81:ad:31:36:e3:f2
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:51:71:cb:c3:f1:06:f6:f4:1e:03:eb:77:cf:4f:e9
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

10/11/2011, 00:00

Not After

09/11/2014, 23:59

Subject

CN=Google Inc,OU=Digital ID Class 3 - Netscape Object Signing,O=Google Inc,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

ea:5e:8d:51:65:ca:62:3b:70:ae:f4:d2:08:c9:9c:3a:d5:ce:f0:e3
Signer

Actual PE Digest

ea:5e:8d:51:65:ca:62:3b:70:ae:f4:d2:08:c9:9c:3a:d5:ce:f0:e3

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Google Inc,OU=Digital ID Class 3 - Netscape Object Signing,O=Google Inc,L=Mountain View,ST=California,C=US

07/03/2012, 23:06
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
Sleep
ReadFile
MultiByteToWideChar
lstrlenW
GetLastError
CloseHandle
CreateMutexA
GetComputerNameA
HeapAlloc
WaitForSingleObject
GetProcessHeap
GetWindowsDirectoryA
WideCharToMultiByte
CreateProcessA
lstrcatA
SetCurrentDirectoryA
GetLogicalDriveStringsA
HeapSize
GetTempFileNameA
GetCurrentDirectoryA
GetVersionExA
lstrlenA
GetTempPathA
DeleteFileA
lstrcpyA
SetFilePointer
GetFileSize
CreateFileW
IsProcessorFeaturePresent
SetStdHandle
RtlUnwind
HeapReAlloc
WriteConsoleW
GetStringTypeW
LCMapStringW
RaiseException
GetConsoleMode
GetConsoleCP
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetFileType
SetHandleCount
GetVersion
CreateFileA
DecodePointer
GetSystemTimeAsFileTime
GetProcAddress
GetModuleHandleW
ExitProcess
HeapFree
GetCommandLineA
HeapSetInformation
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetStdHandle
GetModuleFileNameW
HeapCreate
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LoadLibraryW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
FlushFileBuffers

advapi32

GetUserNameA

shlwapi

StrStrA
StrRChrA

winhttp

WinHttpReceiveResponse
WinHttpAddRequestHeaders
WinHttpReadData
WinHttpOpenRequest
WinHttpOpen
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpCloseHandle
WinHttpConnect
WinHttpSendRequest
WinHttpGetIEProxyConfigForCurrentUser

ws2_32

gethostbyname
inet_ntoa
gethostname
WSAStartup

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a6aa8c75eb9e0b96a79de029fcceb624

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

63:ec:ec:49:92:77:4c:31:43:8c:81:ad:31:36:e3:f2Certificate

Extended Key Usages

Key Usages

25:51:71:cb:c3:f1:06:f6:f4:1e:03:eb:77:cf:4f:e9Certificate

Extended Key Usages

ea:5e:8d:51:65:ca:62:3b:70:ae:f4:d2:08:c9:9c:3a:d5:ce:f0:e3Signer

Signature Validations

Verification

07/03/2012, 23:06 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shlwapi

winhttp

ws2_32

iphlpapi

Sections

.text Size: 48KB - Virtual size: 48KB

.rdata Size: 14KB - Virtual size: 13KB

.data Size: 4KB - Virtual size: 12KB

.rsrc Size: 34KB - Virtual size: 34KB

.reloc Size: 5KB - Virtual size: 5KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

63:ec:ec:49:92:77:4c:31:43:8c:81:ad:31:36:e3:f2
Certificate

25:51:71:cb:c3:f1:06:f6:f4:1e:03:eb:77:cf:4f:e9
Certificate

ea:5e:8d:51:65:ca:62:3b:70:ae:f4:d2:08:c9:9c:3a:d5:ce:f0:e3
Signer

07/03/2012, 23:06
Valid: false

.text
Size: 48KB - Virtual size: 48KB

.rdata
Size: 14KB - Virtual size: 13KB

.data
Size: 4KB - Virtual size: 12KB

.rsrc
Size: 34KB - Virtual size: 34KB

.reloc
Size: 5KB - Virtual size: 5KB