a627c39aea03c60c199bfd5e2b0634d023726c611b0a62cb4f063cd31754ae61

Sharing

Copy URL Twitter E-mail

General

Target

a627c39aea03c60c199bfd5e2b0634d023726c611b0a62cb4f063cd31754ae61
Size

240KB
MD5

04333122879ade751be5aef1fdc0fbb0
SHA1

57617ba5c8d4b0659b3fdfc386300f3e718dcc89
SHA256

a627c39aea03c60c199bfd5e2b0634d023726c611b0a62cb4f063cd31754ae61
SHA512

b309200cacd05bafa37c1875174499971a7d4efe28999b987fa537ad9b3584ffdbd3edc6a20c547978a12168789798068b7fc096a1fadcb6eec7c635dbcf7353
SSDEEP

6144:BCjwi1P9gVmZK7YE5CkZ6p5fGfyzvacs6IaVgAyWYd:/i1PJO1CkZ6p5u6Tw6/VoWYd

Score

N/A

Malware Config

Signatures

Files

a627c39aea03c60c199bfd5e2b0634d023726c611b0a62cb4f063cd31754ae61
.exe windows x86

ac71e305a58da4f9dba688d581091a76

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4f:53:8f:24:25:65:7e:95:05:19:3a:68:06:5f:ed:f6
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

21/09/2006, 00:00

Not After

18/12/2009, 23:59

Subject

CN=Agnitum Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Agnitum Ltd.,L=Nicosia,ST=Nicosia,C=CY

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

80:ca:c7:2b:6c:86:7a:b3:13:70:f5:23:b6:6a:06:34:a2:c8:32:3c
Signer

Actual PE Digest

80:ca:c7:2b:6c:86:7a:b3:13:70:f5:23:b6:6a:06:34:a2:c8:32:3c

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Agnitum Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Agnitum Ltd.,L=Nicosia,ST=Nicosia,C=CY

14/04/2009, 15:29
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Beep
CreateMailslotW
FatalAppExitA
AddAtomA
WaitForSingleObject
lstrcmpW
SetComputerNameW
LoadLibraryW
GetCurrentDirectoryW
GetUserDefaultLCID
lstrcpynW
IsBadStringPtrA
GetLogicalDriveStringsA
GetSystemTime
GetProcessHeaps
GetLongPathNameA
GetExitCodeThread
GetModuleHandleW
GlobalGetAtomNameW
GetSystemDefaultLCID
GetFullPathNameA
CreateNamedPipeA
GetAtomNameA
LocalAlloc
GetDiskFreeSpaceW
ExpandEnvironmentStringsA
GetMailslotInfo
IsBadReadPtr
OpenEventA
GetModuleFileNameW
GetEnvironmentVariableA
GetSystemDirectoryA
GetStringTypeW
MulDiv
RaiseException
GlobalAlloc
RemoveDirectoryA
SetEvent
FindResourceW
OpenFile
FatalAppExitW
ExitProcess
SetLocaleInfoA
GetSystemDefaultLangID
IsValidCodePage
CopyFileExA
GetVersionExA
SetErrorMode
EnumTimeFormatsA
GlobalFindAtomW
ExpandEnvironmentStringsW
MoveFileW
SetCalendarInfoA
lstrcpynA
GetTempFileNameA
SleepEx
ReplaceFileW
CompareFileTime
lstrlenA
OpenWaitableTimerW
GetLongPathNameW
GetStringTypeA
GetCurrentThreadId
GetThreadLocale
OpenSemaphoreW
lstrcpy
QueryPerformanceCounter
GetLocalTime
WaitForMultipleObjects
CreateDirectoryW
LoadLibraryExA
GetCPInfo
BeginUpdateResourceW
OpenMutexW
WinExec
RemoveDirectoryW
CreateSemaphoreW
GetComputerNameA
CreatePipe
GetStartupInfoW
GetVersionExW
SetCurrentDirectoryA
GetShortPathNameA
BeginUpdateResourceA
CreateEventA
CreateMailslotA
DuplicateHandle
GetLastError
FindAtomW
GetProcAddress
lstrcat
lstrcmpiW
GetVersion
lstrcpyA
DeleteAtom
GetTempFileNameW
GetOEMCP
MultiByteToWideChar
LoadResource
EnumCalendarInfoW

user32

GetMessageA
DialogBoxIndirectParamW
IsWindow
GetScrollPos
CreateWindowExW
GetSystemMetrics
SetFocus
CreatePopupMenu
EndMenu
SetDlgItemInt
LoadCursorA
ShowCursor
WinHelpW
GetMenuItemInfoW
UpdateLayeredWindow
PeekMessageW
GetMenuItemRect
GetKeyboardLayout
MoveWindow
GetForegroundWindow
PostMessageW
keybd_event
ActivateKeyboardLayout
EnumClipboardFormats
SendMessageW
GetDlgItemInt
DefWindowProcW
GetMenuItemInfoA
LoadMenuIndirectW
SetWindowTextW
InsertMenuA
MessageBoxIndirectW
CreateAcceleratorTableW
MessageBoxIndirectA
SendDlgItemMessageW
CreateDialogIndirectParamW
CharLowerW
GetIconInfo
GetMenu
ShowCaret
CharLowerA
SetMenu
GetCapture
WaitMessage
PostMessageA
RegisterClassA
SetCursorPos
EnumWindows
GetMenuItemCount
wsprintfA
mouse_event
InsertMenuItemW
EnableWindow
RegisterWindowMessageW
OffsetRect
CreateDesktopA
CreateAcceleratorTableA
GetActiveWindow

gdi32

SelectBrushLocal
CreateCompatibleDC

advapi32

LookupAccountNameA
ConvertStringSecurityDescriptorToSecurityDescriptorW

shell32

Shell_NotifyIcon
ExtractIconA

shlwapi

StrCpyNW

opengl32

glRenderMode
glTexEnviv
glTexGeni
glRectsv
glNormal3sv
glLightiv
glColor4us
glTexCoord3s
glCallLists
glEdgeFlagPointer
glColor4usv
glIndexi
glGetTexLevelParameterfv
glGenLists
glVertex4iv
glTexCoord4iv
glNormal3b
glColor3ubv
wglChoosePixelFormat

urlmon

DllUnregisterServer
AsyncGetClassBits
URLDownloadW
DllRegisterServer
RevokeFormatEnumerator
CreateURLMonikerEx
CoInternetGetSecurityUrl
ZonesReInit
RegisterFormatEnumerator
ObtainUserAgentString
HlinkNavigateMoniker
GetComponentIDFromCLSSPEC
SetSoftwareUpdateAdvertisementState
URLDownloadToFileA
URLOpenStreamA
GetMarkOfTheWeb
URLOpenPullStreamW
URLOpenPullStreamA
IsLoggingEnabledW
HlinkNavigateString

rtm

RtmIsRoute
RtmDeleteRoute

sqlunirl

_GetServiceKeyName_@16
_EnumFontFamiliesEx_@20
_GetDiskFreeSpaceEx_@16
_SystemParametersInfo_@16
_RegQueryValueEx_@24
_CreateMDIWindow_@40
_NDdeSetShareSecurity_@16
_LogonUser_@24
_InitiateSystemShutdown_@20
_PeekMessage@20
_ResetDC_@8

wsock32

GetTypeByNameW
dn_expand
WSAUnhookBlockingHook
bind
WSACancelBlockingCall
WSAStartup
SetServiceW
WSAAsyncGetProtoByNumber
WSAIsBlocking
GetAcceptExSockaddrs
accept
EnumProtocolsA
connect
GetNameByTypeW
getprotobynumber
NPLoadNameSpaces
htonl
ioctlsocket
s_perror
inet_addr
WSAAsyncSelect
gethostbyaddr

Sections

.r
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.VB
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.GJb
Size: 2KB - Virtual size: 466KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.NCdIaA
Size: 1024B - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Tw
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.VLN
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.lrOvB
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Nt
Size: 10KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qXo
Size: 1024B - Virtual size: 495KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.auqUki
Size: 4KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ac71e305a58da4f9dba688d581091a76

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

4f:53:8f:24:25:65:7e:95:05:19:3a:68:06:5f:ed:f6Certificate

Extended Key Usages

Key Usages

80:ca:c7:2b:6c:86:7a:b3:13:70:f5:23:b6:6a:06:34:a2:c8:32:3cSigner

Signature Validations

Verification

14/04/2009, 15:29 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

opengl32

urlmon

rtm

sqlunirl

wsock32

Sections

.r Size: 9KB - Virtual size: 9KB

.VB Size: 89KB - Virtual size: 88KB

.GJb Size: 2KB - Virtual size: 466KB

.NCdIaA Size: 1024B - Virtual size: 261KB

.Tw Size: 12KB - Virtual size: 12KB

.VLN Size: 7KB - Virtual size: 14KB

.lrOvB Size: 90KB - Virtual size: 89KB

.Nt Size: 10KB - Virtual size: 82KB

.qXo Size: 1024B - Virtual size: 495KB

.auqUki Size: 4KB - Virtual size: 176KB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 1024B - Virtual size: 1024B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

4f:53:8f:24:25:65:7e:95:05:19:3a:68:06:5f:ed:f6
Certificate

80:ca:c7:2b:6c:86:7a:b3:13:70:f5:23:b6:6a:06:34:a2:c8:32:3c
Signer

14/04/2009, 15:29
Valid: false

.r
Size: 9KB - Virtual size: 9KB

.VB
Size: 89KB - Virtual size: 88KB

.GJb
Size: 2KB - Virtual size: 466KB

.NCdIaA
Size: 1024B - Virtual size: 261KB

.Tw
Size: 12KB - Virtual size: 12KB

.VLN
Size: 7KB - Virtual size: 14KB

.lrOvB
Size: 90KB - Virtual size: 89KB

.Nt
Size: 10KB - Virtual size: 82KB

.qXo
Size: 1024B - Virtual size: 495KB

.auqUki
Size: 4KB - Virtual size: 176KB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 1024B - Virtual size: 1024B