2d19b42dcb1e2bfab983f4c39330fb47288abd8871cc51e78c7f9b094c784b5b

Sharing

Copy URL

Twitter E-mail

General

Target

2d19b42dcb1e2bfab983f4c39330fb47288abd8871cc51e78c7f9b094c784b5b
Size

138KB
MD5

bf560000d08839e6a4a5a1fbe7f08b4b
SHA1

b78e709f958af85c2b24613f8a0ed25d99d8295f
SHA256

2d19b42dcb1e2bfab983f4c39330fb47288abd8871cc51e78c7f9b094c784b5b
SHA512

c134f432abcc03eddeff2e227c5572e91663c557644c7128bf0f945753488389b6927ceeb465aef4a00ba632b75da4804b6ebe36ec84c6b7ab6b4ab63740d269
SSDEEP

3072:Is4ecpptyAOwsXqpHUssdyj9BANS6hsyIBh8:Is4ecxyAO3SUssyvGhsB8

Score

N/A

Malware Config

Signatures

Files

2d19b42dcb1e2bfab983f4c39330fb47288abd8871cc51e78c7f9b094c784b5b
.exe windows x86

536036c2f9c74c22860e1b390dbe0111

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

24:af:13:74:fe:5f:db:ed:b4:de:05:ff:a9:03:dd:7a
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

14-05-2010 00:00

Not After

14-05-2011 23:59

Subject

CN=上海瑞创网络科技发展有限公司,O=上海瑞创网络科技发展有限公司,L=ShangHai,ST=ShangHai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

3f:ce:40:2b:51:bf:43:0a:8c:d0:2f:a2:45:77:0b:e9:51:3f:6f:7f
Signer

Actual PE Digest

3f:ce:40:2b:51:bf:43:0a:8c:d0:2f:a2:45:77:0b:e9:51:3f:6f:7f

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=上海瑞创网络科技发展有限公司,O=上海瑞创网络科技发展有限公司,L=ShangHai,ST=ShangHai,C=CN

18-08-2010 02:49
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemDefaultLangID
LoadLibraryW
GetProcAddress
FreeLibrary
GetModuleHandleW
OpenProcess
CloseHandle
GetVersionExW
GetPrivateProfileStringW
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
GetFileAttributesW
DeleteFileW
CreateDirectoryW
SetFileAttributesW
GetModuleFileNameW
GetTempFileNameW
GetFullPathNameW
lstrlenW
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoW
InterlockedCompareExchange
Sleep
InterlockedExchange
GetSystemTimeAsFileTime

user32

MessageBoxW

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHFileOperationW

ole32

CoTaskMemFree

msvcr80

__CxxFrameHandler3
_controlfp_s
_invoke_watson
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABQBD@Z
_invalid_parameter_noinfo
??0exception@std@@QAE@ABV01@@Z
memcpy_s
wcslen
??3@YAXPAX@Z
strlen
??2@YAPAXI@Z
memcpy
??_V@YAXPAX@Z
_stricmp
memset
_splitpath_s
wcschr
towlower
towupper
free
malloc
_CxxThrowException
memmove_s
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 106KB - Virtual size: 108KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

536036c2f9c74c22860e1b390dbe0111

Code Sign

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

24:af:13:74:fe:5f:db:ed:b4:de:05:ff:a9:03:dd:7aCertificate

Extended Key Usages

3f:ce:40:2b:51:bf:43:0a:8c:d0:2f:a2:45:77:0b:e9:51:3f:6f:7fSigner

Signature Validations

Verification

18-08-2010 02:49 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

shell32

ole32

msvcr80

version

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 106KB - Virtual size: 108KB

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

24:af:13:74:fe:5f:db:ed:b4:de:05:ff:a9:03:dd:7a
Certificate

3f:ce:40:2b:51:bf:43:0a:8c:d0:2f:a2:45:77:0b:e9:51:3f:6f:7f
Signer

18-08-2010 02:49
Valid: false

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 106KB - Virtual size: 108KB