8603346b511f3a249892f111f914790df99a0f03973cd2541eeee8780cc5e45b

Sharing

Copy URL Twitter E-mail

General

Target

8603346b511f3a249892f111f914790df99a0f03973cd2541eeee8780cc5e45b
Size

7.4MB
MD5

b4ee14bf8a1092d7c026b1e63dc67e59
SHA1

b7d3ec69c08f34f644fcfaae1b5f5d48d38ec5d6
SHA256

8603346b511f3a249892f111f914790df99a0f03973cd2541eeee8780cc5e45b
SHA512

bc44a96b314875bc7f9538010e5f81f03c11cc16124a1f1f105a8c88335e441f5433d09aaf32d78f12ee59d00dc3888ea94bc23c5787b1ac2f5b572617056fb5
SSDEEP

49152:mOwS9Yt8cxv42Sz2zlF+g3VEmJk5M+mmtdy:xYtBxjxF+gKmJ0M+mmtM

Score

N/A

Malware Config

Signatures

Files

8603346b511f3a249892f111f914790df99a0f03973cd2541eeee8780cc5e45b
.exe windows x86

7e010d3f490601f5e8711a527f061dce

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:68:6c:5c:e6:79:f8:3d:7d:47:22:26:96:8e:df:2f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

30/01/2008, 00:00

Not After

05/04/2011, 23:59

Subject

CN=AntiSpyware LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=AntiSpyware LLC,L=Las Vegas,ST=Nevada,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

27:17:00:0a:95:1e:be:36:b2:0a:28:05:a6:42:b6:6a:de:96:0b:71
Signer

Actual PE Digest

27:17:00:0a:95:1e:be:36:b2:0a:28:05:a6:42:b6:6a:de:96:0b:71

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=AntiSpyware LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=AntiSpyware LLC,L=Las Vegas,ST=Nevada,C=US

25/11/2008, 13:32
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

tcl

Tcl_ProcCmd
Tcl_CreateInterp
Tcl_CloneInterp
Tcl_DeleteClone
Tcl_GetStringResult
Tcl_EvalEx
Tcl_DeleteInterp
Tcl_CreateCommand
Tcl_SplitList
Tcl_FreeList
Tcl_SetResult

kernel32

SetEnvironmentVariableA
ExitProcess
RtlUnwind
HeapSize
HeapDestroy
HeapCreate
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetACP
IsValidCodePage
LCMapStringA
GetFileType
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateThread
ExitThread
GetDateFormatA
GetTimeFormatA
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoA
GetCommandLineA
HeapReAlloc
VirtualQuery
VirtualProtect
GetTickCount
CreateFileW
SetErrorMode
GetOEMCP
GetCPInfo
InterlockedIncrement
LocalReAlloc
GlobalHandle
GlobalReAlloc
GlobalFlags
RaiseException
GetFullPathNameA
GetVolumeInformationA
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
SetFilePointer
GetThreadLocale
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
InterlockedDecrement
GetModuleFileNameW
GetCurrentProcessId
GlobalAddAtomA
SuspendThread
GlobalDeleteAtom
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
lstrcmpA
WriteFile
ReadFile
CreateFileA
VirtualFree
VirtualAlloc
DisconnectNamedPipe
FlushFileBuffers
TlsFree
TlsGetValue
TlsSetValue
TlsAlloc
ConnectNamedPipe
LocalAlloc
GetCurrentThread
CreateProcessA
SearchPathA
GetSystemTime
WritePrivateProfileStringA
HeapFree
GetProcessHeap
HeapAlloc
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
CreateDirectoryA
InitializeCriticalSection
GetStdHandle
GetSystemInfo
FormatMessageA
GetFileTime
LocalFree
TerminateProcess
GetFileAttributesA
CreateNamedPipeA
GetVersionExA
lstrcatA
lstrcpyA
GlobalAlloc
ResumeThread
GlobalFree
MulDiv
GlobalUnlock
GlobalLock
ResetEvent
SetEvent
FreeResource
GetWindowsDirectoryA
GetModuleFileNameA
WinExec
GetCurrentDirectoryA
SetCurrentDirectoryA
GetCurrentProcess
FileTimeToLocalFileTime
FileTimeToSystemTime
FindFirstFileA
lstrcpynA
GetLocalTime
FindClose
FindNextFileA
DeleteFileA
GetModuleHandleA
CreateEventA
FreeLibrary
CloseHandle
WaitForSingleObject
SetLastError
Sleep
LoadLibraryA
GetProcAddress
SetThreadPriority
GetVersion
GetLastError
CompareStringA
MultiByteToWideChar
CompareStringW
GetEnvironmentVariableA
InterlockedExchange
lstrlenA
LockResource
WideCharToMultiByte
SizeofResource
LoadResource
FindResourceA
LCMapStringW

user32

PostThreadMessageA
GetNextDlgGroupItem
RegisterClipboardFormatA
SetWindowContextHelpId
MapDialogRect
CharNextA
InvalidateRgn
IsRectEmpty
CopyAcceleratorTableA
DestroyMenu
CreateDialogIndirectParamA
EndDialog
RegisterWindowMessageA
WinHelpA
IsChild
GetClassLongA
GetClassNameA
RemovePropA
GetForegroundWindow
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
UpdateWindow
GetMenu
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
GetScrollInfo
LoadBitmapA
SendMessageA
SetWindowLongA
CharUpperA
CallWindowProcA
OffsetRect
IntersectRect
GetWindowPlacement
UnhookWindowsHookEx
GetMenuItemID
GetMenuItemCount
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
SetFocus
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
SendDlgItemMessageA
GetDlgItem
GetWindow
ScreenToClient
GrayStringA
DrawTextExA
TabbedTextOutA
GetWindowThreadProcessId
GetLastActivePopup
SetWindowsHookExA
CallNextHookEx
GetMessageA
IsWindowVisible
GetKeyState
ValidateRect
PostQuitMessage
TrackMouseEvent
HideCaret
IsWindowEnabled
GetDesktopWindow
SetActiveWindow
GetActiveWindow
GetFocus
PtInRect
MessageBeep
CopyIcon
InflateRect
IsWindow
SetCapture
DestroyIcon
GetCaretPos
GetWindowTextLengthA
SendMessageCallbackA
CreateWindowExA
EndPaint
BeginPaint
SetPropA
GetDlgCtrlID
DefWindowProcA
GetPropA
UnregisterClassA
RegisterClassExA
PostMessageA
InvalidateRect
GetWindowRect
KillTimer
EnableWindow
SetTimer
TranslateMessage
GetWindowLongA
RedrawWindow
DispatchMessageA
PeekMessageA
FindWindowA
MessageBoxA
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
LoadIconA
SetForegroundWindow
LoadMenuA
GetSubMenu
GetCursorPos
TrackPopupMenu
ExitWindowsEx
GetSysColor
LoadCursorA
SetRect
GetSysColorBrush
CopyRect
DrawTextA
SetWindowRgn
SetCursor
SystemParametersInfoA
SetWindowPos
GetWindowDC
GetParent
GetWindowTextA
FillRect
ClientToScreen
WindowFromPoint
GetCapture
DestroyCursor
GetDC
DrawFocusRect
SetClassLongA
DrawEdge
ReleaseCapture
ReleaseDC
GetNextDlgTabItem

gdi32

SetWindowExtEx
GetRgnBox
GetMapMode
CreateRectRgnIndirect
CreatePen
ExtSelectClipRgn
ScaleWindowExtEx
ArcTo
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
MoveToEx
LineTo
GetClipBox
SetMapMode
GetStockObject
GetObjectA
GetDeviceCaps
CreateSolidBrush
CreateCompatibleDC
BitBlt
CreateFontIndirectA
CreateRectRgn
CombineRgn
DeleteObject
GetTextMetricsA
ExtTextOutA
CreateCompatibleBitmap
StretchBlt
DeleteDC
SelectClipRgn
GetPixel
ExtCreateRegion
SelectObject
SetBkMode
SetBkColor
SetTextColor
CreateDCA
GetTextExtentPoint32A
GetBkColor
GetTextColor
GetCurrentObject
CreatePatternBrush
CreateBitmap
SaveDC
RestoreDC
GetCurrentPositionEx

msimg32

GradientFill

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegEnumValueA
GetSecurityDescriptorSacl
RegEnumKeyA
RegDeleteKeyA
FreeSid
AccessCheck
IsValidSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
AddAccessAllowedAce
InitializeAcl
AllocateAndInitializeSid
DuplicateToken
OpenThreadToken
StartServiceA
QueryServiceStatus
CloseServiceHandle
OpenServiceA
OpenSCManagerA
EqualSid
LookupAccountSidA
GetSidSubAuthorityCount
GetTokenInformation
GetSidSubAuthority
RegEnumKeyExA
InitializeSecurityDescriptor
IsValidSid
GetSecurityDescriptorControl
GetSecurityDescriptorLength
GetLengthSid
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
RegOpenKeyA
RegCreateKeyA
RegQueryInfoKeyA
RegOpenKeyExA
GetUserNameA
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
LookupAccountNameA
RegQueryValueA
GetAclInformation
GetSecurityInfo
GetAce
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
CopySid
GetSecurityDescriptorDacl
SetSecurityDescriptorDacl
MakeSelfRelativeSD

comctl32

_TrackMouseEvent

shlwapi

PathIsUNCA
PathStripToRootA
UrlUnescapeA
PathFindFileNameA
PathFindExtensionA
PathFileExistsA
SHDeleteKeyA

oledlg

ord8

ole32

CoTaskMemAlloc
CLSIDFromString
CoGetClassObject
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CLSIDFromProgID
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
StgOpenStorageOnILockBytes
CoCreateInstance
CreateStreamOnHGlobal
CoUninitialize
CoInitializeEx
CoTaskMemFree

oleaut32

OleCreateFontIndirect
OleLoadPicture
SysFreeString
SysStringLen
VarBstrCmp
SysAllocStringLen
SysAllocString
VariantClear
SysAllocStringByteLen
VariantChangeType
VariantInit
VariantCopy
DispCallFunc
LoadRegTypeLi
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayCreate
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime

wininet

InternetOpenUrlA
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
InternetCloseHandle
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetQueryOptionA
InternetSetOptionExA
InternetQueryDataAvailable

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

zlib

inflate
inflateInit2_
inflateEnd

Sections

.text
Size: 584KB - Virtual size: 581KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6.7MB - Virtual size: 6.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7e010d3f490601f5e8711a527f061dce

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

2b:68:6c:5c:e6:79:f8:3d:7d:47:22:26:96:8e:df:2fCertificate

Extended Key Usages

Key Usages

27:17:00:0a:95:1e:be:36:b2:0a:28:05:a6:42:b6:6a:de:96:0b:71Signer

Signature Validations

Verification

25/11/2008, 13:32 Valid: false

Headers

File Characteristics

Imports

tcl

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

comctl32

shlwapi

oledlg

ole32

oleaut32

wininet

version

zlib

Sections

.text Size: 584KB - Virtual size: 581KB

.rdata Size: 132KB - Virtual size: 131KB

.data Size: 20KB - Virtual size: 33KB

.rsrc Size: 6.7MB - Virtual size: 6.7MB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

2b:68:6c:5c:e6:79:f8:3d:7d:47:22:26:96:8e:df:2f
Certificate

27:17:00:0a:95:1e:be:36:b2:0a:28:05:a6:42:b6:6a:de:96:0b:71
Signer

25/11/2008, 13:32
Valid: false

.text
Size: 584KB - Virtual size: 581KB

.rdata
Size: 132KB - Virtual size: 131KB

.data
Size: 20KB - Virtual size: 33KB

.rsrc
Size: 6.7MB - Virtual size: 6.7MB