8114610168eda1fb98cc24fa85457c83734ea03abf2a5874c069773eb39c0536

Sharing

Copy URL

Twitter E-mail

General

Target

8114610168eda1fb98cc24fa85457c83734ea03abf2a5874c069773eb39c0536
Size

198KB
MD5

59f777b602f0a45f170077de9672735c
SHA1

6eade23ed4bf1d3edad3ec814a909825cbd8f547
SHA256

8114610168eda1fb98cc24fa85457c83734ea03abf2a5874c069773eb39c0536
SHA512

270edd7714c218ef341e6e105519e09e10f457e329ee82c33aa02d471c96e952e9753278717b3ee0b6f06e1c55d38c10cb85be2c92f6d316469a517b8c076d24
SSDEEP

6144:756Uqnrv+jmmhga8pWd3npNY8o+GucBInhW:756Uq+jXOa8ItpNFo+GEhW

Score

N/A

Malware Config

Signatures

Files

8114610168eda1fb98cc24fa85457c83734ea03abf2a5874c069773eb39c0536
.exe windows x86

1f85bdfd886ae8704203e6545ad9e870

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

75:e8:09:36:1d:af:be:7b:d7:2e:0e:5b:b7:65:95:52
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

11-02-2009 00:00

Not After

11-02-2012 23:59

Subject

CN=Avira GmbH,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Development 2009,O=Avira GmbH,L=Tettnang,ST=Baden-Wuerttemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

malloc
_onexit
__dllonexit
_initterm
wcslen
memmove
_beginthreadex
_wcslwr
wcsstr
_vsnwprintf
realloc
free

user32

WindowFromPoint
SendMessageTimeoutW
SetRect
SetScrollInfo
GetParent
IsZoomed
GetSystemMetrics
GetScrollInfo
GetMenuStringW
IsRectEmpty
GetMenuItemID
MenuItemFromPoint
GetSubMenu
GetMenuItemInfoW
GetMenuItemCount
GetClientRect
IntersectRect
GetClassNameW
MapVirtualKeyW
GetKeyNameTextW
GetForegroundWindow
LoadCursorW
LoadStringW
GetCursorPos
CharLowerBuffW
IsChild
GetWindow
MapWindowPoints
GetWindowRect
GetDC
SystemParametersInfoW
ReleaseDC
GetKeyboardLayout
PostMessageW
FindWindowExW
GetWindowLongW
IsWindowVisible
ScreenToClient
PtInRect
ClientToScreen
SendMessageW
GetDesktopWindow
SetPropW
DefWindowProcW
RegisterClassW
CreateWindowExW
SetParent
DestroyWindow
RemovePropW
IsWindow
IsMenu
GetPropW
GetWindowThreadProcessId
FindWindowW
CharNextW
EnumWindows
UnhookWindowsHookEx
SetWindowsHookExW
RegisterWindowMessageW
UnregisterHotKey
OemKeyScan
VkKeyScanW
GetKeyState
IsWindowEnabled
SetRectEmpty
EnumThreadWindows
KillTimer
SetForegroundWindow
RegisterHotKey
MessageBeep
RegisterClassExW
DispatchMessageW
TranslateMessage
GetMessageW
SetTimer
CallNextHookEx
GetShellWindow

gdi32

LPtoDP
GetDCOrgEx
CreateFontW
SelectObject
GetCharABCWidthsW
DeleteObject

kernel32

InterlockedCompareExchange
OpenFileMappingW
CreateThread
GetExitCodeThread
GetModuleHandleExW
GlobalAlloc
GlobalFree
WriteProcessMemory
CreateFileMappingW
DuplicateHandle
MapViewOfFile
UnmapViewOfFile
GlobalGetAtomNameW
GetCurrentProcess
LoadLibraryA
GlobalDeleteAtom
GlobalAddAtomW
WideCharToMultiByte
GetCurrentThreadId
GetVersionExA
WaitForSingleObject
Sleep
GetThreadLocale
lstrcmpW
GlobalLock
GlobalUnlock
InterlockedExchange
CompareStringW
GetLocaleInfoW
LocalAlloc
LocalFree
GetTickCount
GetCurrentProcessId
OpenProcess
ReadProcessMemory
CloseHandle
SetLastError
GetShortPathNameW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
DelayLoadFailureHook
DisableThreadLibraryCalls
LoadLibraryW
FreeLibrary
GetLastError
GetModuleFileNameW
lstrcatW
HeapDestroy
EnterCriticalSection
LeaveCriticalSection
lstrcpynW
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
lstrcpyW
lstrlenW
MultiByteToWideChar
QueryPerformanceCounter
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GlobalFindAtomW
lstrlenA
GetProcAddress
GetModuleHandleW
GetVersionExW
VirtualAllocEx
HeapCreate
HeapAlloc

advapi32

TraceEvent
UnregisterTraceGuids
RegQueryValueExW
InitializeSecurityDescriptor
InitializeAcl
SetSecurityDescriptorSacl
OpenProcessToken
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
GetTokenInformation
GetSidSubAuthority
GetTraceEnableFlags
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel

ole32

CoTaskMemFree
HWND_UserSize
HWND_UserMarshal
HWND_UserUnmarshal
HMENU_UserSize
HMENU_UserMarshal
HMENU_UserUnmarshal
HMENU_UserFree
CoInitialize
CoUnmarshalInterface
CreateStreamOnHGlobal
CoMarshalInterface
GetHGlobalFromStream
CoReleaseMarshalData
CoMarshalInterThreadInterfaceInStream
CoInitializeEx
CoGetInterfaceAndReleaseStream
CoUninitialize
ReleaseStgMedium
CoCreateInstance
CoTaskMemRealloc
HWND_UserFree
CoTaskMemAlloc

rpcrt4

NdrDllGetClassObject
NdrCStdStubBuffer_Release
NdrCStdStubBuffer2_Release
NdrDllRegisterProxy
NdrDllUnregisterProxy
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_CountRefs
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_Disconnect
CStdStubBuffer_Connect
CStdStubBuffer_AddRef
CStdStubBuffer_QueryInterface
NdrStubCall2
NdrStubForwardingFunction
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrOleAllocate
NdrDllCanUnloadNow

msi

MsiSourceListClearAllExA
MsiSourceListEnumMediaDisksA
MsiOpenPackageExW
MsiProvideQualifiedComponentExW
MsiSummaryInfoPersist
MsiProvideQualifiedComponentW
MsiGetTargetPathA
MsiGetProductInfoExW
MsiRecordSetStringA
MsiConfigureProductExW
MsiApplyMultiplePatchesW
MsiConfigureProductExA
MsiInstallMissingFileW
MsiGetFileVersionW
MsiQueryComponentStateA
MsiViewGetColumnInfo
MsiGetLastErrorRecord
MsiDoActionW
MsiDoActionA
MsiLoadStringW
MsiGetFeatureValidStatesW
MsiSourceListSetInfoA
MsiSetExternalUIW
MsiProvideQualifiedComponentExA
MsiQueryFeatureStateW
MsiProvideComponentW
MsiNotifySidChangeW
MsiCollectUserInfoA
MsiGetUserInfoA

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 107KB - Virtual size: 285KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 3KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1f85bdfd886ae8704203e6545ad9e870

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

75:e8:09:36:1d:af:be:7b:d7:2e:0e:5b:b7:65:95:52Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

msvcrt

user32

gdi32

kernel32

advapi32

ole32

rpcrt4

msi

Sections

.text Size: 13KB - Virtual size: 13KB

Size: 1KB - Virtual size: 15KB

Size: 1024B - Virtual size: 5KB

.rdata Size: 7KB - Virtual size: 7KB

Size: 1KB - Virtual size: 15KB

.data Size: 107KB - Virtual size: 285KB

Size: 3KB - Virtual size: 31KB

.rsrc Size: 51KB - Virtual size: 51KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

75:e8:09:36:1d:af:be:7b:d7:2e:0e:5b:b7:65:95:52
Certificate

.text
Size: 13KB - Virtual size: 13KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 107KB - Virtual size: 285KB

.rsrc
Size: 51KB - Virtual size: 51KB