55840f6cbe253b1de37fe85f282a6aa9d3cdec24a088aae24c1c829e48af6be6

Sharing

Copy URL Twitter E-mail

General

Target

55840f6cbe253b1de37fe85f282a6aa9d3cdec24a088aae24c1c829e48af6be6
Size

258KB
MD5

cd0d102aff020c8ead3eb00aeb70ae3e
SHA1

f6e05755c4e6cb83c00f19fb1d08320f228e3336
SHA256

55840f6cbe253b1de37fe85f282a6aa9d3cdec24a088aae24c1c829e48af6be6
SHA512

5600b9f3e0afc48c94337df419923cb8d047a0a58bc83f1fe4cd34409ee0e72f69e9d5d5cebaa8644e0679745dcd7ae04a2326c1b5a7d199d94226afb709e659
SSDEEP

3072:gt/OAJ8zmv5hHTHSsB4Te47n+4Yp0f9gjcxoaV8R/HdszK1zmHE2S60MeKDYQnx6:Y/O+omvL7SPTb+i9gjl6dG32wMQXNr

Score

N/A

Malware Config

Signatures

Files

55840f6cbe253b1de37fe85f282a6aa9d3cdec24a088aae24c1c829e48af6be6
.exe windows x86

371b6595684f46c58dec5e974944d475

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:be:8f:83:f4:45:50:21:f4:e2:4f:b0:21:fc:a2:4a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

08/03/2010, 00:00

Not After

08/03/2011, 23:59

Subject

CN=Kaspersky Lab,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Technical dept,O=Kaspersky Lab,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

88:ff:2c:72:3b:0b:b5:81:88:1f:85:df:ab:6c:e2:db:36:e6:c2:57
Signer

Actual PE Digest

88:ff:2c:72:3b:0b:b5:81:88:1f:85:df:ab:6c:e2:db:36:e6:c2:57

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Kaspersky Lab,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Technical dept,O=Kaspersky Lab,L=Moscow,ST=Moscow,C=RU

24/09/2010, 16:17
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathW
GetLogicalDriveStringsW
GetCurrentDirectoryW
GetStringTypeA
TlsAlloc
SetCurrentDirectoryW
EnumCalendarInfoA
GetHandleInformation
MoveFileW
lstrlen
GetLongPathNameA
HeapCreate
SetCalendarInfoW
SetCurrentDirectoryA
GetAtomNameW
GetMailslotInfo
lstrcmpW
GetCurrentProcessId
CreateMutexA
SearchPathW
ConnectNamedPipe
GetOEMCP
lstrcatW
GetExitCodeProcess
CreateSemaphoreW
FileTimeToDosDateTime
GetStringTypeW
GetFileAttributesA
OpenMutexA
ReplaceFileA
FindAtomA
MoveFileA
GetDiskFreeSpaceW
DosDateTimeToFileTime
GetUserDefaultLangID
IsBadStringPtrA
CopyFileExW
GetExitCodeThread
IsBadStringPtrW
GetAtomNameA
GetDateFormatW
DeleteAtom
GetExpandedNameW
lstrcat
LoadLibraryA
SetComputerNameW
lstrcpynA
ExitProcess
GetLogicalDrives
GlobalFindAtomW
GetCurrentProcess
GetCurrentDirectoryA
LoadLibraryA
GetSystemDirectoryA
GetCurrentThread
GetLocalTime
IsBadReadPtr
lstrlenW
ReadDirectoryChangesW
CreateEventA
GlobalDeleteAtom
GetNumberFormatW
OpenSemaphoreW
BeginUpdateResourceW
GetModuleFileNameW
GetTempFileNameA
FindResourceW
ExpandEnvironmentStringsA
GetStartupInfoA
GetVolumeInformationW
lstrcmpiW
RemoveDirectoryW
lstrcmpiA
GetLastError
GetLogicalDriveStringsA
GetCPInfo
GetProcessHeap
MultiByteToWideChar
CreateEventW
GetNumberFormatA
FileTimeToSystemTime
BeginUpdateResourceA
CreateMailslotA
FileTimeToLocalFileTime
GetThreadPriority
IsBadCodePtr
GetTimeFormatA
GetLocaleInfoW
GetShortPathNameA
CreateMutexW
SetComputerNameA
AddAtomW
GetProcAddress
GetTempFileNameW
GetFileAttributesW
GetExpandedNameA
Beep
InitializeCriticalSection
CreateSemaphoreA
lstrcpyn
GetSystemDirectoryW
OpenEventA

user32

LoadBitmapW
DefWindowProcA
GetMessageW
LoadImageW
GetSysColor
GetMenuState
GetDlgItemInt
GetTopWindow
GetClassInfoExW
GetSysColorBrush
FindWindowW
SetForegroundWindow
GetDesktopWindow
wsprintfW
LoadBitmapA
LoadIconW
SetDlgItemInt
LoadCursorW
EnableMenuItem
PostMessageA
DefWindowProcW
CharLowerA
AppendMenuA
DestroyCursor
FindWindowA
TrackPopupMenuEx
GetMenuItemID
CreateDesktopA
CreateAcceleratorTableA
PostMessageW
LoadImageA
GetMenuItemInfoA
CreateDialogIndirectParamA
SetCursorPos
CharUpperW
GetSystemMetrics
CreateWindowExW
WinHelpW
ActivateKeyboardLayout
CreateAcceleratorTableW
GetMenuItemCount
wvsprintfW
LoadMenuA
GetCapture
TrackPopupMenu
RegisterClassW
GetMenu
MonitorFromRect
InvalidateRect
RegisterClassExW
PostQuitMessage
InsertMenuA
DialogBoxIndirectParamA
keybd_event
wvsprintfA
UpdateLayeredWindow
CreateDialogParamW
mouse_event
RegisterClassA
CopyIcon
AdjustWindowRect
GetKeyboardType
SetCursor
UnregisterClassA
GetMenuStringA
CreateDialogIndirectParamW
GetMessageA
SetParent
CharNextW
GetMenuInfo
MessageBoxA
OpenClipboard
GetActiveWindow
GetMenuStringW
InvalidateRgn
IsDlgButtonChecked
MonitorFromPoint
GetIconInfo
CharNextA
GetClassInfoA
GetKeyState
RegisterWindowMessageA
SendDlgItemMessageA
GetClassInfoW
IsWindow
SetCapture
OffsetRect
SetTimer
MessageBeep
CharPrevW
RegisterWindowMessageW
PeekMessageA
SendMessageW
MoveWindow
EnableWindow
GetScrollPos
CreateDialogParamA
IsMenu
EndMenu
CharPrevA
LoadMenuIndirectA
MessageBoxW
UnregisterClassW
SetDlgItemTextA
IsChild
DestroyMenu
GetDlgItemTextW
WinHelpA
MessageBoxIndirectW
CheckMenuItem
GetSubMenu
GetMenuItemRect
EmptyClipboard
LoadMenuIndirectW
MonitorFromWindow
DialogBoxIndirectParamW
GetMenuItemInfoW
CreatePopupMenu
wsprintfA
CreateDesktopW
InsertMenuItemA
SetWindowTextA
WaitForInputIdle
DialogBoxParamW
GetActiveWindow
SetFocus
EndDialog
RegisterClassExA

gdi32

CreateFontIndirectExA
AddFontResourceW
CreateFontA
RemoveFontResourceExA
CreateICA
CreateScalableFontResourceA
GetEnhMetaFileA
GetRasterizerCaps
CreateBrushIndirect
CreateDIBSection
GetMetaFileA
CreateColorSpaceW
CreateSolidBrush
CreatePatternBrush
DeleteObject
AddFontResourceA
CreateHatchBrush
SetWinMetaFileBits

advapi32

SaferComputeTokenFromLevel
CryptGetHashParam
RegOpenCurrentUser
SetNamedSecurityInfoA
LookupAccountNameW
OpenSCManagerW
FreeEncryptionCertificateHashList
RegNotifyChangeKeyValue
GetLocalManagedApplicationData
DecryptFileW

setupapi

InstallHinfSection
SetupDiInstallClassW
SetupDiGetDeviceInterfaceDetailA
SetupDiGetActualSectionToInstallW
CM_Add_ID_ExA
pSetupMultiByteToUnicode

cryptui

CryptUIDlgSelectCA
CryptUIDlgViewContext

crypt32

CertFindExtension
CryptGetAsyncParam
CertFreeCTLContext
I_CryptInstallOssGlobal
CryptAcquireContextU
I_CryptInstallAsn1Module
CryptMsgCountersignEncoded
CryptSIPGetSignedDataMsg
I_CryptSetTls
CertGetEnhancedKeyUsage
CertDeleteCRLFromStore

Sections

.text
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rTF
Size: 109KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.LO
Size: 106KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 381KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

371b6595684f46c58dec5e974944d475

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

07:be:8f:83:f4:45:50:21:f4:e2:4f:b0:21:fc:a2:4aCertificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

88:ff:2c:72:3b:0b:b5:81:88:1f:85:df:ab:6c:e2:db:36:e6:c2:57Signer

Signature Validations

Verification

24/09/2010, 16:17 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

setupapi

cryptui

crypt32

Sections

.text Size: 13KB - Virtual size: 16KB

.rTF Size: 109KB - Virtual size: 158KB

.rdata Size: 7KB - Virtual size: 19KB

.LO Size: 106KB - Virtual size: 123KB

.data Size: 5KB - Virtual size: 381KB

.rsrc Size: 7KB - Virtual size: 7KB

.reloc Size: 1KB - Virtual size: 4KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

07:be:8f:83:f4:45:50:21:f4:e2:4f:b0:21:fc:a2:4a
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

88:ff:2c:72:3b:0b:b5:81:88:1f:85:df:ab:6c:e2:db:36:e6:c2:57
Signer

24/09/2010, 16:17
Valid: false

.text
Size: 13KB - Virtual size: 16KB

.rTF
Size: 109KB - Virtual size: 158KB

.rdata
Size: 7KB - Virtual size: 19KB

.LO
Size: 106KB - Virtual size: 123KB

.data
Size: 5KB - Virtual size: 381KB

.rsrc
Size: 7KB - Virtual size: 7KB

.reloc
Size: 1KB - Virtual size: 4KB