b57bf664a317f8346fc620b3da27420dcd825652af14f506ac0233e45384e382

Sharing

Copy URL

Twitter E-mail

General

Target

b57bf664a317f8346fc620b3da27420dcd825652af14f506ac0233e45384e382
Size

227KB
MD5

daff74340b93f189e9d9192d642e9d6d
SHA1

44d088c2aa0ddc37c567141846e9199c223e9566
SHA256

b57bf664a317f8346fc620b3da27420dcd825652af14f506ac0233e45384e382
SHA512

ab4ac55769b8d7f0ac284e9877af1358c079cfb91a0b4c33f0842dd8a9c3a9e6c7759f6e9ba357fe6ea86bf9bd6f3a960bc38b28bc2bfc7148efa60b459cbba9
SSDEEP

6144:vovGkugGhdgjrCTxXTPKiUktStNG/EhSRs3eQLJ60z:Eu/dgr8tTz1twNGqSRs3e6wE

Score

N/A

Malware Config

Signatures

Files

b57bf664a317f8346fc620b3da27420dcd825652af14f506ac0233e45384e382
.exe windows x86

b3ecfddf29c908b0f14a2895ba7101e5

Code Sign

04:00:00:00:00:01:23:9e:0f:ac:b3
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:2b:f2:4a:45:3e
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

28/10/2010, 09:07

Not After

28/10/2013, 09:07

Subject

CN=BullGuard Ltd.,OU=IT,O=BullGuard Ltd.,L=Heathrow,ST=Middlesex,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:23:9e:0f:af:24
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 10:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

83:28:ae:fc:4c:4b:8d:8c:7a:f0:88:de:b2:e9:cd:fb:f5:f9:d8:87
Signer

Actual PE Digest

83:28:ae:fc:4c:4b:8d:8c:7a:f0:88:de:b2:e9:cd:fb:f5:f9:d8:87

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=BullGuard Ltd.,OU=IT,O=BullGuard Ltd.,L=Heathrow,ST=Middlesex,C=GB

14/09/2011, 07:22
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetDiskFreeSpaceW
GetLongPathNameA
lstrlenA
GetCurrentProcessId
lstrcmpA
SleepEx
GlobalFindAtomA
WaitForSingleObject
SetLocaleInfoW
GetEnvironmentStringsW
IsBadStringPtrA
WinExec
MultiByteToWideChar
ConnectNamedPipe
GetProcessHeap
GetModuleFileNameA
CopyFileExW
GetCurrentDirectoryA
lstrlen
SetLocaleInfoA
lstrcpynW
lstrcmpW
GlobalAlloc
GetUserDefaultLangID
EnumDateFormatsW
lstrcpyW
GetWindowsDirectoryW
CreateDirectoryA
RemoveDirectoryW
CompareFileTime
SearchPathA
GetLastError
ReadDirectoryChangesW
FileTimeToSystemTime
SetCurrentDirectoryW
RaiseException
FileTimeToLocalFileTime
GetStartupInfoW
lstrcpyA
InitializeCriticalSection
GetNumberFormatW
GetModuleFileNameW
GetSystemDirectoryA
LocalAlloc
GetCurrentThread
GetLocaleInfoW
GetProcAddress
GetCurrentDirectoryW
GetExitCodeThread
GetExpandedNameW
SetComputerNameA
FindAtomA
GetVersion
QueryPerformanceCounter
CreateDirectoryW
GetTempPathA
GetLocaleInfoA
GetExitCodeProcess
CreateMailslotA
GetWindowsDirectoryA
GetSystemDirectoryW
MoveFileA
FindAtomW
GetVolumeInformationA
GetTempFileNameA
TlsAlloc
Sleep
CreateEventA
GetOEMCP
DuplicateHandle
LoadResource
Beep
FreeLibrary
LoadLibraryA
GetEnvironmentStringsA
GetExpandedNameA
lstrcpyn

user32

CreateDialogIndirectParamA
SetDlgItemTextA
RegisterWindowMessageW
SendDlgItemMessageW
CharPrevW
GetFocus
SetParent
UpdateLayeredWindow
ShowCaret
LoadMenuA
SetCapture
TrackPopupMenu
DestroyMenu
MonitorFromRect
CopyRect
GetCapture
CharNextW
DefWindowProcA
ShowWindow
CreateDialogParamA
DestroyIcon
TrackPopupMenuEx
MessageBoxA
CharLowerW
LoadIconW
GetCapture
WaitMessage
GetMenuStringA
GetActiveWindow
GetAsyncKeyState
GetKeyState
PeekMessageA
SetFocus
SetCursorPos
RegisterClassExW
CopyIcon
FindWindowW
CharUpperA
CreateAcceleratorTableA
CreateAcceleratorTableW

advapi32

SetSecurityInfoExA
GetSecurityDescriptorDacl
RegisterServiceCtrlHandlerA
GetLocalManagedApplications
AddAccessDeniedObjectAce
GetServiceDisplayNameA
GetManagedApplications
ConvertStringSDToSDDomainW
BuildSecurityDescriptorA
RegQueryInfoKeyW
CryptGenKey
SystemFunction014
CreateWellKnownSid
ImpersonateSelf
CryptSetProviderExW
AllocateLocallyUniqueId
RegNotifyChangeKeyValue
IsValidSid
GetSecurityInfoExW
DeleteAce

shell32

ShellExecuteW
ExtractIconEx
SHGetDiskFreeSpaceA
StrCmpNW
ExtractAssociatedIconW
ExtractIconExA
StrChrIA
StrRChrA
StrRStrW

opengl32

glClearAccum
glGetLightiv
wglUseFontBitmapsA
wglSwapLayerBuffers
glPopAttrib
glEvalCoord2fv
glGetError
glRasterPos2f
glPopName

version

GetFileVersionInfoSizeA
VerLanguageNameW
VerQueryValueA
GetFileVersionInfoW
VerInstallFileA
VerQueryValueW
VerLanguageNameA

ws2_32

getpeername
WSADuplicateSocketW
WSACreateEvent
WSASend
htons
WSAEnumProtocolsA
send
WSADuplicateSocketA
gethostbyname
getprotobyname
getservbyname
getsockname
recv
getservbyport
WSAStartup
getprotobynumber
WSAGetLastError

winmm

mmioStringToFOURCCW
mmioOpenA
mciSendStringA
auxGetDevCapsW
mixerGetLineControlsA
mmioWrite
midiOutClose
DefDriverProc
mixerGetDevCapsA
mixerClose
midiOutLongMsg
midiInGetErrorTextA
mciGetDeviceIDW
midiStreamOut
midiInGetErrorTextW
midiOutGetErrorTextA
midiOutUnprepareHeader
midiStreamClose
mciDriverNotify
midiInUnprepareHeader
waveOutGetPlaybackRate

odbctrac

TraceSQLGetData
TraceSQLError

sqlunirl

ConvertMultiSZNameToW
_GetFileTitle@12
_SetWindowLong@12
_RegSaveKey_@12
_tsystem
_DlgDirSelectEx_@16
_GetCompressedFileSize_@8
_EnumResourceLanguages_@20
_EnumResourceNames_@16
_VkKeyScan_@4
_QueryServiceConfig_@16

Sections

.TgZ
Size: 1024B - Virtual size: 866B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.nRm
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.AZ
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Gm
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.N
Size: 9KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.DpD
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.VI
Size: 3KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b3ecfddf29c908b0f14a2895ba7101e5

Code Sign

04:00:00:00:00:01:23:9e:0f:ac:b3Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:20:19:c1:90:66Certificate

Key Usages

01:00:00:00:00:01:25:b0:b4:cc:01Certificate

Extended Key Usages

Key Usages

01:00:00:00:00:01:2b:f2:4a:45:3eCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:23:9e:0f:af:24Certificate

Extended Key Usages

Key Usages

83:28:ae:fc:4c:4b:8d:8c:7a:f0:88:de:b2:e9:cd:fb:f5:f9:d8:87Signer

Signature Validations

Verification

14/09/2011, 07:22 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

opengl32

version

ws2_32

winmm

odbctrac

sqlunirl

Sections

.TgZ Size: 1024B - Virtual size: 866B

.nRm Size: 11KB - Virtual size: 11KB

.AZ Size: 89KB - Virtual size: 88KB

.Gm Size: 6KB - Virtual size: 14KB

.N Size: 9KB - Virtual size: 154KB

.DpD Size: 90KB - Virtual size: 89KB

.VI Size: 3KB - Virtual size: 92KB

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 1024B - Virtual size: 1024B

04:00:00:00:00:01:23:9e:0f:ac:b3
Certificate

04:00:00:00:00:01:20:19:c1:90:66
Certificate

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

01:00:00:00:00:01:2b:f2:4a:45:3e
Certificate

04:00:00:00:00:01:23:9e:0f:af:24
Certificate

83:28:ae:fc:4c:4b:8d:8c:7a:f0:88:de:b2:e9:cd:fb:f5:f9:d8:87
Signer

14/09/2011, 07:22
Valid: false

.TgZ
Size: 1024B - Virtual size: 866B

.nRm
Size: 11KB - Virtual size: 11KB

.AZ
Size: 89KB - Virtual size: 88KB

.Gm
Size: 6KB - Virtual size: 14KB

.N
Size: 9KB - Virtual size: 154KB

.DpD
Size: 90KB - Virtual size: 89KB

.VI
Size: 3KB - Virtual size: 92KB

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 1024B - Virtual size: 1024B