cf4c07d181cb06cbd6d86bddd7f14912cf8380c4f6a4de70221588d279bfe221

Sharing

Copy URL Twitter E-mail

General

Target

cf4c07d181cb06cbd6d86bddd7f14912cf8380c4f6a4de70221588d279bfe221
Size

1.8MB
MD5

fcf11096cace19c01e6b348d1d893ab5
SHA1

5b7dcf080db4ef3d02df5ca81d63591f1b5031d8
SHA256

cf4c07d181cb06cbd6d86bddd7f14912cf8380c4f6a4de70221588d279bfe221
SHA512

5c87bec4ca0c02803c1c3f03ca3f36ab62a0d3560da16785e89385fb0f4ae56bc2be3a6082ac1387b61a91dc6ce5a1a1e9e394cc20744fd7a4d872e324a29ff5
SSDEEP

49152:Y8mT0DJhraHDS2U69XyyFF/yyFF/yyFFg:u0DjaHbyyFRyyFRyyF

Score

N/A

Malware Config

Signatures

Files

cf4c07d181cb06cbd6d86bddd7f14912cf8380c4f6a4de70221588d279bfe221
.exe windows x86

3775e09956d5cd3611aa7d603a79067d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

59:57:34:6b:75:53:24:5d:37:eb:d1:f8:4a:52:b3:a3
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

08/12/2009, 00:00

Not After

11/12/2011, 23:59

Subject

CN=Logitech,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Control Devices,O=Logitech,L=FREMONT,ST=CALIFORNIA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

77:1d:95:2e:44:78:03:cd:20:c9:8d:bc:59:55:8a:8d:b6:aa:96:26
Signer

Actual PE Digest

77:1d:95:2e:44:78:03:cd:20:c9:8d:bc:59:55:8a:8d:b6:aa:96:26

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Logitech,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Control Devices,O=Logitech,L=FREMONT,ST=CALIFORNIA,C=US

11/05/2010, 22:13
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

kernel32

TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
InterlockedIncrement
SetErrorMode
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
HeapReAlloc
RtlUnwind
ExitThread
RaiseException
ExitProcess
SetStdHandle
GetFileType
HeapSize
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
FreeResource
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
VirtualAlloc
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
GlobalFindAtomW
CompareStringW
LoadLibraryA
GetVersionExA
LocalAlloc
GetFileTime
GetFileAttributesW
SetFileAttributesW
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
SetFilePointer
GetThreadLocale
DeleteFileW
MoveFileW
GlobalAddAtomW
GlobalDeleteAtom
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
SetThreadAffinityMask
GetDiskFreeSpaceExW
GetSystemPowerStatus
QueryPerformanceFrequency
TerminateThread
GetLocaleInfoW
CompareStringA
InterlockedExchange
lstrcmpW
GetModuleHandleA
InterlockedDecrement
lstrlenA
lstrcmpA
MulDiv
SuspendThread
SetThreadPriority
WideCharToMultiByte
TerminateProcess
GetCurrentProcessId
OutputDebugStringW
GlobalLock
GlobalUnlock
CopyFileW
Sleep
VerifyVersionInfoW
VerSetConditionMask
GetSystemInfo
GetModuleHandleW
GlobalAlloc
SetEnvironmentVariableW
GetCurrentProcess
GetCurrentThread
IsBadWritePtr
GlobalFree
LocalFree
GetVersionExW
IsBadCodePtr
FreeLibrary
GetProcAddress
LoadLibraryW
GetTickCount
lstrlenW
CreateThread
ReadFile
DisconnectNamedPipe
ConnectNamedPipe
CreateNamedPipeW
PeekNamedPipe
FlushFileBuffers
WriteFile
WaitNamedPipeW
CreateFileW
CreateMutexW
ResumeThread
ReleaseMutex
FormatMessageW
SetWaitableTimer
CancelWaitableTimer
CreateWaitableTimerW
GetModuleFileNameW
GetTempPathW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
MultiByteToWideChar
InitializeCriticalSection
ResetEvent
GetPrivateProfileStringW
GetPrivateProfileIntW
WritePrivateProfileStringW
LoadResource
LockResource
SizeofResource
SetLastError
GetHandleInformation
GetLastError
WaitForMultipleObjectsEx
SetEvent
OpenEventW
FindResourceW
WaitForSingleObject
WaitForMultipleObjects
CreateEventW
GetCurrentThreadId
GetExitCodeProcess
CloseHandle
GetStartupInfoA
InterlockedCompareExchange

user32

DestroyMenu
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
RegisterWindowMessageW
SendDlgItemMessageA
WinHelpW
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetTopWindow
DestroyWindow
GetMessageTime
MapWindowPoints
UpdateWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
DefWindowProcW
SystemParametersInfoA
GetWindowPlacement
CharUpperW
GetWindowTextLengthW
GetWindowTextW
SetFocus
ShowWindow
MoveWindow
GetDlgCtrlID
SetWindowTextW
IsDialogMessageW
SendDlgItemMessageW
GetDlgItem
GetWindow
GetWindowThreadProcessId
GetLastActivePopup
IsWindowEnabled
MessageBoxW
GetSysColor
EndPaint
ClientToScreen
GrayStringW
TabbedTextOutW
UnhookWindowsHookEx
GetMenuItemID
GetMenuItemCount
GetSubMenu
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuW
GetMenuState
CheckMenuItem
SetWindowsHookExW
UnregisterClassA
wsprintfW
AttachThreadInput
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
GetKeyState
PeekMessageW
ValidateRect
DrawIcon
IsIconic
TrackPopupMenu
SetMenuDefaultItem
AppendMenuW
CreatePopupMenu
PostQuitMessage
SetActiveWindow
SetWindowLongW
CallWindowProcW
GetCursorPos
ScreenToClient
GetMessagePos
DestroyCursor
ReleaseDC
GetDC
SetCursor
LoadCursorW
FrameRect
GetSysColorBrush
UnregisterClassW
FillRect
DrawTextExW
SetForegroundWindow
SetWindowPos
CopyRect
GetDesktopWindow
IsRectEmpty
BringWindowToTop
IsWindowVisible
InvalidateRect
OffsetRect
SystemParametersInfoW
EnableMenuItem
EnableWindow
GetSystemMenu
GetMenu
GetWindowLongW
AdjustWindowRectEx
GetParent
GetClientRect
LoadIconW
InflateRect
GetSystemMetrics
MonitorFromPoint
SetRect
GetWindowRect
PtInRect
DrawTextW
GetForegroundWindow
FindWindowW
PostThreadMessageW
SendMessageW
IsWindow
SetTimer
KillTimer
PostMessageW
BeginPaint

gdi32

SetWindowExtEx
ScaleWindowExtEx
ScaleViewportExtEx
OffsetViewportOrgEx
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetTextExtentExPointW
GetObjectW
CreateFontW
GetClipBox
SetMapMode
RestoreDC
SaveDC
CreateBitmap
SetBkColor
CreateBrushIndirect
GetTextExtentPoint32W
GetStockObject
SetBkMode
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
SetTextColor
DeleteObject
CreateSolidBrush
CombineRgn
CreateRectRgnIndirect
FillRgn
DeleteDC
GetDeviceCaps
SetViewportExtEx
SetViewportOrgEx

msimg32

GradientFill

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

CryptAcquireContextW
RegQueryValueW
RegEnumKeyW
RegOpenKeyW
CryptReleaseContext
CryptVerifySignatureW
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptImportKey
SetFileSecurityW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegDeleteKeyW
RegCloseKey
RegFlushKey
RegCreateKeyExW
OpenProcessToken
ConvertStringSecurityDescriptorToSecurityDescriptorW

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHCreateDirectoryExW
ShellExecuteExW
ShellExecuteW
Shell_NotifyIconW
SHGetFolderPathW

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameW
PathStripToRootW
PathIsUNCW
UrlUnescapeW
PathFindExtensionW
PathCanonicalizeW

ole32

CoTaskMemFree
CoTaskMemAlloc
CreateStreamOnHGlobal
CoCreateGuid
CoInitialize
CoUninitialize
StringFromGUID2

oleaut32

VariantClear
VariantChangeType
VariantInit

gdiplus

GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromStream
GdipFree
GdipGetImageHeight
GdipGetImageWidth
GdiplusStartup
GdipCreateBitmapFromStreamICM
GdipCreateFromHDC
GdipDeleteGraphics
GdipDrawImageI
GdipAlloc

wininet

InternetOpenUrlW
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetOpenW
InternetGetLastResponseInfoW
InternetCloseHandle
HttpQueryInfoW
InternetGetConnectedState
InternetCheckConnectionW
InternetCrackUrlW
InternetCanonicalizeUrlW
InternetQueryOptionW
InternetSetOptionExW
InternetQueryDataAvailable

setupapi

SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW

msi

ord96
ord72
ord232
ord8

Sections

.text
Size: 695KB - Virtual size: 694KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 278KB - Virtual size: 278KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 869KB - Virtual size: 869KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3775e09956d5cd3611aa7d603a79067d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

59:57:34:6b:75:53:24:5d:37:eb:d1:f8:4a:52:b3:a3Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

77:1d:95:2e:44:78:03:cd:20:c9:8d:bc:59:55:8a:8d:b6:aa:96:26Signer

Signature Validations

Verification

11/05/2010, 22:13 Valid: false

Headers

File Characteristics

Imports

version

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

gdiplus

wininet

setupapi

msi

Sections

.text Size: 695KB - Virtual size: 694KB

.rdata Size: 278KB - Virtual size: 278KB

.data Size: 15KB - Virtual size: 41KB

.rsrc Size: 869KB - Virtual size: 869KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

59:57:34:6b:75:53:24:5d:37:eb:d1:f8:4a:52:b3:a3
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

77:1d:95:2e:44:78:03:cd:20:c9:8d:bc:59:55:8a:8d:b6:aa:96:26
Signer

11/05/2010, 22:13
Valid: false

.text
Size: 695KB - Virtual size: 694KB

.rdata
Size: 278KB - Virtual size: 278KB

.data
Size: 15KB - Virtual size: 41KB

.rsrc
Size: 869KB - Virtual size: 869KB