b9631a855da93953305bc804d7670b5b626128f903e0fb98f25c54f761d0380a

Sharing

Copy URL Twitter E-mail

General

Target

b9631a855da93953305bc804d7670b5b626128f903e0fb98f25c54f761d0380a
Size

233KB
MD5

4f747463544f0f43f93da359974c3d4a
SHA1

7c61fcaaadde658aff8f8464c9ee2efbc55af78f
SHA256

b9631a855da93953305bc804d7670b5b626128f903e0fb98f25c54f761d0380a
SHA512

0c5216195ededfc8a3b470f99f2b77b60cd20b512eb901975b9c543e37322d44319da72fd16926849940d97f30e2ac3fd204c206f49d759192cb6725756d2e1c
SSDEEP

6144:f/qowoBMm6+5qTqQhy5JTaUc/Y8KKTYel/tIbxgA9:f/q1SMIwjhgJmY8KKTntIb6A9

Score

N/A

Malware Config

Signatures

Files

b9631a855da93953305bc804d7670b5b626128f903e0fb98f25c54f761d0380a
.exe windows x86

83e5176c873a5ca25265e62924f03399

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:47:b0:da:73:5e:fb:4b:02:0f:c8:38:ad:98:21:16
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

20/07/2010, 00:00

Not After

18/08/2011, 23:59

Subject

CN=Immunet Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Immunet Corporation,L=Woodside,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a1:c1:4b:d1:88:25:f5:12:cc:b8:83:09:ee:a0:f1:3e:d1:6d:3e:7c
Signer

Actual PE Digest

a1:c1:4b:d1:88:25:f5:12:cc:b8:83:09:ee:a0:f1:3e:d1:6d:3e:7c

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Immunet Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Immunet Corporation,L=Woodside,ST=California,C=US

18/07/2011, 23:04
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RemoveDirectoryA
GetVolumeInformationA
LoadLibraryA
SetLocaleInfoA
GetFileAttributesW
EnumCalendarInfoA
DosDateTimeToFileTime
GetExpandedNameW
GetStartupInfoA
GetProcAddress
GlobalGetAtomNameA
ReplaceFileW
HeapCreate
GetACP
LoadLibraryExA
MoveFileW
SleepEx
AddAtomA
GetEnvironmentVariableA
GetCurrentThreadId
GetThreadPriority
FatalAppExitA
GetMailslotInfo
OpenSemaphoreW
OpenEventA
GetUserDefaultLangID
GlobalFindAtomW
EnumCalendarInfoW
lstrlenA
QueryPerformanceFrequency
lstrcmpW
GetStartupInfoW
lstrlen
GetShortPathNameA
lstrcatA
CreateEventA
AddAtomW
OpenFile
SetCurrentDirectoryW
BeginUpdateResourceW
GetCurrentDirectoryW
GetStringTypeA
LocalAlloc
CreateMutexA

user32

PeekMessageW
InsertMenuA
GetClassInfoA
MessageBoxIndirectA
GetSysColorBrush
PostMessageW
GetMessageW
InsertMenuItemW
OffsetRect
DefWindowProcW
SendDlgItemMessageW
GetForegroundWindow
EnumWindows
LoadImageA
SetDlgItemInt
DialogBoxIndirectParamA
GetIconInfo
PostQuitMessage
CharUpperW
CreateDialogParamW
GetSystemMetrics
CreateMenu

gdi32

CreateFontIndirectW
CreateDIBPatternBrushPt
RemoveFontResourceW
CreatePolygonRgn
GetRasterizerCaps
AddFontResourceW
CreateRectRgn
CreateEllipticRgn
CreateFontW
CreateFontIndirectExW
AddFontResourceA
StretchDIBits
CreateCompatibleDC

shell32

ShellExecuteExA
SHCreateDirectoryExW
StrCmpNW
StrCmpNIW
SHGetDiskFreeSpaceExA
ExtractIconExA
StrNCmpW

ole32

OleUninitialize
OleInitialize
CoGetMalloc
CoDosDateTimeToFileTime
CoGetObject
CoGetCallerTID
CoDeactivateObject
CLSIDFromString
CLSIDFromProgID
CoFileTimeNow

wininet

InternetOpenW
InternetSetDialStateW

oledlg

OleUICanConvertOrActivateAs
OleUIConvertW
OleUIPasteSpecialW
OleUIObjectPropertiesA
OleUIBusyW
OleUIUpdateLinksW
OleUIInsertObjectA
OleUIChangeSourceA

Sections

.o
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Aq
Size: 3KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.JZ
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.peir
Size: 2KB - Virtual size: 334KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.a
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.jLps
Size: 3KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mk
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ShW
Size: 13KB - Virtual size: 325KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ifSj
Size: 5KB - Virtual size: 422KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

83e5176c873a5ca25265e62924f03399

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

25:47:b0:da:73:5e:fb:4b:02:0f:c8:38:ad:98:21:16Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

a1:c1:4b:d1:88:25:f5:12:cc:b8:83:09:ee:a0:f1:3e:d1:6d:3e:7cSigner

Signature Validations

Verification

18/07/2011, 23:04 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

wininet

oledlg

Sections

.o Size: 2KB - Virtual size: 2KB

.Aq Size: 3KB - Virtual size: 36KB

.JZ Size: 83KB - Virtual size: 83KB

.peir Size: 2KB - Virtual size: 334KB

.a Size: 13KB - Virtual size: 13KB

.jLps Size: 3KB - Virtual size: 43KB

.mk Size: 82KB - Virtual size: 82KB

.ShW Size: 13KB - Virtual size: 325KB

.ifSj Size: 5KB - Virtual size: 422KB

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 1024B - Virtual size: 1024B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

25:47:b0:da:73:5e:fb:4b:02:0f:c8:38:ad:98:21:16
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

a1:c1:4b:d1:88:25:f5:12:cc:b8:83:09:ee:a0:f1:3e:d1:6d:3e:7c
Signer

18/07/2011, 23:04
Valid: false

.o
Size: 2KB - Virtual size: 2KB

.Aq
Size: 3KB - Virtual size: 36KB

.JZ
Size: 83KB - Virtual size: 83KB

.peir
Size: 2KB - Virtual size: 334KB

.a
Size: 13KB - Virtual size: 13KB

.jLps
Size: 3KB - Virtual size: 43KB

.mk
Size: 82KB - Virtual size: 82KB

.ShW
Size: 13KB - Virtual size: 325KB

.ifSj
Size: 5KB - Virtual size: 422KB

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 1024B - Virtual size: 1024B