87d0f9e25d96e49ca45df40b9c535c2cc2a0aca01f200a0df2c9e206bd098db4

Sharing

Copy URL

Twitter E-mail

General

Target

87d0f9e25d96e49ca45df40b9c535c2cc2a0aca01f200a0df2c9e206bd098db4
Size

202KB
MD5

4fcfeb3f0fb33eab0dade7514e0811d7
SHA1

51076e9bf122ac301cca53f82d29bcf35f537f6c
SHA256

87d0f9e25d96e49ca45df40b9c535c2cc2a0aca01f200a0df2c9e206bd098db4
SHA512

2aa4c42b07e4f728ac1e56a65418076911c66e5a7895b9987d32c5c930333adccbb6b9e7c618e466149c8aeec9f43ebc7fa043658d8dffcaa7f3d204a75ea470
SSDEEP

6144:aFP2x9+EkFBOg3S1/hHpa1ZYe0Es/YdDMZjnq4hy9F:a0+C3Hw1ZYe0Es/qMJq4Y9F

Score

N/A

Malware Config

Signatures

Files

87d0f9e25d96e49ca45df40b9c535c2cc2a0aca01f200a0df2c9e206bd098db4
.exe windows x86

98b91a81dbe36261f9ded54c1fd3ba21

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10-05-2010 00:00

Not After

10-05-2015 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2c:01:58:55:22:e8:fa:61:13:8a:ef:a4:f6:27:ee:a8
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

02-03-2010 00:00

Not After

02-03-2011 23:59

Subject

CN=Comodo Security Solutions\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Comodo Security Solutions\, Inc.,L=Jersey City,ST=New Jersey,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

cb:01:89:16:d4:d2:f0:29:5d:20:1e:da:04:75:0d:cc:3f:10:d9:9f
Signer

Actual PE Digest

cb:01:89:16:d4:d2:f0:29:5d:20:1e:da:04:75:0d:cc:3f:10:d9:9f

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Comodo Security Solutions\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Comodo Security Solutions\, Inc.,L=Jersey City,ST=New Jersey,C=US

01-06-2010 17:50
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindAtomW
GlobalFindAtomW
GetFileAttributesA
OpenEventA
OpenFile
lstrcatA
GetFileTime
CreateMutexA
CreateDirectoryW
MulDiv
SetCalendarInfoW
GetFileAttributesW
lstrcmp
GetCommandLineW
GetExpandedNameA
CreateFileMappingW
GetProcAddress
CreateFileW
Sleep
AddAtomA
SetComputerNameA
CreateFileMappingW
ReadDirectoryChangesW
GetModuleHandleA
WaitForSingleObject
lstrlenW
GetTempPathA
GetShortPathNameW

user32

GetMessageA
GetMenuItemInfoW
ActivateKeyboardLayout
InvalidateRgn
DefFrameProcW
GetDC
DialogBoxParamA
CreateWindowExW
CreateDialogIndirectParamA
SendMessageW
GetClassInfoExA
SetTimer
IsDlgButtonChecked
FlashWindow
CreateDesktopA
InsertMenuA
mouse_event
RegisterClassExW
RegisterClassW
CreateAcceleratorTableA
GetSystemMetrics
LoadBitmapW
EmptyClipboard
ShowWindow
GetDlgItemInt
CallWindowProcW
MoveWindow
GetClassInfoExW
WaitForInputIdle
DrawTextA
SetDlgItemTextA
BringWindowToTop
CharPrevW
GetMenuStringW
RemoveMenu
wvsprintfW
LoadMenuA
GetTopWindow
RegisterWindowMessageW
InsertMenuW
SetWindowLongA
GetFocus
SetWindowPos
GetMenuItemCount
CreateAcceleratorTableW
SetFocus
LoadMenuW
SetActiveWindow

gdi32

FixBrushOrgEx
GetRasterizerCaps
SetMapperFlags
GetCharABCWidthsI
GetPixelFormat
GetEnhMetaFilePaletteEntries
CreatePalette
EnumObjects
LineTo
GetLogColorSpaceA
DescribePixelFormat
GetPath
FillPath
GdiGetBatchLimit
GetGlyphOutlineA
GetCharacterPlacementA
CombineRgn

advapi32

RegQueryInfoKeyA
RegCreateKeyA
RegQueryValueW
RegQueryValueA
RegOpenKeyExA
RegDeleteValueA

shell32

SHBrowseForFolder
ExtractIconA
StrRStrW
ExtractAssociatedIconExW

shlwapi

PathIsDirectoryW
SHRegCloseUSKey
SHDeleteValueA

ole32

GetClassFile
CoGetCallerTID
IsValidIid
CoFreeLibrary
CoGetPSClsid

oledlg

OleUIAddVerbMenuA
OleUIPasteSpecialW
OleUIChangeIconW
OleUIBusyW
OleUIInsertObjectW

sqlunirl

_GetDriveType_@4
_OpenBackupEventLog_@8
AllocConvertMultiSZNameToAEx
_EnumDesktops_@12
_EnumResourceLanguages_@20
_UpdateResource_@24
_RegEnumValue_@32
_GetLocaleInfo_@16
_GetPrivateProfileSectionNames_@12
_lstrcpyn_@12
_CreateEvent_@16
__hwrite_@12
_RemoveFontResource_@4
_WritePrivateProfileString_@16
_GetComputerName@8

crypt32

CertFindCTLInStore
CertAddEncodedCertificateToSystemStoreA
I_CertSyncStore
CryptSIPRetrieveSubjectGuid
CryptMsgDuplicate
PFXVerifyPassword
CryptGetKeyIdentifierProperty

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.PhC
Size: 1KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sx
Size: 4KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.U
Size: 1KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.q
Size: 2KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.s
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CYy
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lJsQ
Size: 512B - Virtual size: 197KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 165KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

98b91a81dbe36261f9ded54c1fd3ba21

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

2c:01:58:55:22:e8:fa:61:13:8a:ef:a4:f6:27:ee:a8Certificate

Extended Key Usages

Key Usages

cb:01:89:16:d4:d2:f0:29:5d:20:1e:da:04:75:0d:cc:3f:10:d9:9fSigner

Signature Validations

Verification

01-06-2010 17:50 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

ole32

oledlg

sqlunirl

crypt32

Sections

.text Size: 11KB - Virtual size: 11KB

.PhC Size: 1KB - Virtual size: 36KB

.sx Size: 4KB - Virtual size: 37KB

.U Size: 1KB - Virtual size: 43KB

.q Size: 2KB - Virtual size: 47KB

.data Size: 10KB - Virtual size: 9KB

.s Size: 512B - Virtual size: 5KB

.CYy Size: 512B - Virtual size: 4KB

.lJsQ Size: 512B - Virtual size: 197KB

.rsrc Size: 165KB - Virtual size: 164KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

2c:01:58:55:22:e8:fa:61:13:8a:ef:a4:f6:27:ee:a8
Certificate

cb:01:89:16:d4:d2:f0:29:5d:20:1e:da:04:75:0d:cc:3f:10:d9:9f
Signer

01-06-2010 17:50
Valid: false

.text
Size: 11KB - Virtual size: 11KB

.PhC
Size: 1KB - Virtual size: 36KB

.sx
Size: 4KB - Virtual size: 37KB

.U
Size: 1KB - Virtual size: 43KB

.q
Size: 2KB - Virtual size: 47KB

.data
Size: 10KB - Virtual size: 9KB

.s
Size: 512B - Virtual size: 5KB

.CYy
Size: 512B - Virtual size: 4KB

.lJsQ
Size: 512B - Virtual size: 197KB

.rsrc
Size: 165KB - Virtual size: 164KB