53ce05df41215e14f628352d76dc51acdcfd24ae621cd9159321c494b6d96bf9

Sharing

Copy URL Twitter E-mail

General

Target

53ce05df41215e14f628352d76dc51acdcfd24ae621cd9159321c494b6d96bf9
Size

81KB
MD5

9c4f92875151c301b2b3e00ec30579ff
SHA1

06f7a68bbcb884bb8c14e33a31b1922ff36ef8fe
SHA256

53ce05df41215e14f628352d76dc51acdcfd24ae621cd9159321c494b6d96bf9
SHA512

7363193675138fa94262f44cc919aab9e41cb57de2d3190e41c907ba98698e84887f78a8b3706a68dd65160cd8d4279e7011bedf4b43b726bc79666a84d971c2
SSDEEP

1536:SOwvbQN9SONir/ZgsnW2Q2DZ7BkcH8sRy7QDfpHliYipJR2wCa:SOIb/AQq4Q2DYsKYip3

Score

N/A

Malware Config

Signatures

Files

53ce05df41215e14f628352d76dc51acdcfd24ae621cd9159321c494b6d96bf9
.exe windows x86

051ba75e0ce44bfe373254bbd9b35b24

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

18:b3:08:3b:c9:aa:b7:13:71:41:f7:dd:b5:d9:89:bc:16:11:8f:58
Signer

Actual PE Digest

18:b3:08:3b:c9:aa:b7:13:71:41:f7:dd:b5:d9:89:bc:16:11:8f:58

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

16/03/2011, 07:19
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoCreateFile
RtlCopyUnicodeString
ZwUnmapViewOfSection
_except_handler3
_stricmp
MmGetSystemRoutineAddress
RtlInitUnicodeString
ExInitializeResourceLite
DbgPrint
IoFreeMdl
MmUnlockPages
MmMapLockedPagesSpecifyCache
MmProbeAndLockPages
IoAllocateMdl
RtlAnsiStringToUnicodeString
RtlInitAnsiString
IofCallDriver
ObfDereferenceObject
IoBuildDeviceIoControlRequest
KeInitializeEvent
IoGetDeviceObjectPointer
IofCompleteRequest
SeReleaseSubjectContext
SeTokenIsAdmin
SeCaptureSubjectContext
RtlFreeUnicodeString
IoDeleteDevice
KeWaitForSingleObject
ProbeForWrite
IoGetRelatedDeviceObject
ObReferenceObjectByHandle
IoFileObjectType
IoGetAttachedDevice
IoFreeIrp
KeSetEvent
KeGetCurrentThread
IoAllocateIrp
IoGetBaseFileSystemDeviceObject
RtlCompareUnicodeString
MmIsAddressValid
ZwQuerySystemInformation
ObQueryNameString
ZwSetInformationObject
NtClose
ZwWaitForSingleObject
PsCreateSystemThread
KeUnstackDetachProcess
KeStackAttachProcess
PsLookupProcessByProcessId
RtlEqualUnicodeString
ZwDuplicateObject
PsGetCurrentProcessId
ZwOpenProcess
ExGetPreviousMode
IoGetCurrentProcess
PsProcessType
ZwOpenKey
MmSystemRangeStart
PsGetVersion
IoCreateSymbolicLink
ZwCreateSection
strrchr
RtlImageDirectoryEntryToData
ZwEnumerateValueKey
ZwEnumerateKey
ZwDeleteValueKey
ZwDeleteKey
ZwQueryValueKey
ZwSetValueKey
ZwCreateKey
ObOpenObjectByName
MmUserProbeAddress
ExAllocatePoolWithQuotaTag
strncpy
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
SeDeleteObjectAuditAlarm
_strnicmp
PsGetCurrentThreadId
ZwFlushKey
KeEnterCriticalRegion
KeLeaveCriticalRegion
ObReferenceObjectByName
IoDriverObjectType
ZwQueryDirectoryObject
ZwOpenDirectoryObject
ObfReferenceObject
ZwCreateFile
KeTickCount
KeBugCheckEx
NtBuildNumber
IoCheckEaBufferValidity
SePrivilegeCheck
SeExports
SeAppendPrivileges
memmove
KeDelayExecutionThread
IoQueryFileInformation
IoCancelIrp
KeReadStateEvent
IoEnqueueIrp
KeClearEvent
ExRaiseStatus
ExEventObjectType
RtlVolumeDeviceToDosName
ObCreateObject
SeSetAccessStateGenericMapping
RtlMapGenericMask
SeCaptureSecurityDescriptor
ObOpenObjectByPointer
ZwOpenSymbolicLinkObject
ObReferenceObjectByPointer
IoDeviceObjectType
SeDeleteAccessState
ObInsertObject
SeCreateAccessState
ExQueueWorkItem
IoAcquireVpbSpinLock
IoReleaseVpbSpinLock
ZwClose
ZwMapViewOfSection
ExFreePoolWithTag
ExAllocatePoolWithTag
IoCreateDevice
ProbeForRead

hal

KfRaiseIrql
KfLowerIrql
ExAcquireFastMutex
ExReleaseFastMutex
KeRaiseIrqlToDpcLevel

Sections

.text
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

051ba75e0ce44bfe373254bbd9b35b24

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

18:b3:08:3b:c9:aa:b7:13:71:41:f7:dd:b5:d9:89:bc:16:11:8f:58Signer

Signature Validations

Verification

16/03/2011, 07:19 Valid: false

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 57KB - Virtual size: 56KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 5KB - Virtual size: 5KB

INIT Size: 4KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 4KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

18:b3:08:3b:c9:aa:b7:13:71:41:f7:dd:b5:d9:89:bc:16:11:8f:58
Signer

16/03/2011, 07:19
Valid: false

.text
Size: 57KB - Virtual size: 56KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 5KB - Virtual size: 5KB

INIT
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 4KB