623b28371534c0c628f6e6c342b28ec58c7cccba9b17ee1f22828760588f47aa

Sharing

Copy URL Twitter E-mail

General

Target

623b28371534c0c628f6e6c342b28ec58c7cccba9b17ee1f22828760588f47aa
Size

2.4MB
MD5

0ac24fe03a48c762946b1592c29c9244
SHA1

1b797fd5f47bd8f2ea99357c2619cf47112409dd
SHA256

623b28371534c0c628f6e6c342b28ec58c7cccba9b17ee1f22828760588f47aa
SHA512

51e86d6b2a4f408c036d1110e9da519f1efb7dc6d67c7e0d8c60e207c3e83681d7942aff086b96868700d7bf20252084980c065eb2afafc67a2491cdc95ac511
SSDEEP

49152:VFSx/reWfecUQNB6OY5AULbKyuvTP3ubQLYYuJLH1Qfb:VFSteWfek6TAULgALH

Score

N/A

Malware Config

Signatures

Files

623b28371534c0c628f6e6c342b28ec58c7cccba9b17ee1f22828760588f47aa
.exe windows x86

c2b5bb375ed184219a6ba139a694c061

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

68:2b:2c:3c:d8:59:f9:61:d9:21:22:92:a7:2c:20:8b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

06/10/2009, 00:00

Not After

10/10/2012, 23:59

Subject

CN=LogMeIn\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=LogMeIn\, Inc.,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d3:a0:7a:27:c3:99:16:cd:9a:77:78:70:4e:f8:de:ff:40:ad:01:78
Signer

Actual PE Digest

d3:a0:7a:27:c3:99:16:cd:9a:77:78:70:4e:f8:de:ff:40:ad:01:78

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=LogMeIn\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=LogMeIn\, Inc.,ST=Massachusetts,C=US

13/09/2012, 11:07
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mpr

WNetCloseEnum
WNetEnumResourceW
WNetOpenEnumW

ws2_32

ntohl
recvfrom
WSAStartup
WSACleanup
recv
ioctlsocket
select
send
shutdown
gethostbyname
socket
WSACloseEvent
WSAEventSelect
WSACreateEvent
htonl
accept
__WSAFDIsSet
listen
bind
WSAIoctl
gethostname
inet_ntoa
inet_addr
sendto
getpeername
ntohs
getsockname
WSAGetLastError
connect
htons
WSASetLastError
getsockopt
closesocket
setsockopt

winmm

timeGetDevCaps
timeSetEvent
timeKillEvent
PlaySoundA

kernel32

GetOverlappedResult
ConnectNamedPipe
CreateNamedPipeW
FlushFileBuffers
DisconnectNamedPipe
FileTimeToSystemTime
GetDateFormatW
GetTimeFormatW
GetCurrentThreadId
FindNextFileW
GetShortPathNameW
GetModuleFileNameA
CreateProcessA
ExpandEnvironmentStringsW
CreateFileA
GetCommandLineW
GetLocalTime
GetCurrentProcessId
CreateMutexW
CreateSemaphoreW
ReleaseMutex
ReleaseSemaphore
GetStartupInfoA
GetFileAttributesA
CreateDirectoryW
CreateFileW
InterlockedIncrement
InterlockedDecrement
MultiByteToWideChar
CreateMutexA
SetEndOfFile
WritePrivateProfileSectionA
WritePrivateProfileStringA
GetPrivateProfileStringA
SetFileAttributesA
GetLogicalDriveStringsA
SetFilePointer
GetEnvironmentVariableW
GetSystemTime
GetDateFormatA
GetTimeFormatA
GetTimeZoneInformation
OutputDebugStringW
HeapAlloc
HeapFree
GetProcessHeap
SuspendThread
ResumeThread
MulDiv
GlobalLock
GlobalUnlock
GlobalAlloc
WideCharToMultiByte
LoadLibraryW
CreateEventA
GetFileAttributesW
GetSystemInfo
GetCurrentThread
DeviceIoControl
GetPriorityClass
GetProcessTimes
WaitForMultipleObjects
ReadProcessMemory
QueryPerformanceFrequency
QueryPerformanceCounter
GetFileTime
SetFileAttributesW
GetLogicalDrives
RemoveDirectoryW
GetCurrentDirectoryA
VirtualQuery
OutputDebugStringA
GetComputerNameA
FileTimeToLocalFileTime
SetThreadPriority
VirtualAllocEx
VirtualFreeEx
WriteProcessMemory
lstrcpyW
SetUnhandledExceptionFilter
GetThreadContext
GetEnvironmentVariableA
GetSystemDirectoryA
GetVersionExA
GetTempFileNameA
MapViewOfFile
UnmapViewOfFile
GetUserDefaultLangID
GetSystemTimeAsFileTime
SystemTimeToFileTime
CreateRemoteThread
DuplicateHandle
GetVersionExW
lstrlenW
InterlockedExchange
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
RaiseException
GetExitCodeThread
LoadLibraryExW
GetFileInformationByHandle
FreeConsole
SetConsoleCtrlHandler
CreateFileMappingW
CreateFileMappingA
OpenFileMappingW
OpenFileMappingA
GlobalSize
GetStdHandle
GlobalMemoryStatus
GetFileType
HeapDestroy
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
ExitProcess
GetStartupInfoW
HeapSize
CreateThread
ExitThread
HeapReAlloc
IsDebuggerPresent
UnhandledExceptionFilter
CancelIo
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
CreateEventW
ResetEvent
SetEvent
GlobalFree
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
GetTickCount
GetExitCodeProcess
DeleteCriticalSection
InitializeCriticalSection
TerminateThread
TerminateProcess
SetLastError
SetFileTime
ReadFile
GetFileSize
WriteFile
GetVersion
SetErrorMode
LocalAlloc
CloseHandle
LocalFree
OpenProcess
MoveFileExW
GetTempFileNameW
DeleteFileW
CopyFileW
lstrcmpA
lstrcpyA
DeleteFileA
GetTempPathA
GetModuleHandleA
FindNextFileA
LoadLibraryA
FindClose
RemoveDirectoryA
GetProcAddress
GetLastError
FindFirstFileA
SetCurrentDirectoryA
CreateDirectoryA
lstrcatA
Sleep
GetWindowsDirectoryA
GetModuleHandleW
GetCurrentProcess
FreeLibrary
lstrcpynA
lstrlenA
HeapCreate
VirtualFree
VirtualAlloc
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
RtlUnwind
SetHandleCount
CompareStringA
CompareStringW
GetConsoleCP
GetConsoleMode
GetModuleFileNameW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetStdHandle
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GetThreadLocale
FlushConsoleInputBuffer
GetDriveTypeA
ReadConsoleInputA
SetConsoleMode
CompareFileTime
GetFullPathNameA

user32

EnumDesktopWindows
SetClipboardViewer
UnionRect
OpenInputDesktop
MessageBeep
PostQuitMessage
ChangeClipboardChain
GetPriorityClipboardFormat
FindWindowW
mouse_event
keybd_event
SetKeyboardState
UpdateWindow
GetGUIThreadInfo
GetKeyboardLayout
CharLowerW
CharUpperW
ToUnicodeEx
DrawIconEx
GetUserObjectInformationW
MessageBoxA
TranslateMessage
IsWindowUnicode
SetClipboardData
EmptyClipboard
EndMenu
UnregisterClassW
RegisterClassExW
GetClassInfoExW
GetClassNameW
CopyRect
IsWindowEnabled
IsChild
IsDialogMessageW
SystemParametersInfoW
GetDlgCtrlID
ClientToScreen
GetCapture
WaitMessage
PeekMessageW
SetCapture
GetIconInfo
WindowFromPoint
GetDialogBaseUnits
IsIconic
GetActiveWindow
IntersectRect
GetAncestor
SetScrollInfo
GetScrollInfo
GetScrollBarInfo
GetKeyState
EqualRect
CloseClipboard
GetClipboardData
ScreenToClient
OpenClipboard
GetWindowTextLengthW
GetFocus
SetForegroundWindow
RegisterHotKey
AttachThreadInput
SetWindowPlacement
GetWindowThreadProcessId
UnregisterHotKey
GetForegroundWindow
LoadImageW
GetWindowPlacement
GetMenu
IsWindowVisible
LoadImageA
ExitWindowsEx
SystemParametersInfoA
RegisterWindowMessageW
SetCursorPos
GetCursorPos
GetKeyboardState
RegisterWindowMessageA
SetClassLongW
DrawTextW
SetRectEmpty
FillRect
LoadCursorW
PtInRect
IsRectEmpty
TrackMouseEvent
ReleaseCapture
InvalidateRect
RedrawWindow
SetRect
GetParent
GetSysColor
SetCursor
GetCursor
DestroyWindow
EnumChildWindows
CallNextHookEx
UnhookWindowsHookEx
ReleaseDC
GetDC
CallWindowProcW
DefWindowProcW
CreateWindowExW
GetDesktopWindow
MapWindowPoints
ShowWindow
SendMessageW
MoveWindow
EnableWindow
OffsetRect
DialogBoxIndirectParamW
SetWindowPos
GetSystemMetrics
CloseWindowStation
SetProcessWindowStation
OpenWindowStationW
GetProcessWindowStation
PostThreadMessageW
SendInput
UnregisterClassA
wsprintfA
GetClientRect
GetDlgItem
SetFocus
SetWindowLongW
GetWindowTextW
wsprintfW
SetWindowTextW
CloseDesktop
SetThreadDesktop
GetThreadDesktop
EnumWindows
EndPaint
BeginPaint
SetWindowRgn
AdjustWindowRectEx
GetMessageTime
GetMessagePos
SetCaretPos
GetWindowDC
IsWindow
GetWindow
DispatchMessageA
SetActiveWindow
DispatchMessageW
SetTimer
PostMessageW
GetSysColorBrush
GetWindowLongW
KillTimer
EndDialog
GetWindowRect
DestroyIcon

gdi32

ExtSelectClipRgn
OffsetRgn
OffsetWindowOrgEx
CreateFontW
PtInRegion
SetWindowOrgEx
GetStockObject
CreateDCW
FrameRgn
ExtCreatePen
SetDIBits
CreateRectRgnIndirect
SetRectRgn
GetSystemPaletteEntries
CreateDCA
SetDIBColorTable
ExtEscape
GetRegionData
GetBitmapBits
CreateEllipticRgn
CreateRoundRectRgn
GetWindowOrgEx
CreateBrushIndirect
CreateRectRgn
GetRgnBox
CombineRgn
ExtTextOutW
GetDeviceCaps
StretchBlt
GetObjectA
SetPixel
CreateDIBSection
SelectClipRgn
LineTo
DeleteDC
MoveToEx
SetTextColor
SetBkMode
CreatePen
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
GetTextExtentPoint32W
GetTextExtentExPointW
GetDIBits
GetClipRgn
CreateFontIndirectW
SetBkColor
DeleteObject
GetObjectW
CreateSolidBrush
SelectObject

advapi32

ReportEventA
DeregisterEventSource
SetTokenInformation
GetTokenInformation
FreeSid
SetNamedSecurityInfoA
SetNamedSecurityInfoW
IsValidSid
CloseEventLog
RegOpenKeyExW
GetSidSubAuthority
GetSidSubAuthorityCount
EqualSid
RegQueryValueExW
LookupAccountSidW
RevertToSelf
ImpersonateLoggedOnUser
LookupAccountNameW
IsValidSecurityDescriptor
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegCloseKey
RegEnumValueA
RegQueryInfoKeyA
RegOpenKeyExA
RegQueryValueExA
RegisterEventSourceA

shell32

SHChangeNotify

ole32

CoRevokeClassObject
GetRunningObjectTable
CreateFileMoniker
CoRegisterClassObject
CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoCreateInstance
CoInitialize
CreateBindCtx
CoTaskMemFree

oleaut32

SafeArrayUnaccessData
VariantTimeToSystemTime
VariantClear
VariantInit
SysAllocString
SafeArrayDestroy
SafeArrayCreateVector
SafeArrayGetDim
SafeArrayRedim
SafeArrayAccessData
UnRegisterTypeLi
RegisterTypeLi
LoadTypeLi
SysFreeString

shlwapi

PathFileExistsW
StrCpyW

version

GetFileVersionInfoA
VerQueryValueA

wininet

DetectAutoProxyUrl
InternetQueryOptionA

urlmon

URLDownloadToFileA

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 325KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 761KB - Virtual size: 761KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c2b5bb375ed184219a6ba139a694c061

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

68:2b:2c:3c:d8:59:f9:61:d9:21:22:92:a7:2c:20:8bCertificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

d3:a0:7a:27:c3:99:16:cd:9a:77:78:70:4e:f8:de:ff:40:ad:01:78Signer

Signature Validations

Verification

13/09/2012, 11:07 Valid: false

Headers

File Characteristics

Imports

mpr

ws2_32

winmm

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

version

wininet

urlmon

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 325KB - Virtual size: 324KB

.data Size: 38KB - Virtual size: 188KB

.tls Size: 1KB - Virtual size: 1KB

.rsrc Size: 761KB - Virtual size: 761KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

68:2b:2c:3c:d8:59:f9:61:d9:21:22:92:a7:2c:20:8b
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

d3:a0:7a:27:c3:99:16:cd:9a:77:78:70:4e:f8:de:ff:40:ad:01:78
Signer

13/09/2012, 11:07
Valid: false

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 325KB - Virtual size: 324KB

.data
Size: 38KB - Virtual size: 188KB

.tls
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 761KB - Virtual size: 761KB