eacea4022c46e811db20162dae5f221f9a8c19409e245f6a7aa8e589636b32f0

Sharing

Copy URL

Twitter E-mail

General

Target

eacea4022c46e811db20162dae5f221f9a8c19409e245f6a7aa8e589636b32f0
Size

204KB
MD5

08f50cedc4a45dcd4cb81964aaee2895
SHA1

bde451e2903dae5773412e064b65bbade6ea6bd3
SHA256

eacea4022c46e811db20162dae5f221f9a8c19409e245f6a7aa8e589636b32f0
SHA512

a33f4349ad5164401bec2fd7fca0f4c6b758bebe6795cfd246854ca0fd2a427eb6cc0652eff2b9f01d8cf62624ba5a5ab923df914b6045ad832d4bfc144d95fb
SSDEEP

3072:K5KNIEz67YVPneURf6RQFkgf8cqYjCXnOVHyzuLs8DJSzfU8tF36:K5LsoURkWjC3OVWYs8ufxF36

Score

N/A

Malware Config

Signatures

Files

eacea4022c46e811db20162dae5f221f9a8c19409e245f6a7aa8e589636b32f0
.exe windows x86

043132cc5076527b31677cb0745dee65

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:eb:fb:cf:c7:97:0c:88:7c:b0:51:0a:a4:23:a6:04
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

17-02-2010 00:00

Not After

05-03-2012 23:59

Subject

CN=AVG Technologies,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=AVG Technologies,L=Brno,ST=Jihomoravsky kraj,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

fd:0f:01:55:f9:45:10:0d:9a:af:43:92:eb:5c:48:68:07:42:9c:f1
Signer

Actual PE Digest

fd:0f:01:55:f9:45:10:0d:9a:af:43:92:eb:5c:48:68:07:42:9c:f1

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=AVG Technologies,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=AVG Technologies,L=Brno,ST=Jihomoravsky kraj,C=CZ

19-04-2010 15:41
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

floor
_amsg_exit
_initterm
_XcptFilter
_onexit
_lock
__dllonexit
_unlock
memcpy
memset
iswspace
wcschr
ceil
__CxxFrameHandler
realloc
_purecall
malloc
free

kernel32

ReleaseSemaphore
GetLastError
VirtualAlloc
EnterCriticalSection
CreateSemaphoreW
LeaveCriticalSection
GetSystemInfo
VirtualProtect
GetCurrentThreadId
CloseHandle
HeapAlloc
HeapFree
CreateIoCompletionPort
CreateThread
WaitForMultipleObjects
PostQueuedCompletionStatus
GetQueuedCompletionStatus
SetEvent
QueueUserAPC
ExitThread
ResetEvent
FreeLibrary
LoadLibraryW
GetProcAddress
GetCurrentDirectoryW
GetProcessHeap
GetVersion
RtlUnwind
InterlockedExchange
Sleep
InterlockedCompareExchange
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetVersionExW
GetCurrentProcessId
GetSystemTimeAsFileTime
IsBadCodePtr
IsBadReadPtr
GetCurrentThread
GetModuleHandleW
GetCurrentProcess
VirtualQuery
DeleteCriticalSection
DisableThreadLibraryCalls
IsBadWritePtr
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
CreateEventW
WaitForSingleObject
GetTickCount
VirtualAllocEx

ole32

CreateFileMoniker
CreateBindCtx
CLSIDFromString
CoCreateInstance
CLSIDFromProgID
CoUninitialize
CoInitialize
CoCreateFreeThreadedMarshaler
CoTaskMemAlloc
CoTaskMemFree

user32

SetRect
GetDC
ReleaseDC
IsCharAlphaW
GetDesktopWindow
IntersectRect

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

gdi32

DeleteObject
CreateBrushIndirect
DeleteDC
SetMapMode
GetPaletteEntries
GetKerningPairsW
GetGlyphOutlineW
GetTextMetricsW
CreateCompatibleDC
GetObjectW
CreateFontIndirectW
FillPath
StrokePath
StrokeAndFillPath
SetPolyFillMode
BitBlt
SelectObject
ExtCreatePen
EndPath
PolyBezierTo
LineTo
MoveToEx
BeginPath

shlwapi

StrCmpIW
StrCmpNIW
PathFileExistsA
StrCatW
PathMakePrettyA
SHOpenRegStreamA
PathParseIconLocationA
StrIsIntlEqualW
PathIsSameRootA
UrlCompareA
SHRegDeleteUSValueA
PathIsUNCServerShareA
PathFileExistsW
PathIsLFNFileSpecW
AssocQueryKeyA
SHRegWriteUSValueW
SHDeleteValueA
SHStrDupA
SHDeleteOrphanKeyA
PathUndecorateA
PathIsNetworkPathW
StrCSpnW
SHRegEnumUSKeyA
PathUnquoteSpacesW
PathStripToRootA

cmutil

CmBuildFullPathFromRelativeW
CmAtolW
CmBuildFullPathFromRelativeA
CmLoadImageW
CmRealloc
CmLoadIconW

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 154KB - Virtual size: 331KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 21KB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

043132cc5076527b31677cb0745dee65

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

20:eb:fb:cf:c7:97:0c:88:7c:b0:51:0a:a4:23:a6:04Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

fd:0f:01:55:f9:45:10:0d:9a:af:43:92:eb:5c:48:68:07:42:9c:f1Signer

Signature Validations

Verification

19-04-2010 15:41 Valid: false

Headers

File Characteristics

Imports

msvcrt

kernel32

ole32

user32

advapi32

gdi32

shlwapi

cmutil

Sections

.text Size: 14KB - Virtual size: 13KB

.data Size: 154KB - Virtual size: 331KB

.bss Size: 21KB - Virtual size: 2.1MB

.rdata Size: 4KB - Virtual size: 3KB

.rsrc Size: 2KB - Virtual size: 1KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

20:eb:fb:cf:c7:97:0c:88:7c:b0:51:0a:a4:23:a6:04
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

fd:0f:01:55:f9:45:10:0d:9a:af:43:92:eb:5c:48:68:07:42:9c:f1
Signer

19-04-2010 15:41
Valid: false

.text
Size: 14KB - Virtual size: 13KB

.data
Size: 154KB - Virtual size: 331KB

.bss
Size: 21KB - Virtual size: 2.1MB

.rdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 2KB - Virtual size: 1KB