ae409c847b6d378d4775d5f65346bf3f6e6e3530b02c3bff7b8d96d38cefd8ef

Sharing

Copy URL Twitter E-mail

General

Target

ae409c847b6d378d4775d5f65346bf3f6e6e3530b02c3bff7b8d96d38cefd8ef
Size

163KB
MD5

e971925d8cb2d6051eabd0f56facf3b2
SHA1

ed672f1c8c45b40593ebbd0f2e54f87e8b417e8a
SHA256

ae409c847b6d378d4775d5f65346bf3f6e6e3530b02c3bff7b8d96d38cefd8ef
SHA512

791df91027754f43ca1c3546f15ff0cfde69faa49afe2c6c148a6272d533b1d20951960bc9c1e63cb9b41ffe1b0879f0598156a0ae1a57fd51d25dc17724833b
SSDEEP

3072:70G5qKdK0cZCzIGsrK/ML3jbTsVDzI0gA/iOKRFmQgTy/pPrYLF9F:70vtZzrGML3XTYHgOKRF8Ty/pTW9F

Score

N/A

Malware Config

Signatures

Files

ae409c847b6d378d4775d5f65346bf3f6e6e3530b02c3bff7b8d96d38cefd8ef
.exe windows x86

0ceba2467aa54b32b3b9b745d80f9fc5

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2c:01:58:55:22:e8:fa:61:13:8a:ef:a4:f6:27:ee:a8
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

02/03/2010, 00:00

Not After

02/03/2011, 23:59

Subject

CN=Comodo Security Solutions\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Comodo Security Solutions\, Inc.,L=Jersey City,ST=New Jersey,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:0b:47:39:ff:73:70:85:8a:85:7a:b1:9b:1d:b7:a0:c8:c9:81:e6
Signer

Actual PE Digest

0d:0b:47:39:ff:73:70:85:8a:85:7a:b1:9b:1d:b7:a0:c8:c9:81:e6

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Comodo Security Solutions\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Comodo Security Solutions\, Inc.,L=Jersey City,ST=New Jersey,C=US

01/06/2010, 17:50
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_XcptFilter
_wcsicmp
atoi
wcsstr
_onexit
_exit
swprintf
_controlfp
_cexit
__setusermatherr
rand
wcscat
wcslen
atol
__getmainargs
exit
_initterm
__initenv
wcstoul
time
wcscmp
sprintf
srand
wcschr
__dllonexit
free
_c_exit
_purecall
malloc
__set_app_type
wcscpy

advapi32

RegisterServiceCtrlHandlerW
SetServiceStatus
StartServiceCtrlDispatcherW

kernel32

CreateMutexA
ReleaseSemaphore
SetConsoleNumberOfCommandsA
CreateMutexW
ConvertDefaultLocale
RegisterWaitForSingleObject
GetSystemTimeAsFileTime
CreateSemaphoreW
_lwrite
SetMailslotInfo
WriteConsoleOutputCharacterW
ReadConsoleOutputA
DebugBreak
ResetEvent
GetTickCount
OpenFileMappingA
SetHandleContext
GetPrivateProfileSectionA
GetCurrentProcessId
LZDone
NlsGetCacheUpdateCount
IsDBCSLeadByteEx
GetProcessHeap
InterlockedDecrement
AddVectoredExceptionHandler
GetDefaultCommConfigA
SetConsoleCP
UnhandledExceptionFilter
ReadFile
FindVolumeMountPointClose
GetVolumePathNameA
GetFileSizeEx
GlobalMemoryStatus
GetExitCodeThread
OpenFileMappingW
CompareStringA
SetUnhandledExceptionFilter
lstrcmpiW
CancelDeviceWakeupRequest
MapViewOfFile
GetSystemDefaultUILanguage
FillConsoleOutputCharacterW
GetCompressedFileSizeA
Heap32First
Process32FirstW
WritePrivateProfileStructW
LeaveCriticalSection
GetFullPathNameA
HeapUnlock
CloseHandle
ChangeTimerQueueTimer
GetProfileIntW
EnumResourceNamesW
QueryPerformanceCounter
IsBadStringPtrW
GlobalFree
GetDevicePowerState
CopyFileExA
InterlockedFlushSList
VirtualAlloc
GetLastError
EnterCriticalSection
ReplaceFileW
GetCurrentProcess
Module32Next
ExitProcess
DeleteFileW
TerminateProcess
GetComputerNameW
DeleteCriticalSection
RaiseException
WaitForSingleObject
GetConsoleAliasExesLengthA
CreateMailslotW
GetTimeFormatA
FindFirstVolumeMountPointA
_hwrite
OpenWaitableTimerA
InterlockedIncrement
OpenProcess
RtlFillMemory
DebugActiveProcessStop
MapUserPhysicalPagesScatter
QueryActCtxW
BeginUpdateResourceW
CreateFileW

rpcrt4

RpcImpersonateClient
RpcRevertToSelf
UuidIsNil
RpcStringFreeW
NdrClientCall2
RpcMgmtSetCancelTimeout
RpcMgmtWaitServerListen
RpcServerListen
RpcServerUseProtseqEpW
RpcStringBindingComposeW
RpcRaiseException
RpcMgmtStopServerListening
RpcServerRegisterIf
RpcStringBindingParseW
RpcBindingFromStringBindingW
UuidFromStringW
NdrServerCall2
RpcBindingFree
UuidToStringW

netapi32

NetRegisterDomainNameChangeNotification
DsRoleGetPrimaryDomainInformation
NetGetDCName
DsRoleFreeMemory
DsGetDcNameW
NetApiBufferFree
NetServerEnum

activeds

ord13
ord15

adsldpc

ADSIGetNextRow
ADSISetObjectAttributes
ADSIFreeColumn
ADSIDeleteDSObject
ADSICloseSearchHandle
ADSISetSearchPreference
ADSICreateDSObject
ADSICloseDSObject
ADSIGetColumn
ADSIExecuteSearch
ADSIGetFirstRow
ADSIOpenDSObject
ADSIGetObjectAttributes

user32

wsprintfW

winipsec

GetMMPolicy
CloseTransportFilterHandle
DeleteMMAuthMethods
MatchMMFilter

shell32

StrRChrIW
SHBrowseForFolderA
SHGetFileInfo
StrNCmpIW
ExtractIconExW
StrStrW
SHSetUnreadMailCountW
SHOpenFolderAndSelectItems
PrintersGetCommand_RunDLLA
SHHelpShortcuts_RunDLLW
ExtractIconA
Control_RunDLLW
OpenAs_RunDLLW
SHGetIconOverlayIndexA
SHGetSpecialFolderPathW
DllGetClassObject
ShellExecuteExA

Sections

.uN
Size: 1024B - Virtual size: 941B

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ih
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.WcVhi
Size: 1KB - Virtual size: 36KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 9KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gb
Size: 3KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.wK
Size: 3KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0ceba2467aa54b32b3b9b745d80f9fc5

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

2c:01:58:55:22:e8:fa:61:13:8a:ef:a4:f6:27:ee:a8Certificate

Extended Key Usages

Key Usages

0d:0b:47:39:ff:73:70:85:8a:85:7a:b1:9b:1d:b7:a0:c8:c9:81:e6Signer

Signature Validations

Verification

01/06/2010, 17:50 Valid: false

Headers

File Characteristics

Imports

msvcrt

advapi32

kernel32

rpcrt4

netapi32

activeds

adsldpc

user32

winipsec

shell32

Sections

.uN Size: 1024B - Virtual size: 941B

.ih Size: 2KB - Virtual size: 1KB

.text Size: 13KB - Virtual size: 13KB

.rdata Size: 5KB - Virtual size: 5KB

.WcVhi Size: 1KB - Virtual size: 36KB

.data Size: 9KB - Virtual size: 31KB

.gb Size: 3KB - Virtual size: 41KB

.wK Size: 3KB - Virtual size: 10KB

.rsrc Size: 114KB - Virtual size: 113KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

2c:01:58:55:22:e8:fa:61:13:8a:ef:a4:f6:27:ee:a8
Certificate

0d:0b:47:39:ff:73:70:85:8a:85:7a:b1:9b:1d:b7:a0:c8:c9:81:e6
Signer

01/06/2010, 17:50
Valid: false

.uN
Size: 1024B - Virtual size: 941B

.ih
Size: 2KB - Virtual size: 1KB

.text
Size: 13KB - Virtual size: 13KB

.rdata
Size: 5KB - Virtual size: 5KB

.WcVhi
Size: 1KB - Virtual size: 36KB

.data
Size: 9KB - Virtual size: 31KB

.gb
Size: 3KB - Virtual size: 41KB

.wK
Size: 3KB - Virtual size: 10KB

.rsrc
Size: 114KB - Virtual size: 113KB