6487615a98952bad4a3d616e8e5f7a957e4045e1ba2a487ce1d5d35211d70bba

Sharing

Copy URL Twitter E-mail

General

Target

6487615a98952bad4a3d616e8e5f7a957e4045e1ba2a487ce1d5d35211d70bba
Size

1.3MB
MD5

7dfe8a789f573fcce6721ab271982e6d
SHA1

2ac6e5ba163da2e5c9ed126740e8fce8f0da332d
SHA256

6487615a98952bad4a3d616e8e5f7a957e4045e1ba2a487ce1d5d35211d70bba
SHA512

cc6bd8252bc8178b747067538d85e8fbcbad42692484be09126dd37fd42219c593508a435bc546dca121ab53994247d52891e836ff2dfea43147ee701f8e1c15
SSDEEP

24576:Ryy9/wm3k0WuRBpPem55QJeMeCZXliNOyBnLyKT3vM5/zlj:VtPbOevoibyKTfM5xj

Score

N/A

Malware Config

Signatures

Files

6487615a98952bad4a3d616e8e5f7a957e4045e1ba2a487ce1d5d35211d70bba
.exe windows x86

0001245a3ff2544765844b3ddb78100c

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

68:2b:2c:3c:d8:59:f9:61:d9:21:22:92:a7:2c:20:8b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

06/10/2009, 00:00

Not After

10/10/2012, 23:59

Subject

CN=LogMeIn\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=LogMeIn\, Inc.,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

91:d2:75:a5:46:af:10:53:41:44:f3:80:04:4a:e4:26:75:ef:83:61
Signer

Actual PE Digest

91:d2:75:a5:46:af:10:53:41:44:f3:80:04:4a:e4:26:75:ef:83:61

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=LogMeIn\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=LogMeIn\, Inc.,ST=Massachusetts,C=US

29/08/2012, 10:04
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

inet_addr
recv
ntohl
gethostbyaddr
getservbyport
WSASetLastError
getservbyname
ntohs
WSAStartup
WSAAddressToStringA
WSACloseEvent
WSAEventSelect
gethostbyname
gethostname
ioctlsocket
socket
WSACreateEvent
WSAEnumNetworkEvents
WSAResetEvent
inet_ntoa
send
getsockopt
getpeername
accept
listen
setsockopt
getsockname
recvfrom
sendto
closesocket
bind
htonl
WSAGetLastError
htons
connect

iphlpapi

DeleteIpForwardEntry
GetIpForwardTable
CreateIpForwardEntry
GetIfTable
GetInterfaceInfo
GetPerAdapterInfo
FlushIpNetTable
IpReleaseAddress
GetAdaptersInfo
NotifyAddrChange
NotifyRouteChange
IpRenewAddress

crypt32

CertCloseStore
CryptMsgClose
CryptDecodeObject
CertFreeCertificateContext
CryptMsgGetParam
CryptQueryObject
CertFindCertificateInStore
CertGetNameStringW

wintrust

WinVerifyTrust

netapi32

DsRoleGetPrimaryDomainInformation
DsRoleFreeMemory

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory
WTSEnumerateProcessesW

userenv

LoadUserProfileW
UnloadUserProfile

kernel32

EnterCriticalSection
GetCurrentProcessId
GetVersionExW
CreateThread
GlobalFree
CreateProcessW
lstrcmpA
SetLastError
GetProcAddress
GetTempFileNameA
LoadLibraryA
FreeLibrary
GetTempPathA
DeleteFileA
GetComputerNameExW
ResetEvent
GlobalMemoryStatus
GetVersion
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetFileAttributesW
GetLocalTime
MoveFileExW
GetTempPathW
GetCurrentThreadId
InitializeCriticalSection
LeaveCriticalSection
DeleteCriticalSection
CreateDirectoryW
GetStdHandle
OpenProcess
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
QueryPerformanceCounter
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
LCMapStringA
SetStdHandle
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
HeapCreate
HeapDestroy
VirtualAlloc
VirtualFree
GetModuleFileNameA
HeapSize
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
RtlUnwind
RaiseException
HeapReAlloc
GetNamedPipeHandleStateW
CreateFileW
CreateNamedPipeW
WaitForSingleObject
FlushFileBuffers
ReadFile
WriteFile
GetLastError
ConnectNamedPipe
CloseHandle
ExitProcess
GetModuleHandleA
GetOverlappedResult
CreateEventW
LocalFree
SetEvent
DeviceIoControl
CancelIo
Sleep
InterlockedIncrement
InterlockedDecrement
GetCurrentProcess
GetModuleFileNameW
CopyFileW
lstrcmpW
LoadLibraryW
GetTickCount
SetThreadPriority
FindResourceW
LoadResource
LockResource
GetModuleHandleW
GetCurrentThread
CreateEventA
lstrcpynW
GetSystemDirectoryA
SetErrorMode
GetExitCodeProcess
TerminateProcess
WideCharToMultiByte
MultiByteToWideChar
GetSystemTimeAsFileTime
SetFilePointer
SetEndOfFile
DeleteFileW
SetUnhandledExceptionFilter
FindClose
FindFirstFileW
SetFileAttributesW
FindNextFileW
WaitForMultipleObjects
UnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
HeapFree
SetConsoleCtrlHandler
GetVersionExA
GetProcessHeap
SetHandleCount
GetFileType
GetStartupInfoA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileInformationByHandle
PeekNamedPipe
SetEnvironmentVariableW
GetCurrentDirectoryW
SetCurrentDirectoryW

user32

wvsprintfW
DefWindowProcW
RegisterClassW
GetWindowLongW
wsprintfW
CreateWindowExW
PeekMessageW
DispatchMessageW
UnregisterClassW
MessageBoxA
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
SendMessageTimeoutW
FindWindowW
IsWindow
DestroyWindow
SetWindowLongW

advapi32

RegisterEventSourceA
ReportEventA
DeregisterEventSource
SetServiceStatus
CreateServiceW
StartServiceCtrlDispatcherW
ControlService
RegisterServiceCtrlHandlerExW
DeleteService
SetEntriesInAclW
RegDeleteValueW
RegSetValueExW
RegOpenKeyExW
RegEnumValueW
FreeSid
AllocateAndInitializeSid
EqualSid
CloseServiceHandle
QueryServiceStatus
QueryServiceConfigW
StartServiceW
LookupAccountSidW
OpenProcessToken
CreateProcessAsUserW
GetTokenInformation
RegCloseKey
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExA
RegQueryValueExA
ChangeServiceConfigW
OpenServiceW
OpenSCManagerW
GetSecurityInfo

wininet

InternetQueryOptionA
DetectAutoProxyUrl

urlmon

URLDownloadToFileA

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

setupapi

SetupDiRemoveDevice
SetupDiBuildDriverInfoList
SetupDiCreateDeviceInfoW
SetupDiGetDeviceInstallParamsW
SetupDiSetSelectedDriverW
SetupDiEnumDriverInfoW
SetupDiSetDeviceInstallParamsW
SetupDiCallClassInstaller
SetupDiSetClassInstallParamsW
SetupDiGetDeviceRegistryPropertyW
CM_Get_DevNode_Status
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW
SetupDiGetDeviceInstanceIdW
SetupDiOpenDevRegKey

dnsapi

DnsRecordListFree
DnsQuery_W

shell32

SHGetSpecialFolderPathW

ole32

CoInitializeEx
CoTaskMemFree
CoUninitialize
CoCreateInstance

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 244KB - Virtual size: 241KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0001245a3ff2544765844b3ddb78100c

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

68:2b:2c:3c:d8:59:f9:61:d9:21:22:92:a7:2c:20:8bCertificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

91:d2:75:a5:46:af:10:53:41:44:f3:80:04:4a:e4:26:75:ef:83:61Signer

Signature Validations

Verification

29/08/2012, 10:04 Valid: false

Headers

File Characteristics

Imports

ws2_32

iphlpapi

crypt32

wintrust

netapi32

wtsapi32

userenv

kernel32

user32

advapi32

wininet

urlmon

version

setupapi

dnsapi

shell32

ole32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 244KB - Virtual size: 241KB

.data Size: 16KB - Virtual size: 31KB

.rsrc Size: 4KB - Virtual size: 2KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

68:2b:2c:3c:d8:59:f9:61:d9:21:22:92:a7:2c:20:8b
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

91:d2:75:a5:46:af:10:53:41:44:f3:80:04:4a:e4:26:75:ef:83:61
Signer

29/08/2012, 10:04
Valid: false

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 244KB - Virtual size: 241KB

.data
Size: 16KB - Virtual size: 31KB

.rsrc
Size: 4KB - Virtual size: 2KB