71aaf553be3a9b21e20c3896728921f058ab1b48a5076983cdda523a6e51aec3

Sharing

Copy URL Twitter E-mail

General

Target

71aaf553be3a9b21e20c3896728921f058ab1b48a5076983cdda523a6e51aec3
Size

2.4MB
MD5

f7967eb90507f17fe19afd0bde4b8f0c
SHA1

d80fb5ba9ae5f53bf80a4f87b1e241d31d2dd310
SHA256

71aaf553be3a9b21e20c3896728921f058ab1b48a5076983cdda523a6e51aec3
SHA512

599282e1181ab300fbfa88fa82640fc5fe6befff4e11bacf9cdd55bcbfb77c160a030bebb9d69959e5011c29457eac322a72857b9ce3b8f862834524452496b3
SSDEEP

49152:/JqI+EP2vOOhfh+UZtn4g/jkaCqlajoIsnpKloxU2Iv:x+EP4OOHn4RmlaUHpfY

Score

N/A

Malware Config

Signatures

Files

71aaf553be3a9b21e20c3896728921f058ab1b48a5076983cdda523a6e51aec3
.exe windows x86

a8eb84a2e0d6798dee49a6131a19773c

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:63:1f:3f:1e:79:39:ba:30:df:b5:64:7c:1a:1a:ad
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

13/03/2008, 02:46

Not After

13/03/2009, 00:16

Subject

CN=WildTangent Inc,OU=Product Development,O=WildTangent Inc,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

cb:2d:2d:69:06:86:0c:72:31:cb:a9:cb:cb:16:98:9a:da:96:1e:7a
Signer

Actual PE Digest

cb:2d:2d:69:06:86:0c:72:31:cb:a9:cb:cb:16:98:9a:da:96:1e:7a

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=WildTangent Inc,OU=Product Development,O=WildTangent Inc,L=Redmond,ST=Washington,C=US

01/12/2022, 14:34
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

PlaySoundA
timeGetTime

dinput8

DirectInput8Create

version

VerQueryValueW
GetFileVersionInfoA
GetFileVersionInfoSizeA

kernel32

VirtualProtectEx
WritePrivateProfileStringA
SetLastError
GetVolumeInformationA
DeviceIoControl
HeapFree
HeapAlloc
IsBadReadPtr
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
FormatMessageA
LockFile
UnlockFile
lstrcpyA
EnumResourceLanguagesA
ConvertDefaultLocale
lstrcmpA
GlobalDeleteAtom
GlobalAddAtomA
lstrcmpW
lstrcatA
GlobalFindAtomA
GlobalGetAtomNameA
GlobalFlags
GlobalReAlloc
GlobalHandle
LocalReAlloc
TlsFree
SetErrorMode
GetFileTime
GetCPInfo
RtlUnwind
ExitProcess
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
GetSystemTimeAsFileTime
GetFileType
GetStartupInfoA
GetCommandLineA
GetDriveTypeA
HeapSize
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
LCMapStringA
LCMapStringW
GetTimeZoneInformation
SetHandleCount
GetStdHandle
SetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
IsBadCodePtr
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
SetEnvironmentVariableA
TlsAlloc
TlsSetValue
TlsGetValue
FlushFileBuffers
MoveFileA
GetFileAttributesExA
GetCurrentDirectoryA
GetCurrentThread
SetThreadAffinityMask
QueryPerformanceCounter
QueryPerformanceFrequency
GetWindowsDirectoryA
LocalAlloc
LocalFree
DuplicateHandle
GetPrivateProfileStringA
FileTimeToSystemTime
GetFileSize
SetEndOfFile
SetFilePointer
WriteFile
ReadFile
GetSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
TerminateThread
GetFullPathNameA
LocalFileTimeToFileTime
SetFileTime
SetFileAttributesA
DosDateTimeToFileTime
CreateDirectoryA
FindNextFileA
FindFirstFileA
CopyFileA
CompareStringA
CompareStringW
GetVersion
EnumResourceNamesA
CreateThread
DeleteFileA
ReleaseMutex
CreateMutexA
ResumeThread
GetCurrentProcess
VirtualAllocEx
WriteProcessMemory
LoadLibraryA
CreateRemoteThread
VirtualFreeEx
GetCurrentProcessId
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
LockResource
FreeResource
MulDiv
LoadLibraryW
GetProcAddress
FindFirstFileW
FindNextFileW
FindClose
GetModuleFileNameW
GetFileAttributesW
GetNumberFormatW
GetDateFormatW
GetUserDefaultLCID
GetUserGeoID
GetUserDefaultUILanguage
GetSystemDefaultLangID
GetLocaleInfoW
EnterCriticalSection
LeaveCriticalSection
RaiseException
DeleteCriticalSection
IsDBCSLeadByte
lstrcpynA
lstrcmpiA
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
FreeLibrary
GetLastError
MultiByteToWideChar
GetModuleFileNameA
lstrlenA
GetModuleHandleA
InterlockedDecrement
InterlockedIncrement
InitializeCriticalSection
OpenProcess
OpenThread
GetExitCodeProcess
CreateEventA
TerminateProcess
ResetEvent
SetEvent
SetUnhandledExceptionFilter
IsDebuggerPresent
WaitForSingleObject
Sleep
WideCharToMultiByte
lstrlenW
CreateFileA
GetTickCount
GetCurrentThreadId
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
GetFileAttributesA
CreateProcessA
CloseHandle
GetOEMCP

user32

PostThreadMessageA
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableA
SetRect
IsRectEmpty
GetSysColorBrush
DestroyMenu
WinHelpA
GetCapture
CreateWindowExA
GetClassLongA
GetClassInfoExA
SetPropA
GetPropA
RemovePropA
IsChild
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
UpdateWindow
GetMenu
AdjustWindowRectEx
EqualRect
GetClassInfoA
RegisterClassA
DefWindowProcA
CallWindowProcA
CopyRect
RegisterWindowMessageA
RegisterClipboardFormatA
SetWindowContextHelpId
MapDialogRect
SetMenuItemBitmaps
ModifyMenuA
CheckMenuItem
GetMenuCheckMarkDimensions
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetKeyState
PeekMessageA
ValidateRect
MessageBoxA
GetLastActivePopup
UnhookWindowsHookEx
GetSysColor
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetMenuState
GetMenuItemID
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetNextDlgTabItem
EndDialog
GetWindowTextA
GetFocus
SetWindowPos
IsWindowEnabled
SetWindowLongA
GetDlgCtrlID
SetWindowTextA
GetWindowLongA
IsDialogMessageA
SendDlgItemMessageA
GetDlgItem
GetWindow
ChangeDisplaySettingsA
EnumDisplaySettingsA
GetDC
ReleaseDC
CharUpperA
EnableWindow
EnableMenuItem
SetWindowRgn
GetClientRect
IsIconic
DrawIcon
InvalidateRect
SendMessageA
SetTimer
GetSystemMenu
InsertMenuA
GetMenuItemCount
LoadIconA
LoadStringW
MessageBoxW
CharLowerBuffA
OffsetRect
SetCapture
ReleaseCapture
LoadCursorA
SetCursor
IsWindow
GetCursorPos
PtInRect
LoadBitmapA
EndPaint
CharLowerBuffW
UnregisterClassA
CharNextA
PostQuitMessage
wsprintfA
FindWindowExA
SetWindowPlacement
WaitForInputIdle
SystemParametersInfoA
MoveWindow
GetClassNameA
PostMessageA
ShowWindow
GetWindowPlacement
SendInput
GetLastInputInfo
GetForegroundWindow
AttachThreadInput
SetForegroundWindow
SetFocus
FindWindowA
EnumWindows
GetWindowThreadProcessId
IsWindowVisible
GetWindowRect
GetSystemMetrics
IntersectRect
GetParent
GetSubMenu
GetActiveWindow

gdi32

SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetRgnBox
GetTextColor
GetBkColor
GetMapMode
CreateRectRgnIndirect
GetStockObject
CreateBitmap
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
CreateRectRgn
CreateRoundRectRgn
BitBlt
GetDeviceCaps
CreateCompatibleDC
ScaleViewportExtEx
GetObjectA
GetViewportExtEx
DeleteObject
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
SetWindowExtEx

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegQueryValueExA
RegEnumKeyExA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegQueryValueA
RegEnumKeyA
RegOpenKeyA
RegCloseKey
GetUserNameA
RegSetKeySecurity
ImpersonateSelf
RevertToSelf

shell32

ShellExecuteExA
SHGetFileInfoA
SHFileOperationA
SHGetSpecialFolderPathA

comctl32

ord17

shlwapi

PathStripToRootA
PathIsUNCA
PathFindExtensionA
PathFileExistsA
PathFindFileNameA

oledlg

ord8

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CreateStreamOnHGlobal
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoUninitialize
CoInitialize
CoCreateInstance
CoRevokeClassObject
StringFromCLSID
CoCreateGuid
CLSIDFromString
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CLSIDFromProgID
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
StgOpenStorageOnILockBytes
CoGetClassObject
CoTaskMemFree

oleaut32

DispCallFunc
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
SafeArrayCreate
SafeArrayGetElemsize
SafeArrayAccessData
SafeArrayUnaccessData
VariantCopy
SysStringByteLen
SysAllocStringByteLen
VariantChangeType
SysAllocStringLen
SysAllocString
OleLoadPicture
SysStringLen
LoadTypeLi
LoadRegTypeLi
SysFreeString
VarUI4FromStr
VariantClear
VariantInit

urlmon

URLDownloadToCacheFileA

ws2_32

WSAStartup
WSACleanup
gethostname
gethostbyname
ntohl

wininet

HttpOpenRequestA
InternetOpenA
InternetConnectA
InternetCloseHandle
HttpQueryInfoA
HttpSendRequestA
InternetQueryOptionA
InternetReadFile
InternetGetLastResponseInfoA
HttpAddRequestHeadersA

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 604KB - Virtual size: 600KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.pecode
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pccode
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 160KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.phs
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a8eb84a2e0d6798dee49a6131a19773c

Code Sign

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

38:63:1f:3f:1e:79:39:ba:30:df:b5:64:7c:1a:1a:adCertificate

Extended Key Usages

cb:2d:2d:69:06:86:0c:72:31:cb:a9:cb:cb:16:98:9a:da:96:1e:7aSigner

Signature Validations

Verification

01/12/2022, 14:34 Valid: false

Headers

File Characteristics

Imports

winmm

dinput8

version

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

urlmon

ws2_32

wininet

iphlpapi

Sections

.text Size: 604KB - Virtual size: 600KB

.pecode Size: 56KB - Virtual size: 54KB

.pccode Size: 8KB - Virtual size: 4KB

.rdata Size: 160KB - Virtual size: 156KB

.data Size: 16KB - Virtual size: 39KB

.phs Size: 4KB - Virtual size: 1KB

.rsrc Size: 164KB - Virtual size: 164KB

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

38:63:1f:3f:1e:79:39:ba:30:df:b5:64:7c:1a:1a:ad
Certificate

cb:2d:2d:69:06:86:0c:72:31:cb:a9:cb:cb:16:98:9a:da:96:1e:7a
Signer

01/12/2022, 14:34
Valid: false

.text
Size: 604KB - Virtual size: 600KB

.pecode
Size: 56KB - Virtual size: 54KB

.pccode
Size: 8KB - Virtual size: 4KB

.rdata
Size: 160KB - Virtual size: 156KB

.data
Size: 16KB - Virtual size: 39KB

.phs
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 164KB - Virtual size: 164KB