3d7b4ce2d8f26d937e0ccb5c999330bec51fca4114ce4f7168b05ad1ea87fc02

Sharing

Copy URL Twitter E-mail

General

Target

3d7b4ce2d8f26d937e0ccb5c999330bec51fca4114ce4f7168b05ad1ea87fc02
Size

1.8MB
MD5

62c907a2888dcfb16c016293c4658d23
SHA1

75b1e17b7dc51b9ed238403d3c4ad388cd5a4ca9
SHA256

3d7b4ce2d8f26d937e0ccb5c999330bec51fca4114ce4f7168b05ad1ea87fc02
SHA512

bf54275a96479b402e7a1c80773d61969deca25cda924c720c3a0ea58edc65a1b0e1e9a08b129ec53096448f68e4ad54d7a8fecfc1af5e1af6d3cf7ef7d6d500
SSDEEP

24576:KWCQdYXEePR8xW9cY5EJymCjAlOTEmyWuBIhVAmrRTrZNy4nMRqxHE:pqV8xE+4TEmyWpbHNnMR4HE

Score

N/A

Malware Config

Signatures

Files

3d7b4ce2d8f26d937e0ccb5c999330bec51fca4114ce4f7168b05ad1ea87fc02
.exe windows x86

91d3790cd7c426153cb1dcea211cdda7

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:c3:9f:ba:62:46:0e:24:e1:69:05:4f:e5:18:e0:af
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

27/02/2012, 00:00

Not After

08/03/2014, 23:59

Subject

CN=Babylon Ltd.,O=Babylon Ltd.,L=Or-Yehuda,ST=Or-Yehuda,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

72:fb:70:42:3d:9b:77:74:83:37:f6:60:5d:81:be:3e:05:9c:47:74
Signer

Actual PE Digest

72:fb:70:42:3d:9b:77:74:83:37:f6:60:5d:81:be:3e:05:9c:47:74

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Babylon Ltd.,O=Babylon Ltd.,L=Or-Yehuda,ST=Or-Yehuda,C=IL

14/10/2012, 17:40
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

oleacc

AccessibleObjectFromEvent
AccessibleObjectFromWindow

iphlpapi

GetAdaptersInfo

kernel32

IsBadStringPtrW
TlsSetValue
TlsGetValue
GetFileSize
ReadFile
SizeofResource
LoadResource
LockResource
FreeResource
InitializeCriticalSectionAndSpinCount
GetComputerNameW
GetLocalTime
GetWindowsDirectoryW
FormatMessageW
lstrlenA
GetCurrentDirectoryW
RemoveDirectoryW
DeleteFileW
CreateDirectoryW
WriteFile
SetFileTime
GetFileTime
GetFileAttributesW
VirtualFree
VirtualAlloc
SetEvent
ReleaseSemaphore
ResetEvent
CreateEventW
CopyFileW
SetFileAttributesW
FlushFileBuffers
GetVolumeInformationW
IsBadReadPtr
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
Module32FirstW
Module32NextW
ReleaseMutex
GetLocaleInfoW
GetStartupInfoW
CreateProcessW
GetExitCodeProcess
IsBadCodePtr
HeapAlloc
GetProcessHeap
HeapFree
GetVersionExW
GetSystemWow64DirectoryW
FindFirstChangeNotificationW
FindNextChangeNotification
lstrcpyW
lstrcatW
LoadLibraryExW
lstrcmpiW
SetEnvironmentVariableA
TlsAlloc
CompareStringA
GetModuleHandleA
CreateFileA
SetEndOfFile
GetDriveTypeA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetDateFormatA
GetTimeFormatA
GetCurrentDirectoryA
SetStdHandle
SetHandleCount
LCMapStringW
LCMapStringA
GetConsoleMode
GetConsoleCP
SetFilePointer
GetTimeZoneInformation
GetOEMCP
GetCPInfo
GetModuleFileNameA
GetStdHandle
HeapCreate
ExitProcess
HeapSize
TlsFree
RtlUnwind
GetStartupInfoA
GetCommandLineA
IsDebuggerPresent
UnhandledExceptionFilter
GetFileType
PeekNamedPipe
GetFileInformationByHandle
FileTimeToLocalFileTime
MoveFileW
GetFullPathNameW
HeapReAlloc
GetSystemTimeAsFileTime
CreateThread
ExitThread
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
FindResourceW
FindClose
FindNextFileW
FindFirstFileW
SetCurrentDirectoryW
SetErrorMode
GetModuleHandleW
GetTempFileNameW
GetPrivateProfileIntW
GetDiskFreeSpaceExW
GetTickCount
SearchPathW
GetPrivateProfileStringW
GetCommandLineW
IsValidCodePage
LocalFree
WaitForMultipleObjects
SetUnhandledExceptionFilter
GetCurrentProcessId
MapViewOfFile
CreateFileMappingW
CreateFileW
MoveFileExW
SystemTimeToFileTime
GetSystemTime
FileTimeToSystemTime
GetTempPathW
FreeLibrary
GetProcAddress
LoadLibraryW
GetSystemDirectoryW
GetShortPathNameW
CreateMutexW
TerminateProcess
OpenProcess
GetUserDefaultUILanguage
GetUserDefaultLCID
WaitForSingleObject
GetACP
Sleep
SetThreadPriority
CloseHandle
WideCharToMultiByte
MultiByteToWideChar
lstrcmpW
GlobalAlloc
GlobalLock
GlobalUnlock
GetLastError
DeleteCriticalSection
SetLastError
RaiseException
InterlockedDecrement
InterlockedIncrement
InitializeCriticalSection
lstrlenW
GetModuleFileNameW
MulDiv
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess
LeaveCriticalSection
EnterCriticalSection
CompareStringW

user32

GetSystemMenu
EnableMenuItem
RemoveMenu
MessageBeep
UnregisterClassA
SetWindowLongW
GetWindowLongW
DefWindowProcW
CallWindowProcW
RedrawWindow
GetWindowRect
SetFocus
WindowFromPoint
SetWindowPos
GetClientRect
GetDC
ReleaseDC
SendMessageW
GetParent
PostMessageW
MessageBoxExW
EnumChildWindows
IsIconic
SetForegroundWindow
GetKeyboardLayoutList
GetKeyboardLayout
UnionRect
LockSetForegroundWindow
AttachThreadInput
MapVirtualKeyW
SendInput
OpenClipboard
EmptyClipboard
CloseClipboard
SetClipboardData
SetWinEventHook
UnhookWinEvent
PostThreadMessageW
SetRect
CheckDlgButton
IsRectEmpty
OffsetRect
DrawIconEx
EndDialog
GetKeyState
KillTimer
DialogBoxParamW
DispatchMessageW
TranslateMessage
SetWindowTextW
ShowWindow
DestroyWindow
IsWindow
MapWindowPoints
GetMonitorInfoW
MonitorFromWindow
GetWindow
GetDesktopWindow
RegisterClassExW
GetClassInfoExW
LoadCursorW
CreateWindowExW
GetDlgItem
DestroyAcceleratorTable
InvalidateRect
InvalidateRgn
FillRect
ReleaseCapture
SetCapture
MoveWindow
ScreenToClient
ClientToScreen
CreateAcceleratorTableW
CharNextW
GetSysColor
GetClassNameW
GetFocus
IsChild
EndPaint
BeginPaint
GetWindowTextW
GetWindowTextLengthW
RegisterWindowMessageW
InflateRect
FindWindowW
GetWindowThreadProcessId
SendMessageTimeoutW
EnumWindows
wsprintfW
GetSystemMetrics
LoadImageW
SetClassLongW
GetSysColorBrush
DestroyIcon
LoadIconW
IsDlgButtonChecked
GetForegroundWindow
PostQuitMessage
MessageBoxW
UpdateWindow
GetMessageW
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx

gdi32

GetCharacterPlacementW
CreateFontIndirectW
GetTextExtentPoint32W
GetObjectType
SelectObject
DeleteObject
GetDeviceCaps
GetStockObject
GetObjectW
DeleteDC
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
CreateFontW
GetTextFaceW
GetTextMetricsW
GetTextCharset

advapi32

RegQueryValueExW
RegCreateKeyExW
RegNotifyChangeKeyValue
ConvertSidToStringSidW
IsValidSid
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
RegEnumValueW
GetLengthSid
SetTokenInformation
DuplicateTokenEx
FreeSid
AllocateAndInitializeSid
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
SetEntriesInAclW
SetSecurityInfo
GetSecurityInfo
SetNamedSecurityInfoW
GetNamedSecurityInfoW
GetUserNameW
RegQueryInfoKeyW
RegDeleteValueW
RegEnumKeyExW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegDeleteKeyW

shell32

ShellExecuteW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFolderPathW
CommandLineToArgvW
SHChangeNotify
SHFileOperationW

ole32

CoTaskMemRealloc
CoSetProxyBlanket
CoCreateGuid
CoGetMalloc
CoTaskMemFree
CoUninitialize
CoInitialize
OleInitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CoCreateInstance
CreateStreamOnHGlobal
OleLockRunning
StringFromGUID2
CoTaskMemAlloc
OleUninitialize

oleaut32

VarUI4FromStr
SafeArrayUnlock
SafeArrayLock
SafeArrayCreate
SafeArrayDestroy
VarBstrCmp
OleCreateFontIndirect
DispCallFunc
SafeArrayCopy
SafeArrayGetVartype
LoadTypeLi
LoadRegTypeLi
SysStringLen
VariantInit
SysAllocString
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
SysFreeString
VariantClear
VariantCopy
VariantChangeType

shlwapi

PathFindFileNameW
PathAddBackslashW
PathRemoveBackslashW
PathIsDirectoryW
PathFindFileNameA
PathFindExtensionW
StrStrIW

comctl32

ord17

gdiplus

GdiplusShutdown

ws2_32

WSARecv
WSAResetEvent
WSAGetOverlappedResult
WSAWaitForMultipleEvents
WSASend
WSACreateEvent
WSAGetLastError
connect
socket
getaddrinfo
freeaddrinfo
closesocket
WSACleanup
WSAStartup

wininet

DeleteUrlCacheEntryW
FindFirstUrlCacheEntryW
InternetReadFileExA
HttpEndRequestW
FindNextUrlCacheEntryW
HttpSendRequestExW
InternetCanonicalizeUrlW
InternetSetFilePointer
InternetGetCookieExW
InternetSetCookieExW
InternetWriteFile
InternetReadFile
HttpQueryInfoW
InternetErrorDlg
HttpSendRequestW
InternetQueryOptionW
HttpOpenRequestW
InternetConnectW
InternetGetLastResponseInfoW
InternetCrackUrlW
InternetOpenUrlW
InternetSetOptionW
InternetOpenW
InternetCloseHandle

psapi

EnumProcessModules
GetModuleFileNameExW
GetProcessImageFileNameW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 262KB - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 366KB - Virtual size: 396KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

91d3790cd7c426153cb1dcea211cdda7

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

48:c3:9f:ba:62:46:0e:24:e1:69:05:4f:e5:18:e0:afCertificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

72:fb:70:42:3d:9b:77:74:83:37:f6:60:5d:81:be:3e:05:9c:47:74Signer

Signature Validations

Verification

14/10/2012, 17:40 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

oleacc

iphlpapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

ws2_32

wininet

psapi

version

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 262KB - Virtual size: 261KB

.data Size: 366KB - Virtual size: 396KB

.rsrc Size: 79KB - Virtual size: 79KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

48:c3:9f:ba:62:46:0e:24:e1:69:05:4f:e5:18:e0:af
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

72:fb:70:42:3d:9b:77:74:83:37:f6:60:5d:81:be:3e:05:9c:47:74
Signer

14/10/2012, 17:40
Valid: false

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 262KB - Virtual size: 261KB

.data
Size: 366KB - Virtual size: 396KB

.rsrc
Size: 79KB - Virtual size: 79KB