5a59bc006ae9640455d95f45771c83a7df46eff23a54e01ffe9bf155f8f85b9b

Sharing

Copy URL Twitter E-mail

General

Target

5a59bc006ae9640455d95f45771c83a7df46eff23a54e01ffe9bf155f8f85b9b
Size

439KB
MD5

5499f54e8ef8a47fd4081acb4d0560e8
SHA1

a813d9d7b5c9d3302b4b047e02da35d131ad624d
SHA256

5a59bc006ae9640455d95f45771c83a7df46eff23a54e01ffe9bf155f8f85b9b
SHA512

17dfaefc6c763e20bb0d0da48162618308502a9156b9578b4c5ee555017c2db0c8494dbcab4dcf3972fae1e90e8ea1823327208b9fae6ba44d2c0ed2643d110b
SSDEEP

12288:/NpWsYT9BGzJBa2j96X20AC8iLNsoSZxfgS9ne:62JXoGxC8CNsLZx4S9ne

Score

N/A

Malware Config

Signatures

Files

5a59bc006ae9640455d95f45771c83a7df46eff23a54e01ffe9bf155f8f85b9b
.exe windows x86

bb710784fa75d3928a47941d5a58cb09

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

17:fd:fb:d1:61:cd:d4:a9:58:04:a4:80:8d:67:8f:ca
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

03/08/2011, 00:00

Not After

15/08/2013, 23:59

Subject

CN=RealNetworks\, Inc.,OU=MS&S,O=RealNetworks\, Inc.,L=Seattle,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b5:ef:02:68:eb:44:ca:6f:65:16:d5:b7:cc:65:95:41:69:34:dd:21
Signer

Actual PE Digest

b5:ef:02:68:eb:44:ca:6f:65:16:d5:b7:cc:65:95:41:69:34:dd:21

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=RealNetworks\, Inc.,OU=MS&S,O=RealNetworks\, Inc.,L=Seattle,ST=Washington,C=US

01/01/0001, 00:00
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

OleInitialize
OleUninitialize
CoInitialize
CoCreateInstance
CoUninitialize
CoCreateGuid

shlwapi

SHDeleteKeyA
PathFileExistsA

wininet

InternetCanonicalizeUrlA
InternetReadFile
InternetGetLastResponseInfoA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetTimeToSystemTime
InternetSetOptionA
InternetCrackUrlA
InternetOpenA
InternetOpenUrlA
InternetCloseHandle
InternetGetConnectedState

user32

SendDlgItemMessageA
FillRect
GetDlgItemTextA
GetClassInfoExA
LoadCursorA
RegisterClassExA
GetSystemMetrics
CreateWindowExA
CharUpperA
CharLowerA
CharNextA
GetClassNameA
SetWindowLongA
UpdateWindow
SetTimer
RedrawWindow
GetMessageA
TranslateMessage
DispatchMessageA
DialogBoxParamA
CharPrevA
GetWindowTextA
GetClientRect
SetWindowRgn
DestroyWindow
GetWindowLongA
ClientToScreen
GetFocus
DefWindowProcA
GetForegroundWindow
GetCursorPos
PtInRect
InvalidateRect
BeginPaint
EndPaint
SetWindowTextA
LoadIconA
SendMessageA
GetSystemMenu
EnableMenuItem
SetDlgItemTextA
GetDlgItem
SetForegroundWindow
SetActiveWindow
SetFocus
ShowWindow
GetWindowRect
ScreenToClient
SetWindowPos
EndDialog
LoadStringA
GetDC
ReleaseDC
DrawTextW
MessageBoxA
EnumWindows

oleaut32

SysAllocString
SysFreeString
VariantInit
VariantClear
SysAllocStringLen

gdi32

CreatePatternBrush
GetDeviceCaps
CreateBitmap
GetObjectA
BitBlt
StretchBlt
CombineRgn
SetTextColor
CreateCompatibleDC
SelectObject
GetTextExtentPointW
CreateFontW
DeleteObject
GetPixel
CreateRectRgn
TextOutW
GetTextExtentPoint32A
SetPixel
GetStockObject
SetBkMode
DeleteDC

advapi32

ConvertSidToStringSidA
IsValidSid
GetLengthSid
InitializeAcl
AddAccessDeniedAce
AddAccessAllowedAce
RegOpenKeyA
InitializeSecurityDescriptor
RegSetValueA
RegQueryValueExA
OpenProcessToken
GetTokenInformation
EqualSid
RegQueryValueA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyExA
RegDeleteValueA
FreeSid
GetUserNameA
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
LookupAccountNameA
AllocateAndInitializeSid

shell32

SHGetFolderPathW
SHGetSpecialFolderPathA
ShellExecuteExA

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

msimg32

TransparentBlt

kernel32

RtlUnwind
TerminateProcess
UnhandledExceptionFilter
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
SetUnhandledExceptionFilter
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GetCurrentDirectoryA
IsDebuggerPresent
GetConsoleCP
GetConsoleMode
HeapCreate
FileTimeToLocalFileTime
GetModuleHandleW
ExitProcess
GetCommandLineA
GetStartupInfoA
GetFileType
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetEnvironmentVariableA
GetFullPathNameA
SetEndOfFile
GetTimeZoneInformation
VirtualFree
VirtualAlloc
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
SetHandleCount
GetStdHandle
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableW
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetStringTypeA
GetStringTypeW
FlushFileBuffers
LCMapStringA
LCMapStringW
CompareStringA
EnterCriticalSection
CreateNamedPipeA
GetSystemInfo
GetFileAttributesA
GetDriveTypeA
GetTempPathA
GetTempFileNameA
InterlockedDecrement
InterlockedIncrement
RaiseException
GetLastError
lstrcpyA
lstrlenA
CloseHandle
CreateMutexA
OpenMutexA
ReadFile
PeekNamedPipe
WriteFile
ConnectNamedPipe
CompareStringW
Process32Next
OpenProcess
Process32First
CreateToolhelp32Snapshot
GetVersionExA
FreeLibrary
GetProcAddress
LoadLibraryA
WideCharToMultiByte
RemoveDirectoryA
FindClose
DeleteFileA
FindNextFileA
FindFirstFileA
GetModuleFileNameA
GetDiskFreeSpaceA
GetDiskFreeSpaceExA
GetCurrentProcess
GetModuleHandleA
ExpandEnvironmentStringsA
MultiByteToWideChar
GetFileSize
CreateFileA
Sleep
CreateDirectoryA
GetPrivateProfileStringA
WritePrivateProfileStringA
LocalFree
CompareFileTime
SystemTimeToFileTime
GetFileTime
GetTickCount
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
SetFileAttributesA
SetFilePointer
FileTimeToSystemTime
GetFileInformationByHandle
GetFileSizeEx
GetSystemTimeAsFileTime
GetSystemTime
GetLocaleInfoA
CopyFileA
FreeResource

rpcrt4

UuidToStringA
RpcStringFreeA

crypt32

CertGetNameStringW
CryptMsgGetParam
CryptQueryObject
CertFreeCertificateContext
CryptMsgClose
CertCloseStore
CertFindCertificateInStore

Sections

.text
Size: 338KB - Virtual size: 338KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bb710784fa75d3928a47941d5a58cb09

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

17:fd:fb:d1:61:cd:d4:a9:58:04:a4:80:8d:67:8f:caCertificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

b5:ef:02:68:eb:44:ca:6f:65:16:d5:b7:cc:65:95:41:69:34:dd:21Signer

Signature Validations

Verification

01/01/0001, 00:00 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

ole32

shlwapi

wininet

user32

oleaut32

gdi32

advapi32

shell32

version

msimg32

kernel32

rpcrt4

crypt32

Sections

.text Size: 338KB - Virtual size: 338KB

.rdata Size: 48KB - Virtual size: 47KB

.data Size: 9KB - Virtual size: 101KB

.rsrc Size: 37KB - Virtual size: 37KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

17:fd:fb:d1:61:cd:d4:a9:58:04:a4:80:8d:67:8f:ca
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

b5:ef:02:68:eb:44:ca:6f:65:16:d5:b7:cc:65:95:41:69:34:dd:21
Signer

01/01/0001, 00:00
Valid: false

.text
Size: 338KB - Virtual size: 338KB

.rdata
Size: 48KB - Virtual size: 47KB

.data
Size: 9KB - Virtual size: 101KB

.rsrc
Size: 37KB - Virtual size: 37KB