122339e84d87c64fe68be794abd4b1f89ee6a17d1e250aa9f981b83a8d27bd29

Sharing

Copy URL

Twitter E-mail

General

Target

122339e84d87c64fe68be794abd4b1f89ee6a17d1e250aa9f981b83a8d27bd29
Size

3.1MB
MD5

6da6d42151ed2e2a48e73d6e0d88c046
SHA1

442a40ca9d109e90a6396ada923c021e4f55ba0f
SHA256

122339e84d87c64fe68be794abd4b1f89ee6a17d1e250aa9f981b83a8d27bd29
SHA512

a50ced092845729678d236a6b266aed1da5dc19571bd6bffa15508d65e633361841ed4dd9871c0730e73f52280cf1180017c855092271b5c4bbefb4a6e9f1973
SSDEEP

49152:vHbMj/rA6Z0/1pjYAgTUR1uvSUZT3FcNgxa5giseBP2SfimM41Suo6jNIpRO8CnP:v0rA6ZgpjYAgtSxaxa+3aimWuoFwnFB

Score

N/A

Malware Config

Signatures

Files

122339e84d87c64fe68be794abd4b1f89ee6a17d1e250aa9f981b83a8d27bd29
.exe windows x86

06acab41df61f5c07dcfc40d1145ffbf

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01-05-2012 00:00

Not After

31-12-2012 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1c:09:db:bc:73:2d:4b:58:f7:a8:8e:ba:cf:32:34:17
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

09-12-2011 00:00

Not After

06-02-2014 23:59

Subject

CN=LLC Mail.Ru,O=LLC Mail.Ru,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

bb:9f:df:d8:ef:5f:4e:6a:74:cf:4a:74:32:0d:97:a3:95:19:15:5d
Signer

Actual PE Digest

bb:9f:df:d8:ef:5f:4e:6a:74:cf:4a:74:32:0d:97:a3:95:19:15:5d

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=LLC Mail.Ru,O=LLC Mail.Ru,L=Moscow,ST=Moscow,C=RU

10-10-2012 14:08
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
VariantClear
VariantInit
SysFreeString
SysAllocString
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
SetSecurityDescriptorDacl
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegNotifyChangeKeyValue
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
OpenProcessToken
InitializeSecurityDescriptor
GetTokenInformation
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
EnumServicesStatusW
CloseServiceHandle

user32

MessageBoxA
CharNextW
LoadStringW
SetClassLongW
SetWindowLongW
GetWindowLongW
CreateWindowExW
UnregisterHotKey
UnregisterClassW
TranslateMessage
TrackMouseEvent
SystemParametersInfoW
ShowWindow
ShowCursor
SetWindowTextW
SetWindowPos
SetTimer
SetParent
SetForegroundWindow
SetFocus
SetCursor
SetClipboardData
SetCapture
SetActiveWindow
SendMessageW
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
RegisterHotKey
RegisterClassW
PostMessageW
PeekMessageW
OpenClipboard
MsgWaitForMultipleObjects
MoveWindow
MessageBoxA
MessageBoxW
MessageBeep
MapVirtualKeyExW
MapVirtualKeyW
LookupIconIdFromDirectory
LoadStringW
LoadIconW
LoadCursorW
KillTimer
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsIconic
GetWindowThreadProcessId
GetWindowTextLengthW
GetWindowTextW
GetWindowRect
GetWindowPlacement
GetSystemMetrics
GetParent
GetWindow
GetKeyboardLayoutNameW
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetForegroundWindow
GetDesktopWindow
GetDC
GetCursorPos
GetClipboardData
GetClientRect
GetCapture
GetAsyncKeyState
GetAncestor
GetActiveWindow
FindWindowW
EnumWindows
EnableWindow
EmptyClipboard
DispatchMessageA
DispatchMessageW
DestroyWindow
DestroyIcon
DefWindowProcW
CreateIconFromResourceEx
CreateIcon
CloseClipboard
CharUpperBuffW
CharUpperW
CharLowerBuffW
CallWindowProcW
BringWindowToTop
EnumThreadWindows
GetClassInfoW
GetLastInputInfo
UpdateLayeredWindow
GetWindowInfo
GetMonitorInfoW
MonitorFromPoint

kernel32

Sleep
VirtualFree
VirtualAlloc
lstrlenW
lstrcpynW
VirtualQuery
QueryPerformanceCounter
GetTickCount
GetSystemInfo
GetVersion
IsValidLocale
SetThreadLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetACP
LoadLibraryExW
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetCommandLineW
FreeLibrary
GetLastError
UnhandledExceptionFilter
RtlUnwind
RaiseException
ExitProcess
ExitThread
GetCurrentThreadId
CreateThread
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FindFirstFileW
FindClose
WriteFile
GetStdHandle
CloseHandle
GetProcAddress
RaiseException
LoadLibraryA
GetLastError
TlsSetValue
TlsGetValue
LocalFree
LocalAlloc
GetModuleHandleW
FreeLibrary
WriteProcessMemory
WritePrivateProfileStringW
WriteFileEx
WriteFile
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQuery
VirtualProtect
VirtualFree
VirtualAllocEx
VirtualAlloc
TryEnterCriticalSection
TerminateThread
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
SleepEx
Sleep
SizeofResource
SetUnhandledExceptionFilter
SetThreadPriority
SetLastError
SetFileTime
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
SetCurrentDirectoryW
ResumeThread
ResetEvent
RemoveDirectoryW
ReadFileEx
ReadFile
RaiseException
OutputDebugStringW
OpenProcess
OpenMutexW
MoveFileExW
MoveFileW
LockResource
LocalFree
LoadResource
LoadLibraryExW
LoadLibraryW
LeaveCriticalSection
IsValidLocale
InitializeCriticalSection
GlobalUnlock
GlobalLock
GlobalFree
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetVolumeInformationW
GetVersionExW
GetVersion
GetTimeZoneInformation
GetTickCount
GetThreadLocale
GetTempPathW
GetSystemTimeAsFileTime
GetSystemDirectoryW
GetStdHandle
GetLongPathNameW
GetShortPathNameW
GetProcAddress
GetOverlappedResult
GetModuleHandleW
GetModuleFileNameA
GetModuleFileNameW
GetLogicalDrives
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileTime
GetFileSize
GetFileAttributesW
GetExitCodeThread
GetExitCodeProcess
GetEnvironmentVariableA
GetEnvironmentVariableW
GetEnvironmentStringsW
GetDriveTypeW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetCurrentDirectoryW
GetCommandLineW
GetCPInfo
FreeResource
InterlockedIncrement
InterlockedDecrement
FreeLibrary
FreeEnvironmentStringsW
FormatMessageW
FindResourceW
FindNextFileW
FindFirstFileW
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExpandEnvironmentStringsW
ExitProcess
EnumSystemLocalesW
EnumCalendarInfoW
EnterCriticalSection
DisconnectNamedPipe
DeleteFileW
DeleteCriticalSection
CreateRemoteThread
CreateProcessW
CreateNamedPipeW
CreateMutexW
CreateFileA
CreateFileW
CreateEventW
CreateDirectoryW
CopyFileW
ConnectNamedPipe
CompareStringW
CloseHandle
Sleep
GlobalMemoryStatusEx
TzSpecificLocalTimeToSystemTime
CreateProcessW
EnumResourceLanguagesW
MoveFileWithProgressW
CopyFileExW
GetVersionExW
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime

gdi32

SelectObject
SaveDC
RestoreDC
IntersectClipRect
GdiFlush
DeleteObject
DeleteDC
CreateDIBSection
CreateCompatibleDC
BitBlt

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

mpr

WNetGetConnectionW

shfolder

SHGetFolderPathA

ole32

CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize

shell32

Shell_NotifyIconW
SHChangeNotify
SHGetFolderPathW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetMalloc
ShellExecuteExW
ShellExecuteW

ws2_32

WSAStartup
htons
WSCGetProviderPath
WSCEnumProtocols

devil

ilRegisterOrigin
ilFormatFunc
ilTypeFunc
ilOriginFunc
ilDisable
ilEnable
ilSetInteger
ilTexImage
ilCopyPixels
ilGetInteger
ilGetError
ilBindImage
ilDeleteImages
ilGenImages
ilSaveL
ilLoadL
ilInit

lightupdate

Start
DownloadCallback
Update
CheckVersion

libcurl

curl_share_cleanup
curl_share_setopt
curl_share_init
curl_multi_info_read
curl_multi_cleanup
curl_multi_perform
curl_multi_remove_handle
curl_multi_add_handle
curl_multi_init
curl_easy_getinfo
curl_easy_setopt
curl_easy_cleanup
curl_easy_init
curl_slist_free_all
curl_slist_append
curl_global_cleanup
curl_global_init

msvcrt

gmtime

bigup2

_BigUp_GetPeerInfos@4
_BigUp_GetActiveTorrents@0
_BigUp_CalcContentSign@8
_BigUp_GetPackagesInfo@0
_BigUp_ProcessMessages@0
_BigUp_RemovePackage@4
?BigUp_AddPackage@@YG_NPBD0PAXI1I_NI@Z
_BigUp_SetMirrors@4
_BigUp_SetNetworkParams@4
_BigUp_GetNetworkParams@4
_BigUp_GetLastErrorWhat@0
_BigUp_GetLastErrorCode@0
_BigUp_Finish@0
_BigUp_Start@4
_BigUp_GetVersion@0

pxd

DiffStream
PatchStream
Start

7zxa

CreateObject

wsock32

__WSAFDIsSet
WSACleanup
WSAStartup
WSAGetLastError
socket
shutdown
setsockopt
send
select
recv
listen
ioctlsocket
htons
htonl
getsockname
closesocket
bind
accept

d3d9

Direct3DCreate9

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 39KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 512B - Virtual size: 340B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 12B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

06acab41df61f5c07dcfc40d1145ffbf

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

1c:09:db:bc:73:2d:4b:58:f7:a8:8e:ba:cf:32:34:17Certificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

bb:9f:df:d8:ef:5f:4e:6a:74:cf:4a:74:32:0d:97:a3:95:19:15:5dSigner

Signature Validations

Verification

10-10-2012 14:08 Valid: false

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

gdi32

version

mpr

shfolder

ole32

shell32

ws2_32

devil

lightupdate

libcurl

msvcrt

bigup2

pxd

7zxa

wsock32

d3d9

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.itext Size: 31KB - Virtual size: 31KB

.data Size: 29KB - Virtual size: 29KB

.bss Size: - Virtual size: 39KB

.idata Size: 12KB - Virtual size: 12KB

.didata Size: 512B - Virtual size: 340B

.tls Size: - Virtual size: 12B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 101KB - Virtual size: 101KB

.rsrc Size: 1.5MB - Virtual size: 1.5MB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

1c:09:db:bc:73:2d:4b:58:f7:a8:8e:ba:cf:32:34:17
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

bb:9f:df:d8:ef:5f:4e:6a:74:cf:4a:74:32:0d:97:a3:95:19:15:5d
Signer

10-10-2012 14:08
Valid: false

.text
Size: 1.4MB - Virtual size: 1.4MB

.itext
Size: 31KB - Virtual size: 31KB

.data
Size: 29KB - Virtual size: 29KB

.bss
Size: - Virtual size: 39KB

.idata
Size: 12KB - Virtual size: 12KB

.didata
Size: 512B - Virtual size: 340B

.tls
Size: - Virtual size: 12B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 101KB - Virtual size: 101KB

.rsrc
Size: 1.5MB - Virtual size: 1.5MB