c6fff6828393b4fcbdb662b2a0b7fe85879aeecd4f34b9b1f20e5d51a8da7261

Sharing

Copy URL

Twitter E-mail

General

Target

c6fff6828393b4fcbdb662b2a0b7fe85879aeecd4f34b9b1f20e5d51a8da7261
Size

221KB
MD5

979aca3a0e5a1f06d2266be262ff9130
SHA1

40472f7573cc91313fcd3f025959d8c8c67ab1dd
SHA256

c6fff6828393b4fcbdb662b2a0b7fe85879aeecd4f34b9b1f20e5d51a8da7261
SHA512

f54c07383f1244779f93d94a354e97f921224e849e99e2ecc39b6a9e504dfea42fb4c85b4c634f720fe844d2b231edee4a772b7b2c6d79e1a7fbd34c8db3806c
SSDEEP

3072:zXT8bOA9OxjMGBg5xah9p06qDRoZ32BktfDI+0STbjXPa5QqnnhSiOuzcspefC:3A81Bg50pjmBKXpbjXrWnhauUfC

Score

N/A

Malware Config

Signatures

Files

c6fff6828393b4fcbdb662b2a0b7fe85879aeecd4f34b9b1f20e5d51a8da7261
.exe windows x86

1bdb0f639e40b3b82ad8591c03d72633

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

36:bc:30:56:2a:65:0a:fa:a5:ad:10:1e:cd:64:3a:b4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

21-06-2010 00:00

Not After

26-07-2013 23:59

Subject

CN=BitTorrent Inc,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BitTorrent Inc,L=San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f3:45:a3:9b:ba:5f:4a:87:4b:fc:de:12:72:99:61:69:9b:7e:e3:83
Signer

Actual PE Digest

f3:45:a3:9b:ba:5f:4a:87:4b:fc:de:12:72:99:61:69:9b:7e:e3:83

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=BitTorrent Inc,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BitTorrent Inc,L=San Francisco,ST=California,C=US

05-10-2011 23:52
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_snwprintf
wcsrchr
_wcsicmp
free
wcscpy
wcscmp
wcslen
_wcsnicmp
malloc

ntdll

NtQueryInformationProcess
RtlNtStatusToDosError

user32

LoadStringW
GetParent
PostMessageW
MessageBoxW
wsprintfW
DispatchMessageW
TranslateMessage
GetMessageW
IsWindow
DestroyWindow
RegisterClassW
CheckRadioButton
ShowWindow
SendMessageW
GetDC
KillTimer
SetTimer
CreateWindowExW
SetWindowLongW
GetWindowLongW
DestroyIcon
SendDlgItemMessageW
SetDlgItemTextW
GetDlgItemTextW
GetWindow
EnableWindow
CheckDlgButton
GetWindowTextW
RegisterWindowMessageW
LoadCursorW
LoadIconW
GetSysColor
SetCursor
CharPrevW
FindWindowW
DefWindowProcW
LoadImageW
GetSystemMetrics
IsDialogMessageW
MsgWaitForMultipleObjects
EndDialog
DialogBoxParamW
GetWindowRect
SetWindowTextW
MoveWindow
CharNextW
IsDlgButtonChecked
RegisterShellHookWindow
CheckMenuRadioItem
CreateIconIndirect
DdeCreateDataHandle
DefMDIChildProcW
DdeClientTransaction
TrackMouseEvent
DlgDirSelectExA
CreatePopupMenu
IsCharLowerW
TranslateAcceleratorW
DestroyCursor
SetWindowContextHelpId
DlgDirListW
DeferWindowPos
DdeGetLastError
GetTitleBarInfo
SwitchDesktop
GetKeyNameTextW
ScrollWindow
IsRectEmpty
GetMenuCheckMarkDimensions
DrawTextExW
SoftModalMessageBox
SetClassLongA
DdeAddData
MonitorFromRect
GetAncestor
WinHelpA
SetUserObjectInformationW
GetRawInputDeviceList
UnlockWindowStation
EnumClipboardFormats
DrawCaptionTempA
SetDlgItemInt
CreateIconFromResource
GetWindowModuleFileNameA
CascadeWindows
GetThreadDesktop
GetQueueStatus
SetUserObjectSecurity
GetClassInfoExA
GetAltTabInfoW
GetDoubleClickTime
CreateSystemThreads
CreateDialogIndirectParamA
DdeGetData
GetNextDlgTabItem
ReasonCodeNeedsBugID
AllowSetForegroundWindow
SetMenuInfo
ShowScrollBar
TileWindows
DefDlgProcA
EnumDisplayDevicesW
CloseClipboard
RegisterWindowMessageA
SetCaretPos
SetWindowPos
GetMenuItemInfoW
UnhookWinEvent
CreateDialogParamA
UnhookWindowsHook
DestroyMenu
CharUpperA
IsChild
SetScrollInfo
IMPSetIMEA
SetWinEventHook
SetThreadDesktop
DestroyReasons
SetShellWindow
GetClassLongW
LockWindowStation
InvalidateRgn
ClientThreadSetup
SystemParametersInfoA
ToUnicodeEx
IsMenu
SetDebugErrorLevel
LockWorkStation
SetMessageExtraInfo
ScrollChildren
GetKeyboardLayoutList
ScrollWindowEx
EditWndProc
EnumPropsExW
ValidateRgn
GetWindowDC
GetLayeredWindowAttributes
CsrBroadcastSystemMessageExW
CliImmSetHotKey
FreeDDElParam
CharLowerBuffA
MB_GetString
ClipCursor
SetClassLongW
IsCharLowerA
GetClassInfoExW
LoadMenuA
SendMessageA
CharToOemA
DdeDisconnectList

gdi32

GetDeviceCaps
GetObjectW
CreateFontIndirectW
DeleteObject

kernel32

SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetSystemInfo
GetSystemWow64DirectoryW
GetSystemDirectoryW
GetFileAttributesW
RemoveDirectoryW
DeleteFileW
UnhandledExceptionFilter
IsDebuggerPresent
ResetEvent
GetWindowsDirectoryW
SetErrorMode
GetDiskFreeSpaceExW
FindFirstFileW
FindNextFileW
CompareFileTime
GetVersionExW
lstrcpynW
FormatMessageW
GetModuleHandleW
LoadLibraryW
LoadLibraryExA
WaitNamedPipeW
CreateFileW
CreateThread
ReadFile
OpenEventW
Sleep
SetEvent
LocalAlloc
WaitForSingleObject
GetExitCodeProcess
LocalFree
ExitProcess
MultiByteToWideChar
GetFullPathNameW
lstrcatW
lstrcmpiW
CreateEventW
CloseHandle
GetProcAddress
FreeLibrary
lstrcpyW
SetLastError
GetLastError
DisableThreadLibraryCalls
GetModuleFileNameW
FindClose
SystemTimeToFileTime
ExpandEnvironmentStringsW
lstrlenW
VirtualAlloc

advapi32

CreateProcessWithLogonW
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegDeleteKeyW

shell32

Shell_NotifyIconW
ShellExecuteW
SHBrowseForFolderW
SHGetPathFromIDListW

shlwapi

SHAutoComplete

setupapi

SetupDiSetSelectedDevice
SetupDiSetDriverInstallParamsW
SetupDiOpenDevRegKey
SetupOpenInfFileW
SetupGetLineCountW
SetupFindFirstLineW
SetupGetStringFieldW
SetupFindNextMatchLineW
SetupCloseInfFile
SetupDiCancelDriverInfoSearch
SetupDiInstallClassW
pSetupStringFromGuid
SetupDiSetDeviceRegistryPropertyW
SetupDiInstallDevice
SetupOpenFileQueue
SetupSetFileQueueFlags
SetupScanFileQueueW
SetupDiGetDriverInfoDetailW
SetupPrepareQueueForRestoreW
SetupInitDefaultQueueCallbackEx
SetupCommitFileQueueW
SetupTermDefaultQueueCallback
SetupPromptReboot
SetupGetBackupInformationW
SetupGetFileQueueFlags
SetupUninstallNewlyCopiedInfs
SetupCloseFileQueue
SetupDefaultQueueCallbackW
SetupDiGetINFClassW
SetupDiClassGuidsFromNameW
CM_Get_First_Log_Conf_Ex
SetupDiGetClassInstallParamsW
SetupDiGetWizardPage
SetupDiSetClassInstallParamsW
SetupDiGetClassImageIndex
SetupDiDestroyDriverInfoList
SetupDiBuildDriverInfoList
SetupDiGetSelectedDevice
SetupDiGetClassDescriptionW
SetupDiDestroyClassImageList
SetupDiGetClassImageList
SetupAddToSourceListW
SetupDiEnumDriverInfoW
SetupQuerySourceListW
SetupFreeSourceListW
SetupDiLoadClassIcon
CM_Locate_DevNodeW
CM_Get_DevNode_Registry_PropertyW
pSetupIsUserAdmin
SetupUninstallOEMInfW
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
SetupDiGetDeviceInstanceIdW
SetupDiCreateDeviceInfoList
pSetupGetGlobalFlags
pSetupSetGlobalFlags
SetupDiOpenDeviceInfoW
CM_Get_Device_IDW
CM_Get_DevNode_Registry_Property_ExW
SetupDiClassNameFromGuidW
SetupDiBuildClassInfoList
CM_Open_DevNode_Key
SetupDiDestroyDeviceInfoList
SetupDiSetSelectedDriverW
SetupDiCallClassInstaller
SetupDiGetDeviceInstallParamsW
SetupDiSetDeviceInstallParamsW
SetupDiGetSelectedDriverW
SetupDiGetDriverInstallParamsW
pSetupGuidFromString
CM_Get_DevNode_Status

wininet

InternetGetConnectedState

credui

CredUIParseUserNameW
CredUIPromptForCredentialsW

ole32

CoUninitialize
CoInitialize

ws2_32

WSASetServiceW
WSAIsBlocking
setsockopt
WSCInstallNameSpace
select
WSALookupServiceBeginA
getnameinfo
WPUCompleteOverlappedRequest
__WSAFDIsSet
WSAAsyncGetServByName
ntohl
WSAConnect
WSAAccept
WSARecvFrom
listen

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 142KB - Virtual size: 393KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 408KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1bdb0f639e40b3b82ad8591c03d72633

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

36:bc:30:56:2a:65:0a:fa:a5:ad:10:1e:cd:64:3a:b4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

f3:45:a3:9b:ba:5f:4a:87:4b:fc:de:12:72:99:61:69:9b:7e:e3:83Signer

Signature Validations

Verification

05-10-2011 23:52 Valid: false

Headers

File Characteristics

Imports

msvcrt

ntdll

user32

gdi32

kernel32

advapi32

shell32

shlwapi

setupapi

wininet

credui

ole32

ws2_32

Sections

.text Size: 15KB - Virtual size: 15KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 142KB - Virtual size: 393KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 41KB - Virtual size: 408KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

36:bc:30:56:2a:65:0a:fa:a5:ad:10:1e:cd:64:3a:b4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

f3:45:a3:9b:ba:5f:4a:87:4b:fc:de:12:72:99:61:69:9b:7e:e3:83
Signer

05-10-2011 23:52
Valid: false

.text
Size: 15KB - Virtual size: 15KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 142KB - Virtual size: 393KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 41KB - Virtual size: 408KB