f6daca44daa22744db69585aaaae78f3b6549fcacc0d67125d5092a0f15a1945

Sharing

Copy URL

Twitter E-mail

General

Target

f6daca44daa22744db69585aaaae78f3b6549fcacc0d67125d5092a0f15a1945
Size

274KB
MD5

e3bf490f08ba1c4169819a74461fc464
SHA1

55d16e7f656251339b570484c8e86c586cd26586
SHA256

f6daca44daa22744db69585aaaae78f3b6549fcacc0d67125d5092a0f15a1945
SHA512

d2ab30ac9a3486cc256a0e9731d346e34a5bee5325e212086a0182e706f592245927c02224fdc9c9651c10eccafdb63f42e7bfb1d8de7900643f8d518fa9bc5c
SSDEEP

6144:3HrnR2l+o+APC1BQLHgXvLIw0uiNNfYSyM2FqRHmZQcoqAkR5:3HMl+dAOQEIwSNfYNM2F5ZZoPkR5

Score

N/A

Malware Config

Signatures

Files

f6daca44daa22744db69585aaaae78f3b6549fcacc0d67125d5092a0f15a1945
.exe windows x86

534f77e599d985b1c95baef0880d543a

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29-01-1996 00:00

Not After

01-08-2028 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1c:2d:d6:1a:35:e6:5d:f6:29:97:01:ff:9b:e5:ca:44
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

20-01-2010 00:00

Not After

24-01-2012 23:59

Subject

CN=BITDEFENDER LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BITDEFENDER LLC,L=Fort Lauderdale,ST=Florida,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:fa:df:91:23:cd:5f:55:5c:0e:e5:bc:c6:9d:af:38:3b:01:ba:95
Signer

Actual PE Digest

04:fa:df:91:23:cd:5f:55:5c:0e:e5:bc:c6:9d:af:38:3b:01:ba:95

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=BITDEFENDER LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BITDEFENDER LLC,L=Fort Lauderdale,ST=Florida,C=US

07-05-2010 16:02
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenSemaphoreA
lstrcmp
CreateSemaphoreA
SetCurrentDirectoryW
lstrcpyA
GetThreadPriority
BeginUpdateResourceW
Beep
lstrlen
ReadDirectoryChangesW
OpenWaitableTimerW
GetSystemInfo
IsBadReadPtr
ConnectNamedPipe
GetProcAddress
GetComputerNameA
FindResourceA
lstrcmpi
GetModuleHandleW
GetNamedPipeInfo
GetLocalTime
lstrcpy
LocalAlloc
Sleep
GetVersionExA
GetThreadLocale
OpenEventA
SetComputerNameA
GetCurrentThreadId
GetProcessHeap
FileTimeToDosDateTime
OpenProcess
WaitForSingleObject
GetCalendarInfoW
CreateEventA
lstrcpyW
InitializeCriticalSection
OpenWaitableTimerA
GetTimeFormatW
GetVersion
EnumDateFormatsW
EnumTimeFormatsW
CreateDirectoryA
lstrlenA

user32

GetWindowRgn
LoadBitmapA
OpenClipboard
RegisterClassW
InvalidateRgn
GetDC
WinHelpW
SetDlgItemInt
CreateDesktopW
OffsetRect
DefDlgProcA
CreateDialogParamW

gdi32

SelectClipPath
OffsetViewportOrgEx
EnumFontFamiliesW
SetTextCharacterExtra
SetROP2
GetCurrentPositionEx
GetDeviceCaps
SetWindowOrgEx
GetTextExtentExPointI
EnumFontFamiliesExW
PlayEnhMetaFile
StrokePath
GetCharacterPlacementW
EnumFontFamiliesExA
StartFormPage

advapi32

RegEnumValueW
RegSaveKeyA
RegCreateKeyA

shell32

SHGetFileInfoA

shlwapi

SHGetValueA

comdlg32

PageSetupDlgA
PageSetupDlgW
PrintDlgExA
GetFileTitleW
GetOpenFileNameA

oleaut32

SysAllocString
VarUI8FromDec
VarBoolFromUI1

opengl32

glLighti
glRasterPos3dv
glGetTexImage

sqlunirl

_CreateService_@52
_ExtTextOut@32
_BeginUpdateResource_@8
_lstrcpyn_@12
_DefFrameProc_@20
_LookupPrivilegeName_@16
_DragQueryFile_@16
_CallWindowProc@20
_MapVirtualKey_@8
_SetFileSecurity_@12
_AddFontResource_@4
_GetDlgItemText@16
_RegOpenKeyEx_@20
_GetMenuString_@20
_CreateNamedPipe_@32

crypt32

PFXExportCertStoreEx
CryptSignAndEncryptMessage
CryptRegisterOIDFunction
RegCreateKeyExU
I_CryptInsertLruEntry
CertFindSubjectInSortedCTL
CryptVerifyMessageSignature
CertIsValidCRLForCertificate
CertRDNValueToStrW
CertDuplicateCertificateChain
CertVerifyValidityNesting
CertGetEnhancedKeyUsage
CryptGetAsyncParam
CryptMsgUpdate
CertGetCRLFromStore
CertOpenStore
I_CryptGetFileVersion
I_CryptReleaseLruEntry

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.WTXOa
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cJ
Size: 512B - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.S
Size: 2KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Lx
Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.E
Size: 2KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.AIA
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vtdk
Size: 1KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.flYp
Size: 1024B - Virtual size: 321KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 230KB - Virtual size: 230KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

534f77e599d985b1c95baef0880d543a

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

1c:2d:d6:1a:35:e6:5d:f6:29:97:01:ff:9b:e5:ca:44Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

04:fa:df:91:23:cd:5f:55:5c:0e:e5:bc:c6:9d:af:38:3b:01:ba:95Signer

Signature Validations

Verification

07-05-2010 16:02 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

comdlg32

oleaut32

opengl32

sqlunirl

crypt32

Sections

.text Size: 10KB - Virtual size: 9KB

.WTXOa Size: 2KB - Virtual size: 5KB

.cJ Size: 512B - Virtual size: 37KB

.S Size: 2KB - Virtual size: 37KB

.Lx Size: 4KB - Virtual size: 16KB

.E Size: 2KB - Virtual size: 14KB

.AIA Size: 1024B - Virtual size: 3KB

.data Size: 9KB - Virtual size: 8KB

.vtdk Size: 1KB - Virtual size: 24KB

.flYp Size: 1024B - Virtual size: 321KB

.rsrc Size: 230KB - Virtual size: 230KB

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

1c:2d:d6:1a:35:e6:5d:f6:29:97:01:ff:9b:e5:ca:44
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

04:fa:df:91:23:cd:5f:55:5c:0e:e5:bc:c6:9d:af:38:3b:01:ba:95
Signer

07-05-2010 16:02
Valid: false

.text
Size: 10KB - Virtual size: 9KB

.WTXOa
Size: 2KB - Virtual size: 5KB

.cJ
Size: 512B - Virtual size: 37KB

.S
Size: 2KB - Virtual size: 37KB

.Lx
Size: 4KB - Virtual size: 16KB

.E
Size: 2KB - Virtual size: 14KB

.AIA
Size: 1024B - Virtual size: 3KB

.data
Size: 9KB - Virtual size: 8KB

.vtdk
Size: 1KB - Virtual size: 24KB

.flYp
Size: 1024B - Virtual size: 321KB

.rsrc
Size: 230KB - Virtual size: 230KB