95669afc4657b05055b852910a9c59a0bd260fbe5b68ca5600f9ba8cd3a1df12

Sharing

Copy URL Twitter E-mail

General

Target

95669afc4657b05055b852910a9c59a0bd260fbe5b68ca5600f9ba8cd3a1df12
Size

1018KB
MD5

280335d0772dce6e6a61ec1be74253d2
SHA1

c461069379f46788ddb23fcef55d82a3c64b9f52
SHA256

95669afc4657b05055b852910a9c59a0bd260fbe5b68ca5600f9ba8cd3a1df12
SHA512

129d4b970794c8e7eb5ddef10f38070e84605c640e389aff35cc6fb3bfdcfc3b6801159e88794d882dc033444b0951439e837c102cd6f83319702cfb122da304
SSDEEP

24576:AMX78MIP+tLLK0LZBd0axKS+PvBnj5J8MpUh3:AMQM0+RKO0M+F5J8MpUh

Score

N/A

Malware Config

Signatures

Files

95669afc4657b05055b852910a9c59a0bd260fbe5b68ca5600f9ba8cd3a1df12
.exe windows x86

e834cdb731b3a58f3a3ccaa398387a07

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3d:7b:7e:4f:14:bb:04:bf:34:c2:66:86:a6:1a:bd:a0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/09/2012, 00:00

Not After

10/10/2015, 23:59

Subject

CN=LogMeIn\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=LogMeIn\, Inc.,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

49:16:29:af:8c:a1:d8:cc:37:c8:c6:87:71:02:bd:21:ef:3d:6e:53
Signer

Actual PE Digest

49:16:29:af:8c:a1:d8:cc:37:c8:c6:87:71:02:bd:21:ef:3d:6e:53

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=LogMeIn\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=LogMeIn\, Inc.,ST=Massachusetts,C=US

19/10/2012, 16:08
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

sendto
recvfrom
ntohl
ioctlsocket
getsockopt
send
WSASetLastError
recv
accept
gethostbyaddr
gethostbyname
getservbyname
ntohs
bind
listen
htons
htonl
socket
setsockopt
connect
WSAStartup
WSACancelBlockingCall
WSACleanup
getsockname
WSAGetLastError
select
__WSAFDIsSet
shutdown
closesocket

gdi32

CreateCompatibleDC
GetDeviceCaps
CreateCompatibleBitmap
SelectObject
GetObjectA
BitBlt
GetBitmapBits
DeleteObject
DeleteDC
CreateDCA

advapi32

ReportEventA
DeregisterEventSource
RegisterEventSourceA

user32

MessageBoxA
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW

kernel32

GetStringTypeA
SetEndOfFile
SetFilePointer
GetCurrentDirectoryA
GetFullPathNameA
GetEnvironmentStringsW
GetStringTypeW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
HeapCreate
HeapDestroy
VirtualAlloc
VirtualFree
WriteConsoleA
GetConsoleOutputCP
GetLocaleInfoA
CompareStringA
SetEnvironmentVariableA
CompareStringW
CreateFileW
FreeEnvironmentStringsW
EnterCriticalSection
FlushFileBuffers
InitializeCriticalSection
LCMapStringW
LCMapStringA
LoadLibraryW
Sleep
CloseHandle
ExitProcess
GetLastError
CreateThread
DeleteFileA
MoveFileA
SystemTimeToFileTime
GetSystemTime
GetProcessTimes
OpenProcess
GetCurrentProcessId
GetVersion
FindClose
FindFirstFileA
ReadFile
GetStdHandle
WriteFile
SetLastError
MultiByteToWideChar
FlushConsoleInputBuffer
GetCurrentThreadId
GetProcAddress
GetModuleHandleA
GetFileType
GetTickCount
QueryPerformanceCounter
GlobalMemoryStatus
FreeLibrary
LoadLibraryA
GetVersionExA
FindNextFileA
GetModuleFileNameA
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
WriteConsoleW
GetModuleFileNameW
GetFileAttributesA
GetSystemTimeAsFileTime
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
PeekConsoleInputA
GetNumberOfConsoleInputEvents
SetConsoleCtrlHandler
HeapAlloc
HeapReAlloc
HeapFree
GetCommandLineA
GetProcessHeap
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
GetTimeZoneInformation
SetFileAttributesA
CreateFileA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetStartupInfoA
DeleteCriticalSection
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
SetStdHandle
WideCharToMultiByte
GetConsoleCP
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
RtlUnwind

Sections

.text
Size: 724KB - Virtual size: 722KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 220KB - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e834cdb731b3a58f3a3ccaa398387a07

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

3d:7b:7e:4f:14:bb:04:bf:34:c2:66:86:a6:1a:bd:a0Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

49:16:29:af:8c:a1:d8:cc:37:c8:c6:87:71:02:bd:21:ef:3d:6e:53Signer

Signature Validations

Verification

19/10/2012, 16:08 Valid: false

Headers

File Characteristics

Imports

ws2_32

gdi32

advapi32

user32

kernel32

Sections

.text Size: 724KB - Virtual size: 722KB

.rdata Size: 220KB - Virtual size: 219KB

.data Size: 70KB - Virtual size: 70KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

3d:7b:7e:4f:14:bb:04:bf:34:c2:66:86:a6:1a:bd:a0
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

49:16:29:af:8c:a1:d8:cc:37:c8:c6:87:71:02:bd:21:ef:3d:6e:53
Signer

19/10/2012, 16:08
Valid: false

.text
Size: 724KB - Virtual size: 722KB

.rdata
Size: 220KB - Virtual size: 219KB

.data
Size: 70KB - Virtual size: 70KB