847096284fc96f099c869ac263ff5a4a120a4f18637550290b0872be5a6eb3c0

Sharing

Copy URL

Twitter E-mail

General

Target

847096284fc96f099c869ac263ff5a4a120a4f18637550290b0872be5a6eb3c0
Size

580KB
MD5

17b6b1dc94ec08c204ab91ade5cf4367
SHA1

a5df99f4a2f5d078df072d3c2cc3990b5bb7f23c
SHA256

847096284fc96f099c869ac263ff5a4a120a4f18637550290b0872be5a6eb3c0
SHA512

a46f382f38db43a394013328b25fa1f23c40caac7f32e419373777a1a0c15b56ddb8eddda08a9269dc2aa80f45910a8300350dcff5ec6880d8d83e6fb1bc804e
SSDEEP

12288:HHiwsrR0ZSADvr3B65tDfIqWADbSYFQ7dzPwwKAFI+nSFtC:i2ZSevkT7IqWA/SiQ79PwwKAFIB

Score

N/A

Malware Config

Signatures

Files

847096284fc96f099c869ac263ff5a4a120a4f18637550290b0872be5a6eb3c0
.exe windows x86

b222db21110295fdc70c11baa7cd4a10

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01-05-2012 00:00

Not After

31-12-2012 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

63:ec:ec:49:92:77:4c:31:43:8c:81:ad:31:36:e3:f2
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:51:71:cb:c3:f1:06:f6:f4:1e:03:eb:77:cf:4f:e9
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

10-11-2011 00:00

Not After

09-11-2014 23:59

Subject

CN=Google Inc,OU=Digital ID Class 3 - Netscape Object Signing,O=Google Inc,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

30:ac:96:ce:fc:2e:f7:73:de:bc:6d:19:13:4a:f5:0b:68:c0:10:52
Signer

Actual PE Digest

30:ac:96:ce:fc:2e:f7:73:de:bc:6d:19:13:4a:f5:0b:68:c0:10:52

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Google Inc,OU=Digital ID Class 3 - Netscape Object Signing,O=Google Inc,L=Mountain View,ST=California,C=US

12-09-2012 00:04
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegEnumKeyExW
RegQueryInfoKeyW
CryptVerifySignatureW
CryptDestroyKey
CryptDestroyHash
CryptCreateHash
CryptHashData
CryptGetHashParam
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
InitializeSid
GetSecurityDescriptorControl
GetSidLengthRequired
AddAce
InitializeAcl
SetNamedSecurityInfoW
GetLengthSid
RegOpenKeyExW
CopySid
IsValidSid
RegQueryValueExW
GetSidSubAuthority
MakeSelfRelativeSD
GetSecurityDescriptorLength
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegCloseKey
RegCreateKeyExW
OpenProcessToken
GetTokenInformation
OpenThreadToken
ConvertSidToStringSidW
MakeAbsoluteSD
CryptAcquireContextW
SetSecurityDescriptorOwner
CryptGenRandom
CryptReleaseContext
SetSecurityDescriptorGroup
InitializeSecurityDescriptor
EqualSid
ConvertStringSidToSidW
SetSecurityDescriptorDacl
GetAclInformation
LookupPrivilegeValueW
AdjustTokenPrivileges
CreateProcessAsUserW
GetSidIdentifierAuthority
GetSidSubAuthorityCount
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
RegisterTraceGuidsW
UnregisterTraceGuids
TraceEvent
DuplicateTokenEx
RevertToSelf
ImpersonateSelf
RegOpenCurrentUser
ImpersonateLoggedOnUser
RegisterEventSourceW
ReportEventW
DeregisterEventSource

kernel32

GetSystemTimeAsFileTime
VirtualAlloc
RtlUnwind
Sleep
FreeLibrary
InterlockedExchange
LoadLibraryA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
WideCharToMultiByte
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
FileTimeToSystemTime
SystemTimeToFileTime
OutputDebugStringA
GetPrivateProfileIntW
GetPrivateProfileStringW
OutputDebugStringW
CreateFileW
lstrcmpW
SetFilePointer
WaitForSingleObject
CloseHandle
ReleaseMutex
lstrcmpiW
GetLocalTime
CreateEventW
GetCurrentProcessId
LocalFree
FindFirstFileW
FindNextFileW
DeleteFileW
CopyFileW
MoveFileExW
GetFileTime
FlushFileBuffers
ReadFile
GetFileSize
FindClose
CompareFileTime
GetFileAttributesExW
GetStringTypeExW
FormatMessageW
WaitForMultipleObjects
InterlockedCompareExchange
CreateMutexW
GetModuleHandleW
TryEnterCriticalSection
SetEvent
GetVersionExW
lstrcpynW
GetLongPathNameW
GetExitCodeProcess
GetEnvironmentVariableW
CreateDirectoryW
GetFileAttributesW
RemoveDirectoryW
GetTempFileNameW
DuplicateHandle
LoadLibraryW
VirtualQuery
GetTempPathW
DeviceIoControl
ProcessIdToSessionId
GetSystemPowerStatus
OpenProcess
CreateProcessW
GetThreadLocale
VerSetConditionMask
VerifyVersionInfoW
LocalAlloc
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
ReadProcessMemory
WaitForMultipleObjectsEx
WaitForSingleObjectEx
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetPrivateProfileSectionNamesW
QueryDosDeviceW
GetLogicalDriveStringsW
CreateThread
GetComputerNameExW
GetSystemDefaultLangID
GetUserDefaultLangID
LoadLibraryExW
lstrlenA
lstrcmpA
GetStringTypeExA
FormatMessageA
SetFilePointerEx
WriteConsoleW
GetTickCount
QueryPerformanceCounter
VirtualFree
HeapCreate
GetCurrentThread
GetCurrentThreadId
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
MultiByteToWideChar
FreeEnvironmentStringsA
GetModuleFileNameW
FlushInstructionCache
WaitNamedPipeW
TransactNamedPipe
SetNamedPipeHandleState
RtlCaptureContext
ReleaseSemaphore
CreateSemaphoreW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
UnregisterWaitEx
QueryPerformanceFrequency
QueueUserWorkItem
GetFileSizeEx
CreateFileA
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
GetSystemInfo
VirtualProtect
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleA
GetProcAddress
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoW
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
IsProcessorFeaturePresent
FindResourceExW
LockResource
lstrlenW
LoadResource
RaiseException
SetLastError
InterlockedDecrement
GetLastError
FindResourceW
SizeofResource
ResetEvent

ole32

CoCreateInstance
IIDFromString
StringFromGUID2
CoTaskMemFree
CoCreateGuid
ReadClassStm
WriteClassStm
CoGetCallContext
CoImpersonateClient
CoRevertToSelf
CoRegisterPSClsid
OleSaveToStream
CoTaskMemAlloc
CoTaskMemRealloc
CoSetProxyBlanket
CoUninitialize
CoInitializeEx
CoGetObject

oleaut32

SafeArrayRedim
SafeArrayDestroy
SafeArrayCreate
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetVartype
SafeArrayUnlock
SafeArrayLock
SafeArrayCopy
SysReAllocStringLen
VarUI4FromStr
VariantChangeType
SysStringByteLen
SysAllocStringByteLen
SysStringLen
VariantInit
VariantClear
SysAllocString
LoadTypeLi
VarBstrCmp
SysAllocStringLen
LoadRegTypeLi
SysFreeString

user32

SetForegroundWindow
GetWindow
SystemParametersInfoW
GetWindowRect
GetParent
GetClientRect
GetWindowLongW
MapWindowPoints
SetWindowPos
PostQuitMessage
GetMessageW
DestroyWindow
AllowSetForegroundWindow
wsprintfW
MessageBoxW
DispatchMessageW
TranslateMessage
PeekMessageW
CharUpperW
CharLowerW
UnregisterClassA
wvsprintfW
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
EnumWindows
GetWindowThreadProcessId
CreateWindowExW
IsWindowVisible
CharLowerBuffA
CharNextA
IsWindow
LoadStringW
CharNextW
RegisterClassExW
GetClassInfoExW
LoadCursorW
CallWindowProcW
DefWindowProcW
KillTimer
SetTimer
SetWindowLongW

shell32

SHGetFolderLocation
SHGetDesktopFolder
ord680
SHGetFolderPathW
ShellExecuteExW
CommandLineToArgvW

iphlpapi

GetIfTable

netapi32

NetApiBufferFree
NetWkstaUserGetInfo
NetWkstaGetInfo

psapi

EnumProcesses
GetModuleFileNameExW
EnumProcessModules

shlwapi

PathIsRelativeW
SHQueryValueExW
UrlEscapeW
PathCreateFromUrlW
PathRemoveExtensionW
PathRemoveFileSpecW
PathStripPathW
PathCanonicalizeW
PathAddBackslashW
StrRetToStrW
PathFindFileNameW
PathAddExtensionW
PathFindExtensionW
UrlIsW
PathAppendW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

userenv

UnloadUserProfile
ExpandEnvironmentStringsForUserW
CreateEnvironmentBlock
DestroyEnvironmentBlock

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory
WTSEnumerateSessionsW

crypt32

CryptUnprotectData
CryptProtectData
CertDuplicateCertificateContext
CryptQueryObject
CertGetNameStringW
CertEnumCertificatesInStore
CertFreeCertificateContext
CertCloseStore
CryptImportPublicKeyInfo
CryptDecodeObjectEx
CryptStringToBinaryA

imagehlp

ImageGetDigestStream

wintrust

WinVerifyTrust

Sections

.text
Size: 392KB - Virtual size: 391KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b222db21110295fdc70c11baa7cd4a10

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

63:ec:ec:49:92:77:4c:31:43:8c:81:ad:31:36:e3:f2Certificate

Extended Key Usages

Key Usages

25:51:71:cb:c3:f1:06:f6:f4:1e:03:eb:77:cf:4f:e9Certificate

Extended Key Usages

30:ac:96:ce:fc:2e:f7:73:de:bc:6d:19:13:4a:f5:0b:68:c0:10:52Signer

Signature Validations

Verification

12-09-2012 00:04 Valid: false

Headers

File Characteristics

Imports

advapi32

kernel32

ole32

oleaut32

user32

shell32

iphlpapi

netapi32

psapi

shlwapi

version

userenv

wtsapi32

crypt32

imagehlp

wintrust

Sections

.text Size: 392KB - Virtual size: 391KB

.rdata Size: 72KB - Virtual size: 71KB

.data Size: 21KB - Virtual size: 35KB

.rsrc Size: 12KB - Virtual size: 12KB

.reloc Size: 81KB - Virtual size: 81KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

63:ec:ec:49:92:77:4c:31:43:8c:81:ad:31:36:e3:f2
Certificate

25:51:71:cb:c3:f1:06:f6:f4:1e:03:eb:77:cf:4f:e9
Certificate

30:ac:96:ce:fc:2e:f7:73:de:bc:6d:19:13:4a:f5:0b:68:c0:10:52
Signer

12-09-2012 00:04
Valid: false

.text
Size: 392KB - Virtual size: 391KB

.rdata
Size: 72KB - Virtual size: 71KB

.data
Size: 21KB - Virtual size: 35KB

.rsrc
Size: 12KB - Virtual size: 12KB

.reloc
Size: 81KB - Virtual size: 81KB