eef77f7b74f5d370ce384ba7314bac0f0607bfb592f02e9b046bf819d37a2f2e

Sharing

Copy URL Twitter E-mail

General

Target

eef77f7b74f5d370ce384ba7314bac0f0607bfb592f02e9b046bf819d37a2f2e
Size

255KB
MD5

4be20467c08a8eeaf194d337a6505a9b
SHA1

a50dadfb072f8c4408dac5b22f9ffebb6cd5ad94
SHA256

eef77f7b74f5d370ce384ba7314bac0f0607bfb592f02e9b046bf819d37a2f2e
SHA512

7f6f683d57b9cec9f5952d677bae665d77b2824af202595d7d0b08bad289999064d13910eeeb3534221b0dd6a2f580e0bde82c1aebf218688ab58926a8c94935
SSDEEP

6144:tRowOjQrKy7ovOUMalK98MUJKAT2clpl+y2HFUtjWs:trwIons6McObWjWs

Score

N/A

Malware Config

Signatures

Files

eef77f7b74f5d370ce384ba7314bac0f0607bfb592f02e9b046bf819d37a2f2e
.exe windows x86

ab6f1cd8fe47b0fc05ea590d4b2f7303

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1c:2d:d6:1a:35:e6:5d:f6:29:97:01:ff:9b:e5:ca:44
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

20/01/2010, 00:00

Not After

24/01/2012, 23:59

Subject

CN=BITDEFENDER LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BITDEFENDER LLC,L=Fort Lauderdale,ST=Florida,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8f:5a:05:e9:89:c0:ff:e0:ca:a9:12:85:8f:23:e7:14:4f:e9:68:49
Signer

Actual PE Digest

8f:5a:05:e9:89:c0:ff:e0:ca:a9:12:85:8f:23:e7:14:4f:e9:68:49

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=BITDEFENDER LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BITDEFENDER LLC,L=Fort Lauderdale,ST=Florida,C=US

07/05/2010, 16:02
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetWindowsDirectoryA
GlobalGetAtomNameW
GetVersion
MoveFileW
lstrcmpiW
GetTimeFormatW
SetComputerNameA
CreateSemaphoreA
OpenEventW
GetFileTime
GetProcessHeaps
CreateNamedPipeW
IsBadWritePtr
SleepEx
GetSystemDefaultLangID
GetStringTypeW
IsBadStringPtrW
Beep
WaitForMultipleObjects
OpenFile
lstrcpyW
EnumCalendarInfoW
CompareStringW
DeleteAtom
GetProcAddress
lstrcmpA
GetCPInfo
CompareStringA
CopyFileExW
GetUserDefaultLCID
CreateEventA
OpenWaitableTimerA
GetSystemDefaultLCID
SetCalendarInfoA
lstrcpy
GetModuleHandleA
EndUpdateResourceA
GetLogicalDriveStringsA
MulDiv
GetEnvironmentVariableA
GetSystemDirectoryW
GetTempPathW
GetLogicalDriveStringsW
GetNumberFormatW

user32

EndMenu
WinHelpW
CreatePopupMenu
GetWindowRect
CreateWindowExW
FlashWindow
GetMenuItemCount
GetDCEx
SetForegroundWindow
GetClassLongA
CopyIcon

gdi32

SetBkMode
EnumMetaFile
SetGraphicsMode
CreatePalette
SetPaletteEntries
PolylineTo
PtVisible
GetCharABCWidthsI
SetBrushOrgEx
StartFormPage
EndPage
CreateDCW
GetDCBrushColor
UpdateColors
GetTextCharsetInfo
CreateDIBSection
DeleteMetaFile
GetSystemPaletteEntries
CreateDIBPatternBrush
RectInRegion

advapi32

RegEnumValueW
RegOpenKeyA
RegRestoreKeyW
OpenServiceA
RegCreateKeyExW
RegSaveKeyA
OpenSCManagerA

shell32

SHGetDataFromIDListW
ShellExecuteExA
ExtractIconEx
StrStrA
StrRChrIA
StrChrIA
StrStrIW

ole32

CoGetClassVersion
CoGetInstanceFromIStorage
CLSIDFromProgID
CoGetClassObject
CoGetCurrentProcess
OleUninitialize

oleaut32

GetActiveObject
VarI8FromUI1
VarI8FromBool

opengl32

glCopyTexImage1D
glVertex4d
glBlendFunc
glEnable

setupapi

SetupQueryInfOriginalFileInformationW
pSetupCenterWindowRelativeToParent
pSetupStringTableGetExtraData
CM_Request_Eject_PC
CM_Set_Class_Registry_PropertyW
SetupDiGetClassRegistryPropertyA
CM_Get_Hardware_Profile_Info_ExA
SetupDiGetHwProfileListExA
SetupDefaultQueueCallbackA
SetupDiGetClassRegistryPropertyW

wininet

InternetOpenA
InternetSetOptionW
RetrieveUrlCacheEntryStreamA
GetUrlCacheEntryInfoA

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.z
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Zjb
Size: 2KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.YYnL
Size: 1024B - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mPC
Size: 3KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.h
Size: 1024B - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MFa
Size: 2KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.RNh
Size: 512B - Virtual size: 249KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 214KB - Virtual size: 213KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ab6f1cd8fe47b0fc05ea590d4b2f7303

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

1c:2d:d6:1a:35:e6:5d:f6:29:97:01:ff:9b:e5:ca:44Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

8f:5a:05:e9:89:c0:ff:e0:ca:a9:12:85:8f:23:e7:14:4f:e9:68:49Signer

Signature Validations

Verification

07/05/2010, 16:02 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

opengl32

setupapi

wininet

Sections

.text Size: 12KB - Virtual size: 11KB

.z Size: 512B - Virtual size: 4KB

.Zjb Size: 2KB - Virtual size: 24KB

.YYnL Size: 1024B - Virtual size: 19KB

.mPC Size: 3KB - Virtual size: 30KB

.data Size: 8KB - Virtual size: 8KB

.h Size: 1024B - Virtual size: 13KB

.MFa Size: 2KB - Virtual size: 12KB

.RNh Size: 512B - Virtual size: 249KB

.rsrc Size: 214KB - Virtual size: 213KB

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

1c:2d:d6:1a:35:e6:5d:f6:29:97:01:ff:9b:e5:ca:44
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

8f:5a:05:e9:89:c0:ff:e0:ca:a9:12:85:8f:23:e7:14:4f:e9:68:49
Signer

07/05/2010, 16:02
Valid: false

.text
Size: 12KB - Virtual size: 11KB

.z
Size: 512B - Virtual size: 4KB

.Zjb
Size: 2KB - Virtual size: 24KB

.YYnL
Size: 1024B - Virtual size: 19KB

.mPC
Size: 3KB - Virtual size: 30KB

.data
Size: 8KB - Virtual size: 8KB

.h
Size: 1024B - Virtual size: 13KB

.MFa
Size: 2KB - Virtual size: 12KB

.RNh
Size: 512B - Virtual size: 249KB

.rsrc
Size: 214KB - Virtual size: 213KB