f2f26ce7a438725efdf78c76d62bc5ab74875e41a6005ff1a360f871667c488a

Sharing

Copy URL Twitter E-mail

General

Target

f2f26ce7a438725efdf78c76d62bc5ab74875e41a6005ff1a360f871667c488a
Size

37KB
MD5

65ed74ab82815dd1e814e5023f047d74
SHA1

6febd931ccfafa0a8aa28d7b3f8f652ce98151e7
SHA256

f2f26ce7a438725efdf78c76d62bc5ab74875e41a6005ff1a360f871667c488a
SHA512

dbb260d3b0b89401faf9fb5880641dcb7be909f53877b0dec800840a8e2ad1745147464c8d66f6c51c469a30890a5d0131cdf0721086da8f11c281d71f6bf40c
SSDEEP

768:xCVd8Cr7xLK8bG+r0NjjQZSZK78oy2WU8Cu1jA:xCVdVr7RK4gRi8FoHf8Cu18

Score

N/A

Malware Config

Signatures

Files

f2f26ce7a438725efdf78c76d62bc5ab74875e41a6005ff1a360f871667c488a
.exe windows x86

6c30f6faa4cdb8e568d26fdd9e8f0e30

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0f:78:4d:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2007, 00:23

Not After

23/02/2009, 00:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:53

Not After

16/09/2011, 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:53

Not After

16/09/2011, 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a0:eb:c3:4b:25:6c:5f:5e:b6:b0:13:87:74:f3:d0:3b:25:ae:c6:14
Signer

Actual PE Digest

a0:eb:c3:4b:25:6c:5f:5e:b6:b0:13:87:74:f3:d0:3b:25:ae:c6:14

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

04/07/2008, 01:37
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
GetModuleFileNameA
SetFilePointer
FreeLibrary
FreeResource
LoadResource
SizeofResource
Sleep
WriteFile
LoadLibraryA
SetUnhandledExceptionFilter
OpenSemaphoreA
GetTempPathA
GetSystemDirectoryA
HeapAlloc
CloseHandle
GetCurrentProcess
WriteProcessMemory
GetLocalTime
GetTickCount
GetProcAddress
GetVersionExA
GetCommandLineA
GetStartupInfoA
ExitProcess
GetModuleHandleA
GetProcessHeap

user32

wsprintfA

advapi32

RegOpenKeyA
RegQueryValueExA
RegSetValueExA
RegCloseKey

shell32

ShellExecuteA

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 1004B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6c30f6faa4cdb8e568d26fdd9e8f0e30

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:0f:78:4d:00:00:00:00:00:03Certificate

Extended Key Usages

Key Usages

61:47:52:ba:00:00:00:00:00:04Certificate

Extended Key Usages

Key Usages

61:47:52:ba:00:00:00:00:00:04Certificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

a0:eb:c3:4b:25:6c:5f:5e:b6:b0:13:87:74:f3:d0:3b:25:ae:c6:14Signer

Signature Validations

Verification

04/07/2008, 01:37 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 1024B - Virtual size: 1004B

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 22KB - Virtual size: 21KB

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:0f:78:4d:00:00:00:00:00:03
Certificate

61:47:52:ba:00:00:00:00:00:04
Certificate

61:47:52:ba:00:00:00:00:00:04
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

a0:eb:c3:4b:25:6c:5f:5e:b6:b0:13:87:74:f3:d0:3b:25:ae:c6:14
Signer

04/07/2008, 01:37
Valid: false

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 1024B - Virtual size: 1004B

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 22KB - Virtual size: 21KB