c5e903f0e125d815c666fbd00cdf81b5e7b076a306013a31ebad33eaa89c5316

Sharing

Copy URL Twitter E-mail

General

Target

c5e903f0e125d815c666fbd00cdf81b5e7b076a306013a31ebad33eaa89c5316
Size

296KB
MD5

602308b987f1ca9e4bc69d45f1a1c3b1
SHA1

1a0b55f615a475c764e12910fc20bb590182a4b9
SHA256

c5e903f0e125d815c666fbd00cdf81b5e7b076a306013a31ebad33eaa89c5316
SHA512

c9688f465ce6b827e3eed7b93673a02f6fb23e050e07d96422240f33d2f73d28c8d18f34bd59cb12d0baf34508f7995920894962c3db4aef7504d2e3265c15de
SSDEEP

3072:02Aui+uakt0Rm1N92QA9j+X0pCk2cItRuZ5HxoMMxcAbUE6kkU4WVYytiG3gJ5FH:0X+Otroj+XqIQVGaAbR6kkqVF3gyUN

Score

N/A

Malware Config

Signatures

Files

c5e903f0e125d815c666fbd00cdf81b5e7b076a306013a31ebad33eaa89c5316
.dll windows x86

05a78e143ba0b86c73d76fdf8c0f7470

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

2b:5a:38:31:57:ef:c7:cd:26:17:ef:32:f0:a7:ac:b9
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

03/11/2009, 00:00

Not After

28/10/2011, 23:59

Subject

CN=NHN USA Inc.,O=NHN USA Inc.,L=Irvine,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8f:b7:9c:02:3a:52:c1:b5:2c:5e:68:2d:48:3d:01:54:ef:2d:3d:15
Signer

Actual PE Digest

8f:b7:9c:02:3a:52:c1:b5:2c:5e:68:2d:48:3d:01:54:ef:2d:3d:15

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=NHN USA Inc.,O=NHN USA Inc.,L=Irvine,ST=California,C=US

17/06/2011, 14:46
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
DisconnectNamedPipe
ConnectNamedPipe
CreateNamedPipeA
lstrlenW
GetCommandLineA
GetFileSizeEx
SetEndOfFile
SetFilePointerEx
GetFileTime
LocalFree
FormatMessageA
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetCurrentThreadId
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
Process32Next
WriteFile
GetStdHandle
GetModuleFileNameA
GetConsoleCP
GetConsoleMode
ReadFile
FlushFileBuffers
SetFilePointer
SetHandleCount
GetFileType
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
CreateEventA
EnterCriticalSection
CreateToolhelp32Snapshot
GetProcAddress
DeleteCriticalSection
InitializeCriticalSection
DisableThreadLibraryCalls
ReleaseMutex
SetErrorMode
MoveFileExA
CreateMutexA
CloseHandle
lstrcpyA
CreateThread
SetLastError
FreeLibrary
LoadLibraryA
GetTickCount
Sleep
GlobalMemoryStatus
CreatePipe
GetStartupInfoA
PeekNamedPipe
MoveFileA
GetDriveTypeA
GetLastError
SetFileTime
MultiByteToWideChar
LeaveCriticalSection
FreeResource
GetFileAttributesA
DeviceIoControl
CreateFileA
GetSystemDirectoryA
GetSystemInfo
GetVolumeInformationA
GetDiskFreeSpaceExA
GetCurrentProcess
GetProcessHeap
HeapAlloc
HeapFree
GetVersionExA
ProcessIdToSessionId
QueryPerformanceCounter
Process32First
WideCharToMultiByte
LCMapStringA
lstrcatA
CopyFileA
ExitProcess
SetFileAttributesA

user32

mouse_event
MapVirtualKeyA
keybd_event
OpenClipboard
GetClipboardData
CloseClipboard
EmptyClipboard
GetDesktopWindow
SystemParametersInfoA
GetWindowRect
GetWindowDC
ReleaseDC
CloseDesktop
SwitchDesktop
OpenDesktopA
GetUserObjectInformationA
OpenInputDesktop
PostMessageA
GetClassNameA
FindWindowA
EnumDesktopWindows
SetThreadDesktop
GetThreadDesktop
CloseWindowStation
SetProcessWindowStation
OpenWindowStationA
GetProcessWindowStation
GetCursorPos
wsprintfA
SetClipboardData

gdi32

GetDIBits
GetSystemPaletteEntries
CreatePalette
SelectPalette
RealizePalette
GetObjectA
BitBlt
SelectObject
SetPixel
GetBitmapBits
DeleteObject
CreateDCA
GetDeviceCaps
DeleteDC
GdiFlush
CreateCompatibleBitmap
CreateBitmap
CreateCompatibleDC

advapi32

SetTokenInformation
GetTokenInformation
LookupAccountSidA
RevertToSelf
RegCloseKey
DuplicateTokenEx
BuildTrusteeWithSidA
AllocateAndInitializeSid
SetKernelObjectSecurity
ImpersonateLoggedOnUser
SetSecurityDescriptorDacl
MakeAbsoluteSD
SetEntriesInAclA
GetSecurityDescriptorDacl
GetKernelObjectSecurity
FreeSid
CreateProcessAsUserA
LogonUserA
CloseServiceHandle
OpenServiceA
CreateServiceA
OpenSCManagerA
StartServiceA
RegDeleteKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
RegOpenKeyA
OpenProcessToken

shell32

SHFileOperationA
CommandLineToArgvW

ole32

CoInitialize
CoCreateInstance

ws2_32

send
__WSAFDIsSet
recvfrom
htons
shutdown
WSACleanup
WSADuplicateSocketA
ntohs
gethostname
gethostbyname
inet_addr
inet_ntoa
select
WSAGetLastError
ntohl
getsockname
getpeername
WSAIoctl

shlwapi

PathFileExistsA

dnsapi

DnsRecordListFree
DnsFlushResolverCache
DnsQuery_A

netapi32

NetApiBufferFree
NetUserEnum
NetUserDel
NetUserSetInfo
NetLocalGroupAddMembers
NetUserAdd

psapi

GetModuleBaseNameA
EnumProcesses
GetModuleFileNameExA
EnumProcessModules

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationA

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

Exports

Exports

LpkPresent
ScriptApplyDigitSubstitution
ScriptApplyLogicalWidth
ScriptBreak
ScriptCPtoX
ScriptCacheGetHeight
ScriptFreeCache
ScriptGetCMap
ScriptGetFontProperties
ScriptGetGlyphABCWidth
ScriptGetLogicalWidths
ScriptGetProperties
ScriptIsComplex
ScriptItemize
ScriptJustify
ScriptLayout
ScriptPlace
ScriptRecordDigitSubstitution
ScriptShape
ScriptStringAnalyse
ScriptStringCPtoX
ScriptStringFree
ScriptStringGetLogicalWidths
ScriptStringGetOrder
ScriptStringOut
ScriptStringValidate
ScriptStringXtoCP
ScriptString_pLogAttr
ScriptString_pSize
ScriptString_pcOutChars
ScriptTextOut
ScriptXtoCP
UspAllocCache
UspAllocTemp
UspFreeMem

Sections

.text
Size: 188KB - Virtual size: 185KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

05a78e143ba0b86c73d76fdf8c0f7470

Code Sign

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

2b:5a:38:31:57:ef:c7:cd:26:17:ef:32:f0:a7:ac:b9Certificate

Extended Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

8f:b7:9c:02:3a:52:c1:b5:2c:5e:68:2d:48:3d:01:54:ef:2d:3d:15Signer

Signature Validations

Verification

17/06/2011, 14:46 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

ws2_32

shlwapi

dnsapi

netapi32

psapi

wtsapi32

userenv

version

Exports

Exports

Sections

.text Size: 188KB - Virtual size: 185KB

.rdata Size: 44KB - Virtual size: 41KB

.data Size: 28KB - Virtual size: 43KB

.rsrc Size: 16KB - Virtual size: 12KB

.reloc Size: 12KB - Virtual size: 11KB

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

2b:5a:38:31:57:ef:c7:cd:26:17:ef:32:f0:a7:ac:b9
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

8f:b7:9c:02:3a:52:c1:b5:2c:5e:68:2d:48:3d:01:54:ef:2d:3d:15
Signer

17/06/2011, 14:46
Valid: false

.text
Size: 188KB - Virtual size: 185KB

.rdata
Size: 44KB - Virtual size: 41KB

.data
Size: 28KB - Virtual size: 43KB

.rsrc
Size: 16KB - Virtual size: 12KB

.reloc
Size: 12KB - Virtual size: 11KB