49fb021aa3d2a8ce60a67a2d6b3168b242c040df153cb14a6a6f192951d4c764

Sharing

Copy URL Twitter E-mail

General

Target

49fb021aa3d2a8ce60a67a2d6b3168b242c040df153cb14a6a6f192951d4c764
Size

849KB
MD5

7522fa328560b018df4436a9345d26df
SHA1

d083aff98fe698d44fcc41c6ab623cc97e5d927c
SHA256

49fb021aa3d2a8ce60a67a2d6b3168b242c040df153cb14a6a6f192951d4c764
SHA512

61755ee59b188fa5ea70a5eba3f2653b3bf55d479c128add15acfbaee37e75d1df2bc17033a552c70ac3f3d02321e265d866c7db58afd9fb92b638501e35b13a
SSDEEP

24576:ctcH4cLUBYyxcntu7I6RfzsKsjTLsvktqmXyT:cKHKoD6ZzsKsjTLsvktqmXyT

Score

N/A

Malware Config

Signatures

Files

49fb021aa3d2a8ce60a67a2d6b3168b242c040df153cb14a6a6f192951d4c764
.exe windows x86

5d9ab7229633e3d108061c8deb8f54ef

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

36:b8:da:6b:f0:0d:94:f1:58:30:10:01:ad:d6:52:7f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

22/02/2010, 00:00

Not After

22/02/2012, 23:59

Subject

CN=Google Inc,OU=Digital ID Class 3 - Java Object Signing,O=Google Inc,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

06:22:eb:36:65:a5:da:8b:f1:51:8f:87:94:16:7f:42:23:25:e2:66
Signer

Actual PE Digest

06:22:eb:36:65:a5:da:8b:f1:51:8f:87:94:16:7f:42:23:25:e2:66

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Google Inc,OU=Digital ID Class 3 - Java Object Signing,O=Google Inc,L=Mountain View,ST=California,C=US

21/06/2010, 15:27
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegDeleteKeyW
RegCloseKey
RegDeleteValueW
RegQueryInfoKeyW
RegOpenKeyExW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegOpenCurrentUser
GetAce
CopySid
IsValidSid
InitializeAcl
AddAce
InitializeSecurityDescriptor
GetAclInformation
GetLengthSid
MakeAbsoluteSD
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorControl
MakeSelfRelativeSD
GetSecurityDescriptorLength
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
CheckTokenMembership
OpenProcessToken
GetSecurityDescriptorSacl
AllocateAndInitializeSid
GetTokenInformation
FreeSid
RegFlushKey
RegQueryValueExW

kernel32

GetConsoleCP
SetStdHandle
CreateFileA
GetStringTypeA
GetStringTypeW
GetConsoleMode
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
FlushFileBuffers
FreeResource
OpenFileMappingW
InterlockedDecrement
GetModuleHandleW
GetLastError
DeleteFileW
LoadResource
MoveFileExW
SetFileAttributesW
EnterCriticalSection
SizeofResource
GetCurrentThreadId
lstrlenW
InterlockedIncrement
FreeLibrary
GetModuleFileNameW
CreateDirectoryW
FindResourceW
RaiseException
LoadLibraryExW
MultiByteToWideChar
DeleteCriticalSection
LeaveCriticalSection
InitializeCriticalSection
FindResourceExW
LockResource
GetCommandLineW
lstrcmpiW
LCMapStringA
GlobalAlloc
WideCharToMultiByte
LocalFree
VirtualQuery
GetCurrentProcess
GetSystemTime
GetCurrentThread
CreateFileW
LoadLibraryW
WaitForSingleObject
ReleaseSemaphore
CloseHandle
GetCurrentProcessId
RtlCaptureContext
CreateSemaphoreW
CreateThread
SetUnhandledExceptionFilter
GetProcAddress
WaitForMultipleObjects
SetEvent
ResetEvent
WriteFile
FindClose
FindNextFileW
FindFirstFileW
LCMapStringW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetSystemInfo
ReleaseMutex
CreateMutexW
VerifyVersionInfoW
VerSetConditionMask
SetLastError
GetSystemTimeAsFileTime
CopyFileW
FlushViewOfFile
GetFileSize
LocalFileTimeToFileTime
SetFileTime
GetFileAttributesW
ReadFile
GetCurrentDirectoryW
SetFilePointer
SystemTimeToFileTime
FlushInstructionCache
CompareStringW
lstrcpyW
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedCompareExchange
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleA
ExitProcess
VirtualProtect
RtlUnwind
HeapCreate
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
Sleep
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
QueryPerformanceCounter
GetTickCount
GetCPInfo
GetOEMCP
IsValidCodePage

shlwapi

PathCombineW
PathFileExistsW
PathFindFileNameW

urlmon

URLDownloadToFileW

user32

DrawFocusRect
TranslateMessage
GetWindowTextLengthW
GetClientRect
DispatchMessageW
GetMessageW
GetFocus
SetCapture
SetWindowLongW
UnregisterClassA
DestroyWindow
DefWindowProcW
CharNextW
GetDesktopWindow
OffsetRect
ReleaseCapture
IsWindow
wsprintfW
wvsprintfW
GetCapture
SetCursor
CreateWindowExW
GetDC
UpdateWindow
GetWindowLongW
InvalidateRect
SetWindowTextW
ShowWindow
CallWindowProcW
GetWindowRect
GetCursorPos
SystemParametersInfoW
ScreenToClient
GetWindow
KillTimer
GetDlgCtrlID
SetRectEmpty
RegisterClassExW
DrawTextW
FillRect
EndPaint
GetWindowTextW
GetClassInfoExW
PtInRect
IsWindowEnabled
PostMessageW
SendMessageW
ReleaseDC
GetParent
GetClassNameW
BeginPaint
SetFocus
LoadCursorW
SetWindowPos
SetTimer
GetSysColor

wininet

DeleteUrlCacheEntryW

uxtheme

IsAppThemed
DrawThemeParentBackground

ole32

CoTaskMemFree
CoUninitialize
CoInitialize
CoTaskMemAlloc
CoCreateInstance
CoTaskMemRealloc

oleaut32

VarUI4FromStr

comctl32

InitCommonControlsEx
ImageList_GetIconSize
_TrackMouseEvent
ImageList_GetImageInfo
ImageList_SetBkColor
ImageList_Draw
ImageList_Destroy
ImageList_LoadImageW

gdi32

GetObjectW
SetTextColor
GetStockObject
CreatePen
TextOutW
CreateFontIndirectW
SelectObject
GetTextExtentExPointW
Rectangle
DeleteDC
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SetBkMode
DeleteObject
CreateSolidBrush

dbghelp

SymGetModuleBase64
StackWalk64
SymFunctionTableAccess64

userenv

UnloadUserProfile

shell32

SHGetFolderPathW
ord165
ShellExecuteW
SHGetSpecialFolderPathW

Sections

.text
Size: 632KB - Virtual size: 632KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5d9ab7229633e3d108061c8deb8f54ef

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

36:b8:da:6b:f0:0d:94:f1:58:30:10:01:ad:d6:52:7fCertificate

Extended Key Usages

Key Usages

06:22:eb:36:65:a5:da:8b:f1:51:8f:87:94:16:7f:42:23:25:e2:66Signer

Signature Validations

Verification

21/06/2010, 15:27 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

shlwapi

urlmon

user32

wininet

uxtheme

ole32

oleaut32

comctl32

gdi32

dbghelp

userenv

shell32

Sections

.text Size: 632KB - Virtual size: 632KB

.rdata Size: 112KB - Virtual size: 112KB

.data Size: 14KB - Virtual size: 22KB

.rsrc Size: 41KB - Virtual size: 41KB

.reloc Size: 42KB - Virtual size: 41KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

36:b8:da:6b:f0:0d:94:f1:58:30:10:01:ad:d6:52:7f
Certificate

06:22:eb:36:65:a5:da:8b:f1:51:8f:87:94:16:7f:42:23:25:e2:66
Signer

21/06/2010, 15:27
Valid: false

.text
Size: 632KB - Virtual size: 632KB

.rdata
Size: 112KB - Virtual size: 112KB

.data
Size: 14KB - Virtual size: 22KB

.rsrc
Size: 41KB - Virtual size: 41KB

.reloc
Size: 42KB - Virtual size: 41KB