b4a5f814ae2997ca81d637189911a647958edb796d06712aa7f76801d09804f2

Sharing

Copy URL Twitter E-mail

General

Target

b4a5f814ae2997ca81d637189911a647958edb796d06712aa7f76801d09804f2
Size

347KB
MD5

089bb9a209f2618587d806a413eee3e5
SHA1

7252d484beef0dc7ff6c7642993fcc3cb71ab6d4
SHA256

b4a5f814ae2997ca81d637189911a647958edb796d06712aa7f76801d09804f2
SHA512

888a02f059f8e111ac9963558f87dd2033d15dfecca1b37d7bae6d242eff8c18294112e0a7ffad091d93f1fc652fad6bfec4dc6e0443e0e833b34ed2532d561a
SSDEEP

6144:0J3C7xSQddPe+eu0udTPLZEKqVoORnWGLeBZr42+Qr4s7A:QQdd2+euxDnRORnWiesbynA

Score

N/A

Malware Config

Signatures

Files

b4a5f814ae2997ca81d637189911a647958edb796d06712aa7f76801d09804f2
.exe windows x86

f140b986153708421d3b10cd94f54c98

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

84:1d:09:9d:16:b7:38:f3:41:72:fe:ef:e1:d2:57:4f
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

20/09/2011, 00:00

Not After

19/09/2014, 23:59

Subject

CN=Somoto Ltd.,O=Somoto Ltd.,POSTALCODE=61580,STREET=PO Box 58096,L=Tel Aviv,ST=--,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

8e:cc:5f:97:f4:78:1c:fd:34:85:bb:d2:f6:cb:e6:0e:12:ae:a1:b6
Signer

Actual PE Digest

8e:cc:5f:97:f4:78:1c:fd:34:85:bb:d2:f6:cb:e6:0e:12:ae:a1:b6

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Somoto Ltd.,O=Somoto Ltd.,POSTALCODE=61580,STREET=PO Box 58096,L=Tel Aviv,ST=--,C=IL

03/10/2012, 06:22
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetConnectA
HttpQueryInfoA
InternetOpenA
InternetQueryDataAvailable
InternetReadFile
InternetCrackUrlA
HttpOpenRequestA
InternetCloseHandle
HttpSendRequestA

shlwapi

PathAddBackslashA
UrlCreateFromPathA
PathIsURLA
StrDupA
StrStrIA
AssocQueryStringA
PathAppendA
PathIsDirectoryEmptyA
PathFileExistsA
StrChrA
PathFindFileNameA
PathFindExtensionA
PathRemoveFileSpecA
PathCombineA
PathAddExtensionA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

gdiplus

GdipFillPath
GdipFillRectangle
GdipDrawPath
GdipDrawLineI
GdipSetPageUnit
GdipSetSmoothingMode
GdipReleaseDC
GdipCreateFromHDC
GdipAddPathArcI
GdipClosePathFigure
GdipResetPath
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetPenMode
GdipDrawString
GdipDeleteFont
GdipCreateFont
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFontFamilyFromName
GdipFlush
GdipDeleteGraphics
GdipDeletePath
GdipCreatePath
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeletePen
GdipCreatePen1
GdipDeleteBrush
GdipAlloc
GdipFree
GdiplusStartup
GdiplusShutdown
GdipCreateFontFromDC
GdipCloneBrush
GdipDisposeImage
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromResource
GdipCreateHBITMAPFromBitmap
GdipCloneImage
GdipCreateSolidFill

psapi

GetProcessMemoryInfo

iphlpapi

GetAdaptersInfo

kernel32

FreeEnvironmentStringsA
InitializeCriticalSectionAndSpinCount
LCMapStringW
LCMapStringA
HeapSize
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
SetFilePointer
FlushFileBuffers
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
GetEnvironmentStrings
GetStdHandle
SetHandleCount
HeapReAlloc
VirtualAlloc
DeleteCriticalSection
VirtualFree
HeapCreate
InterlockedDecrement
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsAlloc
TlsSetValue
GetFileType
FreeEnvironmentStringsW
GetSystemTimeAsFileTime
GetModuleFileNameA
lstrcpyA
GetEnvironmentStringsW
FindNextFileA
lstrcmpA
FindFirstFileA
CloseHandle
WaitForSingleObject
SetEvent
GlobalReAlloc
GlobalAlloc
DeleteFileA
WriteFile
GetTickCount
CreateFileA
GetTempPathA
lstrcmpiA
GlobalFree
CreateThread
CreateEventA
Process32Next
OpenProcess
Process32First
CreateToolhelp32Snapshot
FindClose
LocalFree
ExpandEnvironmentStringsA
CreateProcessA
Sleep
CompareFileTime
GetExitCodeProcess
MulDiv
CreateMutexA
GlobalMemoryStatusEx
GetSystemInfo
GetVersionExA
MultiByteToWideChar
lstrcpynA
GetModuleHandleA
FreeLibrary
GetProcAddress
LoadLibraryA
IsBadWritePtr
TlsFree
QueryPerformanceCounter
GetCurrentProcessId
SetStdHandle
WriteConsoleA
ReadFile
GetConsoleOutputCP
WriteConsoleW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
TlsGetValue
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
HeapFree
RtlUnwind
GetModuleHandleW
ExitProcess
GetCommandLineA
GetStartupInfoA
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
SetEndOfFile
GetProcessHeap
InitializeCriticalSection
GetLastError

user32

GetFocus
CreateCursor
IsWindow
SystemParametersInfoA
DialogBoxParamA
WaitForInputIdle
PostQuitMessage
KillTimer
InvalidateRect
SetDlgItemTextA
MoveWindow
EnableWindow
SetTimer
LoadIconA
SetWindowTextA
SendDlgItemMessageA
SendMessageTimeoutA
GetWindowLongA
SetWindowLongA
GetDC
ReleaseDC
DrawFocusRect
ShowWindow
CreateWindowExA
SetWindowPos
LoadBitmapA
GetWindowTextA
GetSysColor
DrawTextA
AnimateWindow
GetDlgItem
EndDialog
BeginPaint
EndPaint
GetClientRect
IsWindowVisible
GetCursorPos
SetForegroundWindow
EnableMenuItem
TrackPopupMenuEx
FindWindowA
GetMessageA
PeekMessageA
SendMessageA
DestroyCursor
CallWindowProcA
LoadCursorA
SetCursor
ReleaseCapture
ClientToScreen
PostThreadMessageA
PtInRect
SetFocus
SetCapture
PostMessageA
GetParent
SetWindowRgn
FillRect
InflateRect
LoadMenuA
IsDialogMessageA
TranslateMessage
DispatchMessageA
DestroyMenu
CreateDialogParamA
UpdateWindow
GetWindowRect
GetWindowTextLengthA
GetSubMenu
DestroyWindow

gdi32

CreateFontIndirectA
CreateRoundRectRgn
CreateSolidBrush
GetTextMetricsA
SetBkMode
GetBitmapDimensionEx
CreateCompatibleDC
GetObjectA
StretchBlt
SetTextColor
BitBlt
DeleteDC
GetDeviceCaps
CreateFontA
CreatePen
SelectObject
GetStockObject
DeleteObject
Rectangle

advapi32

CryptAcquireContextA
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash
RegDeleteKeyA
RegDeleteValueA
RegFlushKey
RegOpenKeyA
RegQueryValueExA
RegCreateKeyA
RegSetValueExA
RegCloseKey
CryptDecrypt
CryptEncrypt
CryptDestroyKey
CryptImportKey
CryptSetKeyParam
CryptReleaseContext

shell32

ShellExecuteA
ShellExecuteExA
Shell_NotifyIconA
SHGetFolderPathA
SHChangeNotify

ole32

CoInitialize
CoCreateInstance
CoCreateGuid

Sections

.text
Size: 131KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f140b986153708421d3b10cd94f54c98

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

84:1d:09:9d:16:b7:38:f3:41:72:fe:ef:e1:d2:57:4fCertificate

Extended Key Usages

Key Usages

8e:cc:5f:97:f4:78:1c:fd:34:85:bb:d2:f6:cb:e6:0e:12:ae:a1:b6Signer

Signature Validations

Verification

03/10/2012, 06:22 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

wininet

shlwapi

version

gdiplus

psapi

iphlpapi

kernel32

user32

gdi32

advapi32

shell32

ole32

Sections

.text Size: 131KB - Virtual size: 130KB

.rdata Size: 26KB - Virtual size: 26KB

.data Size: 6KB - Virtual size: 30KB

.rsrc Size: 26KB - Virtual size: 25KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

84:1d:09:9d:16:b7:38:f3:41:72:fe:ef:e1:d2:57:4f
Certificate

8e:cc:5f:97:f4:78:1c:fd:34:85:bb:d2:f6:cb:e6:0e:12:ae:a1:b6
Signer

03/10/2012, 06:22
Valid: false

.text
Size: 131KB - Virtual size: 130KB

.rdata
Size: 26KB - Virtual size: 26KB

.data
Size: 6KB - Virtual size: 30KB

.rsrc
Size: 26KB - Virtual size: 25KB