74120aefe9c8a14de3dc62be2b3e8741b4f3448c0ca110ac645b5e57938860ab

Sharing

Copy URL

Twitter E-mail

General

Target

74120aefe9c8a14de3dc62be2b3e8741b4f3448c0ca110ac645b5e57938860ab
Size

1.3MB
MD5

1941e2f676cc458c577e052d8bee8736
SHA1

0d09c1aaf17fa6d82d34e8c28342f0de2dffc65f
SHA256

74120aefe9c8a14de3dc62be2b3e8741b4f3448c0ca110ac645b5e57938860ab
SHA512

00641ff27a2100f70387cd4cce5ce8f915e8f1d1caf3f1e57adb8963c1fd7a1459c9dd9716449ce684492f1981e97991f86f1842d631fe592246fb862099e59a
SSDEEP

24576:/hKwCdDOwv1yDqDOPgC4wO2Ub7AcGYGI67GmnKPmqfdG4:Z8dDOwv1yDqDOPg9wO2UbUx7GmnKPxx

Score

N/A

Malware Config

Signatures

Files

74120aefe9c8a14de3dc62be2b3e8741b4f3448c0ca110ac645b5e57938860ab
.exe windows x86

6b703e656a52cfdbbbaa6bf73d771b59

Code Sign

02:3a:64
Certificate

Issuer

CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US

Not Before

18-10-2012 14:38

Not After

20-05-2022 14:38

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7e:1f:df:72:99:e8:d2:45:a1:5d:0b:a8:e5:b1:59:ba
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

19-05-2022 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

30-09-2010 00:00

Not After

01-01-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:e2:8b:26:db:59:3e:c4:e7:32:86:b6:64:99:c3:70
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

14-11-2011 00:00

Not After

13-11-2014 23:59

Subject

CN=Google Inc,OU=Digital ID Class 3 - Java Object Signing,O=Google Inc,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

e8:db:ae:f7:b6:d0:eb:51:f0:56:01:db:d0:2f:8d:3f:cc:08:0a:04
Signer

Actual PE Digest

e8:db:ae:f7:b6:d0:eb:51:f0:56:01:db:d0:2f:8d:3f:cc:08:0a:04

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Google Inc,OU=Digital ID Class 3 - Java Object Signing,O=Google Inc,L=Mountain View,ST=California,C=US

08-01-2013 00:06
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathRemoveFileSpecW
PathFileExistsW

kernel32

DuplicateHandle
GetModuleHandleW
GetExitCodeProcess
WaitForSingleObject
SizeofResource
LockResource
LoadResource
FindResourceW
GetFileTime
CreateFileW
GetSystemTimeAsFileTime
LocalFree
WTSGetActiveConsoleSessionId
VirtualFree
SetFilePointer
ReadFile
FreeLibrary
VirtualAlloc
SystemTimeToFileTime
QueryPerformanceCounter
TzSpecificLocalTimeToSystemTime
QueryPerformanceFrequency
GetUserDefaultLangID
CreateMutexW
GetTickCount
FormatMessageA
WriteFile
SetLastError
ReleaseMutex
GetCurrentProcessId
CreateEventW
ExpandEnvironmentStringsW
InterlockedExchange
SetEnvironmentVariableW
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
IsDebuggerPresent
GetNativeSystemInfo
GetVersionExW
SetEndOfFile
FlushFileBuffers
SetInformationJobObject
SetHandleInformation
VirtualQueryEx
OpenProcess
AssignProcessToJobObject
GetStdHandle
GetProcessId
HeapSetInformation
ResumeThread
LocalAlloc
MapViewOfFile
UnmapViewOfFile
GetTempPathW
GetFileAttributesW
GetCurrentDirectoryW
GetLongPathNameW
CreateFileMappingW
QueryDosDeviceW
GetLocaleInfoW
GetUserDefaultUILanguage
RaiseException
GetCurrentThreadId
CreateThread
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InterlockedExchangeAdd
TlsGetValue
TlsSetValue
TlsAlloc
TlsFree
RtlCaptureStackBackTrace
GetSystemDirectoryW
GetWindowsDirectoryW
RegisterWaitForSingleObject
UnregisterWaitEx
GetModuleHandleExW
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
InterlockedIncrement
SetEvent
ResetEvent
WaitForMultipleObjects
ReleaseSemaphore
InterlockedDecrement
RtlCaptureContext
CreateSemaphoreW
InitializeCriticalSection
GetThreadContext
SuspendThread
WaitNamedPipeW
TransactNamedPipe
SetNamedPipeHandleState
VirtualAllocEx
WriteProcessMemory
VirtualProtectEx
TerminateJobObject
SignalObjectAndWait
GetProcessHandleCount
VirtualFreeEx
CreateJobObjectW
CreateNamedPipeW
OpenEventW
SearchPathW
DebugBreak
ReadProcessMemory
GetThreadLocale
GetACP
LoadLibraryA
CreateFileA
GetTimeZoneInformation
GetStringTypeW
EncodePointer
DecodePointer
UnhandledExceptionFilter
HeapFree
ExitProcess
GetStartupInfoW
GetConsoleCP
GetConsoleMode
HeapReAlloc
HeapAlloc
GetProcessHeap
LCMapStringW
GetCPInfo
RtlUnwind
IsProcessorFeaturePresent
HeapCreate
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapSize
GetOEMCP
IsValidCodePage
WriteConsoleW
SetStdHandle
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
CompareStringW
GetLastError
CreateProcessW
CloseHandle
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
CreateRemoteThread
GetSystemInfo
VirtualQuery
GetModuleHandleA
SetCurrentDirectoryW
LoadLibraryExW
GetModuleFileNameW
GetEnvironmentVariableW
GetEnvironmentVariableA
GetCommandLineW
SetEnvironmentVariableA
LoadLibraryW
GetProcAddress

user32

CreateDesktopW
SetProcessWindowStation
GetThreadDesktop
GetUserObjectInformationW
GetProcessWindowStation
CharUpperW
CreateWindowStationW
CloseDesktop
CloseWindowStation
MessageBoxW

userenv

GetProfileType
CreateEnvironmentBlock
DestroyEnvironmentBlock

wtsapi32

WTSQueryUserToken

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

winmm

timeGetTime

advapi32

SetFileSecurityW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSecurityDescriptorToStringSecurityDescriptorW
GetFileSecurityW
RegCreateKeyExW
RegQueryValueExW
RegQueryInfoKeyW
RegDeleteValueW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
OpenProcessToken
GetTokenInformation
ConvertSidToStringSidW
CreateProcessAsUserW
GetTraceEnableFlags
GetTraceLoggerHandle
RegSetValueExW
TraceEvent
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetEntriesInAclW
GetSecurityInfo
CreateWellKnownSid
CopySid
LookupPrivilegeValueW
EqualSid
DuplicateToken
DuplicateTokenEx
CreateRestrictedToken
SetThreadToken
ConvertStringSidToSidW
GetLengthSid
SetTokenInformation
RevertToSelf
RegDisablePredefinedCache
RegisterTraceGuidsW
GetTraceEnableLevel
UnregisterTraceGuids

Exports

Exports

CrashForException
DumpProcess
DumpProcessWithoutCrash
InjectDumpForHangDebugging
InjectDumpProcessWithoutCrash
SetActiveURL
SetClientId
SetCommandLine2
SetExperimentList3
SetExtensionID
SetGpuInfo
SetNumberOfExtensions
SetNumberOfViews
SetPrinterInfo

Sections

.text
Size: 622KB - Virtual size: 622KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 366KB - Virtual size: 366KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 171KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6b703e656a52cfdbbbaa6bf73d771b59

Code Sign

02:3a:64Certificate

Extended Key Usages

Key Usages

7e:1f:df:72:99:e8:d2:45:a1:5d:0b:a8:e5:b1:59:baCertificate

Extended Key Usages

Key Usages

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4Certificate

Extended Key Usages

Key Usages

09:e2:8b:26:db:59:3e:c4:e7:32:86:b6:64:99:c3:70Certificate

Extended Key Usages

Key Usages

e8:db:ae:f7:b6:d0:eb:51:f0:56:01:db:d0:2f:8d:3f:cc:08:0a:04Signer

Signature Validations

Verification

08-01-2013 00:06 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

user32

userenv

wtsapi32

version

winmm

advapi32

Exports

Exports

Sections

.text Size: 622KB - Virtual size: 622KB

.rdata Size: 366KB - Virtual size: 366KB

.data Size: 9KB - Virtual size: 30KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 171KB - Virtual size: 171KB

.reloc Size: 41KB - Virtual size: 41KB

02:3a:64
Certificate

7e:1f:df:72:99:e8:d2:45:a1:5d:0b:a8:e5:b1:59:ba
Certificate

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

09:e2:8b:26:db:59:3e:c4:e7:32:86:b6:64:99:c3:70
Certificate

e8:db:ae:f7:b6:d0:eb:51:f0:56:01:db:d0:2f:8d:3f:cc:08:0a:04
Signer

08-01-2013 00:06
Valid: false

.text
Size: 622KB - Virtual size: 622KB

.rdata
Size: 366KB - Virtual size: 366KB

.data
Size: 9KB - Virtual size: 30KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 171KB - Virtual size: 171KB

.reloc
Size: 41KB - Virtual size: 41KB