917ea41b144f45b6bd90ec28298a7f2de5741016b70625ac5c6b0f6abdf3092a

Sharing

Copy URL

Twitter E-mail

General

Target

917ea41b144f45b6bd90ec28298a7f2de5741016b70625ac5c6b0f6abdf3092a
Size

167KB
MD5

22305d9182ff93fa264af4a149e313a4
SHA1

573de59562d5651b1983b3ae0bb4f4017aca186f
SHA256

917ea41b144f45b6bd90ec28298a7f2de5741016b70625ac5c6b0f6abdf3092a
SHA512

e05f44e06c62adba7887100e52d1ff10c85ad063790899568794ed9cfe8b89f581338899a3a41927e30a7f76b4b45a2028d98836e361cbf76dbc72aab6f813cd
SSDEEP

3072:r1MS//RqkHiimZ/nfrkzgRjtldxIFKBC+:SeRq66DkcjdcKT

Score

N/A

Malware Config

Signatures

Files

917ea41b144f45b6bd90ec28298a7f2de5741016b70625ac5c6b0f6abdf3092a
.exe windows x86

2bf44a322c2a1c36a5a20cf1a9c4ccb6

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:3c:4a:cb:c8:97:f3:34:e2:35:ff:b8:12:15:2b:20
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

19-10-2007 00:00

Not After

17-10-2009 23:59

Subject

CN=BreakPoint Software\, Inc.,OU=SECURE APPLICATION DEVELOPMENT,O=BreakPoint Software\, Inc.,L=Wayland,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

75:9d:ba:ca:e2:df:5c:b5:09:5a:bb:91:e0:e9:e0:91:bb:8c:73:20
Signer

Actual PE Digest

75:9d:ba:ca:e2:df:5c:b5:09:5a:bb:91:e0:e9:e0:91:bb:8c:73:20

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=BreakPoint Software\, Inc.,OU=SECURE APPLICATION DEVELOPMENT,O=BreakPoint Software\, Inc.,L=Wayland,ST=Massachusetts,C=US

04-01-2009 15:43
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
CloseHandle
WaitForSingleObject
RaiseException
InitializeCriticalSection
DeleteCriticalSection
Sleep
CreateThread
CreateEventA
GetModuleFileNameA
GetModuleHandleA
GetCurrentThreadId
IsDBCSLeadByte
InterlockedIncrement
InterlockedDecrement
SetEvent
FreeLibrary
SizeofResource
LoadResource
FindResourceA
lstrcmpiA
GetCommandLineA
LockResource
FindResourceExA
EnterCriticalSection
LeaveCriticalSection
DeviceIoControl
GetDiskFreeSpaceA
CreateFileA
GetProcAddress
LoadLibraryA
ReadFile
SetFilePointer
WriteFile
GetVersionExA
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
lstrlenW
GetLastError
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryExA
InterlockedExchange
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
IsValidCodePage
GetOEMCP
GetCPInfo
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetACP
GetLocaleInfoA
GetThreadLocale
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
RtlUnwind
GetStartupInfoA
VirtualFree
HeapCreate
ExitProcess
GetStdHandle
TerminateProcess
QueryPerformanceCounter

user32

CharUpperA
TranslateMessage
GetMessageA
PostThreadMessageA
CharNextA
DispatchMessageA
UnregisterClassA

advapi32

RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyExA

shell32

SHGetFileInfoA

ole32

CoInitialize
CoUninitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemFree
StringFromGUID2
CoCreateInstance
StringFromCLSID

oleaut32

SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
LoadRegTypeLi
GetErrorInfo
VariantChangeType
VariantCopy
VariantClear
VariantInit
SysAllocStringLen
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysStringLen
SysFreeString

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2bf44a322c2a1c36a5a20cf1a9c4ccb6

Code Sign

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

33:3c:4a:cb:c8:97:f3:34:e2:35:ff:b8:12:15:2b:20Certificate

Extended Key Usages

75:9d:ba:ca:e2:df:5c:b5:09:5a:bb:91:e0:e9:e0:91:bb:8c:73:20Signer

Signature Validations

Verification

04-01-2009 15:43 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 100KB - Virtual size: 99KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 12KB - Virtual size: 15KB

.rsrc Size: 12KB - Virtual size: 9KB

Size: 7KB - Virtual size: 7KB

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

33:3c:4a:cb:c8:97:f3:34:e2:35:ff:b8:12:15:2b:20
Certificate

75:9d:ba:ca:e2:df:5c:b5:09:5a:bb:91:e0:e9:e0:91:bb:8c:73:20
Signer

04-01-2009 15:43
Valid: false

.text
Size: 100KB - Virtual size: 99KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 12KB - Virtual size: 15KB

.rsrc
Size: 12KB - Virtual size: 9KB