b00956e03d6f339fe0e1b28749e030c315460ac1c4563c3741fdbc95d679d0d4

Sharing

Copy URL Twitter E-mail

General

Target

b00956e03d6f339fe0e1b28749e030c315460ac1c4563c3741fdbc95d679d0d4
Size

972KB
MD5

883f98cda1826a84446ecdec1d7dc99d
SHA1

6c3cc55de22e3da60e5adf32e1761fdf1c9b1c6d
SHA256

b00956e03d6f339fe0e1b28749e030c315460ac1c4563c3741fdbc95d679d0d4
SHA512

5ff6e2b140d66548be40d385953e48ea02a5a5b4a93f491a371f94696af59c82cb3361b86e9443a7b39e264f426ac72a7147a87a59f7eb8ed0699509292e794c
SSDEEP

24576:SfdU2qF+UX5Kg2TVcdZ03b6z1LYvDMIs74Ax1X98uW:sUNV5Kvb6z1LYvv01N8uW

Score

N/A

Malware Config

Signatures

Files

b00956e03d6f339fe0e1b28749e030c315460ac1c4563c3741fdbc95d679d0d4
.exe windows x86

9d3d6f5235087d231053e23ca4873ea7

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

75:af:4d:e7:6a:5d:71:a4:30:3c:c3:05:e2:69:cc:75
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

03/01/2011, 00:00

Not After

14/12/2011, 23:59

Subject

CN=Microgaming Software Systems Limited,OU=SoftSign,O=Microgaming Software Systems Limited,L=Isle of Man,ST=England,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

35:11:39:14:c6:db:b5:78:47:98:8c:78:96:8b:ad:ba:c4:b5:c2:4d
Signer

Actual PE Digest

35:11:39:14:c6:db:b5:78:47:98:8c:78:96:8b:ad:ba:c4:b5:c2:4d

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microgaming Software Systems Limited,OU=SoftSign,O=Microgaming Software Systems Limited,L=Isle of Man,ST=England,C=GB

25/03/2011, 16:33
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameW
MultiByteToWideChar
FindFirstFileA
GetProcAddress
FindClose
RemoveDirectoryW
FindNextFileA
GetModuleHandleA
ReleaseMutex
GetVersionExA
DeleteFileW
SetEvent
GetPrivateProfileStringW
CreateEventA
CreateDirectoryA
CreateMutexA
OutputDebugStringA
FreeLibrary
LoadLibraryA
LocalFree
lstrcpynA
GetDriveTypeA
GetVolumeInformationA
DeviceIoControl
MoveFileExA
Process32First
GetFileAttributesA
TerminateProcess
GetSystemDirectoryA
GetLastError
GetLocalTime
Process32Next
CreateToolhelp32Snapshot
lstrlenA
lstrcpynW
GetFileAttributesW
lstrlenW
lstrcpyA
InterlockedIncrement
GetPrivateProfileIntA
InterlockedExchange
InterlockedExchangeAdd
GetExitCodeThread
WaitForMultipleObjects
GetCurrentThreadId
CreateThread
SetEndOfFile
LeaveCriticalSection
EnterCriticalSection
SetLastError
CreateSemaphoreA
CreateFileW
ReleaseSemaphore
GetLogicalDriveStringsA
GlobalMemoryStatusEx
GetSystemInfo
GetDiskFreeSpaceExA
ReadFile
GetCurrentThread
SetThreadPriority
GetThreadTimes
ResumeThread
CompareStringW
CompareStringA
GetTimeZoneInformation
GetProcessHeap
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
HeapSize
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
PeekNamedPipe
GetFileInformationByHandle
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetFileType
SetHandleCount
LCMapStringW
LCMapStringA
HeapCreate
VirtualAlloc
VirtualFree
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetStdHandle
InterlockedDecrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
RtlUnwind
RaiseException
GetStartupInfoA
GetCommandLineA
GetFullPathNameA
SetCurrentDirectoryA
GetCurrentDirectoryA
SetEnvironmentVariableA
FileTimeToLocalFileTime
FileTimeToSystemTime
FormatMessageW
CopyFileW
WideCharToMultiByte
GetVolumePathNameW
WriteFile
FormatMessageA
CreateDirectoryW
SetFilePointer
GetFileSize
GetComputerNameA
DeleteFileA
GetTempPathA
GetCurrentProcessId
CreateFileA
CloseHandle
GetModuleFileNameA
GetTempFileNameA
CopyFileA
RemoveDirectoryA
lstrcmpiA
CreateProcessA
Sleep
OpenProcess
WaitForSingleObject
CreateProcessW
GetEnvironmentVariableA
GetSystemTimeAsFileTime
MoveFileA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
HeapReAlloc
HeapFree
ExitThread
HeapAlloc
ExitProcess
GetModuleHandleW
SetFileAttributesA

user32

UpdateWindow
MapWindowPoints
LoadImageA
IsWindowVisible
GetSystemMetrics
RegisterClassW
MessageBoxW
DispatchMessageA
CreateWindowExW
CreatePopupMenu
SetLayeredWindowAttributes
GetCursorPos
SetWindowPos
CreateWindowExA
EnableWindow
OffsetRect
ChildWindowFromPoint
TranslateMessage
IsDialogMessageA
SendMessageA
SetFocus
GetClientRect
IsWindowEnabled
LoadIconA
SetForegroundWindow
GetWindowDC
GetWindowLongW
TrackPopupMenu
SetActiveWindow
GetWindowRect
AdjustWindowRect
LoadCursorA
GetDlgCtrlID
DefWindowProcW
MoveWindow
SetWindowLongA
FlashWindowEx
DefWindowProcA
ShowWindow
GetMessageA
DestroyWindow
wvsprintfA
GetActiveWindow
PostThreadMessageA
SetWindowLongW
ReleaseDC
PeekMessageA
AppendMenuW
RegisterClassA
wsprintfW
PostMessageA
SetWindowTextA
wsprintfA
MessageBoxA
InvalidateRect
CopyRect

gdi32

DeleteDC
CreateDIBSection
GetDIBits
DeleteObject
SelectObject
CreateCompatibleDC
GetStockObject
BitBlt

advapi32

FreeSid
RegQueryValueW
RegOpenKeyExW
RegCreateKeyExW
RegEnumKeyW
OpenSCManagerA
CloseServiceHandle
OpenServiceA
RegSetValueExW
RegQueryValueExW
RegSetValueW
RegSetValueA
RegCloseKey
GetUserNameA
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation
Shell_NotifyIconA
SHGetSpecialFolderPathA
SHChangeNotify
SHGetMalloc
SHGetFolderPathW
ShellExecuteA

ole32

CoTaskMemAlloc
CoCreateInstance
OleUninitialize
CoUninitialize
OleInitialize
OleCreate
OleSetContainedObject
CoTaskMemFree
StringFromIID
CLSIDFromProgID
CoInitialize
CoCreateGuid

oleaut32

SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreateVector
VariantTimeToSystemTime
VariantCopy
VariantChangeType
VariantInit
VariantClear
SysAllocString
SysFreeString
SysStringLen
SysAllocStringLen

wsock32

ntohs
WSAStartup
gethostbyname
gethostbyaddr
WSASetLastError
inet_addr
ioctlsocket
htonl
WSAGetLastError
htons
getservbyname
getservbyport
WSACleanup

wininet

HttpQueryInfoA
InternetConnectA
InternetQueryOptionA
HttpSendRequestA
InternetSetOptionA
InternetGetLastResponseInfoA
HttpOpenRequestA
InternetReadFile
InternetOpenUrlW
InternetOpenW
InternetCreateUrlA
InternetCrackUrlW
InternetCloseHandle
InternetOpenA
InternetCrackUrlA
InternetOpenUrlA

shlwapi

PathAppendA
SHDeleteKeyA
PathCanonicalizeW
PathAppendW
StrStrA
UrlGetPartA

psapi

GetModuleFileNameExA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

ws2_32

WSAAddressToStringA

urlmon

CoInternetGetSession

Exports

Exports

?CreateDefaultBrowserInfo@@YGPAVIDefaultBrowserInfo@@XZ
?CreateDirectXVersionInfo@@YGPAVIDirectXVersionInfo@@XZ
?CreateDisplaysDeviceInfo@@YGPAVIDisplayDevicesInfo@@XZ
?CreateFixedDriveInfo@@YGPAVIFixedDriveInfo@@XZ
?CreateFixedDrivesInfo@@YGPAVIFixedDrivesInfo@@XZ
?CreateFlashInfo@@YGPAVIFlashInfo@@XZ
?CreateIEVersionInfo@@YGPAVIIEVersionInfo@@XZ
?CreateMacAddress@@YGPAVIMacAddress@@XZ
?CreateMachineInfo@@YGPAVIMachineInfo@@XZ
?CreateMachineInfoXML@@YGPAVIMachineInfoXML@@XZ
?CreateOSInfo@@YGPAVIOSInfo@@XZ
?CreateProcessorsInfo@@YGPAVIProcessorsInfo@@XZ
?CreateRamInfo@@YGPAVIRamInfo@@XZ
?CreateSoundDevicesInfo@@YGPAVISoundDevicesInfo@@XZ
?CreateUserExperience@@YGPAVIUserExperience@@XZ
?CreateVMInfo@@YGPAVIVMInfo@@XZ

Sections

.text
Size: 321KB - Virtual size: 320KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 53KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9d3d6f5235087d231053e23ca4873ea7

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91Certificate

Key Usages

75:af:4d:e7:6a:5d:71:a4:30:3c:c3:05:e2:69:cc:75Certificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

35:11:39:14:c6:db:b5:78:47:98:8c:78:96:8b:ad:ba:c4:b5:c2:4dSigner

Signature Validations

Verification

25/03/2011, 16:33 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

wsock32

wininet

shlwapi

psapi

version

ws2_32

urlmon

Exports

Exports

Sections

.text Size: 321KB - Virtual size: 320KB

.rdata Size: 46KB - Virtual size: 45KB

.data Size: 53KB - Virtual size: 74KB

.rsrc Size: 4KB - Virtual size: 3KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

75:af:4d:e7:6a:5d:71:a4:30:3c:c3:05:e2:69:cc:75
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

35:11:39:14:c6:db:b5:78:47:98:8c:78:96:8b:ad:ba:c4:b5:c2:4d
Signer

25/03/2011, 16:33
Valid: false

.text
Size: 321KB - Virtual size: 320KB

.rdata
Size: 46KB - Virtual size: 45KB

.data
Size: 53KB - Virtual size: 74KB

.rsrc
Size: 4KB - Virtual size: 3KB