913539b30daa25938c33670854a0af99ab2e090ead13201ce24b3c6157122bf6

Sharing

Copy URL Twitter E-mail

General

Target

913539b30daa25938c33670854a0af99ab2e090ead13201ce24b3c6157122bf6
Size

37KB
MD5

0843e0b2d935de11ee245cd5afa75601
SHA1

761d57cb9fb7d3bcbc05d4b621f651cfc79174ac
SHA256

913539b30daa25938c33670854a0af99ab2e090ead13201ce24b3c6157122bf6
SHA512

a1d6449b708beb1d00622bd4235d4dc84253d4f44dd25df05076904a2fb79b4b35ef2be145ebe8c94dac7ecd6021ba261cd9b856c54a22cc190b302d96e55345
SSDEEP

768:MzOFaqWNcMlBz4Z/jfX+SLjb06vHn4LX3LbbL/z4Z/jf5:l4xl+Z/5b3vHn47TL8Z/N

Score

N/A

Malware Config

Signatures

Files

913539b30daa25938c33670854a0af99ab2e090ead13201ce24b3c6157122bf6
.exe windows x86

d5e7b33678f977f3b75f34d5a07e92ee

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:27:81:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/10/2008, 21:24

Not After

22/01/2010, 21:34

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:49:7c:ed:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:55

Not After

16/09/2011, 02:05

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:10D8-5847-CBF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b2:db:47:65:b2:de:1c:76:27:ba:10:49:0d:ed:c0:60:6c:28:24:3f
Signer

Actual PE Digest

b2:db:47:65:b2:de:1c:76:27:ba:10:49:0d:ed:c0:60:6c:28:24:3f

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

04/02/2009, 03:39
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStringTypeA
RtlUnwind
lstrlenA
LCMapStringA
MultiByteToWideChar
WideCharToMultiByte
WaitForSingleObject
VirtualFree
VirtualAlloc
Sleep
RtlZeroMemory
GetThreadContext
GetTickCount
CreateThread
LCMapStringW
CloseHandle
GetProcAddress
LoadLibraryA
GetCurrentProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
DuplicateHandle
CreateFileA
OpenProcess
lstrcatA
GetWindowsDirectoryA
lstrcpyA
GetSystemDirectoryA
ResumeThread
CreateProcessA
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetEnvironmentVariableA
GetShortPathNameA
GetModuleFileNameA
CopyFileA
TerminateProcess
SetThreadContext
WriteProcessMemory
VirtualAllocEx
FreeLibrary
GetModuleHandleA
lstrcmpiA
ReadProcessMemory
GetStringTypeW

wsock32

socket
send
select
recv
ioctlsocket
htons
gethostbyname
connect
closesocket
WSAStartup
WSACleanup

advapi32

RegCreateKeyA
RegCloseKey
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegDeleteKeyA
RegOpenKeyA
RegSetValueExA

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d5e7b33678f977f3b75f34d5a07e92ee

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:06:27:81:00:00:00:00:00:08Certificate

Extended Key Usages

Key Usages

61:49:7c:ed:00:00:00:00:00:05Certificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

b2:db:47:65:b2:de:1c:76:27:ba:10:49:0d:ed:c0:60:6c:28:24:3fSigner

Signature Validations

Verification

04/02/2009, 03:39 Valid: false

Headers

File Characteristics

Imports

kernel32

wsock32

advapi32

Sections

.text Size: 9KB - Virtual size: 8KB

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:06:27:81:00:00:00:00:00:08
Certificate

61:49:7c:ed:00:00:00:00:00:05
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

b2:db:47:65:b2:de:1c:76:27:ba:10:49:0d:ed:c0:60:6c:28:24:3f
Signer

04/02/2009, 03:39
Valid: false

.text
Size: 9KB - Virtual size: 8KB