ba0883b9f98b8988b57490d23568128c9a00bb00e3044f08479968b3099c6a44

Sharing

Copy URL

Twitter E-mail

General

Target

ba0883b9f98b8988b57490d23568128c9a00bb00e3044f08479968b3099c6a44
Size

706KB
MD5

b0514782776eff90f2a9db26d7a57801
SHA1

7ddff21694da407d97a24665d7bdf74fe8d3cab6
SHA256

ba0883b9f98b8988b57490d23568128c9a00bb00e3044f08479968b3099c6a44
SHA512

833f6628b7f15cb76c43a8da68f8dfa9b0e2c3a7e7da41eed09727eac6e47dc3cbb93cae11f80ed00fcc3c48830311ab96d0a4d10c61af468b6890a5a54e4c8e
SSDEEP

12288:x7olXXV3d+glZq7XnJBu63ugubxR5j4VBJPBnaw0KGXAfOCtc:x7olXXhxk66egubxn0VBxBnJ0KGXc

Score

N/A

Malware Config

Signatures

Files

ba0883b9f98b8988b57490d23568128c9a00bb00e3044f08479968b3099c6a44
.exe windows x86

b1445133dc0eec133cdf1644be12eff0

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01-05-2012 00:00

Not After

31-12-2012 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3d:7b:7e:4f:14:bb:04:bf:34:c2:66:86:a6:1a:bd:a0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25-09-2012 00:00

Not After

10-10-2015 23:59

Subject

CN=LogMeIn\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=LogMeIn\, Inc.,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b9:6f:a9:38:83:90:97:76:07:3a:3e:84:ae:7f:1b:2a:23:22:08:82
Signer

Actual PE Digest

b9:6f:a9:38:83:90:97:76:07:3a:3e:84:ae:7f:1b:2a:23:22:08:82

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=LogMeIn\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=LogMeIn\, Inc.,ST=Massachusetts,C=US

19-10-2012 16:08
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

getservbyport
sendto
send
connect
setsockopt
WSACleanup
WSAStartup
socket
WSASetLastError
closesocket
ntohs
gethostbyaddr
htons
getservbyname
htonl
inet_ntoa
gethostbyname
WSAGetLastError
inet_addr

version

GetFileVersionInfoA
VerQueryValueA

setupapi

SetupDiEnumDriverInfoW
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
SetupDiSetSelectedDriverW
SetupDiBuildDriverInfoList
SetupDiSetDeviceInstallParamsW
SetupDiGetDeviceInstallParamsW
SetupDiDestroyDeviceInfoList
SetupDiRemoveDevice
SetupDiCallClassInstaller
SetupDiCreateDeviceInfoW
SetupDiInstallDevice
SetupDiGetDeviceRegistryPropertyW

kernel32

GetCPInfo
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
FreeLibrary
GetModuleFileNameA
GetProcAddress
LoadLibraryA
SetCurrentDirectoryA
GetCurrentDirectoryA
GetLocalTime
WaitForMultipleObjects
ReleaseMutex
OutputDebugStringA
OutputDebugStringW
DeleteCriticalSection
CloseHandle
WaitForSingleObject
SetEvent
LeaveCriticalSection
EnterCriticalSection
WriteFile
SetFilePointer
Sleep
GetLastError
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileTime
SetThreadPriority
GetCurrentThread
InitializeCriticalSection
GetComputerNameA
GetModuleHandleA
GetTickCount
SetLastError
LocalFree
CreateEventA
GetFileSize
SystemTimeToFileTime
ReadFile
GetExitCodeProcess
LocalAlloc
CompareFileTime
GetSystemTimeAsFileTime
FindClose
InterlockedIncrement
GetFileAttributesA
GetVersionExA
GetSystemDirectoryA
GetWindowsDirectoryA
CreateFileW
DeleteFileA
CreateFileA
SuspendThread
GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId
GetThreadContext
SetUnhandledExceptionFilter
MoveFileExW
ExpandEnvironmentStringsW
MoveFileW
DeleteFileW
GetFileAttributesW
GetModuleFileNameW
QueryPerformanceCounter
QueryPerformanceFrequency
InterlockedExchange
TlsFree
TlsAlloc
TlsGetValue
RaiseException
TlsSetValue
ResumeThread
MultiByteToWideChar
CreateThread
LockResource
LoadResource
FindResourceW
GetVersion
GetFileType
GetStdHandle
SetEnvironmentVariableA
FlushConsoleInputBuffer
SetConsoleMode
ReadConsoleInputA
SetConsoleCtrlHandler
ExitProcess
GetProcessHeap
ExitThread
GetConsoleMode
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetStartupInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
CreateDirectoryA
WriteConsoleW
GetConsoleCP
WideCharToMultiByte
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
HeapFree
HeapSize
HeapAlloc
HeapReAlloc
FlushFileBuffers
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetEndOfFile
CompareStringA
CompareStringW
GetEnvironmentVariableA
GlobalMemoryStatus

user32

GetSystemMetrics
SendMessageTimeoutW
FindWindowW
MessageBoxA
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW

winspool.drv

DeleteMonitorW
AddPrinterDriverW
GetPrinterDriverDirectoryW
EnumPrintProcessorsW
DeletePrinterDriverW
EnumMonitorsW
AddMonitorW
EnumPrinterDriversW
AddPrintProcessorW
GetPrintProcessorDirectoryW
DeletePrintProcessorW

advapi32

ReportEventA
StartServiceW
DeleteService
RegOpenKeyW
RegSetValueExW
ControlService
GetLengthSid
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegCloseKey
RegQueryValueExW
QueryServiceStatus
CloseServiceHandle
RevertToSelf
FreeSid
RegisterEventSourceA
DeregisterEventSource

shell32

SHGetFolderPathW

ole32

CoCreateInstance
CoInitialize
CoRevertToSelf
CoUninitialize

Exports

Exports

OPENSSL_Applink

Sections

.text
Size: 432KB - Virtual size: 428KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 176KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b1445133dc0eec133cdf1644be12eff0

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

3d:7b:7e:4f:14:bb:04:bf:34:c2:66:86:a6:1a:bd:a0Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

b9:6f:a9:38:83:90:97:76:07:3a:3e:84:ae:7f:1b:2a:23:22:08:82Signer

Signature Validations

Verification

19-10-2012 16:08 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

version

setupapi

kernel32

user32

winspool.drv

advapi32

shell32

ole32

Exports

Exports

Sections

.text Size: 432KB - Virtual size: 428KB

.rdata Size: 176KB - Virtual size: 173KB

.data Size: 12KB - Virtual size: 104KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 78KB - Virtual size: 78KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

3d:7b:7e:4f:14:bb:04:bf:34:c2:66:86:a6:1a:bd:a0
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

b9:6f:a9:38:83:90:97:76:07:3a:3e:84:ae:7f:1b:2a:23:22:08:82
Signer

19-10-2012 16:08
Valid: false

.text
Size: 432KB - Virtual size: 428KB

.rdata
Size: 176KB - Virtual size: 173KB

.data
Size: 12KB - Virtual size: 104KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 78KB - Virtual size: 78KB