fa664bc4e2311f78dfcece156abac15338f36e55abcf79783ba4e7762debe9c4

Sharing

Copy URL Twitter E-mail

General

Target

fa664bc4e2311f78dfcece156abac15338f36e55abcf79783ba4e7762debe9c4
Size

245KB
MD5

687700b212270c7acb310d1c8dd850e4
SHA1

82c6c23709ffcac271daacaee109e0dd9f9a3995
SHA256

fa664bc4e2311f78dfcece156abac15338f36e55abcf79783ba4e7762debe9c4
SHA512

3d33aac1702882d7cc4005e9bc230c8f7057f4e92af363b95125bc5c2bdf4abf8b6d5e1c9a8e5270186aa85c79389c3f1a0a77c28c42766206eb34bbc6a2a83f
SSDEEP

6144:O7ZY6OsnwWrVBIqwV6ucBlLJnRS+BM7kTcK+zKg:eZYmnw5HonRL1T/Fg

Score

N/A

Malware Config

Signatures

Files

fa664bc4e2311f78dfcece156abac15338f36e55abcf79783ba4e7762debe9c4
.exe windows x86

ba122c53313bfc642c7baa6b7331dce6

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

75:e8:09:36:1d:af:be:7b:d7:2e:0e:5b:b7:65:95:52
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

11/02/2009, 00:00

Not After

11/02/2012, 23:59

Subject

CN=Avira GmbH,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Development 2009,O=Avira GmbH,L=Tettnang,ST=Baden-Wuerttemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RaiseException
GlobalGetAtomNameA
LoadLibraryExA
CreateMutexA
GetDateFormatA
OpenSemaphoreA
OpenMutexW
GetExpandedNameA
GetVolumeInformationA
lstrcpynA
WaitForSingleObject
GetTimeFormatW
MulDiv
lstrcpynW
OpenEventA
OpenWaitableTimerW
GetStartupInfoW
QueryPerformanceFrequency
GetACP
GetUserDefaultLangID
GetProcAddress
GetVersion
GetTimeFormatA
lstrcmpi
GetFileAttributesA
GetModuleFileNameA
lstrcatW
GetCurrentProcessId
ReadDirectoryChangesW
FindResourceW
GlobalGetAtomNameW
WinExec
FindAtomW
LoadResource
GetNumberFormatW
GetLongPathNameW
GetLocaleInfoW
CreateMailslotA
RemoveDirectoryW
GlobalFindAtomW
lstrcmpiA
GetStringTypeA
lstrcpyn
GetLogicalDriveStringsW
FindAtomA
LoadLibraryA

user32

EndMenu
GetIconInfo
GetCapture
SetWindowRgn
IsMenu
DialogBoxIndirectParamW
GetKeyboardLayout
GetForegroundWindow
SetCursorPos
SetTimer
CreateDialogParamW
PostMessageW
MonitorFromWindow
WinHelpW
GetCapture
GetDlgItemTextA
MonitorFromPoint
GetKeyState
GetCursorPos
LoadCursorA
CopyRect
wvsprintfW
GetMenuItemInfoW
CharNextA
CharLowerW
UnregisterClassW
GetDlgItemInt
DestroyCursor
DestroyIcon
LoadImageA
GetFocus
GetAsyncKeyState
CharLowerA
GetTopWindow
GetClassInfoExA
DialogBoxIndirectParamA
GetMenuItemID
DefWindowProcW
GetSubMenu
EnableMenuItem
CharPrevA
CharUpperA
GetSysColor
GetMenuState
InsertMenuA
CreateWindowExA
GetActiveWindow
ActivateKeyboardLayout
GetWindowRgn
TrackPopupMenuEx
MessageBoxIndirectA
LoadCursorW
CheckMenuItem
RegisterWindowMessageA
TrackPopupMenu
SendDlgItemMessageA
MessageBoxW
EndDialog
wvsprintfA
WaitForInputIdle
RegisterClassA
CreateDesktopW
SetForegroundWindow
LoadMenuW
LoadIconW
GetMenuItemRect
FindWindowW
RegisterClassExW
EmptyClipboard
GetSysColorBrush
MoveWindow
MonitorFromRect
OffsetRect
InvalidateRgn
GetMessageA
mouse_event
IsWindow
MessageBoxIndirectW
DialogBoxParamA
SetCursor
WaitMessage
GetActiveWindow
LoadImageW
ShowCaret
CharNextW
SetMenu

gdi32

CreateICW
ExtCreateRegion
GetEnhMetaFileA
CreatePolyPolygonRgn
CreateBitmapIndirect
RemoveFontResourceExA
CreateEllipticRgn
CreatePalette
CreateBrushIndirect
CreateDIBPatternBrush
SetWinMetaFileBits
RemoveFontResourceExW
GetEnhMetaFilePixelFormat
TranslateCharsetInfo
CreateRoundRectRgn
GetRasterizerCaps
CreateCompatibleDC
SetMetaFileBitsEx
RemoveFontResourceW
GdiGetBatchLimit
GetMetaFileA
AddFontResourceW
CreateICA
CreateScalableFontResourceW
GetTextExtentPointW
CreateMetaFileW

shell32

SHGetDiskFreeSpaceA
SHGetDataFromIDListW
StrChrIW
StrRStrIA
StrCmpNIW
StrRChrW
SHGetDiskFreeSpaceExA
StrCmpNIA
StrStrA
StrNCmpA
ExtractAssociatedIconW
FreeIconList

opengl32

glColor4bv
glPixelStoref
wglGetLayerPaletteEntries

urlmon

HlinkGoBack
IsLoggingEnabledA
GetComponentIDFromCLSSPEC
DllInstall
CoInternetCombineUrl
CopyStgMedium
URLDownloadA
URLOpenPullStreamA
HlinkNavigateMoniker
UrlMkBuildVersion
HlinkNavigateString
DllRegisterServerEx
ObtainUserAgentString

mprapi

MprDomainRegisterRasServer
MprAdminUserClose
MprAdminServerDisconnect
MprAdminGetErrorString
MprAdminInterfaceGetCredentialsEx
MprConfigServerDisconnect
MprAdminPortEnum
MprAdminInterfaceTransportAdd
MprConfigServerGetInfo
MprAdminUserOpen
MprAdminUpgradeUsers

oledlg

OleUIBusyW
OleUIChangeIconW

Sections

.dqqVR
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.eWr
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.uKZTAY
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.IqS
Size: 1KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.QKq
Size: 1024B - Virtual size: 464KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.wjZq
Size: 2KB - Virtual size: 348KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MzKA
Size: 5KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.CkfnK
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UvBMNA
Size: 9KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.yxL
Size: 6KB - Virtual size: 336KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ba122c53313bfc642c7baa6b7331dce6

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

75:e8:09:36:1d:af:be:7b:d7:2e:0e:5b:b7:65:95:52Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

opengl32

urlmon

mprapi

oledlg

Sections

.dqqVR Size: 8KB - Virtual size: 7KB

.eWr Size: 92KB - Virtual size: 91KB

.uKZTAY Size: 12KB - Virtual size: 12KB

.IqS Size: 1KB - Virtual size: 146KB

.QKq Size: 1024B - Virtual size: 464KB

.wjZq Size: 2KB - Virtual size: 348KB

.MzKA Size: 5KB - Virtual size: 51KB

.CkfnK Size: 92KB - Virtual size: 92KB

.UvBMNA Size: 9KB - Virtual size: 71KB

.yxL Size: 6KB - Virtual size: 336KB

.rsrc Size: 9KB - Virtual size: 8KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

75:e8:09:36:1d:af:be:7b:d7:2e:0e:5b:b7:65:95:52
Certificate

.dqqVR
Size: 8KB - Virtual size: 7KB

.eWr
Size: 92KB - Virtual size: 91KB

.uKZTAY
Size: 12KB - Virtual size: 12KB

.IqS
Size: 1KB - Virtual size: 146KB

.QKq
Size: 1024B - Virtual size: 464KB

.wjZq
Size: 2KB - Virtual size: 348KB

.MzKA
Size: 5KB - Virtual size: 51KB

.CkfnK
Size: 92KB - Virtual size: 92KB

.UvBMNA
Size: 9KB - Virtual size: 71KB

.yxL
Size: 6KB - Virtual size: 336KB

.rsrc
Size: 9KB - Virtual size: 8KB