af6778f0ac820017d8a535492bc901c40addb83adc682cccaa94fd4b3c78d15f

Sharing

Copy URL Twitter E-mail

General

Target

af6778f0ac820017d8a535492bc901c40addb83adc682cccaa94fd4b3c78d15f
Size

1.8MB
MD5

238e6f2650f10af78f673ee9919707bd
SHA1

bfb8acdce417d0ac809e43cdefa22f7d8f82706b
SHA256

af6778f0ac820017d8a535492bc901c40addb83adc682cccaa94fd4b3c78d15f
SHA512

12a2e7bf7ba7d04e421edaa62da0d6816f19556d49ae124c848da90488cfdbbd34f756049c53bea83800ff28521c303820a163b8fe73dda25b04f0abf4c54905
SSDEEP

24576:yvGlw3uYgC/2PVufTOFjUKOr9ELoQP+vikjHwwL3yaHDvIfkzOrxsPGIKevb+run:Vq2PcTOTLoQ4iq3lvIfkmQKevbfn

Score

N/A

Malware Config

Signatures

Files

af6778f0ac820017d8a535492bc901c40addb83adc682cccaa94fd4b3c78d15f
.exe windows x86

e232ed97d17a356e9b0d0603b8501875

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

67:20:eb:95:3f:b3:b3:dd:53:51:ff:98:7a:4d:7c:d7
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

13/02/2015, 00:00

Not After

06/03/2017, 23:59

Subject

CN=AVANQUEST SOFTWARE,O=AVANQUEST SOFTWARE,L=Paris,ST=Ile de France,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:b2:3b:53:d8:a8:20:c4:07:b5:57:b3:65:bd:47:a5:f3:a5:ba:05
Signer

Actual PE Digest

41:b2:3b:53:d8:a8:20:c4:07:b5:57:b3:65:bd:47:a5:f3:a5:ba:05

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=AVANQUEST SOFTWARE,O=AVANQUEST SOFTWARE,L=Paris,ST=Ile de France,C=FR

30/09/2015, 12:25
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetPriorityClass
OpenProcess
Module32NextW
Module32FirstW
CreateToolhelp32Snapshot
SetLastError
LockResource
RemoveDirectoryW
LoadLibraryExW
CreateMutexW
GetSystemDefaultLangID
GetPrivateProfileStructW
GetModuleFileNameW
GetSystemDirectoryW
GetWindowsDirectoryW
GetExitCodeProcess
GetVersion
CopyFileExW
GlobalMemoryStatusEx
GlobalMemoryStatus
GetShortPathNameW
MoveFileExW
GetTimeFormatW
GetLocalTime
GetTimeFormatA
GetModuleFileNameA
GlobalFree
GlobalHandle
GlobalAlloc
GetFileType
DuplicateHandle
FileTimeToDosDateTime
GetFileSize
GetFileInformationByHandle
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
GetAtomNameW
DeleteAtom
AddAtomW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetUserDefaultLangID
GetSystemTime
SystemTimeToFileTime
GetFileTime
CompareFileTime
GetComputerNameA
lstrcpynW
MultiByteToWideChar
lstrlenA
GetTempPathW
GetFileSizeEx
FileTimeToSystemTime
InitAtomTable
IsBadWritePtr
IsBadReadPtr
CreateProcessW
SetEnvironmentVariableA
CompareStringW
CompareStringA
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetCurrentProcessId
QueryPerformanceCounter
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeZoneInformation
FlushFileBuffers
IsValidCodePage
GetOEMCP
GetACP
GetModuleHandleA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetStartupInfoA
SetHandleCount
SetEndOfFile
SetStdHandle
GetStdHandle
ExitProcess
HeapCreate
VirtualAlloc
VirtualFree
GetCurrentThread
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
LCMapStringW
LCMapStringA
GetCPInfo
GetStartupInfoW
MoveFileW
GetSystemTimeAsFileTime
GetConsoleMode
GetConsoleCP
RaiseException
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
HeapSize
HeapReAlloc
HeapDestroy
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
SetEvent
GetCurrentThreadId
CreateEventW
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
CreateThread
GetExitCodeThread
TerminateThread
WaitForSingleObject
GetPrivateProfileSectionW
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetLocaleInfoW
FormatMessageW
GetTickCount
Sleep
SetFilePointerEx
SetFilePointer
SetFileAttributesW
FindNextFileW
GetFileAttributesA
CreateDirectoryA
FindFirstFileW
lstrcatW
GetProcessHeap
DeleteFileW
HeapAlloc
HeapFree
lstrlenW
lstrcpyW
GetFileAttributesW
LocalAlloc
LocalFree
GetLastError
GlobalLock
GlobalUnlock
GetModuleHandleW
lstrcmpiW
LoadLibraryW
GetProcAddress
GetCurrentProcess
FreeLibrary
GetVersionExW
GetTempFileNameW
CreateDirectoryW
WriteFile
FindResourceW
LoadResource
SizeofResource
FreeResource
CreateFileW
ReadFile
GetDiskFreeSpaceExW
WideCharToMultiByte
FindFirstFileA
SetFileAttributesA
FindClose
DeleteFileA
CreateFileA
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
CloseHandle
GetVolumeInformationW

user32

ShowWindow
GetWindowLongW
SendDlgItemMessageW
SendMessageW
GetDlgItem
EnableWindow
DestroyMenu
GetSubMenu
LoadMenuW
GetMenuItemID
TrackPopupMenu
GetClassNameW
FindWindowW
SetMenuDefaultItem
LoadIconW
SetParent
DrawAnimatedRects
SetDlgItemTextW
SetWindowTextW
SetClassLongW
LoadImageW
SetWindowLongW
EndDialog
DialogBoxParamW
RegisterWindowMessageW
LoadStringW
SetWindowPos
GetMonitorInfoW
MonitorFromWindow
GetWindowRect
IsIconic
BringWindowToTop
SetForegroundWindow
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
SystemParametersInfoW
GetParent
RedrawWindow
EnumChildWindows
UpdateWindow
SetActiveWindow
ExitWindowsEx
SendMessageA
FindWindowA
GetDlgItemTextA
SetDlgItemTextA
DestroyIcon
wsprintfW
PostMessageW
EnumWindows
GetDlgCtrlID
IsWindowUnicode
DefWindowProcA
GetCursorPos
ScreenToClient
LoadCursorW
SetCursor
CallWindowProcW
GetWindowTextLengthW
PtInRect
GetTitleBarInfo
GetSystemMetrics
RegisterClassExW
MapWindowPoints
BeginPaint
EndPaint
DefWindowProcW
KillTimer
SetTimer
SetRect
OffsetRect
DrawEdge
InflateRect
FillRect
GetWindowTextW
PostThreadMessageW
PostQuitMessage
CreateDialogParamW
GetMessageW
IsDialogMessageW
TranslateAcceleratorW
SetFocus
GetDlgItemTextW
GetDC
ReleaseDC
GetDesktopWindow
MessageBoxW
PeekMessageW
TranslateMessage
DispatchMessageW
DestroyWindow
CreateWindowExW
GetClientRect
IsClipboardFormatAvailable
OpenClipboard
GetClipboardData
CloseClipboard
wsprintfA
IsWindow
IsWindowVisible
InvalidateRect

gdi32

GetDeviceCaps
StartDocW
DeleteDC
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
RestoreDC
TextOutW
StartPage
EndPage
EndDoc
GetCurrentObject
SaveDC
GetCurrentPositionEx
GetTextColor
SetTextColor
CreateFontIndirectW
GetObjectW
SetBkMode
SetWindowOrgEx
OffsetWindowOrgEx
SelectClipRgn
CreateRectRgnIndirect
GetTextExtentPoint32W
AbortDoc
SelectObject

comdlg32

PrintDlgW

advapi32

AdjustTokenPrivileges
RegQueryValueExW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
GetFileSecurityW
GetSecurityDescriptorDacl
SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetFileSecurityW
GetLengthSid
CopySid
GetSidSubAuthority
AllocateAndInitializeSid
FreeSid
OpenProcessToken
GetTokenInformation
DuplicateToken
CreateWellKnownSid
CheckTokenMembership
RegOpenKeyExW
RegCloseKey
ImpersonateSelf
OpenThreadToken
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
IsValidSecurityDescriptor
AccessCheck
RevertToSelf
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegDeleteValueA
RegCreateKeyW
StartServiceW
QueryServiceStatusEx
OpenSCManagerW
RegCreateKeyExA
OpenServiceW
CloseServiceHandle
ControlService
QueryServiceStatus
RegSaveKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteKeyW
LookupPrivilegeValueW
RegEnumValueW

shell32

ShellExecuteExW
SHAppBarMessage
Shell_NotifyIconW
SHChangeNotify
SHFileOperationW
SHGetFolderPathW
ShellExecuteW
ord43

ole32

CoCreateInstance
CoCreateGuid
CoUninitialize
CoInitialize
CoTaskMemFree
OleUninitialize
OleInitialize

shlwapi

PathRemoveBlanksW
PathMatchSpecW
PathFindFileNameW
PathFindFileNameA
PathQuoteSpacesW
PathRemoveBackslashW
PathCanonicalizeW
PathFindOnPathW
PathIsRelativeW
SHDeleteKeyW
PathIsFileSpecW
StrToIntExW
PathIsDirectoryW
PathAppendW
PathFileExistsW
PathCombineW
PathCombineA
PathRemoveFileSpecA
PathAppendA
PathStripPathA
PathAddBackslashA
PathStripToRootW
PathRenameExtensionW
PathFindExtensionW
PathStripPathW
PathRemoveFileSpecW
PathRemoveExtensionW
PathAddBackslashW
PathUnquoteSpacesW

comctl32

InitCommonControlsEx

msimg32

AlphaBlend

wininet

InternetGetConnectedStateExW
HttpOpenRequestA
HttpSendRequestA
InternetErrorDlg
InternetSetFilePointer
HttpQueryInfoW
FtpGetFileSize
InternetReadFile
FtpCommandW
InternetCrackUrlW
FtpOpenFileW
FtpDeleteFileW
FtpFindFirstFileW
FtpSetCurrentDirectoryW
InternetGetConnectedState
InternetOpenW
InternetConnectW
HttpOpenRequestW
HttpSendRequestW
InternetCloseHandle
InternetGetLastResponseInfoW
InternetQueryDataAvailable

ws2_32

WSAStartup
WSASocketW
setsockopt
closesocket
sendto
recvfrom
gethostbyname
inet_addr
WSAGetLastError
WSACleanup
gethostname
gethostbyaddr

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW

Exports

Exports

?DrawHTML@@YGHPAUHDC__@@PB_WHPAUtagRECT@@I@Z
?InitFakeProgress@@YGXXZ

Sections

.text
Size: 681KB - Virtual size: 681KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 135KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e232ed97d17a356e9b0d0603b8501875

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

67:20:eb:95:3f:b3:b3:dd:53:51:ff:98:7a:4d:7c:d7Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

41:b2:3b:53:d8:a8:20:c4:07:b5:57:b3:65:bd:47:a5:f3:a5:ba:05Signer

Signature Validations

Verification

30/09/2015, 12:25 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

shlwapi

comctl32

msimg32

wininet

ws2_32

version

setupapi

Exports

Exports

Sections

.text Size: 681KB - Virtual size: 681KB

.rdata Size: 135KB - Virtual size: 134KB

.data Size: 9KB - Virtual size: 147KB

.rsrc Size: 133KB - Virtual size: 132KB

.reloc Size: 34KB - Virtual size: 33KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

67:20:eb:95:3f:b3:b3:dd:53:51:ff:98:7a:4d:7c:d7
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

41:b2:3b:53:d8:a8:20:c4:07:b5:57:b3:65:bd:47:a5:f3:a5:ba:05
Signer

30/09/2015, 12:25
Valid: false

.text
Size: 681KB - Virtual size: 681KB

.rdata
Size: 135KB - Virtual size: 134KB

.data
Size: 9KB - Virtual size: 147KB

.rsrc
Size: 133KB - Virtual size: 132KB

.reloc
Size: 34KB - Virtual size: 33KB