de8a051d27937624e8a91081f38083fb47f75c07537ecdc638dbc5dbf4974e0a

Sharing

Copy URL

Twitter E-mail

General

Target

de8a051d27937624e8a91081f38083fb47f75c07537ecdc638dbc5dbf4974e0a
Size

230KB
MD5

018c4ea83a6c1cc8de620a3bd9d8e794
SHA1

1c060f238167cfbe6f55d22d4e3ffc026df2a515
SHA256

de8a051d27937624e8a91081f38083fb47f75c07537ecdc638dbc5dbf4974e0a
SHA512

e2ff17492a6a0e5c87b9f9828189b1bc2f69a46d5da2e724b0b05d42f000d3972c74ebbb5c52ad27d5571a60e12cf24f743db720a0ff7d5768883865c2967f33
SSDEEP

3072:Qyill44WhjvjJdeYPzVaBKpNn9PyekNcWM0MSgmI+dyiWGCXVJA+QntzcMEmcq3m:Qy/14YhWw0K9bmI+kiOItRcq3hU8Af

Score

N/A

Malware Config

Signatures

Files

de8a051d27937624e8a91081f38083fb47f75c07537ecdc638dbc5dbf4974e0a
.exe windows x86

a6856b195d7489635f05ad7ee2a197bf

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:35:34:0f:b5:e0:b7:68:74:26:e3:8d:d4:2c:56:cb
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

02-12-2008 00:00

Not After

02-12-2011 23:59

Subject

CN=Sophos Plc,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Sophos Plc,L=Abingdon,ST=Oxfordshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

81:e3:1b:2f:09:76:a9:a9:f8:73:a4:78:6a:21:4c:ad:59:a2:0e:2e
Signer

Actual PE Digest

81:e3:1b:2f:09:76:a9:a9:f8:73:a4:78:6a:21:4c:ad:59:a2:0e:2e

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Sophos Plc,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Sophos Plc,L=Abingdon,ST=Oxfordshire,C=GB

28-05-2010 13:24
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetThreadPriority
GetProcessHeap
ReplaceFileW
LoadLibraryExA
WinExec
LoadLibraryA
lstrcmp
lstrcpynA
GetVolumeInformationA
GetModuleFileNameA
GetProcAddress
LocalFree
GetDiskFreeSpaceW
GetVersionExW
GetModuleFileNameW
GetEnvironmentVariableW
RaiseException
MoveFileW
GlobalGetAtomNameA
OpenMutexW
GetStringTypeW
GetLongPathNameW
LocalAlloc
GetLocalTime
CreateEventW
SetComputerNameA
GetCurrentProcessId
EnumCalendarInfoA
GetHandleInformation
Sleep
CreateEventA
GetSystemDefaultLCID
CopyFileExW
IsValidCodePage
GetProcessHeaps
GlobalDeleteAtom
WaitForMultipleObjects
lstrcpyA
SetCurrentDirectoryA

user32

InvalidateRgn
SetWindowPos
GetMenuStringA
WaitForInputIdle
RegisterClassExA
LoadBitmapW
ShowCaret
MonitorFromRect
GetCapture
ShowWindow
SetDlgItemInt
EndMenu
PeekMessageA
CreateAcceleratorTableA
MessageBoxW
DestroyCursor
InsertMenuItemA
WinHelpA
MonitorFromPoint
GetClassInfoExA
FindWindowW
IsMenu
LoadCursorW
GetClassInfoA
PostMessageA
GetKeyboardLayout
RemoveMenu
GetMenuStringW
SetWindowLongW
GetMenuItemRect
SendDlgItemMessageA
OffsetRect
GetMenu
IsIconic
GetScrollPos
DestroyIcon
InsertMenuItemW
wvsprintfA
LoadIconA
CheckMenuItem
EmptyClipboard
RegisterClassW
CharNextA
CharPrevW
UnregisterClassA
ShowCursor
wsprintfA
CharLowerA
TrackPopupMenuEx
keybd_event
WaitMessage
GetForegroundWindow
DialogBoxParamA
RegisterClassExW
AppendMenuW
CreateWindowExA
CharLowerW
CharNextW
LoadImageA
SetDlgItemTextW
GetMessageW
GetMenuState
GetMenuItemInfoW
UnregisterClassW
CreateDialogParamA
EnableWindow
GetKeyboardType
GetClassInfoExW
DialogBoxIndirectParamA
CreateDesktopA
GetCursorPos
DestroyMenu
MessageBeep
GetDCEx
GetActiveWindow
InsertMenuA
LoadMenuIndirectA
CreateDialogIndirectParamA
wsprintfW
GetKeyState
GetSystemMetrics
PeekMessageW
SetDlgItemTextA
DialogBoxParamW
MonitorFromWindow
FindWindowA
MessageBoxIndirectW
GetClassInfoW
AppendMenuA

gdi32

CreatePolygonRgn
CreateScalableFontResourceA
CreateSolidBrush
CreateDIBPatternBrushPt
GetRasterizerCaps
UpdateICMRegKeyW
CreateMetaFileA
CreateICA
GetStockObject
GetEnhMetaFilePixelFormat
GdiGetBatchLimit
GetEnhMetaFileW
RemoveFontResourceExW
GetMetaFileW
CreateBitmap
GetMetaFileA
CreateDIBPatternBrush
CreateFontIndirectW
CreatePen
CreateFontA
SetMetaFileBitsEx
TranslateCharsetInfo

shell32

Shell_NotifyIconA
StrRStrIW
StrChrW
SHCreateDirectoryExA
StrCmpNA
StrStrIW
ExtractAssociatedIconW
SHGetFolderPathA

comdlg32

GetSaveFileNameW
PrintDlgA
FindTextA
PageSetupDlgA
GetFileTitleW
GetOpenFileNameW
GetSaveFileNameA

ole32

CoCreateInstance

urlmon

CoInternetQueryInfo
CoInternetGetSession
URLDownloadA
CoInstall
CoInternetCreateSecurityManager
CoGetClassObjectFromURL
HlinkNavigateMoniker
RegisterMediaTypes
CoInternetCombineUrl
CoInternetCompareUrl
RegisterMediaTypeClass
CreateURLMoniker
FindMimeFromData

wsock32

htons
WSAAsyncGetServByName
WSAAsyncGetProtoByName
WSAUnhookBlockingHook
GetServiceA
rresvport
accept
GetAcceptExSockaddrs
GetServiceW
inet_addr
WSARecvEx
getnetbyname
WSAGetLastError
ntohl
ioctlsocket
SetServiceA

Sections

.RU
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ssrPLC
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.RNcIsm
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.Zq
Size: 5KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.D
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.N
Size: 10KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Q
Size: 3KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a6856b195d7489635f05ad7ee2a197bf

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

42:35:34:0f:b5:e0:b7:68:74:26:e3:8d:d4:2c:56:cbCertificate

Extended Key Usages

Key Usages

81:e3:1b:2f:09:76:a9:a9:f8:73:a4:78:6a:21:4c:ad:59:a2:0e:2eSigner

Signature Validations

Verification

28-05-2010 13:24 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

urlmon

wsock32

Sections

.RU Size: 4KB - Virtual size: 3KB

.ssrPLC Size: 90KB - Virtual size: 90KB

.RNcIsm Size: 13KB - Virtual size: 13KB

.Zq Size: 5KB - Virtual size: 43KB

.D Size: 88KB - Virtual size: 88KB

.N Size: 10KB - Virtual size: 129KB

.Q Size: 3KB - Virtual size: 132KB

.rsrc Size: 7KB - Virtual size: 6KB

.reloc Size: 1024B - Virtual size: 1024B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

42:35:34:0f:b5:e0:b7:68:74:26:e3:8d:d4:2c:56:cb
Certificate

81:e3:1b:2f:09:76:a9:a9:f8:73:a4:78:6a:21:4c:ad:59:a2:0e:2e
Signer

28-05-2010 13:24
Valid: false

.RU
Size: 4KB - Virtual size: 3KB

.ssrPLC
Size: 90KB - Virtual size: 90KB

.RNcIsm
Size: 13KB - Virtual size: 13KB

.Zq
Size: 5KB - Virtual size: 43KB

.D
Size: 88KB - Virtual size: 88KB

.N
Size: 10KB - Virtual size: 129KB

.Q
Size: 3KB - Virtual size: 132KB

.rsrc
Size: 7KB - Virtual size: 6KB

.reloc
Size: 1024B - Virtual size: 1024B