ca482df4a322f3d76732a15a2dcc2de7ce3101f110230943b818ebe877f6aca7

Sharing

Copy URL

Twitter E-mail

General

Target

ca482df4a322f3d76732a15a2dcc2de7ce3101f110230943b818ebe877f6aca7
Size

495KB
MD5

9773f23b78e3a22c844ba2e4890a989e
SHA1

003b8cd127648fed7ce9e3bbfda61b7c9caf18ec
SHA256

ca482df4a322f3d76732a15a2dcc2de7ce3101f110230943b818ebe877f6aca7
SHA512

334ab272aa910385d589a1b0f275ecd905bacf241bc7397d46c7f1b084afbe01d3396d52246a7aa1b5fed93967746732fe756702e9f9dce8d96a8aae290e19f0
SSDEEP

6144:N1Wdg5cxWi+V5BHUv8XizB9FRbxMeZjZPRD6G:Kd0yWi+V5BHUEyzB9FR1MeZjZPRDR

Score

N/A

Malware Config

Signatures

Files

ca482df4a322f3d76732a15a2dcc2de7ce3101f110230943b818ebe877f6aca7
.exe windows x86

06ff707492edd59f812ccbeaca233048

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:02

Not After

25/07/2013, 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

a8:7c:26:f9:48:c9:1e:3d:f3:bd:67:ff:e9:73:96:0b:6e:ab:45:2f
Signer

Actual PE Digest

a8:7c:26:f9:48:c9:1e:3d:f3:bd:67:ff:e9:73:96:0b:6e:ab:45:2f

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

02/06/2010, 12:17
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpW
CreateDirectoryW
WriteFile
GetFullPathNameW
SetFilePointerEx
CreateFileW
GetFileSizeEx
ReadFile
FreeLibrary
GetFileAttributesW
GetVersionExA
LoadLibraryW
GetProcAddress
lstrlenW
CloseHandle
QueryPerformanceFrequency
GetModuleFileNameW
GetLastError
SetThreadExecutionState
GetCommandLineW
MultiByteToWideChar
DeleteCriticalSection
GetVersionExW
GetModuleHandleW
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
IsProcessorFeaturePresent
IsDebuggerPresent
WideCharToMultiByte
LocalFree
OutputDebugStringA
ExpandEnvironmentStringsW
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
lstrlenA
InterlockedExchange
Sleep
InterlockedCompareExchange
HeapSetInformation
GetStartupInfoW
EncodePointer
DecodePointer
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount

user32

GetWindowRect
GetClassLongW
SetCursor
PostQuitMessage
ShowWindow
IsWindowVisible
IsZoomed
AdjustWindowRect
IsIconic
SetWindowPos
SetWindowPlacement
GetMenu
GetWindowPlacement
SetMenu
SetWindowLongW
GetWindowLongW
DefWindowProcW
GetCursorPos
UnregisterClassW
DestroyWindow
DestroyMenu
ScreenToClient
CreateWindowExW
SetRect
RegisterClassW
LoadCursorW
DestroyAcceleratorTable
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
PeekMessageW
ClipCursor
EnumDisplaySettingsW
OffsetRect
ReleaseCapture
SetCapture
PtInRect
SetRectEmpty
GetKeyState
SetDlgItemTextW
LoadIconW
SetWindowTextW
EnableWindow
GetDlgItem
CheckDlgButton
EndDialog
IsDlgButtonChecked
DialogBoxIndirectParamW
SetCursorPos
GetForegroundWindow
UnhookWindowsHookEx
SetWindowsHookExW
CallNextHookEx
GetIconInfo
GetDC
ReleaseDC
SetWindowTextA
SendMessageW
GetSystemMetrics
MessageBoxW
SystemParametersInfoA
GetClientRect
SystemParametersInfoW

msvcr100

memmove
wcsnlen
wcsrchr
_CIatan2
_purecall
_crt_debugger_hook
_controlfp_s
_invoke_watson
_except_handler4_common
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
_stricmp
sprintf_s
strrchr
memset
__CxxFrameHandler3
??2@YAPAXI@Z
wcschr
wcsstr
_wtoi
_wtof
free
realloc
wcscat_s
vsprintf_s
vswprintf_s
_wcslwr_s
wcscpy_s
??3@YAXPAX@Z
_CItan
_CIsqrt
_CIcos
memcpy
_CIpow
qsort
wcsncmp
wcstod
swprintf_s
_wcsnicmp

shell32

ExtractIconW
SHGetFolderPathW
CommandLineToArgvW
ShellExecuteW

d3dx9_43

D3DXCreateFontW
D3DXCreateTextureFromFileExW
D3DXCreateTextureFromResourceExW
D3DXMatrixRotationQuaternion
D3DXQuaternionNormalize
D3DXMatrixTranslation
D3DXQuaternionInverse
D3DXMatrixScaling
D3DXQuaternionMultiply
D3DXMatrixPerspectiveFovLH
D3DXVec3Normalize
D3DXQuaternionRotationMatrix
D3DXCreateTextureFromFileInMemoryEx
D3DXVec3TransformCoord
D3DXMatrixMultiply
D3DXMatrixTranspose
D3DXVec3TransformNormal
D3DXMatrixRotationY
D3DXMatrixLookAtLH
D3DXMatrixInverse

d3dx11_43

D3DX11CompileFromFileW
D3DX11GetImageInfoFromMemory
D3DX11CreateTextureFromMemory
D3DX11CreateTextureFromFileW
D3DX11GetImageInfoFromFileW
D3DX11CreateShaderResourceViewFromFileW
D3DX11SaveTextureToFileW

gdi32

DeleteDC
DeleteObject
GetStockObject
GetObjectW
CreateCompatibleDC
SelectObject
GetDIBits

comctl32

ord17

d3dcompiler_43

D3DCompile

Sections

.text
Size: 428KB - Virtual size: 427KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

06ff707492edd59f812ccbeaca233048

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:01:cf:3e:00:00:00:00:00:0fCertificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

61:06:94:2d:00:00:00:00:00:09Certificate

Extended Key Usages

Key Usages

a8:7c:26:f9:48:c9:1e:3d:f3:bd:67:ff:e9:73:96:0b:6e:ab:45:2fSigner

Signature Validations

Verification

02/06/2010, 12:17 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

msvcr100

shell32

d3dx9_43

d3dx11_43

gdi32

comctl32

d3dcompiler_43

Sections

.text Size: 428KB - Virtual size: 427KB

.data Size: 3KB - Virtual size: 10KB

.rsrc Size: 26KB - Virtual size: 26KB

.reloc Size: 31KB - Virtual size: 30KB

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:01:cf:3e:00:00:00:00:00:0f
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:06:94:2d:00:00:00:00:00:09
Certificate

a8:7c:26:f9:48:c9:1e:3d:f3:bd:67:ff:e9:73:96:0b:6e:ab:45:2f
Signer

02/06/2010, 12:17
Valid: false

.text
Size: 428KB - Virtual size: 427KB

.data
Size: 3KB - Virtual size: 10KB

.rsrc
Size: 26KB - Virtual size: 26KB

.reloc
Size: 31KB - Virtual size: 30KB