a6ec21082a2c7a4effbfc7b5931a0298a6641355ce453bb21783a8406519b0ce

Sharing

Copy URL Twitter E-mail

General

Target

a6ec21082a2c7a4effbfc7b5931a0298a6641355ce453bb21783a8406519b0ce
Size

240KB
MD5

2ce7a01fbdaa6f800379f7a95eac71d9
SHA1

01061605e8a89366f4a888520eb45dea78bd256b
SHA256

a6ec21082a2c7a4effbfc7b5931a0298a6641355ce453bb21783a8406519b0ce
SHA512

e3fc53fb6e18fda9d612869c35ff1ac5a84f9b1589041c1046769b8dd5384a1e4fdb65a035d7c20a457e449ad0646ffc8ccd31c0f71c8b3a7e88304a2f31a688
SSDEEP

6144:0cWoSj5KR5U6fusRfTm1SDI32tpdjS8Iy3Tuoa:09545U6fAn38336

Score

N/A

Malware Config

Signatures

Files

a6ec21082a2c7a4effbfc7b5931a0298a6641355ce453bb21783a8406519b0ce
.exe windows x86

1e796873b675e71178720aa6a7e7b4a9

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

75:e8:09:36:1d:af:be:7b:d7:2e:0e:5b:b7:65:95:52
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

11/02/2009, 00:00

Not After

11/02/2012, 23:59

Subject

CN=Avira GmbH,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Development 2009,O=Avira GmbH,L=Tettnang,ST=Baden-Wuerttemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateSemaphoreW
RemoveDirectoryW
GetSystemDefaultLCID
VirtualAlloc
AddAtomW
SetEvent
WaitForMultipleObjects
SearchPathW
CreatePipe
GetLongPathNameW
FileTimeToDosDateTime
GetCPInfo
GetSystemDefaultLangID
EnumTimeFormatsA
CreateDirectoryW
WaitForSingleObject
SuspendThread
GetEnvironmentStringsW
GetWindowsDirectoryW
GetHandleInformation
GetModuleHandleW
SystemTimeToFileTime
GetACP
lstrcpynW
ReplaceFileA
CreateThread
GetFullPathNameA
FlushFileBuffers
CreateSemaphoreA
EndUpdateResourceA
GetFileTime
SetCalendarInfoW
ConnectNamedPipe
GetSystemTime
GetLongPathNameA
CompareStringA
GetTimeFormatA
CreateMailslotA
GetExpandedNameA
OpenMutexW
GetTimeFormatW
FileTimeToSystemTime
lstrcpy
AddAtomA

user32

CreateDesktopA
DrawTextW
UnregisterClassA
OffsetRect
ShowWindow
LoadBitmapW
CharPrevA
LoadIconW
BringWindowToTop
PostMessageA
ShowCaret
InsertMenuA
WaitMessage
GetClassInfoExA
SendDlgItemMessageA
CheckMenuRadioItem
GetCursorPos
GetActiveWindow
GetIconInfo
AdjustWindowRect
EnableMenuItem
SetDlgItemTextW
GetDC
OpenWindowStationA
CharLowerW
CheckMenuItem
RegisterWindowMessageW
GetMenuItemRect
GetClassInfoExW
IsDlgButtonChecked
CascadeWindows
GetKeyState
GetClassInfoA
ClientToScreen
MoveWindow
GetClassInfoW

gdi32

SwapBuffers
RemoveFontResourceW
SetTextAlign
DescribePixelFormat
GetTextFaceA
LineTo
GetEnhMetaFileW
PolyPolyline
SetWindowOrgEx
CreateCompatibleDC
GetBkMode
CreateBitmapIndirect
GetDCBrushColor
GetEnhMetaFilePixelFormat
GetEnhMetaFileHeader
PlayMetaFile
CombineRgn

advapi32

RegOpenKeyW
IsValidAcl
RegOpenKeyW
RegQueryValueW
RegDeleteValueA

shell32

ShellExecuteExA
StrCmpNIA

comdlg32

PrintDlgExA
GetSaveFileNameA
GetOpenFileNameW
GetFileTitleW

setupapi

pSetupAccessRunOnceNodeList
CM_Get_DevNode_Registry_Property_ExW

wsock32

WSASetLastError
sethostname

Sections

.c9rxny
Size: 10KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.%bY
Size: 1024B - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.;,bpn
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.<
Size: 1KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.#i!YS
Size: 3KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.x960
Size: 1KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 212KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1e796873b675e71178720aa6a7e7b4a9

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

75:e8:09:36:1d:af:be:7b:d7:2e:0e:5b:b7:65:95:52Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

comdlg32

setupapi

wsock32

Sections

.c9rxny Size: 10KB - Virtual size: 11KB

.%bY Size: 1024B - Virtual size: 12KB

.;,bpn Size: 3KB - Virtual size: 3KB

.< Size: 1KB - Virtual size: 20KB

.#i!YS Size: 3KB - Virtual size: 44KB

.x960 Size: 1KB - Virtual size: 31KB

.rsrc Size: 212KB - Virtual size: 280KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

75:e8:09:36:1d:af:be:7b:d7:2e:0e:5b:b7:65:95:52
Certificate

.c9rxny
Size: 10KB - Virtual size: 11KB

.%bY
Size: 1024B - Virtual size: 12KB

.;,bpn
Size: 3KB - Virtual size: 3KB

.<
Size: 1KB - Virtual size: 20KB

.#i!YS
Size: 3KB - Virtual size: 44KB

.x960
Size: 1KB - Virtual size: 31KB

.rsrc
Size: 212KB - Virtual size: 280KB