9d97ff80e8242afaeb6c3bb68922fdcc08638b548272c0fac76357cb09cf7824

Sharing

Copy URL

Twitter E-mail

General

Target

9d97ff80e8242afaeb6c3bb68922fdcc08638b548272c0fac76357cb09cf7824
Size

123KB
MD5

b39940061d2447f0a540529663d47fee
SHA1

3001629764db29162603afc950e5d047abaf7ebc
SHA256

9d97ff80e8242afaeb6c3bb68922fdcc08638b548272c0fac76357cb09cf7824
SHA512

edff241233bd07b560329131ededb54bc41244e5b69fdfe83068901a8b3ff9296b90f5fbc4c46dcec7551908af6ba1828f2bfe13f5e1d8dd8598de846b45e97d
SSDEEP

3072:mK6xkMtbYAaH2EOCLb0An/VtdcOJrclgTjJ:jeztbYACECdLSKjJ

Score

N/A

Malware Config

Signatures

Files

9d97ff80e8242afaeb6c3bb68922fdcc08638b548272c0fac76357cb09cf7824
.exe windows x86

8b276826a22e79b3f139890975f7ffd9

Code Sign

1a:7e:6b:f2:a0:0b:22:85:47:3e:a8:84:fb:13:d5:87
Certificate

Issuer

CN=Root Agency

Not Before

17-12-2011 01:32

Not After

31-12-2039 23:59

Subject

CN=mmt.microsoft.com

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a2:38:54:cb:36:dd:70:64:73:42:84:4d:34:2a:f3:a3:af:56:8f:a9
Signer

Actual PE Digest

a2:38:54:cb:36:dd:70:64:73:42:84:4d:34:2a:f3:a3:af:56:8f:a9

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=mmt.microsoft.com

17-12-2011 02:21
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEvent
GetCurrentThread
WriteFile
CreateEventA
GetProcAddress
LoadLibraryA
CreateFileA
VirtualProtect
CreateSemaphoreA
LockResource
LoadResource
FindResourceA
GetWindowsDirectoryA
HeapFree
GetProcessHeap
GetCurrentProcess
VirtualProtectEx
VirtualAllocEx
ExitProcess
ReleaseMutex
DeleteFileA
GetComputerNameA
GetModuleHandleA
HeapAlloc
InterlockedExchange
RtlUnwind
VirtualQuery

user32

GetForegroundWindow
GetSystemMetrics
DefWindowProcA
PostQuitMessage
PostMessageA
DispatchMessageA
TranslateMessage
GetMessageA
SetWindowTextA
UpdateWindow
CreateWindowExA
RegisterClassExA
SendMessageA
GetActiveWindow
GetWindow
FindWindowA
ShowWindow

Sections

.text
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8b276826a22e79b3f139890975f7ffd9

Code Sign

1a:7e:6b:f2:a0:0b:22:85:47:3e:a8:84:fb:13:d5:87Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

a2:38:54:cb:36:dd:70:64:73:42:84:4d:34:2a:f3:a3:af:56:8f:a9Signer

Signature Validations

Verification

17-12-2011 02:21 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 52KB - Virtual size: 48KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 116B

.rsrc Size: 52KB - Virtual size: 50KB

.reloc Size: 4KB - Virtual size: 196KB

1a:7e:6b:f2:a0:0b:22:85:47:3e:a8:84:fb:13:d5:87
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

a2:38:54:cb:36:dd:70:64:73:42:84:4d:34:2a:f3:a3:af:56:8f:a9
Signer

17-12-2011 02:21
Valid: false

.text
Size: 52KB - Virtual size: 48KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 116B

.rsrc
Size: 52KB - Virtual size: 50KB

.reloc
Size: 4KB - Virtual size: 196KB