9b8bb5b6b07c7a71eae2fc221cc71a85419dd852a812efbcbf4bcb5a9b3b5683

Sharing

Copy URL

Twitter E-mail

General

Target

9b8bb5b6b07c7a71eae2fc221cc71a85419dd852a812efbcbf4bcb5a9b3b5683
Size

236KB
MD5

5b82974d1da4c6ccb9beeb007e7b80d3
SHA1

1a97770b69701dea24ae378a72429dbeea3ce50b
SHA256

9b8bb5b6b07c7a71eae2fc221cc71a85419dd852a812efbcbf4bcb5a9b3b5683
SHA512

2f282ccfc7f12ded330216f5945168ce8e35aaee6c0d6ae87227c1172bed7f5bd1ce39b316ffa9d4786af9723e721e3c7c9b3e657281a70bb4200403eb66fe97
SSDEEP

3072:PV+Xkc1c7FNmJPnfdsck8RG+xuDMsDWss3dK83GMJBjwrX/qdjfKAqHzBuixFUqY:PVP7fKlQIpp3GMUrv8jfnCzBuwFlEd

Score

N/A

Malware Config

Signatures

Files

9b8bb5b6b07c7a71eae2fc221cc71a85419dd852a812efbcbf4bcb5a9b3b5683
.exe windows x86

768f3d8c4e672f2fe05745db9261c5bf

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5c:b2:d3:c2:21:07:bc:a3:05:4c:66:a7:95:9f:1b:5f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

02-09-2009 00:00

Not After

25-10-2012 23:59

Subject

CN=Norman ASA,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Headquarter,O=Norman ASA,L=Lysaker,ST=Oslo,C=NO

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:67:53:73:de:b4:04:47:a8:e5:d6:5a:44:5c:84:85:1b:ae:e0:ee
Signer

Actual PE Digest

6d:67:53:73:de:b4:04:47:a8:e5:d6:5a:44:5c:84:85:1b:ae:e0:ee

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Norman ASA,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Headquarter,O=Norman ASA,L=Lysaker,ST=Oslo,C=NO

15-11-2010 11:50
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLogicalDriveStringsW
GetEnvironmentVariableW
OpenSemaphoreA
SearchPathA
QueryPerformanceFrequency
OpenEventW
lstrcpyn
GetLogicalDrives
OpenWaitableTimerW
CreatePipe
lstrlenA
GlobalGetAtomNameW
IsBadReadPtr
GetFileAttributesW
GetDiskFreeSpaceW
CreateMutexA
GetCurrentThread
GetTempFileNameW
GetDateFormatA
SetCalendarInfoW
GetSystemDirectoryA
GetTempPathW
GetLogicalDriveStringsA
GetProcAddress
GetWindowsDirectoryA
lstrcmp
GetUserDefaultLangID
GetCalendarInfoA
lstrlenW
GetVersion
LoadResource
GetTimeFormatA
GetFileAttributesA
FreeLibrary
GlobalAlloc
MulDiv
CreateSemaphoreW
lstrcmpi
ExitProcess
LoadLibraryExA
CreateNamedPipeA
GetTempFileNameA
GetShortPathNameA
GetModuleFileNameW
RemoveDirectoryA
GetThreadPriority
GetVolumeInformationA
GetLocalTime
ConnectNamedPipe
GetVolumeInformationW
Sleep

user32

PeekMessageA
OffsetRect
SetActiveWindow
IsWindow
CharUpperA
CreateAcceleratorTableW
SendDlgItemMessageW
SetDlgItemInt
SetCursor
LoadBitmapA
GetMenuItemID
LoadMenuIndirectA
ActivateKeyboardLayout
RegisterClassW
CopyRect
AppendMenuA
GetCapture
GetSystemMetrics
SetDlgItemTextA
MessageBoxW
SendDlgItemMessageA
GetForegroundWindow
LoadMenuA
ShowCursor
WaitForInputIdle
CopyIcon
RegisterClassA
GetClassInfoExA
SetTimer
TrackPopupMenuEx
LoadImageA
wsprintfA
MessageBoxIndirectW

gdi32

CreatePalette
CreateDIBSection
CreateFontIndirectA
DeleteObject
RemoveFontResourceW
CreateScalableFontResourceW
CreateFontW
CreateBitmap
CreateFontA
CreateHatchBrush
CreateICA

advapi32

NotifyChangeEventLog
SetSecurityDescriptorSacl
SystemFunction022
CryptEnumProviderTypesW
OpenServiceW
AddAuditAccessAce
CryptContextAddRef
GetAccessPermissionsForObjectW
CredWriteDomainCredentialsA
LsaQueryInfoTrustedDomain
WriteEncryptedFileRaw
OpenBackupEventLogA
LsaLookupPrivilegeName
DuplicateEncryptionInfoFile
WmiSetSingleItemA
LsaCreateTrustedDomainEx
RegEnumKeyExW
GetLocalManagedApplicationData
AllocateLocallyUniqueId
CreateProcessWithLogonW
WmiCloseBlock

shell32

StrRChrIW
ExtractAssociatedIconA

comdlg32

PrintDlgExW
PageSetupDlgA
GetFileTitleW
FindTextW
GetOpenFileNameW
GetSaveFileNameA
FindTextA
ReplaceTextW
PrintDlgExA
ChooseFontW

setupapi

InstallHinfSectionW
CMP_GetServerSideDeviceInstallFlags
SetupUninstallOEMInfW

ws2_32

recvfrom
htonl
gethostbyaddr
inet_ntoa
getpeername
inet_addr
WSAIoctl
send
WSAEnumNetworkEvents
WSACloseEvent
htons
WSACreateEvent
connect
getsockopt

winmm

CloseDriver
midiInReset
mixerGetNumDevs
waveOutSetPlaybackRate
waveInUnprepareHeader
waveInGetDevCapsA
joyConfigChanged
sndPlaySoundW
PlaySound
timeGetSystemTime

inetcomm

MimeOleGetRelatedSection
MimeOleCreateHashTable

Sections

.RWK
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.BTxjpv
Size: 4KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.jJjB
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.aGm
Size: 4KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Zrl
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.jNjo
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.QKo
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eXb
Size: 9KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.I
Size: 1024B - Virtual size: 463KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

768f3d8c4e672f2fe05745db9261c5bf

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

5c:b2:d3:c2:21:07:bc:a3:05:4c:66:a7:95:9f:1b:5fCertificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

6d:67:53:73:de:b4:04:47:a8:e5:d6:5a:44:5c:84:85:1b:ae:e0:eeSigner

Signature Validations

Verification

15-11-2010 11:50 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

comdlg32

setupapi

ws2_32

winmm

inetcomm

Sections

.RWK Size: 3KB - Virtual size: 3KB

.BTxjpv Size: 4KB - Virtual size: 47KB

.jJjB Size: 91KB - Virtual size: 90KB

.aGm Size: 4KB - Virtual size: 61KB

.Zrl Size: 12KB - Virtual size: 12KB

.jNjo Size: 4KB - Virtual size: 8KB

.QKo Size: 92KB - Virtual size: 92KB

.eXb Size: 9KB - Virtual size: 17KB

.I Size: 1024B - Virtual size: 463KB

.rsrc Size: 8KB - Virtual size: 7KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

5c:b2:d3:c2:21:07:bc:a3:05:4c:66:a7:95:9f:1b:5f
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

6d:67:53:73:de:b4:04:47:a8:e5:d6:5a:44:5c:84:85:1b:ae:e0:ee
Signer

15-11-2010 11:50
Valid: false

.RWK
Size: 3KB - Virtual size: 3KB

.BTxjpv
Size: 4KB - Virtual size: 47KB

.jJjB
Size: 91KB - Virtual size: 90KB

.aGm
Size: 4KB - Virtual size: 61KB

.Zrl
Size: 12KB - Virtual size: 12KB

.jNjo
Size: 4KB - Virtual size: 8KB

.QKo
Size: 92KB - Virtual size: 92KB

.eXb
Size: 9KB - Virtual size: 17KB

.I
Size: 1024B - Virtual size: 463KB

.rsrc
Size: 8KB - Virtual size: 7KB