54e3b908358f64331d138bd753d50b2ad229d7982979ce7edbda2145079928d8

Sharing

Copy URL Twitter E-mail

General

Target

54e3b908358f64331d138bd753d50b2ad229d7982979ce7edbda2145079928d8
Size

558KB
MD5

4dabaeb4ae75ca8fed33dd77da6053e0
SHA1

be89861c5070e4ef4ac9dd703fa91a1b519f18f8
SHA256

54e3b908358f64331d138bd753d50b2ad229d7982979ce7edbda2145079928d8
SHA512

60c1fa4e21dcb8c5e33f890e9f670b8cd5d49be44d5a00ed3c29d57cc056a877b50acf6d24615575cc104ed74e9a3816bf0b09f53f0178df98535adf799fb504
SSDEEP

6144:uzRWspPQfn4SQeCzsY6ROOb6k8+Rs+9SiEEFjXbt0mmPua4Qp5SYgsR+0S7CBe+g:iRWsCfCzkROK6kLBUiBbP1Ywceh

Score

N/A

Malware Config

Signatures

Files

54e3b908358f64331d138bd753d50b2ad229d7982979ce7edbda2145079928d8
.exe windows x86

c1339e760be2fb0e19cc76fe0f4a171e

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5e:f1:dc:1e:fb:1e:46:b5:de:80:ed:e1:76:2a:55:a7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

07/07/2010, 00:00

Not After

06/07/2013, 23:59

Subject

CN=Oracle America\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Software Engineering,O=Oracle America\, Inc.,L=Redwood Shores,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ad:1b:d1:47:52:5d:e6:f6:b3:6c:74:26:9b:f5:f9:45:19:bb:62:33
Signer

Actual PE Digest

ad:1b:d1:47:52:5d:e6:f6:b3:6c:74:26:9b:f5:f9:45:19:bb:62:33

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Oracle America\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Software Engineering,O=Oracle America\, Inc.,L=Redwood Shores,ST=California,C=US

03/07/2012, 16:04
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegOpenKeyExA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegSetValueExA
RegQueryInfoKeyW
RegEnumKeyExA
RegQueryValueExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextA
RegEnumKeyA
RegQueryInfoKeyA

crypt32

CertGetNameStringW
CertFindCertificateInStore
CryptMsgGetParam
CryptQueryObject
CryptMsgClose
CertCloseStore

version

VerQueryValueA
GetFileVersionInfoA

user32

ScreenToClient
GetDC
ReleaseDC
InvalidateRect
InvalidateRgn
RedrawWindow
SetCapture
MapDialogRect
SetWindowContextHelpId
GetDlgCtrlID
LoadBitmapA
EndDialog
GetWindowRect
PtInRect
SetCursor
EnableWindow
RegisterClassA
ShowWindow
PostQuitMessage
CreatePopupMenu
AppendMenuA
GetCursorPos
SetForegroundWindow
TrackPopupMenu
PostMessageA
GetSystemMetrics
ClientToScreen
DialogBoxIndirectParamA
RegisterWindowMessageA
GetWindowTextLengthA
IsChild
wsprintfA
PeekMessageA
DispatchMessageA
DispatchMessageW
TranslateMessage
GetMessageA
GetMessageW
IsWindowUnicode
MsgWaitForMultipleObjectsEx
SetWindowLongA
GetWindowLongA
GetDesktopWindow
MessageBoxA
LoadStringA
DefWindowProcA
GetSysColor
GetParent
GetDlgItem
GetClassNameA
ReleaseCapture
FillRect
DestroyWindow
CharNextA
CallWindowProcA
GetClientRect
SetWindowPos
LoadImageA
UnregisterClassA
GetWindowTextA
SetWindowTextA
CreateAcceleratorTableA
CreateWindowExA
RegisterClassExA
LoadCursorA
GetClassInfoExA
IsWindow
SendMessageA
GetFocus
GetWindow
SetFocus
DestroyAcceleratorTable
BeginPaint
EndPaint
MoveWindow

gdi32

StretchBlt
SetTextColor
SaveDC
SetGraphicsMode
ModifyWorldTransform
SetViewportOrgEx
SetWindowOrgEx
DPtoLP
CreateFontIndirectA
RestoreDC
GetStockObject
GetObjectA
CreateSolidBrush
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteObject
DeleteDC
SetBkMode

comctl32

ord17

wintrust

WinVerifyTrust

wininet

InternetOpenA
InternetCrackUrlA
InternetConnectA
InternetGetConnectedState
InternetQueryDataAvailable
InternetCloseHandle
InternetReadFile
InternetTimeToSystemTime
HttpQueryInfoA
InternetErrorDlg
HttpSendRequestA
HttpAddRequestHeadersA
InternetTimeFromSystemTime
HttpOpenRequestA

urlmon

URLDownloadToFileA

shell32

Shell_NotifyIconA
SHGetFolderPathA
ShellExecuteA

kernel32

GetOEMCP
GetACP
GetCPInfo
GetLocaleInfoW
HeapSize
HeapReAlloc
GetModuleFileNameW
GetStdHandle
HeapCreate
TlsFree
TlsSetValue
CompareStringW
TlsAlloc
GetTimeZoneInformation
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
HeapSetInformation
ExitProcess
EncodePointer
SetEnvironmentVariableA
VirtualQuery
IsValidCodePage
VirtualProtect
RtlUnwind
GetSystemTimeAsFileTime
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedPushEntrySList
InterlockedCompareExchange
GetCurrentProcessId
GetTickCount
SystemTimeToTzSpecificLocalTime
LocalFree
GetSystemInfo
GetVersionExA
GetThreadLocale
FindResourceW
GetSystemTime
OpenEventA
CreatePipe
SetHandleInformation
ReadFile
LoadLibraryExA
SetHandleCount
GetFileType
GetConsoleCP
GetConsoleMode
FlushFileBuffers
InterlockedExchange
LoadLibraryW
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
LCMapStringW
WriteConsoleW
SetStdHandle
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetModuleHandleW
CreateFileW
DecodePointer
TlsGetValue
SizeofResource
FreeLibrary
IsDBCSLeadByte
GetCommandLineA
CreateMutexA
InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
GetProcAddress
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
lstrcpynA
CreateEventA
CreateThread
ResetEvent
WaitForMultipleObjects
SetEvent
LoadResource
LockResource
GlobalHandle
GlobalFree
SetLastError
GlobalLock
CloseHandle
WriteFile
lstrlenA
SetFilePointer
CreateFileA
GetTempPathA
lstrcatA
GetEnvironmentVariableA
LoadLibraryA
GetLastError
GetSystemDirectoryA
SetDllDirectoryA
MultiByteToWideChar
WideCharToMultiByte
lstrcpyA
lstrlenW
WaitForSingleObject
RaiseException
EnterCriticalSection
LeaveCriticalSection
FlushInstructionCache
GetCurrentProcess
GlobalAlloc
FindResourceA
lstrcmpA
SetEndOfFile
CompareFileTime
SystemTimeToFileTime
Sleep
FileTimeToSystemTime
GetFileTime
GetFileSize
GetExitCodeProcess
CreateProcessA
FormatMessageA
lstrcmpiA
DeleteFileA
GetCurrentThreadId
MulDiv
GetModuleFileNameA
GlobalUnlock
InitializeCriticalSection

ole32

StringFromCLSID
CoInitialize
CoUninitialize
CoTaskMemRealloc
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CLSIDFromProgID
CoGetClassObject
CoTaskMemAlloc
OleLockRunning
StringFromGUID2
CoInitializeSecurity
CoCreateInstance
CoTaskMemFree
CLSIDFromString

oleaut32

VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
VariantClear
VariantInit
SysAllocString
SysAllocStringLen
SysStringLen
SysFreeString

Sections

.text
Size: 203KB - Virtual size: 202KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 281KB - Virtual size: 284KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c1339e760be2fb0e19cc76fe0f4a171e

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

5e:f1:dc:1e:fb:1e:46:b5:de:80:ed:e1:76:2a:55:a7Certificate

Extended Key Usages

Key Usages

ad:1b:d1:47:52:5d:e6:f6:b3:6c:74:26:9b:f5:f9:45:19:bb:62:33Signer

Signature Validations

Verification

03/07/2012, 16:04 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

crypt32

version

user32

gdi32

comctl32

wintrust

wininet

urlmon

shell32

kernel32

ole32

oleaut32

Sections

.text Size: 203KB - Virtual size: 202KB

.rdata Size: 61KB - Virtual size: 60KB

.data Size: 11KB - Virtual size: 20KB

.rsrc Size: 281KB - Virtual size: 284KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

5e:f1:dc:1e:fb:1e:46:b5:de:80:ed:e1:76:2a:55:a7
Certificate

ad:1b:d1:47:52:5d:e6:f6:b3:6c:74:26:9b:f5:f9:45:19:bb:62:33
Signer

03/07/2012, 16:04
Valid: false

.text
Size: 203KB - Virtual size: 202KB

.rdata
Size: 61KB - Virtual size: 60KB

.data
Size: 11KB - Virtual size: 20KB

.rsrc
Size: 281KB - Virtual size: 284KB