b7cf79217fa52cc0a46f2d43fee482d8c7ba9eeb6a27f87652aadae69b313e42

Sharing

Copy URL

Twitter E-mail

General

Target

b7cf79217fa52cc0a46f2d43fee482d8c7ba9eeb6a27f87652aadae69b313e42
Size

263KB
MD5

18da902cf5b20cbfb80ec40ae6b327f0
SHA1

44fed74d282384b62ca7a2948bfd31fb818d9aa5
SHA256

b7cf79217fa52cc0a46f2d43fee482d8c7ba9eeb6a27f87652aadae69b313e42
SHA512

17b901bb66cb1724877c0d240ffef519fefd265a31ec1ece7f68a255eea949eb35733f0fa0b8b7aeb9c7733005f2be318b60e278360ccbb1b32b3c76acc254b2
SSDEEP

6144:57aybOSSfE6hnJDMGGMzoKlDqEz62A0RZoq/klCwpH5:57ayQfNrGMztl2EGpAGqCCwpH5

Score

N/A

Malware Config

Signatures

Files

b7cf79217fa52cc0a46f2d43fee482d8c7ba9eeb6a27f87652aadae69b313e42
.exe windows x86

43c87c5314d49ae83bdd99dc9d99cb3c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

31:a4:e3:40:b4:70:b6:9b:40:99:8f:7d:c4:94:d9:97
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

24/11/2008, 00:00

Not After

06/01/2011, 23:59

Subject

CN=Trusteer,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Trusteer,L=Tel-Aviv,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6c:15:69:5a:ce:19:a9:f6:0c:d2:b7:0d:a1:5c:78:7a:18:be:1a:f4
Signer

Actual PE Digest

6c:15:69:5a:ce:19:a9:f6:0c:d2:b7:0d:a1:5c:78:7a:18:be:1a:f4

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Trusteer,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Trusteer,L=Tel-Aviv,ST=Israel,C=IL

18/05/2010, 13:51
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpi
CreateDirectoryA
ReplaceFileA
GetThreadLocale
lstrcpyW
GetShortPathNameA
SetComputerNameW
WaitForMultipleObjects
GetLongPathNameA
CreateNamedPipeA
GetStringTypeA
GetLogicalDriveStringsA
RaiseException
GetDiskFreeSpaceW
GetFileAttributesW
GetSystemDirectoryA
IsBadStringPtrW
RemoveDirectoryW
lstrcmpiA
GetTimeFormatA
GetSystemDefaultLangID
lstrcpynA
CreateDirectoryW
GetDiskFreeSpaceA
MultiByteToWideChar
OpenWaitableTimerW
GetUserDefaultLCID
DosDateTimeToFileTime
GetLogicalDrives
GetProcAddress
GetProcessHeaps
GetVersion
GetLocaleInfoW
lstrcpynW
FindResourceA
GetModuleFileNameW
SetCalendarInfoW
GlobalFindAtomW
FatalAppExitW
SetUnhandledExceptionFilter
GetCPInfo
GlobalDeleteAtom
SetComputerNameA
GetModuleHandleA
AddAtomW
GlobalFindAtomA
Beep
CreateSemaphoreW
DisconnectNamedPipe
DeleteAtom
GetTempFileNameW
GetTempPathA
BeginUpdateResourceW
lstrlenA
GetMailslotInfo
GetCurrentThread
FindAtomW
GetSystemDefaultLCID
ExitProcess
GetEnvironmentVariableW
GetLogicalDriveStringsW
CopyFileA
GetExitCodeProcess
GetThreadPriority
QueryPerformanceFrequency
IsDebuggerPresent
GetHandleInformation
FindResourceW
GetSystemDirectoryW
GetAtomNameW
OpenEventA
lstrcatA
LoadLibraryA
GetVersionExW
GetVolumeInformationA
LocalAlloc
lstrcmpA
GetComputerNameA
SetEvent
SetCalendarInfoA
CreateEventW
GetStartupInfoW
LoadLibraryA
SetCurrentDirectoryW
SystemTimeToFileTime
lstrcmp

user32

SetDlgItemTextA
LoadImageW
GetActiveWindow
IsDlgButtonChecked
ShowWindow
wvsprintfW
ShowCaret
GetClassInfoExA
GetKeyboardType
SetCursor
SendDlgItemMessageW
MoveWindow
GetMessageW
SetCapture
LoadMenuA
wsprintfA
CreateDialogParamA
CreateWindowExW
GetDCEx
LoadMenuW
FindWindowA
LoadBitmapW
UpdateLayeredWindow
GetDlgItemTextW
DestroyMenu
SendMessageW
CopyIcon
CharUpperA
GetMenuItemID
IsMenu
EmptyClipboard
OpenClipboard
DialogBoxIndirectParamA
MessageBoxIndirectW
GetMessageA
InsertMenuA
GetClassInfoExW
CreateDialogParamW
GetFocus
MessageBoxA
PostMessageA
GetMenuItemCount
MonitorFromRect
CharNextA
CharLowerA
AppendMenuA
SetForegroundWindow
GetForegroundWindow
PeekMessageA
MonitorFromPoint
RegisterClassExA
GetScrollPos
CreateDesktopA
EndMenu
IsIconic
DialogBoxParamW
AdjustWindowRect
InsertMenuItemA
GetActiveWindow
GetKeyboardLayout
WaitForInputIdle
IsChild
WinHelpA
GetCursorPos
CreateMenu
GetMenuItemRect
SetDlgItemTextW
GetTopWindow
CreatePopupMenu
FindWindowW
CharLowerW
SetMenu
GetMenuStringW
InvalidateRgn
DefWindowProcW
InsertMenuItemW
CharPrevA
GetDesktopWindow
MessageBoxW
GetIconInfo
UnregisterClassA
LoadMenuIndirectA
DestroyIcon
SetCursorPos
MessageBoxIndirectA
LoadIconW
GetMenuItemInfoW
GetCapture
CreateWindowExA
SetWindowRgn
GetMenu
SendDlgItemMessageA
SetTimer
GetClassInfoA
DefWindowProcA
CharPrevW

comctl32

ImageList_Duplicate
ImageList_GetFlags
FlatSB_GetScrollInfo
CreatePropertySheetPage
ImageList_SetFlags
CreatePropertySheetPageA
ImageList_Create
ImageList_Add
ImageList_LoadImageA
ImageList_SetDragCursorImage
ImageList_SetIconSize

ole32

CoCreateInstanceEx
CoGetCurrentProcess
CoInitializeEx
CoGetObject

oleaut32

VarDecFromBool
VarCyFromI4
SafeArrayCreateVectorEx
SafeArraySetIID
VarR8FromDisp
SetVarConversionLocaleSetting
VarAnd
SafeArrayDestroyDescriptor
SysStringLen

opengl32

glGenLists
glLighti
glColorPointer
glBlendFunc
glRectfv
glVertex2d
glRasterPos2sv
glGetFloatv
glColor4ui
glGetTexLevelParameteriv
glIndexMask
glDebugEntry
glGetError
glPixelStoref
glTexEnvfv
glTexCoord3s
glEvalCoord1dv

version

VerFindFileA
GetFileVersionInfoW

olecli32

ErrExecute
ErrClose

sqlunirl

_CreateDesktop_@24
_ShellAbout_@16
_ClearEventLog_@8
_EnumResourceTypes_@12
_GetTempPath_@8
_SetFileAttributes_@8
_CreateMDIWindow_@40
_GetWindowTextLength@4
_StartServiceCtrlDispatcher_@4
_RegisterClass_@4
_PrivilegedServiceAuditAlarm_@20
_CommDlg_OpenSave_GetSpec@12
_CallMsgFilter_@8
_EnumResourceNames_@16
_WritePrivateProfileString_@16
_GetClassLong_@8
_CreateIC_@16
AbortSystemShutdown_
_CommConfigDialog_@12
_GetGlyphOutline_@28
_UpdateResource_@24
_GetCharABCWidthsFloat_@16

Sections

.hqjQh
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.IqR
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.qtyCA
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.R
Size: 7KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.upo
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.C
Size: 7KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rJdo
Size: 5KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

43c87c5314d49ae83bdd99dc9d99cb3c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

31:a4:e3:40:b4:70:b6:9b:40:99:8f:7d:c4:94:d9:97Certificate

Extended Key Usages

Key Usages

6c:15:69:5a:ce:19:a9:f6:0c:d2:b7:0d:a1:5c:78:7a:18:be:1a:f4Signer

Signature Validations

Verification

18/05/2010, 13:51 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

comctl32

ole32

oleaut32

opengl32

version

olecli32

sqlunirl

Sections

.hqjQh Size: 3KB - Virtual size: 2KB

.IqR Size: 11KB - Virtual size: 11KB

.qtyCA Size: 106KB - Virtual size: 105KB

.R Size: 7KB - Virtual size: 324KB

.upo Size: 109KB - Virtual size: 109KB

.C Size: 7KB - Virtual size: 25KB

.rJdo Size: 5KB - Virtual size: 133KB

.rsrc Size: 7KB - Virtual size: 6KB

.reloc Size: 1KB - Virtual size: 1KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

31:a4:e3:40:b4:70:b6:9b:40:99:8f:7d:c4:94:d9:97
Certificate

6c:15:69:5a:ce:19:a9:f6:0c:d2:b7:0d:a1:5c:78:7a:18:be:1a:f4
Signer

18/05/2010, 13:51
Valid: false

.hqjQh
Size: 3KB - Virtual size: 2KB

.IqR
Size: 11KB - Virtual size: 11KB

.qtyCA
Size: 106KB - Virtual size: 105KB

.R
Size: 7KB - Virtual size: 324KB

.upo
Size: 109KB - Virtual size: 109KB

.C
Size: 7KB - Virtual size: 25KB

.rJdo
Size: 5KB - Virtual size: 133KB

.rsrc
Size: 7KB - Virtual size: 6KB

.reloc
Size: 1KB - Virtual size: 1KB