f741bb22527dbc9854eec69a1d6c8c6b21e903eeac94c3148d3f6b541a528fe3

Sharing

Copy URL Twitter E-mail

General

Target

f741bb22527dbc9854eec69a1d6c8c6b21e903eeac94c3148d3f6b541a528fe3
Size

271KB
MD5

d740403ef72577f172c80959692f8304
SHA1

3a26210a8f7387505dc47360a5674f075ae45cc8
SHA256

f741bb22527dbc9854eec69a1d6c8c6b21e903eeac94c3148d3f6b541a528fe3
SHA512

07e2c48108051ace02546b39a0880e47029a3a0701b48a1373401b0758d5e91a5dea8d22d664953097750f42207e50c1d9e86e862544d6993fa9ec994097947e
SSDEEP

6144:9G6BE7RCU6CstEk6vwWd+EgIrrDvEtXgcGD4XvNutgP+bi4I:9hBDpCdf+EtrktXgc28NutgP+2

Score

N/A

Malware Config

Signatures

Files

f741bb22527dbc9854eec69a1d6c8c6b21e903eeac94c3148d3f6b541a528fe3
.exe windows x86

5d24ad726e6f6a976ac831becad57de8

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1c:2d:d6:1a:35:e6:5d:f6:29:97:01:ff:9b:e5:ca:44
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

20/01/2010, 00:00

Not After

24/01/2012, 23:59

Subject

CN=BITDEFENDER LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BITDEFENDER LLC,L=Fort Lauderdale,ST=Florida,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:94:c4:1b:f1:a2:55:c2:20:c3:77:40:e6:b9:be:b8:7a:de:bd:f9
Signer

Actual PE Digest

5d:94:c4:1b:f1:a2:55:c2:20:c3:77:40:e6:b9:be:b8:7a:de:bd:f9

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=BITDEFENDER LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BITDEFENDER LLC,L=Fort Lauderdale,ST=Florida,C=US

07/05/2010, 16:02
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalFindAtomW
FindAtomA
InitializeCriticalSection
CreateEventW
CreateMailslotA
SetComputerNameW
FileTimeToSystemTime
GetWindowsDirectoryW
MulDiv
OpenProcess
Sleep
lstrcatA
GetProcAddress
ExitProcess
EnumCalendarInfoA
GetTimeFormatW
GetFileAttributesA
CompareFileTime
GetProcessHeaps
ReplaceFileA
DosDateTimeToFileTime
SetCalendarInfoW
GetEnvironmentVariableA
lstrcmpi
DeleteAtom
WaitForSingleObject

user32

IsWindowEnabled
CheckMenuRadioItem
CheckDlgButton
GetCapture
CopyImage
CascadeWindows
OpenClipboard
GetCapture
CheckRadioButton
GetClassLongW
SetWindowLongA
SendDlgItemMessageA
CharLowerW
DialogBoxParamW
CheckMenuItem
CreateWindowExW
GetMenuItemID
GetKeyboardType
SetDlgItemInt
DefFrameProcW
CreateWindowExA
GetDC
ClientToScreen
CreateDesktopA
GetMenu
wvsprintfA
UpdateLayeredWindow
CharPrevA
MonitorFromRect
GetWindowTextA
CharLowerA
EnumDesktopsA
LoadImageW
FindWindowW
MonitorFromPoint
GetDC
LoadCursorA
MessageBeep
InsertMenuItemW
WinHelpW
ArrangeIconicWindows
IsIconic
AppendMenuW
PostMessageA
ChildWindowFromPoint
CharPrevW

gdi32

GetGlyphIndicesA
GetTextCharacterExtra
GetArcDirection
Polyline
GetColorAdjustment
SetWindowExtEx
CreateBitmapIndirect
GetTextExtentPointA
StartFormPage
CreateBitmap
DeleteMetaFile
DPtoLP
GetTextCharset
CreatePalette

advapi32

RegSaveKeyA
RegDeleteValueA
RegCreateKeyExA
RegCloseKey
RegQueryInfoKeyW
RegEnumValueA

shell32

SHGetDataFromIDListA
ExtractIconW
ShellExecuteExW
StrCmpNA
StrStrIA

comctl32

ImageList_DragShowNolock

comdlg32

PrintDlgExA
ReplaceTextA
GetSaveFileNameA
GetFileTitleA
GetSaveFileNameW
PageSetupDlgW

opengl32

glRasterPos3sv
glEvalCoord2fv
glIndexub
glGetTexParameteriv
glRectfv
glCopyTexSubImage1D
glColor4i
glSelectBuffer
glVertex3i
glEvalCoord1d
glTexGenfv

ws2_32

getservbyname

winspool.drv

OpenPrinterA
DeletePrinter

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.LyfAJF
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.s
Size: 2KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.RpJNH
Size: 1KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.OzQer
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vL
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.x
Size: 1KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.PAyCx
Size: 2KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dBt
Size: 1024B - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ApS
Size: 1KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 228KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5d24ad726e6f6a976ac831becad57de8

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

1c:2d:d6:1a:35:e6:5d:f6:29:97:01:ff:9b:e5:ca:44Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

5d:94:c4:1b:f1:a2:55:c2:20:c3:77:40:e6:b9:be:b8:7a:de:bd:f9Signer

Signature Validations

Verification

07/05/2010, 16:02 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

comctl32

comdlg32

opengl32

ws2_32

winspool.drv

Sections

.text Size: 11KB - Virtual size: 11KB

.LyfAJF Size: 512B - Virtual size: 4KB

.s Size: 2KB - Virtual size: 17KB

.RpJNH Size: 1KB - Virtual size: 46KB

.OzQer Size: 1KB - Virtual size: 2KB

.vL Size: 3KB - Virtual size: 4KB

.x Size: 1KB - Virtual size: 39KB

.PAyCx Size: 2KB - Virtual size: 47KB

.data Size: 8KB - Virtual size: 8KB

.dBt Size: 1024B - Virtual size: 15KB

.ApS Size: 1KB - Virtual size: 268KB

.rsrc Size: 228KB - Virtual size: 228KB

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

1c:2d:d6:1a:35:e6:5d:f6:29:97:01:ff:9b:e5:ca:44
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

5d:94:c4:1b:f1:a2:55:c2:20:c3:77:40:e6:b9:be:b8:7a:de:bd:f9
Signer

07/05/2010, 16:02
Valid: false

.text
Size: 11KB - Virtual size: 11KB

.LyfAJF
Size: 512B - Virtual size: 4KB

.s
Size: 2KB - Virtual size: 17KB

.RpJNH
Size: 1KB - Virtual size: 46KB

.OzQer
Size: 1KB - Virtual size: 2KB

.vL
Size: 3KB - Virtual size: 4KB

.x
Size: 1KB - Virtual size: 39KB

.PAyCx
Size: 2KB - Virtual size: 47KB

.data
Size: 8KB - Virtual size: 8KB

.dBt
Size: 1024B - Virtual size: 15KB

.ApS
Size: 1KB - Virtual size: 268KB

.rsrc
Size: 228KB - Virtual size: 228KB