eacdc7b6212e69537b5f0dc926191d04c39ff2a35f0c84c8c48990b1b00a2696

Sharing

Copy URL Twitter E-mail

General

Target

eacdc7b6212e69537b5f0dc926191d04c39ff2a35f0c84c8c48990b1b00a2696
Size

1.9MB
MD5

196f4912057060b158830931870f7c6d
SHA1

ef67fffdd15df0a38425a21a9f230870b72c97fa
SHA256

eacdc7b6212e69537b5f0dc926191d04c39ff2a35f0c84c8c48990b1b00a2696
SHA512

480adb1495bbc9dcf5adedac5448cfe085c32bea23ef7bb903e6d1f996075eb164d051458009b223f26fe7a3589777c180fe220e0869bbf1765586442e273eae
SSDEEP

24576:mRqXimXYxEF0ymRR+JuFjZf3t3J3aWWBnCp:cMXYaFpJuF9f1J3aWWUp

Score

N/A

Malware Config

Signatures

Files

eacdc7b6212e69537b5f0dc926191d04c39ff2a35f0c84c8c48990b1b00a2696
.exe windows x86

c0b5f97077004428e28851ca65e4c43d

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5e:34:b3:4f:2b:3a:bc:e5:97:8b:5a:1e:d5:b4:6e:52
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

18/06/2010, 00:00

Not After

17/06/2013, 23:59

Subject

CN=TuneUp Software,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=TuneUp Software,L=Darmstadt,ST=Hessen,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

aa:4f:9e:81:65:9d:c3:fc:4d:0a:62:85:54:15:dc:96:f6:26:40:3a
Signer

Actual PE Digest

aa:4f:9e:81:65:9d:c3:fc:4d:0a:62:85:54:15:dc:96:f6:26:40:3a

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=TuneUp Software,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=TuneUp Software,L=Darmstadt,ST=Hessen,C=DE

17/09/2012, 09:56
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcessId
CreateThread
WaitForMultipleObjects
InterlockedIncrement
InterlockedDecrement
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
LocalAlloc
LocalFree
ProcessIdToSessionId
CreateMutexW
ReleaseMutex
SetLastError
OutputDebugStringW
CreateProcessW
OpenMutexW
GetFileAttributesW
CreateDirectoryW
GlobalAddAtomW
GlobalGetAtomNameW
GlobalDeleteAtom
GetUserDefaultUILanguage
FindFirstFileW
FindClose
FindNextFileW
CreateFileW
CreateFileMappingW
GetFileSizeEx
MapViewOfFile
UnmapViewOfFile
WideCharToMultiByte
lstrlenA
GetNativeSystemInfo
FindCloseChangeNotification
FindNextChangeNotification
SetEnvironmentVariableA
CompareStringA
CreateFileA
ReadFile
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
VirtualFree
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetDateFormatA
GetTimeFormatA
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapCreate
HeapReAlloc
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
HeapSize
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
RtlUnwind
GetStartupInfoW
ExitThread
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
VirtualAlloc
lstrcmpW
SetThreadPriority
GetCurrentThread
WaitForSingleObject
CreateEventW
DeleteCriticalSection
SetCriticalSectionSpinCount
InitializeCriticalSection
SystemTimeToFileTime
OpenProcess
Sleep
FreeLibrary
LoadLibraryW
GetTickCount
CloseHandle
GetModuleHandleA
ResetEvent
SetEvent
OpenEventW
WTSGetActiveConsoleSessionId
GetModuleFileNameW
GetLastError
GetVersionExW
GetWindowsDirectoryW
lstrcpyW
lstrcatW
lstrcpynW
ExpandEnvironmentStringsW
CompareStringW
lstrcmpiW
GetProcAddress
GetModuleHandleW
RaiseException
lstrlenW
MulDiv
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess

user32

EqualRect
PostThreadMessageW
EnumWindows
GetWindowThreadProcessId
DispatchMessageW
UnregisterClassA
SetWindowLongW
GetWindowLongW
DefWindowProcW
TranslateMessage
UnregisterClassW
GetDlgItem
GetClientRect
GetWindow
RegisterClassExW
OpenInputDesktop
EnumDesktopWindows
CloseDesktop
GetForegroundWindow
IsIconic
GetPropW
GetLastInputInfo
LoadStringW
LoadMenuW
GetSubMenu
GetMessageW
PeekMessageW
CreateDialogParamW
DestroyMenu
RegisterWindowMessageW
MapWindowPoints
EnableMenuItem
PostQuitMessage
DialogBoxParamW
GetMenuDefaultItem
TrackPopupMenu
CallWindowProcW
GetDoubleClickTime
GetMonitorInfoW
MonitorFromRect
MonitorFromWindow
EnumDisplayMonitors
SetActiveWindow
SetForegroundWindow
AdjustWindowRectEx
GetMenu
DrawFocusRect
GetFocus
GetWindowTextW
DrawTextW
GetDC
ShowWindow
GetMenuItemInfoW
SetMenuItemInfoW
SetWindowPos
IsWindowEnabled
CharNextW
GetDlgCtrlID
SystemParametersInfoW
GetWindowTextLengthW
CreateWindowExW
LoadCursorW
GetClassNameW
GetCursorPos
ReleaseCapture
GetCapture
SetCapture
SetCursor
PtInRect
EndPaint
BeginPaint
DestroyWindow
IsWindow
GetSystemMetrics
GetDesktopWindow
GetWindowDC
TranslateAcceleratorW
LoadAcceleratorsW
DestroyAcceleratorTable
SetTimer
KillTimer
EndDialog
DestroyIcon
SetWindowTextW
SetRectEmpty
GetSysColor
LoadBitmapW
DrawIconEx
SetFocus
UpdateWindow
ReleaseDC
GetWindowRect
AdjustWindowRect
SetRect
IsDialogMessageW
PostMessageW
EnableWindow
IsWindowVisible
wsprintfW
ScreenToClient
ClientToScreen
GetParent
OffsetRect
CopyRect
SendMessageW
GetIconInfo
FillRect
LoadImageW
InvalidateRect
SetMenuDefaultItem

gdi32

GetRegionData
CombineRgn
CreateRectRgn
CreateFontIndirectW
SetViewportOrgEx
CreateFontW
ExtTextOutW
SetBkColor
SetTextColor
SetBkMode
GetBkMode
GetDeviceCaps
BitBlt
DeleteDC
DeleteObject
GetStockObject
GetObjectW
CreateCompatibleDC
CreateCompatibleBitmap
StretchBlt
SelectObject

advapi32

RegEnumValueW
RegSetValueExW
RegDeleteValueW
RegQueryInfoKeyW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegEnumKeyExW
SetSecurityDescriptorDacl
RegNotifyChangeKeyValue
InitializeSecurityDescriptor
RegDeleteKeyW

shell32

SHAppBarMessage
CommandLineToArgvW
Shell_NotifyIconW
SHGetFolderPathW
ShellExecuteW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoInitializeEx
CoCreateFreeThreadedMarshaler
CoUninitialize
CoCreateInstance
CoInitialize
CoTaskMemFree

oleaut32

VarUI4FromStr
VariantTimeToSystemTime
LoadTypeLi
LoadRegTypeLi
SysStringLen
SysFreeString
VariantClear
SysAllocString
VariantInit

shlwapi

PathIsRelativeW
PathFindExtensionW
PathRemoveArgsW
PathFindOnPathW
PathSearchAndQualifyW
PathFileExistsW
PathAddBackslashW
PathRemoveFileSpecW
PathGetArgsW

comctl32

_TrackMouseEvent
ImageList_GetIconSize
InitCommonControlsEx
ImageList_GetImageCount
ImageList_Merge
ImageList_GetIcon
ImageList_Create
ImageList_ReplaceIcon
ImageList_Destroy

psapi

GetModuleBaseNameW

Sections

.text
Size: 312KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c0b5f97077004428e28851ca65e4c43d

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

5e:34:b3:4f:2b:3a:bc:e5:97:8b:5a:1e:d5:b4:6e:52Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

aa:4f:9e:81:65:9d:c3:fc:4d:0a:62:85:54:15:dc:96:f6:26:40:3aSigner

Signature Validations

Verification

17/09/2012, 09:56 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

psapi

Sections

.text Size: 312KB - Virtual size: 312KB

.rdata Size: 58KB - Virtual size: 57KB

.data Size: 15KB - Virtual size: 28KB

.rsrc Size: 1.4MB - Virtual size: 1.4MB

.reloc Size: 25KB - Virtual size: 25KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

5e:34:b3:4f:2b:3a:bc:e5:97:8b:5a:1e:d5:b4:6e:52
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

aa:4f:9e:81:65:9d:c3:fc:4d:0a:62:85:54:15:dc:96:f6:26:40:3a
Signer

17/09/2012, 09:56
Valid: false

.text
Size: 312KB - Virtual size: 312KB

.rdata
Size: 58KB - Virtual size: 57KB

.data
Size: 15KB - Virtual size: 28KB

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

.reloc
Size: 25KB - Virtual size: 25KB