8e586f4a0dabcecc28a2bf76bf6c8ceab86fb6f8e81003fc596f779cd780810b

Sharing

Copy URL Twitter E-mail

General

Target

8e586f4a0dabcecc28a2bf76bf6c8ceab86fb6f8e81003fc596f779cd780810b
Size

212KB
MD5

e4508cf606d0410f0fcc531ff80d66fe
SHA1

5f4307a414dd26a43d5bcc09cb32560d2be7dec2
SHA256

8e586f4a0dabcecc28a2bf76bf6c8ceab86fb6f8e81003fc596f779cd780810b
SHA512

dc1fc0062406bab823d46a97c71d224a21bf43e515f36e98805cba1f03426b42a9afbbe3db2bf4e37762870e2acdb00b14f9c562853c67f6c7dd8ab347b31635
SSDEEP

6144:8nOxx84VGTWLtnLllXR/5maLDFe0Kh/7eo9:CC8yjhhLhev9

Score

N/A

Malware Config

Signatures

Files

8e586f4a0dabcecc28a2bf76bf6c8ceab86fb6f8e81003fc596f779cd780810b
.exe windows x86

ee78cf38422cb56aec3f77a443d1498b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4f:53:8f:24:25:65:7e:95:05:19:3a:68:06:5f:ed:f6
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

21/09/2006, 00:00

Not After

18/12/2009, 23:59

Subject

CN=Agnitum Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Agnitum Ltd.,L=Nicosia,ST=Nicosia,C=CY

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ba:dd:74:13:4c:e4:75:ff:2d:4a:dc:c1:3b:f1:51:70:ba:88:6f:50
Signer

Actual PE Digest

ba:dd:74:13:4c:e4:75:ff:2d:4a:dc:c1:3b:f1:51:70:ba:88:6f:50

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Agnitum Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Agnitum Ltd.,L=Nicosia,ST=Nicosia,C=CY

14/04/2009, 15:29
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

fontsub

CreateFontPackage
MergeFontPackage

comsvcs

MTSCreateActivity
ComSvcsExceptionFilter

tapi32

lineGetDevConfig
linePark
internalNewLocationW
lineSetAgentGroup
phoneSetButtonInfo
lineGetDevConfigA
lineAddProviderW
lineMonitorDigits
phoneConfigDialogW
linePrepareAddToConferenceA
MMCAddProvider
lineConfigProvider
tapiGetLocationInfoA
linePickup
MMCSetLineInfo
MMCGetPhoneStatus
lineDialA
lineSetCurrentLocation
phoneGetDisplay
lineMonitorTones
TUISPIDLLCallback
lineRemoveProvider
lineConfigDialog
lineGetAgentCapsW
lineUnhold
lineHandoffA
phoneClose
LOpenDialAsst
lineSetupConferenceW
lineGetAppPriority
lineMakeCallW

corpol

CORPolicyProvider

opengl32

glFlush
glRectsv
glTexEnvi
glBlendFunc
glMap1f
glRasterPos2d
glEvalCoord1d
glGetLightfv
glCullFace
glLoadMatrixd
glCopyPixels
glScaled
wglShareLists
glEvalCoord2fv
glTexParameteriv
glEvalMesh1
glColor3sv
glDeleteTextures
glNormal3i
glNormalPointer
glRasterPos3d
wglUseFontOutlinesW
glRasterPos3iv
glLightf
glVertex2sv
wglGetLayerPaletteEntries
glColor4sv
wglUseFontOutlinesA
glEvalCoord1dv
glGetClipPlane
glRasterPos3dv
glIsEnabled
glClipPlane
glTexParameterf
glTexGeni
glPolygonOffset
glPushAttrib
glTexCoord1dv
glReadPixels
wglMakeCurrent
glColor4usv
glTexCoord4i
glPassThrough
glPixelStoref
glTexGenf
glTexEnviv

kernel32

GlobalGetAtomNameW
FoldStringA
WriteProfileStringA
TlsSetValue
RtlZeroMemory
GetSystemInfo
GetGeoInfoW
SetDefaultCommConfigW
QueryDepthSList
SetConsoleNumberOfCommandsW
GetConsoleFontSize
LZSeek
EnumDateFormatsA
FindFirstFileW
GlobalUnlock
_lclose
GetAtomNameA
GetTimeFormatA
FatalAppExitA
GlobalAddAtomA
LocalReAlloc
GetProcAddress
VerifyConsoleIoHandle
LoadModule
SetProcessShutdownParameters
CommConfigDialogW
GetConsoleAliasW
SetConsoleScreenBufferSize
BaseFlushAppcompatCache
ReadConsoleInputExA
CreatePipe
CreateProcessInternalA
ReadFileEx
GlobalAlloc
GetCurrentConsoleFont
GetTapeParameters
OpenFileMappingA
CreateMailslotW
CloseHandle
WriteConsoleOutputCharacterA
MultiByteToWideChar
EnumSystemLanguageGroupsA
GetUserGeoID
VirtualFreeEx
CreateHardLinkW
GetExitCodeThread
GetConsoleOutputCP
OpenProcess
GetStartupInfoA
EnumCalendarInfoExW
GetNamedPipeInfo
SetFileShortNameW
GetProfileStringW
GetUserDefaultUILanguage
IsBadStringPtrA
SetConsoleCursor
Thread32Next
OpenThread
CreateJobObjectW
RtlCaptureContext
SetFileApisToOEM
SetConsoleWindowInfo
GetEnvironmentStrings

user32

CharLowerBuffW
LoadStringW
DefFrameProcW
TrackPopupMenuEx
CloseWindow
RealGetWindowClassA
GetClipboardSequenceNumber
HiliteMenuItem
EnterReaderModeHelper
CharUpperW
CharUpperA
DrawCaptionTempW
GetDesktopWindow
UnhookWindowsHookEx
DdePostAdvise
ScrollChildren
EnumChildWindows
ChildWindowFromPoint
SetDeskWallpaper
CreateWindowStationW
CharToOemBuffW
CallMsgFilter
UserRealizePalette
WaitForInputIdle
AttachThreadInput
RemoveMenu
ReplyMessage
RealChildWindowFromPoint
MB_GetString
UnionRect
SetWindowTextA
GetProcessDefaultLayout
DdeReconnect
IMPSetIMEW
GetOpenClipboardWindow
GetMenuStringW
PackDDElParam
SetSystemMenu
GetRegisteredRawInputDevices
DrawAnimatedRects
DlgDirSelectExW
GetClipboardOwner
ReuseDDElParam
GetCursorInfo
TrackMouseEvent
CreateDialogParamW
DdeClientTransaction
DeleteMenu
CallWindowProcA
CreateMDIWindowW
MapVirtualKeyW
EnumDisplaySettingsExW
GetClassLongA
DisableProcessWindowsGhosting
ScrollWindowEx
FindWindowA
LoadMenuA
SendDlgItemMessageW
FindWindowExW
SendIMEMessageExW
CreateDialogParamA
SetShellWindowEx
ShowScrollBar
GetLastInputInfo
CharUpperBuffA
SetProgmanWindow
GetKeyboardLayoutNameA
SetShellWindow
AdjustWindowRectEx
IsDialogMessageA
GetWindow

gdi32

StartPage
CreateICW
GetDCOrgEx
GetNearestPaletteIndex
SetICMMode
NamedEscape

advapi32

LookupPrivilegeDisplayNameA
SystemFunction032
SystemFunction036
RegSaveKeyExW
RegisterTraceGuidsA
MakeAbsoluteSD2
LsaSetTrustedDomainInfoByName

Sections

.NJnLTZ
Size: 1024B - Virtual size: 528B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xWU
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.APisEu
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.DiuA
Size: 142KB - Virtual size: 270KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.GYSQu
Size: 11KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dhpWpJ
Size: 3KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.s
Size: 3KB - Virtual size: 46KB

IMAGE_SCN_MEM_READ

.akfe
Size: 3KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Jsicnw
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ee78cf38422cb56aec3f77a443d1498b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

4f:53:8f:24:25:65:7e:95:05:19:3a:68:06:5f:ed:f6Certificate

Extended Key Usages

Key Usages

ba:dd:74:13:4c:e4:75:ff:2d:4a:dc:c1:3b:f1:51:70:ba:88:6f:50Signer

Signature Validations

Verification

14/04/2009, 15:29 Valid: false

Headers

File Characteristics

Imports

fontsub

comsvcs

tapi32

corpol

opengl32

kernel32

user32

gdi32

advapi32

Sections

.NJnLTZ Size: 1024B - Virtual size: 528B

.xWU Size: 2KB - Virtual size: 1KB

.APisEu Size: 20KB - Virtual size: 20KB

.DiuA Size: 142KB - Virtual size: 270KB

.GYSQu Size: 11KB - Virtual size: 44KB

.dhpWpJ Size: 3KB - Virtual size: 39KB

.s Size: 3KB - Virtual size: 46KB

.akfe Size: 3KB - Virtual size: 37KB

.Jsicnw Size: 6KB - Virtual size: 6KB

.rsrc Size: 9KB - Virtual size: 8KB

.reloc Size: 3KB - Virtual size: 4KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

4f:53:8f:24:25:65:7e:95:05:19:3a:68:06:5f:ed:f6
Certificate

ba:dd:74:13:4c:e4:75:ff:2d:4a:dc:c1:3b:f1:51:70:ba:88:6f:50
Signer

14/04/2009, 15:29
Valid: false

.NJnLTZ
Size: 1024B - Virtual size: 528B

.xWU
Size: 2KB - Virtual size: 1KB

.APisEu
Size: 20KB - Virtual size: 20KB

.DiuA
Size: 142KB - Virtual size: 270KB

.GYSQu
Size: 11KB - Virtual size: 44KB

.dhpWpJ
Size: 3KB - Virtual size: 39KB

.s
Size: 3KB - Virtual size: 46KB

.akfe
Size: 3KB - Virtual size: 37KB

.Jsicnw
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 9KB - Virtual size: 8KB

.reloc
Size: 3KB - Virtual size: 4KB