b8de4936e83b09c514eda3f52a9c737397d15238588c95f614a61f5b2a99cd1f

Sharing

Copy URL Twitter E-mail

General

Target

b8de4936e83b09c514eda3f52a9c737397d15238588c95f614a61f5b2a99cd1f
Size

189KB
MD5

65dccbd0361399de1fd8a542e9ca84ad
SHA1

bbebec5547e85bfb7c13b7628036b1cfc0ebc6d7
SHA256

b8de4936e83b09c514eda3f52a9c737397d15238588c95f614a61f5b2a99cd1f
SHA512

bb9b715966223edbf019fb54a02e91d816eb1905c1b1159f56e46b4a07372937d8d11217f9b54e0bd542dec4ba370f10a9e9ae71aa3f58acfb9c2ce1d0da4a9a
SSDEEP

3072:J+SRZjsTGEAR4SBoK1h7kHLrUeCuSCqxUi53tzLFahQsVgGxw4E202ywk8fwpbEe:JZfcY4SQHLq7LUix/aW+dHzCf8IpbEH+

Score

N/A

Malware Config

Signatures

Files

b8de4936e83b09c514eda3f52a9c737397d15238588c95f614a61f5b2a99cd1f
.exe windows x86

bc9525eef268b99d104aa7b5d917d2b7

Code Sign

61:08:77:5f:00:00:00:00:00:4a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/07/2010, 22:53

Not After

19/10/2011, 22:53

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:03:dc:f6:00:00:00:00:00:0c
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:12

Not After

25/07/2011, 19:22

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:159C-A3F7-2570,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:15:08:27:00:00:00:00:00:0c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

25/01/2006, 23:22

Not After

25/01/2017, 23:32

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

85:53:23:92:8d:8e:d5:6b:4b:89:7b:0b:9c:62:b8:02:93:9d:4e:81
Signer

Actual PE Digest

85:53:23:92:8d:8e:d5:6b:4b:89:7b:0b:9c:62:b8:02:93:9d:4e:81

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

15/09/2010, 11:34
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStringTypeA
GetVersion
EnumCalendarInfoW
OpenWaitableTimerA
IsBadStringPtrA
Sleep
GetMailslotInfo
GetVolumeInformationA
GlobalDeleteAtom
SetCurrentDirectoryW
lstrcpyW
OpenSemaphoreW
IsBadWritePtr
SetErrorMode
FileTimeToLocalFileTime
GetSystemDirectoryA
GetProcAddress
LocalAlloc
lstrcpyA
GlobalFindAtomA
GetCurrentThread
lstrcmpW
FindResourceW
lstrlen
GetUserDefaultLCID
GetTempFileNameA
GetUserDefaultLangID
GetStringTypeW
GetTempPathA
ExpandEnvironmentStringsA
SearchPathA
AddAtomW
OpenEventA
GetCurrentThreadId

user32

SetDlgItemTextW
EmptyClipboard
CreateMenu
LoadCursorW
GetMenuState
UpdateLayeredWindow
GetCursorPos
CreateAcceleratorTableW
AppendMenuA
GetDlgItemTextA
EnumWindowStationsA
MessageBeep
RegisterClassA
GetClassInfoA
GetCapture
WinHelpA
LoadIconA
CreateDialogIndirectParamW
ShowWindow
DestroyCursor
GetClassInfoExA
ActivateKeyboardLayout
LoadImageA
AdjustWindowRect
GetClassInfoExW
SetCursor
GetMessageW
DefWindowProcA
UnregisterClassW
GetDlgItemTextW
LoadMenuIndirectA
GetMenuStringA
GetKeyState
MonitorFromPoint
UnregisterClassA
GetMenuItemCount
DialogBoxIndirectParamW
keybd_event
LoadBitmapA
GetIconInfo
wsprintfW
InvalidateRect
GetSysColorBrush
FindWindowW
DialogBoxParamW
RegisterClassW
SetWindowTextW
RemoveMenu
GetCapture
WinHelpW
GetForegroundWindow
SetActiveWindow
GetDlgItemInt
LoadIconW
RegisterClassExW
PostQuitMessage
MessageBoxA
GetClassInfoW
CreateWindowExW

gdi32

CreateFontW
DeleteObject

advapi32

RegRestoreKeyA
RegQueryMultipleValuesW
RegOpenKeyExW
RegDeleteKeyW
RegCreateKeyExA
RegFlushKey
RegQueryInfoKeyW
RegQueryValueA
RegReplaceKeyW

shell32

StrCmpNIA
SHGetDiskFreeSpaceExW
SHGetDataFromIDListW
SHGetDesktopFolder
SHBrowseForFolder

comctl32

InitCommonControls

comdlg32

PrintDlgExA
ReplaceTextA
ChooseFontA
ReplaceTextW
FindTextA
PageSetupDlgA

urlmon

RegisterMediaTypeClass
RegisterBindStatusCallback
FindMediaTypeClass
GetSoftwareUpdateInfo
CoInternetGetSecurityUrl
IsJITInProgress
CoInternetGetProtocolFlags
Extract
HlinkSimpleNavigateToString
URLOpenStreamW
URLOpenBlockingStreamA

sqlunirl

_LoadImage_@24
_GetModuleHandle_@4
_LogonUser_@24
_SendMessage@16
_WaitNamedPipe_@8
_strerror_@4
_GetProfileSection_@12
_DispatchMessage_@4

wsock32

WSAUnhookBlockingHook
AcceptEx
WSASetLastError
ntohl
EnumProtocolsW
GetTypeByNameA
GetAddressByNameW
GetNameByTypeA
__WSAFDIsSet
GetTypeByNameW
gethostbyname
SetServiceW

msvcirt

??_8istream@@7B@
?width@ios@@QAEHH@Z
?unlock@streambuf@@QAEXXZ
??_7stdiostream@@6B@
??4filebuf@@QAEAAV0@ABV0@@Z
??0istrstream@@QAE@ABV0@@Z
??5istream@@QAEAAV0@AAN@Z
??0ostream_withassign@@QAE@ABV0@@Z

Sections

.DvXYgk
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ewK
Size: 131KB - Virtual size: 212KB

IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Ix
Size: 3KB - Virtual size: 48KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bc9525eef268b99d104aa7b5d917d2b7

Code Sign

61:08:77:5f:00:00:00:00:00:4aCertificate

Extended Key Usages

Key Usages

61:03:dc:f6:00:00:00:00:00:0cCertificate

Extended Key Usages

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

61:15:08:27:00:00:00:00:00:0cCertificate

Extended Key Usages

Key Usages

85:53:23:92:8d:8e:d5:6b:4b:89:7b:0b:9c:62:b8:02:93:9d:4e:81Signer

Signature Validations

Verification

15/09/2010, 11:34 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

comctl32

comdlg32

urlmon

sqlunirl

wsock32

msvcirt

Sections

.DvXYgk Size: 18KB - Virtual size: 17KB

.ewK Size: 131KB - Virtual size: 212KB

.data Size: 4KB - Virtual size: 6KB

.Ix Size: 3KB - Virtual size: 48KB

.rdata Size: 5KB - Virtual size: 4KB

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 3KB - Virtual size: 52KB

61:08:77:5f:00:00:00:00:00:4a
Certificate

61:03:dc:f6:00:00:00:00:00:0c
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

61:15:08:27:00:00:00:00:00:0c
Certificate

85:53:23:92:8d:8e:d5:6b:4b:89:7b:0b:9c:62:b8:02:93:9d:4e:81
Signer

15/09/2010, 11:34
Valid: false

.DvXYgk
Size: 18KB - Virtual size: 17KB

.ewK
Size: 131KB - Virtual size: 212KB

.data
Size: 4KB - Virtual size: 6KB

.Ix
Size: 3KB - Virtual size: 48KB

.rdata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 3KB - Virtual size: 52KB