83af5dab76383bdefcaae0461769e475348a729b8d44c94cf05479faa696f26c

Sharing

Copy URL Twitter E-mail

General

Target

83af5dab76383bdefcaae0461769e475348a729b8d44c94cf05479faa696f26c
Size

204KB
MD5

a2bbb5917750a67fde70a13940421ab2
SHA1

1b7faedd4651a897fd0254fb988f156582876f34
SHA256

83af5dab76383bdefcaae0461769e475348a729b8d44c94cf05479faa696f26c
SHA512

a8e0dac3a8af2498bc78778ca15f3b5deac74a5db99e606c8e655edfd855cde81369b7c7898828552c204406fc3b80c7c9037a902db1306eebf3fe96588f2ba3
SSDEEP

3072:K5KNIEz67YVPneURf6RQFkgf8cqYjCXnOVHyzuLs8DJSzfU8tFt6:K5LsoURkWjC3OVWYs8ufxFt6

Score

N/A

Malware Config

Signatures

Files

83af5dab76383bdefcaae0461769e475348a729b8d44c94cf05479faa696f26c
.exe windows x86

043132cc5076527b31677cb0745dee65

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:eb:fb:cf:c7:97:0c:88:7c:b0:51:0a:a4:23:a6:04
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

17/02/2010, 00:00

Not After

05/03/2012, 23:59

Subject

CN=AVG Technologies,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=AVG Technologies,L=Brno,ST=Jihomoravsky kraj,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

55:3f:8e:f3:f1:f1:ce:ab:9e:3d:ce:8a:97:cd:b4:94:50:49:d0:4b
Signer

Actual PE Digest

55:3f:8e:f3:f1:f1:ce:ab:9e:3d:ce:8a:97:cd:b4:94:50:49:d0:4b

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=AVG Technologies,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=AVG Technologies,L=Brno,ST=Jihomoravsky kraj,C=CZ

19/04/2010, 15:41
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

floor
_amsg_exit
_initterm
_XcptFilter
_onexit
_lock
__dllonexit
_unlock
memcpy
memset
iswspace
wcschr
ceil
__CxxFrameHandler
realloc
_purecall
malloc
free

kernel32

ReleaseSemaphore
GetLastError
VirtualAlloc
EnterCriticalSection
CreateSemaphoreW
LeaveCriticalSection
GetSystemInfo
VirtualProtect
GetCurrentThreadId
CloseHandle
HeapAlloc
HeapFree
CreateIoCompletionPort
CreateThread
WaitForMultipleObjects
PostQueuedCompletionStatus
GetQueuedCompletionStatus
SetEvent
QueueUserAPC
ExitThread
ResetEvent
FreeLibrary
LoadLibraryW
GetProcAddress
GetCurrentDirectoryW
GetProcessHeap
GetVersion
RtlUnwind
InterlockedExchange
Sleep
InterlockedCompareExchange
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetVersionExW
GetCurrentProcessId
GetSystemTimeAsFileTime
IsBadCodePtr
IsBadReadPtr
GetCurrentThread
GetModuleHandleW
GetCurrentProcess
VirtualQuery
DeleteCriticalSection
DisableThreadLibraryCalls
IsBadWritePtr
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
CreateEventW
WaitForSingleObject
GetTickCount
VirtualAllocEx

ole32

CreateFileMoniker
CreateBindCtx
CLSIDFromString
CoCreateInstance
CLSIDFromProgID
CoUninitialize
CoInitialize
CoCreateFreeThreadedMarshaler
CoTaskMemAlloc
CoTaskMemFree

user32

SetRect
GetDC
ReleaseDC
IsCharAlphaW
GetDesktopWindow
IntersectRect

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

gdi32

DeleteObject
CreateBrushIndirect
DeleteDC
SetMapMode
GetPaletteEntries
GetKerningPairsW
GetGlyphOutlineW
GetTextMetricsW
CreateCompatibleDC
GetObjectW
CreateFontIndirectW
FillPath
StrokePath
StrokeAndFillPath
SetPolyFillMode
BitBlt
SelectObject
ExtCreatePen
EndPath
PolyBezierTo
LineTo
MoveToEx
BeginPath

shlwapi

StrCmpIW
StrCmpNIW
PathFileExistsA
StrCatW
PathMakePrettyA
SHOpenRegStreamA
PathParseIconLocationA
StrIsIntlEqualW
PathIsSameRootA
UrlCompareA
SHRegDeleteUSValueA
PathIsUNCServerShareA
PathFileExistsW
PathIsLFNFileSpecW
AssocQueryKeyA
SHRegWriteUSValueW
SHDeleteValueA
SHStrDupA
SHDeleteOrphanKeyA
PathUndecorateA
PathIsNetworkPathW
StrCSpnW
SHRegEnumUSKeyA
PathUnquoteSpacesW
PathStripToRootA

cmutil

CmBuildFullPathFromRelativeW
CmAtolW
CmBuildFullPathFromRelativeA
CmLoadImageW
CmRealloc
CmLoadIconW

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 154KB - Virtual size: 331KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 21KB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

043132cc5076527b31677cb0745dee65

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

20:eb:fb:cf:c7:97:0c:88:7c:b0:51:0a:a4:23:a6:04Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

55:3f:8e:f3:f1:f1:ce:ab:9e:3d:ce:8a:97:cd:b4:94:50:49:d0:4bSigner

Signature Validations

Verification

19/04/2010, 15:41 Valid: false

Headers

File Characteristics

Imports

msvcrt

kernel32

ole32

user32

advapi32

gdi32

shlwapi

cmutil

Sections

.text Size: 14KB - Virtual size: 13KB

.data Size: 154KB - Virtual size: 331KB

.bss Size: 21KB - Virtual size: 2.1MB

.rdata Size: 4KB - Virtual size: 3KB

.rsrc Size: 2KB - Virtual size: 1KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

20:eb:fb:cf:c7:97:0c:88:7c:b0:51:0a:a4:23:a6:04
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

55:3f:8e:f3:f1:f1:ce:ab:9e:3d:ce:8a:97:cd:b4:94:50:49:d0:4b
Signer

19/04/2010, 15:41
Valid: false

.text
Size: 14KB - Virtual size: 13KB

.data
Size: 154KB - Virtual size: 331KB

.bss
Size: 21KB - Virtual size: 2.1MB

.rdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 2KB - Virtual size: 1KB