1eb39af3d9ce964afb34897e4cb0331885e8d5be214eda2a7df291aaeb0a1d7a

Sharing

Copy URL Twitter E-mail

General

Target

1eb39af3d9ce964afb34897e4cb0331885e8d5be214eda2a7df291aaeb0a1d7a
Size

648KB
MD5

43ca5731cea85a6cef323a10ccdc1ab1
SHA1

a69018283f01a819d3c9ed64f58f59ccf7ec921d
SHA256

1eb39af3d9ce964afb34897e4cb0331885e8d5be214eda2a7df291aaeb0a1d7a
SHA512

1dd515feed0227ddb137ec819134cc5e8cd01ffcc562c8af3b8eacb39145c5847b366411b1bc954a3dc63c0711c40342f69c6febae08203b8965d7a9c5683a96
SSDEEP

12288:MRWsCfCzkRlK6kLBUiBbP1Ywy6RYMK7j/W:0WQYR4z+ipPewy66X7j/W

Score

N/A

Malware Config

Signatures

Files

1eb39af3d9ce964afb34897e4cb0331885e8d5be214eda2a7df291aaeb0a1d7a
.exe windows x86

c1339e760be2fb0e19cc76fe0f4a171e

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5e:f1:dc:1e:fb:1e:46:b5:de:80:ed:e1:76:2a:55:a7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

07/07/2010, 00:00

Not After

06/07/2013, 23:59

Subject

CN=Oracle America\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Software Engineering,O=Oracle America\, Inc.,L=Redwood Shores,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5e:55:dc:b7:32:9e:0c:8b:85:a4:f3:1f:6d:50:b6:a6:28:e8:61:9a
Signer

Actual PE Digest

5e:55:dc:b7:32:9e:0c:8b:85:a4:f3:1f:6d:50:b6:a6:28:e8:61:9a

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Oracle America\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Software Engineering,O=Oracle America\, Inc.,L=Redwood Shores,ST=California,C=US

03/07/2012, 16:04
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegOpenKeyExA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegSetValueExA
RegQueryInfoKeyW
RegEnumKeyExA
RegQueryValueExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextA
RegEnumKeyA
RegQueryInfoKeyA

crypt32

CertGetNameStringW
CertFindCertificateInStore
CryptMsgGetParam
CryptQueryObject
CryptMsgClose
CertCloseStore

version

VerQueryValueA
GetFileVersionInfoA

user32

ScreenToClient
GetDC
ReleaseDC
InvalidateRect
InvalidateRgn
RedrawWindow
SetCapture
MapDialogRect
SetWindowContextHelpId
GetDlgCtrlID
LoadBitmapA
EndDialog
GetWindowRect
PtInRect
SetCursor
EnableWindow
RegisterClassA
ShowWindow
PostQuitMessage
CreatePopupMenu
AppendMenuA
GetCursorPos
SetForegroundWindow
TrackPopupMenu
PostMessageA
GetSystemMetrics
ClientToScreen
DialogBoxIndirectParamA
RegisterWindowMessageA
GetWindowTextLengthA
IsChild
wsprintfA
PeekMessageA
DispatchMessageA
DispatchMessageW
TranslateMessage
GetMessageA
GetMessageW
IsWindowUnicode
MsgWaitForMultipleObjectsEx
SetWindowLongA
GetWindowLongA
GetDesktopWindow
MessageBoxA
LoadStringA
DefWindowProcA
GetSysColor
GetParent
GetDlgItem
GetClassNameA
ReleaseCapture
FillRect
DestroyWindow
CharNextA
CallWindowProcA
GetClientRect
SetWindowPos
LoadImageA
UnregisterClassA
GetWindowTextA
SetWindowTextA
CreateAcceleratorTableA
CreateWindowExA
RegisterClassExA
LoadCursorA
GetClassInfoExA
IsWindow
SendMessageA
GetFocus
GetWindow
SetFocus
DestroyAcceleratorTable
BeginPaint
EndPaint
MoveWindow

gdi32

StretchBlt
SetTextColor
SaveDC
SetGraphicsMode
ModifyWorldTransform
SetViewportOrgEx
SetWindowOrgEx
DPtoLP
CreateFontIndirectA
RestoreDC
GetStockObject
GetObjectA
CreateSolidBrush
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteObject
DeleteDC
SetBkMode

comctl32

ord17

wintrust

WinVerifyTrust

wininet

InternetOpenA
InternetCrackUrlA
InternetConnectA
InternetGetConnectedState
InternetQueryDataAvailable
InternetCloseHandle
InternetReadFile
InternetTimeToSystemTime
HttpQueryInfoA
InternetErrorDlg
HttpSendRequestA
HttpAddRequestHeadersA
InternetTimeFromSystemTime
HttpOpenRequestA

urlmon

URLDownloadToFileA

shell32

Shell_NotifyIconA
SHGetFolderPathA
ShellExecuteA

kernel32

GetOEMCP
GetACP
GetCPInfo
GetLocaleInfoW
HeapSize
HeapReAlloc
GetModuleFileNameW
GetStdHandle
HeapCreate
TlsFree
TlsSetValue
CompareStringW
TlsAlloc
GetTimeZoneInformation
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
HeapSetInformation
ExitProcess
EncodePointer
SetEnvironmentVariableA
VirtualQuery
IsValidCodePage
VirtualProtect
RtlUnwind
GetSystemTimeAsFileTime
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedPushEntrySList
InterlockedCompareExchange
GetCurrentProcessId
GetTickCount
SystemTimeToTzSpecificLocalTime
LocalFree
GetSystemInfo
GetVersionExA
GetThreadLocale
FindResourceW
GetSystemTime
OpenEventA
CreatePipe
SetHandleInformation
ReadFile
LoadLibraryExA
SetHandleCount
GetFileType
GetConsoleCP
GetConsoleMode
FlushFileBuffers
InterlockedExchange
LoadLibraryW
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
LCMapStringW
WriteConsoleW
SetStdHandle
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetModuleHandleW
CreateFileW
DecodePointer
TlsGetValue
SizeofResource
FreeLibrary
IsDBCSLeadByte
GetCommandLineA
CreateMutexA
InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
GetProcAddress
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
lstrcpynA
CreateEventA
CreateThread
ResetEvent
WaitForMultipleObjects
SetEvent
LoadResource
LockResource
GlobalHandle
GlobalFree
SetLastError
GlobalLock
CloseHandle
WriteFile
lstrlenA
SetFilePointer
CreateFileA
GetTempPathA
lstrcatA
GetEnvironmentVariableA
LoadLibraryA
GetLastError
GetSystemDirectoryA
SetDllDirectoryA
MultiByteToWideChar
WideCharToMultiByte
lstrcpyA
lstrlenW
WaitForSingleObject
RaiseException
EnterCriticalSection
LeaveCriticalSection
FlushInstructionCache
GetCurrentProcess
GlobalAlloc
FindResourceA
lstrcmpA
SetEndOfFile
CompareFileTime
SystemTimeToFileTime
Sleep
FileTimeToSystemTime
GetFileTime
GetFileSize
GetExitCodeProcess
CreateProcessA
FormatMessageA
lstrcmpiA
DeleteFileA
GetCurrentThreadId
MulDiv
GetModuleFileNameA
GlobalUnlock
InitializeCriticalSection

ole32

StringFromCLSID
CoInitialize
CoUninitialize
CoTaskMemRealloc
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CLSIDFromProgID
CoGetClassObject
CoTaskMemAlloc
OleLockRunning
StringFromGUID2
CoInitializeSecurity
CoCreateInstance
CoTaskMemFree
CLSIDFromString

oleaut32

VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
VariantClear
VariantInit
SysAllocString
SysAllocStringLen
SysStringLen
SysFreeString

Sections

.text
Size: 203KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 213KB - Virtual size: 213KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c1339e760be2fb0e19cc76fe0f4a171e

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

5e:f1:dc:1e:fb:1e:46:b5:de:80:ed:e1:76:2a:55:a7Certificate

Extended Key Usages

Key Usages

5e:55:dc:b7:32:9e:0c:8b:85:a4:f3:1f:6d:50:b6:a6:28:e8:61:9aSigner

Signature Validations

Verification

03/07/2012, 16:04 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

crypt32

version

user32

gdi32

comctl32

wintrust

wininet

urlmon

shell32

kernel32

ole32

oleaut32

Sections

.text Size: 203KB - Virtual size: 202KB

.rdata Size: 61KB - Virtual size: 60KB

.data Size: 11KB - Virtual size: 20KB

.rsrc Size: 213KB - Virtual size: 213KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

5e:f1:dc:1e:fb:1e:46:b5:de:80:ed:e1:76:2a:55:a7
Certificate

5e:55:dc:b7:32:9e:0c:8b:85:a4:f3:1f:6d:50:b6:a6:28:e8:61:9a
Signer

03/07/2012, 16:04
Valid: false

.text
Size: 203KB - Virtual size: 202KB

.rdata
Size: 61KB - Virtual size: 60KB

.data
Size: 11KB - Virtual size: 20KB

.rsrc
Size: 213KB - Virtual size: 213KB