224164783f9b33d03e2e74d12803ec170f5292ceadcfff5d70c58715954a297a

Sharing

Copy URL

Twitter E-mail

General

Target

224164783f9b33d03e2e74d12803ec170f5292ceadcfff5d70c58715954a297a
Size

4.1MB
MD5

e997c3982f9a33e7f386bc54c3a169dd
SHA1

5c8abf203256484e17df9299d204dc80029bba4a
SHA256

224164783f9b33d03e2e74d12803ec170f5292ceadcfff5d70c58715954a297a
SHA512

00897bd279982b5b60a7a92183cd7a05975d10e89bc0746e4fc7b3699fb1c3673fdb361f654dc89d84651c64fdbc35553fe3ef1051e181f80b6d1581e827b57f
SSDEEP

98304:Lsv5CLP7iXz/q86dzrWfN16XbyJ+s8GssZtOYizJUI:0CPiTl6dK18yJz8GssTOY8JJ

Score

N/A

Malware Config

Signatures

Files

224164783f9b33d03e2e74d12803ec170f5292ceadcfff5d70c58715954a297a
.exe windows x86

4f59dfbeed976fec82c5fb7f7c37e1d4

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

75:8f:5e:e8:26:3b:66:94:71:9d:84:34:eb:99:86:08
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

31-10-2007 00:00

Not After

24-11-2010 23:59

Subject

CN=Symantec Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Symantec Research Labs,O=Symantec Corporation,L=Santa Monica,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

9c:4b:87:a0:4f:70:b5:51:33:b3:db:1f:7e:5b:4c:f2:c3:c5:4b:29
Signer

Actual PE Digest

9c:4b:87:a0:4f:70:b5:51:33:b3:db:1f:7e:5b:4c:f2:c3:c5:4b:29

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Symantec Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Symantec Research Labs,O=Symantec Corporation,L=Santa Monica,ST=California,C=US

22-03-2010 23:37
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegConnectRegistryA
RegSetValueExA

kernel32

WritePrivateProfileStringA
GetProcessVersion
GetCPInfo
GetOEMCP
SetErrorMode
FlushFileBuffers
SetEndOfFile
RtlUnwind
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetStartupInfoA
ExitProcess
RaiseException
ExitThread
GetACP
HeapSize
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetFileType
SetUnhandledExceptionFilter
SetStdHandle
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
CompareStringA
CompareStringW
CreateEventA
CloseHandle
WaitForSingleObject
ExpandEnvironmentStringsA
DeleteFileA
GetCurrentDirectoryA
GetEnvironmentVariableA
SetEnvironmentVariableA
GetCommandLineA
Sleep
RemoveDirectoryA
SetFileAttributesA
GetFileAttributesA
ResetEvent
lstrlenA
LocalFree
InterlockedExchange
GetProfileStringA
GetTempPathA
GetModuleFileNameA
ResumeThread
GetLastError
CreateDirectoryA
LoadLibraryA
FreeLibrary
GetProcAddress
HeapFree
LocalAlloc
HeapReAlloc
HeapAlloc
GetCurrentProcess
TerminateProcess
GetVersionExA
CreateMutexA
ReleaseMutex
GetCurrentThreadId
SizeofResource
LockResource
LoadResource
FindResourceA
CreateThread
FindClose
FindNextFileA
FindFirstFileA
GetExitCodeProcess
CreateProcessA
CreateFileA
GetStdHandle
GetTickCount
ReadFile
GetFileSize
GetFileTime
SetFileTime
WriteFile
SetFilePointer
EndUpdateResourceA
BeginUpdateResourceA
UpdateResourceA
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
GlobalAlloc
GlobalLock
SetThreadPriority
SuspendThread
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
MultiByteToWideChar
GlobalFree
GlobalUnlock
GetModuleHandleA
lstrcpyA
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
lstrcatA
GetVersion
SetLastError
MulDiv
lstrcpynA
InitializeCriticalSection
TlsAlloc
DeleteCriticalSection
GlobalHandle
TlsFree
LeaveCriticalSection
GlobalReAlloc
EnterCriticalSection
TlsSetValue
LocalReAlloc
TlsGetValue
GlobalFlags
SetEvent

user32

BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
LoadStringA
LoadCursorA
GetClassNameA
PtInRect
GetSysColorBrush
InvalidateRect
InflateRect
DestroyMenu
GetTopWindow
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
DefWindowProcA
CreateWindowExA
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
GetWindowDC
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
GetWindow
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
CopyRect
GetDC
ReleaseDC
EndDialog
IsWindow
CreateDialogIndirectParamA
DestroyWindow
SetFocus
ShowWindow
SetWindowPos
SetWindowLongA
GetDlgCtrlID
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
IsDialogMessageA
SendDlgItemMessageA
GetDlgItem
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
GetCursorPos
SetWindowsHookExA
GetParent
UnregisterClassA
HideCaret
ShowCaret
ExcludeUpdateRgn
DrawFocusRect
DefDlgProcA
CharNextA
IsWindowUnicode
GetLastActivePopup
IsWindowEnabled
ClientToScreen
MapWindowPoints
GetSysColor
AdjustWindowRectEx
ScreenToClient
RemovePropA
GetWindowLongA
SetCursor
PostQuitMessage
PostThreadMessageA
wsprintfA
PostMessageA
IsWindowVisible
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
SendMessageA
EnableWindow
LoadIconA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
MessageBoxA
UpdateWindow
SetActiveWindow

gdi32

BitBlt
GetTextExtentPointA
CreateCompatibleDC
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateSolidBrush
GetDeviceCaps
DeleteObject
IntersectClipRect
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetBkMode
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
GetObjectA
SetBkColor
SetTextColor
GetClipBox
PatBlt
CreateBitmap
CreateDIBitmap

comdlg32

GetSaveFileNameA
GetOpenFileNameA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

shell32

ShellExecuteExA
SHBrowseForFolderA
SHGetPathFromIDListA

comctl32

ord17

ole32

CoInitialize

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Exports

Exports

??0CApackArchive@@QAE@XZ
??0CApackDescriptor@@QAE@PAVCApackArchive@@@Z
??0CApackDescriptor@@QAE@XZ
??0CApackFindFile@@QAE@PAVCApackArchive@@@Z
??0CApackFindFile@@QAE@XZ
??0CFilePackager@@QAE@PAVCApackArchive@@@Z
??0CFilePackager@@QAE@XZ
??0CLongFileDescriptor@@QAE@PAVCApackArchive@@@Z
??0CLongFileDescriptor@@QAE@XZ
??1CApackArchive@@UAE@XZ
??1CApackDescriptor@@UAE@XZ
??1CFilePackager@@UAE@XZ
??1CLongFileDescriptor@@UAE@XZ
?AbortOperation@CFilePackager@@QAEXXZ
?AddFile@CFilePackager@@QAEHPBD0@Z
?Close@CApackArchive@@QAEHXZ
?Close@CApackDescriptor@@QAEHXZ
?Close@CArchiveMedia@@QAEHXZ
?Close@CLongFileDescriptor@@QAEHXZ
?Create@CApackDescriptor@@QAEHPAUDESCRIPTOR@@@Z
?Create@CLongFileDescriptor@@QAEHPBD@Z
?CreateArchive@CApackArchive@@QAEHPBDPAUARCHIVE_HEADER@@@Z
?CreateArchive@CApackArchive@@QAEHPBDPAUARCHIVE_HEADER@@I@Z
?CreateBasic@CArchiveMedia@@QAEHPBDPAUARCHIVE_HEADER@@@Z
?CreateBasic@CArchiveMedia@@QAEHPBDPAUARCHIVE_HEADER@@I@Z
?CreateInitialDescriptorBlock@CApackArchive@@IAEHXZ
?CreateNewDescriptor@CApackArchive@@QAEHAAKAAEAA_JPAUDESCRIPTOR@@@Z
?Delete@CApackDescriptor@@QAEHXZ
?Delete@CLongFileDescriptor@@QAEHXZ
?DeleteFileA@CFilePackager@@QAEHPBD@Z
?ExtractFileFromArchive@CFilePackager@@QAEHKEPBD@Z
?ExtractFileFromArchive@CFilePackager@@QAEHPAVCLongFileDescriptor@@PBD@Z
?ExtractFileFromArchive@CFilePackager@@QAEHPBD0@Z
?ExtractStubResource@CArchiveMedia@@IAEHPBD@Z
?ExtractStubResource@CArchiveMedia@@IAEHPBDI@Z
?FindFirstFileA@CApackFindFile@@QAEHPBD@Z
?FindNextFileA@CApackFindFile@@QAEHXZ
?FreeScratchBuffer@CLongFileDescriptor@@IAEXXZ
?GetCurrentFileStatus@CFilePackager@@QAEHAAK0PAD@Z
?GetDataPointer@CApackDescriptor@@QAEHAA_J@Z
?GetDescriptorOffset@CApackArchive@@QAEHKEAA_J@Z
?GetFileDataSize@CLongFileDescriptor@@QAEHAAK@Z
?GetFileInfo@CLongFileDescriptor@@QAEHPAULONG_FILE_DATA@@@Z
?GetFilePointer@CLongFileDescriptor@@QAEHAAK@Z
?GetTotalFileDataSize@CFilePackager@@QAEHAA_J@Z
?InitData@CApackDescriptor@@IAEXXZ
?InitData@CApackFindFile@@IAEHXZ
?InitData@CFilePackager@@IAEXXZ
?InitScratchBuffer@CLongFileDescriptor@@IAEHK@Z
?IsOpen@CApackArchive@@QAEHXZ
?IsOpen@CArchiveMedia@@QAEHXZ
?IsReadOnly@CApackArchive@@QAEHXZ
?IsReadOnly@CArchiveMedia@@QAEHXZ
?Open@CApackDescriptor@@QAEHKE@Z
?Open@CLongFileDescriptor@@QAEHKE@Z
?Open@CLongFileDescriptor@@QAEHPBD@Z
?OpenArchiveFile@CApackArchive@@QAEHPBDH@Z
?OpenArchiveFile@CArchiveMedia@@QAEHPBDH@Z
?RawRead@CApackArchive@@QAEH_JPADK@Z
?RawRead@CArchiveMedia@@QAEH_JPADK@Z
?RawWrite@CApackArchive@@QAEH_JPBDK@Z
?RawWrite@CArchiveMedia@@QAEH_JPBDK@Z
?Read@CApackDescriptor@@QAEHPAXK@Z
?Read@CDescriptorBlock@@QAEHXZ
?ReadArchiveHeader@CApackArchive@@QAEHPAUARCHIVE_HEADER@@@Z
?ReadArchiveHeader@CArchiveMedia@@QAEHPAUARCHIVE_HEADER@@@Z
?ReadCompressedBlock@CLongFileDescriptor@@QAEHPAXKAAK@Z
?ReserveNextDescriptor@CDescriptorBlock@@QAEHAAEAA_J@Z
?SendNotify@CFilePackager@@IAEXH@Z
?SetArchive@CApackDescriptor@@QAEHPAVCApackArchive@@@Z
?SetArchive@CApackFindFile@@QAEHPAVCApackArchive@@@Z
?SetArchive@CFilePackager@@QAEHPAVCApackArchive@@@Z
?SetAsyncNotify@CFilePackager@@QAEHPAUHWND__@@IH@Z
?SetAsyncNotify@CFilePackager@@QAEHPAXH@Z
?SetDataPointer@CApackDescriptor@@QAEH_J@Z
?SetExeVersionInformation@CApackArchive@@QAEHPAUEXE_VERSION_INFO@@@Z
?SetExeVersionInformation@CArchiveMedia@@QAEHPAUEXE_VERSION_INFO@@@Z
?SetFileInfo@CLongFileDescriptor@@QAEHPAULONG_FILE_DATA@@@Z
?SetFilePointer@CLongFileDescriptor@@QAEHK@Z
?SetNextBlock@CDescriptorBlock@@QAEH_J@Z
?StopNotification@CFilePackager@@QAEHXZ
?UpdateSubHeader@CApackArchive@@IAEHXZ
?Write@CApackDescriptor@@QAEHPBXK@Z
?Write@CDescriptorBlock@@QAEHXZ
?WriteArchiveHeader@CApackArchive@@QAEHPAUARCHIVE_HEADER@@@Z
?WriteArchiveHeader@CArchiveMedia@@QAEHPAUARCHIVE_HEADER@@@Z
?WriteCompressedBlock@CLongFileDescriptor@@QAEHPBXK@Z
?WriteFileToArchive@CFilePackager@@QAEHPBD0@Z
?WriteRDAHeader@CArchiveMedia@@AAEHPBD@Z

Sections

.text
Size: 192KB - Virtual size: 191KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 461KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4f59dfbeed976fec82c5fb7f7c37e1d4

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

75:8f:5e:e8:26:3b:66:94:71:9d:84:34:eb:99:86:08Certificate

Extended Key Usages

Key Usages

9c:4b:87:a0:4f:70:b5:51:33:b3:db:1f:7e:5b:4c:f2:c3:c5:4b:29Signer

Signature Validations

Verification

22-03-2010 23:37 Valid: false

Headers

File Characteristics

Imports

advapi32

kernel32

user32

gdi32

comdlg32

winspool.drv

shell32

comctl32

ole32

version

Exports

Exports

Sections

.text Size: 192KB - Virtual size: 191KB

.rdata Size: 40KB - Virtual size: 36KB

.data Size: 20KB - Virtual size: 461KB

.rsrc Size: 60KB - Virtual size: 56KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

75:8f:5e:e8:26:3b:66:94:71:9d:84:34:eb:99:86:08
Certificate

9c:4b:87:a0:4f:70:b5:51:33:b3:db:1f:7e:5b:4c:f2:c3:c5:4b:29
Signer

22-03-2010 23:37
Valid: false

.text
Size: 192KB - Virtual size: 191KB

.rdata
Size: 40KB - Virtual size: 36KB

.data
Size: 20KB - Virtual size: 461KB

.rsrc
Size: 60KB - Virtual size: 56KB