e0275ae6e52cfd069eb8903f9dbc9327982a21091b29b00ce2d9d7b3266e18ce[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

e0275ae6e52cfd069eb8903f9dbc9327982a21091b29b00ce2d9d7b3266e18ce.exe
Size

387KB
MD5

5770682f3275642423eb1fb14bd06dc5
SHA1

927a99f08eba0d77033cebc9cd5620ec2ecf9d0e
SHA256

e0275ae6e52cfd069eb8903f9dbc9327982a21091b29b00ce2d9d7b3266e18ce
SHA512

494d317e93f1bceb0267f7ba545085cfa1f86af82fe1a81e70c76ba5d5ad396a872f1b558c3e2e9b5428aa0bdc6be4552ab1b35977519ac73fa443e849fff308
SSDEEP

12288:jaUCvVrEybKXI7njZ+kJzQKQieRLg1zcVWrGD:jidrEun9Vi3RLg1zcArGD

Score

N/A

Malware Config

Signatures

Files

e0275ae6e52cfd069eb8903f9dbc9327982a21091b29b00ce2d9d7b3266e18ce.exe
.exe windows x86

35a24f5d199a112fc54127b8ed6cf234

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01-08-1996 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4e:ab:28:28:af:c3:98:7d:9d:86:d3:77:0e:74:12:55
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

25-08-2008 18:10

Not After

14-09-2009 17:25

Subject

CN=RealNetworks\, Inc.,OU=ISO,O=RealNetworks\, Inc.,L=Seattle,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

d4:f2:ee:0d:9e:eb:8c:81:f3:93:94:51:4a:6b:f2:8b:cd:19:be:01
Signer

Actual PE Digest

d4:f2:ee:0d:9e:eb:8c:81:f3:93:94:51:4a:6b:f2:8b:cd:19:be:01

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=RealNetworks\, Inc.,OU=ISO,O=RealNetworks\, Inc.,L=Seattle,ST=Washington,C=US

20-05-2009 22:15
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

OleCreate
OleSetContainedObject
CoInitialize
OleInitialize
OleUninitialize
CoUninitialize

shlwapi

PathFileExistsA
SHDeleteKeyA

wininet

InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetSetFilePointer
InternetReadFile
InternetGetConnectedState
InternetOpenA
InternetSetOptionA
InternetOpenUrlA
HttpQueryInfoA
InternetCloseHandle
InternetCrackUrlA
InternetTimeToSystemTime

user32

CharPrevA
CharNextA
MessageBoxA
CreateDialogParamA
SendDlgItemMessageA
LoadStringA
GetWindowThreadProcessId
PostMessageA
GetSysColor
CreatePopupMenu
InsertMenuA
TrackPopupMenu
DestroyMenu
RedrawWindow
PeekMessageA
KillTimer
EnableWindow
GetClassInfoExA
LoadCursorA
LoadIconA
RegisterClassExA
GetSystemMetrics
CreateWindowExA
UpdateWindow
SetTimer
GetMessageA
TranslateMessage
DispatchMessageA
DialogBoxParamA
SetWindowRgn
DestroyWindow
ClientToScreen
GetCursorPos
ScreenToClient
GetFocus
BeginPaint
EndPaint
SetFocus
GetForegroundWindow
GetClassNameA
PtInRect
InvalidateRect
DefWindowProcA
SetWindowTextA
SetDlgItemTextA
SendMessageA
GetDlgItem
SetForegroundWindow
SetActiveWindow
SetWindowPos
ShowWindow
EndDialog
LoadImageA
GetDC
ReleaseDC
DrawTextW
SetWindowLongA
GetClientRect
GetWindowLongA
GetAsyncKeyState
EnumWindows
GetWindowRect

oleaut32

SysAllocStringLen
VariantClear
SysAllocString
DispGetIDsOfNames
SysFreeString
VariantInit

gdi32

SetPixel
BitBlt
SelectClipRgn
GetDeviceCaps
CreateBitmap
GetObjectA
CreateRectRgn
GetPixel
CombineRgn
CreatePatternBrush
StretchBlt
SetBkMode
SetTextColor
GetTextExtentPointW
CreateCompatibleDC
SelectObject
GetCharWidth32W
DeleteDC
CreateFontW
DeleteObject
CreateSolidBrush

advapi32

RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
OpenProcessToken
DuplicateTokenEx
GetLengthSid
SetTokenInformation
CreateProcessAsUserA
AllocateAndInitializeSid
RegSetValueA
RegQueryValueA
GetUserNameA

shell32

Shell_NotifyIconA
ShellExecuteExA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetSpecialFolderPathA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

DeleteCriticalSection
FlushFileBuffers
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
SetEndOfFile
LocalFileTimeToFileTime
SetFileTime
GetFullPathNameA
SetCurrentDirectoryA
SetEnvironmentVariableA
FileTimeToLocalFileTime
FileTimeToSystemTime
HeapSize
GetDateFormatA
GetTimeFormatA
GetCPInfo
GetOEMCP
GetACP
LeaveCriticalSection
EnterCriticalSection
HeapReAlloc
HeapFree
HeapAlloc
GetStartupInfoA
GetLocalTime
RaiseException
GetSystemTimeAsFileTime
RtlUnwind
ExitProcess
CopyFileA
SetFileAttributesA
GetCurrentDirectoryA
SetErrorMode
GetVersion
GetSystemInfo
GetWindowsDirectoryA
MoveFileA
CreateDirectoryA
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
GetTempFileNameA
GetExitCodeProcess
GetModuleFileNameA
FindResourceA
LoadResource
LockResource
GetLocaleInfoA
WaitForSingleObject
CreateThread
TerminateProcess
OpenMutexA
GetTimeZoneInformation
SetUnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
SetFilePointer
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
VirtualProtect
VirtualQuery
InterlockedExchange
SetStdHandle
IsBadReadPtr
IsBadCodePtr
InitializeCriticalSection
CompareStringA
CompareStringW
GetCommandLineA
SetEnvironmentVariableW
CreateMutexA
InterlockedDecrement
InterlockedIncrement
WriteFile
GetTickCount
Sleep
GetFileTime
SystemTimeToFileTime
CompareFileTime
GetDriveTypeA
lstrcpyA
lstrlenA
CloseHandle
LocalFree
GetCurrentProcess
Process32Next
OpenProcess
Process32First
CreateToolhelp32Snapshot
GetVersionExA
FreeLibrary
GetProcAddress
LoadLibraryA
IsBadWritePtr
RemoveDirectoryA
FindClose
GetLastError
DeleteFileA
FindNextFileA
FindFirstFileA
ReadFile
GetFileSize
CreateFileA
GlobalFree
GlobalAlloc
MultiByteToWideChar
WideCharToMultiByte
GetModuleHandleA

Sections

.text
Size: 296KB - Virtual size: 295KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

35a24f5d199a112fc54127b8ed6cf234

Code Sign

01Certificate

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

4e:ab:28:28:af:c3:98:7d:9d:86:d3:77:0e:74:12:55Certificate

Extended Key Usages

d4:f2:ee:0d:9e:eb:8c:81:f3:93:94:51:4a:6b:f2:8b:cd:19:be:01Signer

Signature Validations

Verification

20-05-2009 22:15 Valid: false

Headers

File Characteristics

Imports

ole32

shlwapi

wininet

user32

oleaut32

gdi32

advapi32

shell32

version

kernel32

Sections

.text Size: 296KB - Virtual size: 295KB

.rdata Size: 32KB - Virtual size: 30KB

.data Size: 8KB - Virtual size: 93KB

.rsrc Size: 36KB - Virtual size: 33KB

01
Certificate

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

4e:ab:28:28:af:c3:98:7d:9d:86:d3:77:0e:74:12:55
Certificate

d4:f2:ee:0d:9e:eb:8c:81:f3:93:94:51:4a:6b:f2:8b:cd:19:be:01
Signer

20-05-2009 22:15
Valid: false

.text
Size: 296KB - Virtual size: 295KB

.rdata
Size: 32KB - Virtual size: 30KB

.data
Size: 8KB - Virtual size: 93KB

.rsrc
Size: 36KB - Virtual size: 33KB