a30e9d1aa6cbbc8016088d47fd464351fea877e0f91cc2c23e9b6dc2b2b2d819

Sharing

Copy URL Twitter E-mail

General

Target

a30e9d1aa6cbbc8016088d47fd464351fea877e0f91cc2c23e9b6dc2b2b2d819
Size

1.5MB
MD5

751876e2574ac127878f8898468475e7
SHA1

5f33cf448ea4e2f2d393264172090fe08a509ca4
SHA256

a30e9d1aa6cbbc8016088d47fd464351fea877e0f91cc2c23e9b6dc2b2b2d819
SHA512

2e921fc495b9a4c1b37f6f8952235245a5288468c0df10d3c0f82d942e6a3f8060440dee753765b052a130b7321cff5c67bff352feb3996411c4e7cbb58bb1ca
SSDEEP

24576:TidLWjh5wA5ycZtEo9oeX2/ZdXkKCud0uAdAB9MgY:qA5Rmeo6s0uAdW9DY

Score

N/A

Malware Config

Signatures

Files

a30e9d1aa6cbbc8016088d47fd464351fea877e0f91cc2c23e9b6dc2b2b2d819
.exe windows x86

2a1386e8e652a37f1185b7cbed403495

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

56:f5:1b:61:d9:7d:b2:8c:df:fd:e6:ba:2d:15:90:4a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

13/08/2010, 00:00

Not After

12/08/2013, 23:59

Subject

CN=T.E.C Solutions (G.Z.)Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=T.E.C Solutions (G.Z.)Limited,L=Guangzhou,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5c:d0:c2:3d:28:8c:01:2e:e9:55:a6:ab:19:57:cf:dc:5f:a4:7c:f1
Signer

Actual PE Digest

5c:d0:c2:3d:28:8c:01:2e:e9:55:a6:ab:19:57:cf:dc:5f:a4:7c:f1

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=T.E.C Solutions (G.Z.)Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=T.E.C Solutions (G.Z.)Limited,L=Guangzhou,ST=Guangdong,C=CN

01/07/2013, 12:21
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
IsBadReadPtr
IsBadCodePtr
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
SetConsoleCtrlHandler
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetLocaleInfoW
GlobalUnlock
FormatMessageA
FreeEnvironmentStringsA
UnhandledExceptionFilter
QueryPerformanceCounter
lstrlenA
InterlockedDecrement
InterlockedIncrement
TerminateProcess
SetPriorityClass
GetPriorityClass
GetDriveTypeA
ExpandEnvironmentStringsW
ExpandEnvironmentStringsA
FreeLibrary
ReadFile
CopyFileA
SetFileAttributesA
lstrcmpA
RemoveDirectoryA
GetSystemInfo
FindFirstFileW
FindNextFileW
FindFirstFileA
FindNextFileA
FindClose
LoadLibraryA
LocalFree
OpenProcess
GetCurrentProcess
CreateThread
CreateFileA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
WaitForMultipleObjects
ReleaseMutex
CreateMutexA
ReleaseSemaphore
CreateSemaphoreA
DefineDosDeviceA
GetDiskFreeSpaceExA
SetVolumeLabelA
QueryDosDeviceW
QueryDosDeviceA
GetLogicalDrives
MoveFileExW
RemoveDirectoryW
CopyFileW
CreateDirectoryW
CreateDirectoryA
DeleteFileW
GetFileAttributesW
SetFileAttributesW
GetEnvironmentVariableW
GetTempPathW
GetTempPathA
MoveFileW
VirtualQueryEx
ReadProcessMemory
GetThreadPriority
TerminateThread
CreateProcessW
LoadLibraryW
CreateFileW
SetThreadLocale
GetComputerNameW
OutputDebugStringA
LoadLibraryExW
LoadLibraryExA
EnumResourceLanguagesA
UnmapViewOfFile
GetSystemDirectoryW
GetWindowsDirectoryW
GetCurrentDirectoryW
GetModuleFileNameW
FormatMessageW
FindResourceExA
OutputDebugStringW
SetUnhandledExceptionFilter
FatalAppExitA
GetFileInformationByHandle
GetModuleHandleA
GetProcAddress
GetCurrentThreadId
WideCharToMultiByte
MultiByteToWideChar
GetProfileIntA
GetProfileStringA
MoveFileExA
GetCurrentProcessId
DeleteFileA
MoveFileA
Sleep
GetFileAttributesA
GetSystemDirectoryA
SetCurrentDirectoryA
CreateProcessA
OpenEventA
SetEvent
CloseHandle
GetTickCount
HeapSize
HeapReAlloc
GetACP
ExitThread
HeapFree
HeapAlloc
ExitProcess
GetCommandLineA
GetStartupInfoA
GetLocalTime
GetSystemTime
GetTimeZoneInformation
RaiseException
RtlUnwind
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetFileTime
GetFileSize
GetShortPathNameA
GetStringTypeExA
GetFullPathNameA
GetVolumeInformationA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
DuplicateHandle
SetErrorMode
GetOEMCP
GetCPInfo
GetThreadLocale
SizeofResource
GetProcessVersion
GetCurrentDirectoryA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
GlobalFlags
GetLastError
GlobalSize
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
lstrcpynA
MulDiv
SetLastError
GetVersion
lstrcatA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
lstrcpyA
GlobalFree
LockResource
FindResourceA
LoadResource
CreateEventA
SuspendThread
SetThreadPriority
ResumeThread
WaitForSingleObject
GetModuleFileNameA
GlobalAlloc
GlobalDeleteAtom
lstrcmpiA
GetCurrentThread
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrlenW
GlobalLock

user32

SetDlgItemTextA
SetDlgItemInt
GetDlgItemTextA
GetDlgItemInt
CheckRadioButton
CheckDlgButton
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
GetSysColor
SetFocus
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
BeginDeferWindowPos
CopyRect
EndDeferWindowPos
ScrollWindow
GetScrollInfo
SetScrollInfo
ShowScrollBar
LoadIconA
SendMessageA
DrawIcon
IsDlgButtonChecked
GetUserObjectInformationW
GetSystemMetrics
IsIconic
EnableWindow
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
IsChild
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
wvsprintfA
SetWindowPlacement
GetDlgCtrlID
CreateWindowExA
GetClassLongA
SetPropA
ScrollWindowEx
IsDialogMessageA
SetWindowTextA
MoveWindow
GetClientRect
ShowWindow
UnhookWindowsHookEx
GetPropA
ExitWindowsEx
CloseDesktop
SetThreadDesktop
GetThreadDesktop
OpenDesktopA
OpenInputDesktop
GetUserObjectInformationA
GetProcessWindowStation
CloseWindowStation
SetProcessWindowStation
OpenWindowStationA
MessageBoxA
MessageBoxW
EnumDesktopWindows
GetWindowThreadProcessId
GetWindowLongA
GetParent
IsWindowVisible
EnumWindows
GetWindowTextA
GetWindowTextW
CharToOemA
OemToCharA
GetWindowTextLengthA
PostMessageA
PostQuitMessage
ShowOwnedPopups
SetCursor
IsWindowEnabled
UnregisterClassA
MsgWaitForMultipleObjects
HideCaret
WaitMessage
ShowCaret
ExcludeUpdateRgn
ClientToScreen
GetDC
ReleaseDC
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
LoadStringA
InsertMenuA
AppendMenuA
GetMenuStringA
RemoveMenu
GetClassNameA
PtInRect
GetDesktopWindow
LoadCursorA
SetCapture
ReleaseCapture
WindowFromPoint
DeleteMenu
GetSysColorBrush
GetDialogBaseUnits
CharNextA
CopyAcceleratorTableA
SetRect
GetNextDlgGroupItem
MessageBeep
DestroyMenu
SetRectEmpty
LoadAcceleratorsA
TranslateAcceleratorA
LoadMenuA
SetMenu
ReuseDDElParam
UnpackDDElParam
InvalidateRect
BringWindowToTop
CharUpperA
DrawFocusRect
DefDlgProcA
IsWindowUnicode
GetLastActivePopup
InflateRect
RegisterClipboardFormatA
PostThreadMessageA
DestroyIcon
TrackPopupMenu
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
SetWindowLongA
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
MapDialogRect
SetWindowPos
GetWindow
SetWindowContextHelpId
EndDialog
SetActiveWindow
IsWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
PeekMessageA
GetCursorPos
SetWindowsHookExA

gdi32

SetBkColor
SetTextColor
GetClipBox
GetDCOrgEx
CreateBitmap
StartDocA
SaveDC
RestoreDC
SelectObject
GetStockObject
SelectPalette
SetBkMode
SetPolyFillMode
SetROP2
SetStretchBltMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
SelectClipRgn
ExcludeClipRect
IntersectClipRect
OffsetClipRgn
MoveToEx
LineTo
SetTextAlign
SetTextJustification
SetTextCharacterExtra
SetMapperFlags
GetCurrentPositionEx
ArcTo
SetArcDirection
PolyDraw
PolylineTo
GetObjectA
PolyBezierTo
DeleteObject
GetClipRgn
CreateRectRgn
SelectClipPath
ExtSelectClipRgn
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
GetDeviceCaps
GetViewportExtEx
GetWindowExtEx
CreatePen
ExtCreatePen
CreateSolidBrush
CreateHatchBrush
CreatePatternBrush
CreateDIBPatternBrushPt
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
CopyMetaFileA
CreateDCA
GetTextExtentPoint32A
GetTextMetricsA
CreateFontIndirectA
GetTextColor
GetBkColor
DPtoLP
LPtoDP
GetMapMode
PatBlt
SetRectRgn
CombineRgn
CreateRectRgnIndirect
SetColorAdjustment
BitBlt
GetTextExtentPointA
DeleteDC
CreateCompatibleDC
CreateDIBitmap
GetBitmapBits
CreateCompatibleBitmap

comdlg32

GetSaveFileNameA
GetFileTitleA
GetOpenFileNameA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegisterEventSourceA
RegCloseKey
RegQueryValueExA
RegCreateKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
LookupAccountSidA
GetTokenInformation
GetUserNameA
RegOpenKeyA
RegSetValueExA
RegDeleteValueA
RegOpenKeyExA
RegDeleteKeyA
RegEnumValueA
RegQueryInfoKeyA
RegSetValueA
RegCreateKeyExA
RegQueryValueA
RegEnumKeyA
RegConnectRegistryA
RegQueryValueExW
RegSetValueExW
LockServiceDatabase
OpenSCManagerA
OpenServiceA
UnlockServiceDatabase
CloseServiceHandle
CreateServiceA
DeleteService
StartServiceA
ControlService
QueryServiceStatus
QueryServiceConfigA
ChangeServiceConfigA
EnumServicesStatusA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetFileSecurityA
RegSetKeySecurity
LookupAccountNameW
GetAce
AddAccessAllowedAce
InitializeAcl
GetLengthSid
LookupAccountSidW
RegCreateKeyW
DeregisterEventSource
ReportEventA

shell32

SHGetFileInfoA
DragQueryFileA
DragFinish
DragAcceptFiles
ExtractIconA

comctl32

ord17

oledlg

ord8

ole32

OleUninitialize
OleInitialize
OleRun
CoDisconnectObject
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
ReleaseStgMedium
CoTreatAsClass
CoFreeUnusedLibraries
ReadClassStg
ReadFmtUserTypeStg
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CoTaskMemFree
CreateBindCtx
CoTaskMemAlloc
OleDuplicateData
CLSIDFromString
CLSIDFromProgID
CoCreateInstance
CoRegisterMessageFilter
CoRegisterClassObject
CoRevokeClassObject
OleSetClipboard
OleFlushClipboard
CreateStreamOnHGlobal
StringFromCLSID
OleIsCurrentClipboard

olepro32

ord253

oleaut32

SafeArrayAccessData
SafeArrayGetUBound
SafeArrayUnaccessData
SafeArrayGetElemsize
SafeArrayAllocDescriptor
LoadTypeLi
SysReAllocStringLen
SysStringLen
VariantTimeToSystemTime
SysAllocStringLen
SysFreeString
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayGetDim
SafeArrayAllocData
SafeArrayCopy
VarBstrFromDate
VarDateFromStr
VarBstrFromCy
VarCyFromStr
SysStringByteLen
VariantChangeType
SysAllocStringByteLen
SysAllocString
VariantCopy
SafeArrayRedim
VariantClear
SafeArrayCreate
SafeArrayGetLBound

mpr

WNetGetConnectionA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

rpcrt4

UuidToStringW
UuidCreate
RpcStringFreeA
RpcStringFreeW
UuidToStringA

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 168KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2a1386e8e652a37f1185b7cbed403495

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

56:f5:1b:61:d9:7d:b2:8c:df:fd:e6:ba:2d:15:90:4aCertificate

Extended Key Usages

Key Usages

5c:d0:c2:3d:28:8c:01:2e:e9:55:a6:ab:19:57:cf:dc:5f:a4:7c:f1Signer

Signature Validations

Verification

01/07/2013, 12:21 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

mpr

version

rpcrt4

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 168KB - Virtual size: 165KB

.data Size: 88KB - Virtual size: 112KB

.idata Size: 20KB - Virtual size: 19KB

.rsrc Size: 20KB - Virtual size: 18KB

.reloc Size: 72KB - Virtual size: 69KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

56:f5:1b:61:d9:7d:b2:8c:df:fd:e6:ba:2d:15:90:4a
Certificate

5c:d0:c2:3d:28:8c:01:2e:e9:55:a6:ab:19:57:cf:dc:5f:a4:7c:f1
Signer

01/07/2013, 12:21
Valid: false

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 168KB - Virtual size: 165KB

.data
Size: 88KB - Virtual size: 112KB

.idata
Size: 20KB - Virtual size: 19KB

.rsrc
Size: 20KB - Virtual size: 18KB

.reloc
Size: 72KB - Virtual size: 69KB