MMF2ExtPack1[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

MMF2ExtPack1.exe
Size

14.2MB
MD5

4d34233a77d5a70e4f2267682d1a10f8
SHA1

da4d04e009b65820275bb0954854ea72c8063271
SHA256

869eb55d98c01f6cabecf37294d2b2c6f5c6fded197558853f5595f6fd3937c9
SHA512

84fe6d5d0cde3798fbe2f525cbd214a4123ad5e4bef69a533e58699c8ebcc6c40c7005ea7c657819f69174c9f8ff39501f86cdca3863a058bde7a9b79a3d6196
SSDEEP

393216:j9drq79wCU+EzTA+kq+8p0KnpxZ6DdM2NeRbDjfS3AwweWCe1z:JdrqucaT/f+8p0Cp2yieNS3Awwoyz

Score

N/A

Malware Config

Signatures

Files

MMF2ExtPack1.exe
.exe windows x86

c898ffa149b68c035e718ea611433ed4

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

2d:42:a6:18:d0:39:c0:75:d7:4b:db:e0:21:b9:61:f5
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

22/10/2008, 00:00

Not After

05/12/2010, 23:59

Subject

CN=Clickteam,OU=SECURE APPLICATION DEVELOPMENT,O=Clickteam,L=Paris,ST=Paris,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
GetVersionExA
GetVersion
CompareStringA
GetTimeZoneInformation
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
LCMapStringA
GetDriveTypeA
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetCommandLineA
GetStartupInfoA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileA
RemoveDirectoryA
MoveFileA
RtlUnwind
DeleteFileA
SetEnvironmentVariableA
CreateDirectoryA
HeapCompact
TerminateProcess
ExitProcess
GetFileAttributesA
SetFileAttributesA
HeapFree
HeapAlloc
GetCurrentProcess
MoveFileExA
GetUserDefaultLangID
GetModuleHandleA
FormatMessageA
CopyFileA
SetFileTime
OpenFile
SetErrorMode
GetPrivateProfileStringA
WritePrivateProfileStringA
GetTickCount
GetFullPathNameA
MultiByteToWideChar
WideCharToMultiByte
GetLocalTime
GetTempPathA
GetShortPathNameA
GetCurrentDirectoryA
SetCurrentDirectoryA
CompareStringW
CreateProcessA
Sleep
GetExitCodeProcess
lstrcatA
lstrlenA
WinExec
LoadLibraryA
GetProcAddress
FreeLibrary
GetDiskFreeSpaceA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
CloseHandle
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetLastError
FindFirstFileA
FindClose
GetWindowsDirectoryA
IsBadWritePtr
GetSystemDirectoryA

user32

IsIconic
PostQuitMessage
DefWindowProcA
AdjustWindowRectEx
PostMessageA
ExitWindowsEx
CheckDlgButton
GetMessagePos
MapWindowPoints
SetTimer
KillTimer
DialogBoxParamA
BringWindowToTop
GetLastActivePopup
GetWindow
SendMessageA
FindWindowA
RegisterClassA
EndDialog
GetSysColor
ScreenToClient
GetWindowRect
GetDlgItem
EndPaint
BeginPaint
GetClientRect
FillRect
DrawTextA
GetSystemMetrics
SendDlgItemMessageA
GetFocus
GetDlgItemTextA
IsClipboardFormatAvailable
OpenClipboard
GetClipboardData
CloseClipboard
IsDlgButtonChecked
CheckRadioButton
SetFocus
GetParent
UpdateWindow
IsWindowVisible
InvalidateRect
CreateDialogParamA
RedrawWindow
PeekMessageA
GetMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
SetDlgItemTextA
SetWindowTextA
SetWindowPos
ShowWindow
DestroyWindow
CreateWindowExA
GetWindowLongA
IsWindowEnabled
CallWindowProcA
ValidateRect
SetWindowLongA
GetClassNameA
MessageBoxA
EnableWindow
LoadCursorA
SetCursor
wsprintfA
LoadIconA

gdi32

CreatePalette
SetBkColor
ExtTextOutA
GetSystemPaletteEntries
CreateFontIndirectA
RemoveFontResourceA
GetStockObject
GetDeviceCaps
DeleteDC
DeleteObject
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
RealizePalette
SelectPalette
CreateHalftonePalette
CreateDIBPatternBrush
CreateSolidBrush
SetBrushOrgEx
SetStretchBltMode
StretchDIBits
SetTextColor
AddFontResourceA
SetBkMode

comdlg32

GetOpenFileNameA

advapi32

RegCreateKeyA
RegQueryValueExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyExA
RegEnumKeyExA
RegCloseKey
RegDeleteKeyA
RegDeleteValueA
RegOpenKeyA
RegSetValueExA
RegQueryValueA
RegOpenKeyExA

shell32

DragQueryFileA
DragFinish
ShellExecuteA
SHBrowseForFolderA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc
DragAcceptFiles

ole32

CoGetMalloc
CoCreateInstance
OleInitialize
OleUninitialize

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
VerFindFileA

comctl32

ord17
ImageList_LoadImageA

Sections

.text
Size: 144KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c898ffa149b68c035e718ea611433ed4

Code Sign

01Certificate

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

2d:42:a6:18:d0:39:c0:75:d7:4b:db:e0:21:b9:61:f5Certificate

Extended Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

version

comctl32

Sections

.text Size: 144KB - Virtual size: 141KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 24KB - Virtual size: 24KB

.rsrc Size: 12KB - Virtual size: 11KB

01
Certificate

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

2d:42:a6:18:d0:39:c0:75:d7:4b:db:e0:21:b9:61:f5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

.text
Size: 144KB - Virtual size: 141KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 24KB - Virtual size: 24KB

.rsrc
Size: 12KB - Virtual size: 11KB