AiRoboForm_US[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

AiRoboForm_US.exe
Size

2.1MB
MD5

b95c736ff01420f00d4c9a576214cf0e
SHA1

52ced0620affbcf4c1119d943d39d0977ca79a59
SHA256

dfe74504d8c0d55876a14e32e597e19eaebf53de7e5cabeb38257b5ad8c869d7
SHA512

36b212584849e71e5930429a4e09842bd394a2219275114a2dc2653f2815eaf9bc07c5d37b3800364b97a77af12704df0b4667d4aaf373a812dfc4f3780c6291
SSDEEP

49152:vPX9THs1daX1mdZDI0XYxaiWMlijTzP0nDQ:vv9I1daYdZDI0IxnWdrd

Score

N/A

Malware Config

Signatures

Files

AiRoboForm_US.exe
.exe windows x86

4c4dd6284723d40173721c98ae676791

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

63:e8:57:91:41:24:18:1f:0d:64:62:a4:dc:4e:f5:f6
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

01/02/2006, 00:00

Not After

22/02/2008, 23:59

Subject

CN=Siber Systems,OU=SECURE APPLICATION DEVELOPMENT,O=Siber Systems,L=Herndon,ST=Virginia,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetWindowsDirectoryA
GetTempFileNameA
lstrcmpiA
lstrlenA
CreateDirectoryA
GetFileAttributesA
LocalFree
GetProcAddress
GetModuleHandleA
LocalAlloc
CreateFileA
WriteFile
SetFilePointer
GetLocalTime
CopyFileA
Sleep
GetModuleFileNameA
RemoveDirectoryA
GetTickCount
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess
FormatMessageA
GetFileSize
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetShortPathNameA
FindClose
lstrcmpA
lstrcpyA
FindFirstFileA
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
SetLastError
SetFileTime
GetSystemTimeAsFileTime
SetStdHandle
LoadLibraryA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
IsBadCodePtr
IsBadReadPtr
IsBadWritePtr
HeapReAlloc
SetUnhandledExceptionFilter
FlushFileBuffers
GetEnvironmentVariableA
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
TerminateProcess
GetOEMCP
GetACP
GetCPInfo
DeleteFileA
lstrcatA
GetTempPathA
DeleteCriticalSection
HeapDestroy
InitializeCriticalSection
HeapCreate
GetVersionExA
GetSystemInfo
HeapAlloc
CreateEventA
GetLastError
FindNextFileA
CloseHandle
VirtualAlloc
VirtualFree
GetStdHandle
MultiByteToWideChar
WideCharToMultiByte
RtlUnwind
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
RaiseException
HeapFree

user32

ExitWindowsEx
GetWindowLongA
GetParent
GetWindow
GetWindowRect
SystemParametersInfoA
GetClientRect
MapWindowPoints
SetWindowPos
SetWindowLongA
CreateDialogParamA
TranslateMessage
DispatchMessageA
PostQuitMessage
SetWindowTextA
IsWindow
GetDlgItem
SendMessageA
ShowWindow
wsprintfA
DestroyWindow
CharNextA
MessageBoxA
PeekMessageA

comctl32

InitCommonControlsEx

advapi32

RegDeleteValueA
RegQueryValueExA
AllocateAndInitializeSid
OpenProcessToken
GetTokenInformation
EqualSid
FreeSid
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyExA

Sections

.text
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4c4dd6284723d40173721c98ae676791

Code Sign

0aCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

63:e8:57:91:41:24:18:1f:0d:64:62:a4:dc:4e:f5:f6Certificate

Extended Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

comctl32

advapi32

Sections

.text Size: 46KB - Virtual size: 45KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 16KB - Virtual size: 25KB

.rsrc Size: 9KB - Virtual size: 8KB

0a
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

63:e8:57:91:41:24:18:1f:0d:64:62:a4:dc:4e:f5:f6
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

.text
Size: 46KB - Virtual size: 45KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 16KB - Virtual size: 25KB

.rsrc
Size: 9KB - Virtual size: 8KB