ca384d5cf44835fe6249ad19cb1817d49f5e729e988e2cdb702a780333a02805

Sharing

Copy URL Twitter E-mail

General

Target

ca384d5cf44835fe6249ad19cb1817d49f5e729e988e2cdb702a780333a02805
Size

1.6MB
MD5

ed39750a7f03ab2976a3fc947a528147
SHA1

920109acfa6320a11a2b3d7745b776d80ca9a7b9
SHA256

ca384d5cf44835fe6249ad19cb1817d49f5e729e988e2cdb702a780333a02805
SHA512

86afee6c23d0e02cdb22430ce239b6cbfa157385cbb63bcdf200346417467c10a36c6b1c2aac73fb1297ae0e8bc9bd54530cff1f70f272c84ae4bfff3b8fa253
SSDEEP

49152:5EzqMqEslI7+g/h24A4ZXtrXYUbuiNIGNQQI9:Kslyh2gtryi7QQI9

Score

N/A

Malware Config

Signatures

Files

ca384d5cf44835fe6249ad19cb1817d49f5e729e988e2cdb702a780333a02805
.exe windows x86

35429582c8b3b062f3830e0295612404

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7d:5f:27:08:8c:1f:da:12:6e:33:32:24:6b:9c:06:71
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

08/01/2013, 00:00

Not After

08/01/2014, 23:59

Subject

CN=Apex Co. Ltd.,O=Apex Co. Ltd.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

70:d9:cf:28:dc:ee:79:74:a3:f2:98:b8:af:34:86:46:51:61:85:15
Signer

Actual PE Digest

70:d9:cf:28:dc:ee:79:74:a3:f2:98:b8:af:34:86:46:51:61:85:15

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Apex Co. Ltd.,O=Apex Co. Ltd.,L=Shenzhen,ST=Guangdong,C=CN

07/09/2013, 02:28
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFileExistsW
PathRemoveFileSpecW

wininet

InternetReadFile
InternetOpenUrlW
HttpQueryInfoW
InternetCloseHandle
InternetOpenW

kernel32

FormatMessageW
LocalFree
FindResourceExW
FindResourceW
LoadResource
SizeofResource
LockResource
GetProcAddress
TerminateProcess
OpenProcess
GetCurrentDirectoryW
FileTimeToSystemTime
SetFilePointer
DeleteCriticalSection
EnterCriticalSection
MultiByteToWideChar
LeaveCriticalSection
InitializeCriticalSection
SystemTimeToFileTime
CreateMutexW
GetVolumeInformationW
GetDiskFreeSpaceExW
VirtualAlloc
VirtualFree
LoadLibraryW
FreeLibrary
CreateFileA
FlushFileBuffers
DeleteFileW
GetLocalTime
GetModuleFileNameW
GetFileAttributesW
GetStringTypeExA
SetFileTime
DosDateTimeToFileTime
DuplicateHandle
GetFileSize
MulDiv
FreeResource
GetProcessHeap
SetEndOfFile
WriteConsoleW
WideCharToMultiByte
GetTickCount
CreateDirectoryW
GetFileSizeEx
GetSystemTime
GlobalFree
Sleep
GlobalAlloc
GetDateFormatA
GetTimeFormatA
CloseHandle
DeviceIoControl
GetLastError
CreateFileW
ReadFile
WriteFile
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
SetStdHandle
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
LoadLibraryA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStdHandle
HeapReAlloc
HeapDestroy
HeapCreate
ExitProcess
HeapSize
SetFilePointerEx
CreateThread
SetLastError
TlsFree
TlsSetValue
TlsAlloc
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
HeapAlloc
ExitThread
GetCurrentThreadId
GetModuleHandleA
GetCommandLineA
GetStartupInfoA
RaiseException
RtlUnwind
GetCPInfo
LCMapStringW
LCMapStringA
GetStringTypeW
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
TlsGetValue

user32

IsZoomed
PostQuitMessage
ScreenToClient
ClientToScreen
GetClientRect
GetWindowThreadProcessId
SetWindowPos
GetSystemMetrics
CharLowerA
SendMessageW
GetWindowTextW
PtInRect
GetWindowTextLengthW
PostMessageW
MoveWindow
FindWindowW
ShowWindow
MessageBoxW
CharLowerW
wsprintfW
GetDC
InflateRect
OffsetRect
ReleaseDC
SetWindowRgn
GetWindowRect
IsIconic
SetForegroundWindow
GetParent
IntersectRect
GetWindowLongW
MonitorFromWindow
DefWindowProcW
IsWindow
DispatchMessageW
TranslateMessage
SetFocus
GetMessageW
EnableWindow
GetWindow
LoadImageW
CallWindowProcW
GetPropW
SetPropW
RegisterClassW
LoadCursorW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
GetKeyState
InvalidateRect
SetTimer
KillTimer
SetCapture
ReleaseCapture
DestroyWindow
GetFocus
IsRectEmpty
EndPaint
BeginPaint
GetUpdateRect
GetCursorPos
SetCursor
wvsprintfW
CharNextW
CreateCaret
HideCaret
ShowCaret
SetCaretPos
GetSysColor
FillRect
DrawTextW
CharPrevW
SetRect
InvalidateRgn
CreateAcceleratorTableW
SetWindowTextW
LoadStringA
SetWindowLongW
MapWindowPoints
GetMonitorInfoW

gdi32

GetObjectA
SetTextColor
TextOutW
GetCharABCWidthsW
GetTextExtentPoint32W
ExtSelectClipRgn
DeleteObject
CreateRoundRectRgn
BitBlt
DeleteDC
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
SetStretchBltMode
GetTextMetricsW
CreateFontIndirectW
GetObjectW
GetStockObject
CreatePen
SetWindowOrgEx
Rectangle
RestoreDC
SaveDC
GetDeviceCaps
SelectClipRgn
RoundRect
CreateRectRgnIndirect
GetClipBox
CombineRgn
StretchBlt
CreateDIBSection
ExtTextOutW
SetBkColor
CreateSolidBrush
LineTo
MoveToEx
CreatePenIndirect
SetBkMode

advapi32

RegSetValueExA
RegCreateKeyA
RegOpenKeyA
RegCloseKey
RegQueryValueExA

shell32

SHBrowseForFolderW
ShellExecuteW
SHGetPathFromIDListW
ord165

ole32

OleLockRunning
CLSIDFromString
CLSIDFromProgID
OleSetContainedObject
CoCreateInstance
CoInitialize
OleUninitialize
OleInitialize
CoUninitialize

oleaut32

SysFreeString
SysAllocString
VariantClear
VariantInit

ws2_32

gethostname
send
gethostbyname
gethostbyaddr
closesocket
getservbyname
socket
recv
WSACleanup
setsockopt
htons
WSAStartup
connect
inet_addr
htonl

iphlpapi

GetAdaptersInfo

gdiplus

GdipSetTextRenderingHint
GdipDrawString
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipCloneBrush
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipCreateLineBrushI
GdiplusShutdown
GdiplusStartup
GdipCreateFromHDC
GdipDeleteBrush
GdipFree
GdipAlloc
GdipCreateStringFormat
GdipDeleteStringFormat
GdipDeleteGraphics
GdipDeleteFont

comctl32

_TrackMouseEvent
ord17

Sections

.text
Size: 742KB - Virtual size: 742KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 736KB - Virtual size: 735KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

35429582c8b3b062f3830e0295612404

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

7d:5f:27:08:8c:1f:da:12:6e:33:32:24:6b:9c:06:71Certificate

Extended Key Usages

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91Certificate

Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

70:d9:cf:28:dc:ee:79:74:a3:f2:98:b8:af:34:86:46:51:61:85:15Signer

Signature Validations

Verification

07/09/2013, 02:28 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

wininet

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

ws2_32

iphlpapi

gdiplus

comctl32

Sections

.text Size: 742KB - Virtual size: 742KB

.rdata Size: 122KB - Virtual size: 122KB

.data Size: 15KB - Virtual size: 25KB

.rsrc Size: 736KB - Virtual size: 735KB

.reloc Size: 48KB - Virtual size: 48KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

7d:5f:27:08:8c:1f:da:12:6e:33:32:24:6b:9c:06:71
Certificate

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

70:d9:cf:28:dc:ee:79:74:a3:f2:98:b8:af:34:86:46:51:61:85:15
Signer

07/09/2013, 02:28
Valid: false

.text
Size: 742KB - Virtual size: 742KB

.rdata
Size: 122KB - Virtual size: 122KB

.data
Size: 15KB - Virtual size: 25KB

.rsrc
Size: 736KB - Virtual size: 735KB

.reloc
Size: 48KB - Virtual size: 48KB