8f74a7a0605c00596c8a77a34c8426ac642d55fb1a4f87ddb46db5aa1ced6a30

Sharing

Copy URL Twitter E-mail

General

Target

8f74a7a0605c00596c8a77a34c8426ac642d55fb1a4f87ddb46db5aa1ced6a30
Size

277KB
MD5

5c5b8ea3b16f714ae2171ed698e0b31c
SHA1

5653e8e3bb45aa3c3e9d3402966732ef78289967
SHA256

8f74a7a0605c00596c8a77a34c8426ac642d55fb1a4f87ddb46db5aa1ced6a30
SHA512

1a598df27a605c5dec4d247f130aaf1b210319ffa1de62c1800650623181a4252ef053f5a8b2736db4b0bc1be0ea8033d8113870841644b5c83ef7856ac1b85f
SSDEEP

6144:2h3IzYeyyaHmG270jAfOkKwr5MP4PKjxtlsHS45t:MI3Smz08R6PpX

Score

N/A

Malware Config

Signatures

Files

8f74a7a0605c00596c8a77a34c8426ac642d55fb1a4f87ddb46db5aa1ced6a30
.exe windows x86

f939f7d5a83f34b4c01f4ad8b7c50c7c

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:27:81:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/10/2008, 21:24

Not After

22/01/2010, 21:34

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:49:7c:ed:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:55

Not After

16/09/2011, 02:05

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:10D8-5847-CBF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

47:21:e7:68:a0:1e:c3:c8:34:d0:82:81:c6:3a:ca:9d:41:7d:ca:63
Signer

Actual PE Digest

47:21:e7:68:a0:1e:c3:c8:34:d0:82:81:c6:3a:ca:9d:41:7d:ca:63

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

16/03/2009, 19:17
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

ws2_32

connect
send
recv
closesocket
WSAStartup
socket
gethostbyaddr
htonl
htons
getservbyport
ntohs
ntohl
WSAGetLastError
gethostbyname
gethostname

iphlpapi

SetTcpEntry
GetTcpTable
GetUdpTable

comctl32

ord17
ord6
ImageList_Create
ImageList_ReplaceIcon
CreateToolbarEx

kernel32

ReadProcessMemory
OpenProcess
CreateEventA
DeviceIoControl
GetCurrentProcessId
DuplicateHandle
GetModuleFileNameA
DeleteFileA
GetSystemDirectoryA
GetVersion
FormatMessageA
GetTickCount
SetEvent
TerminateProcess
GlobalReAlloc
GlobalUnlock
GlobalLock
GlobalAlloc
lstrcatA
HeapFree
lstrlenA
lstrcpyA
HeapAlloc
GetProcessHeap
GetUserDefaultLangID
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObject
InitializeCriticalSection
ExpandEnvironmentStringsA
GetConsoleOutputCP
WriteConsoleA
SetFilePointer
FlushFileBuffers
SetStdHandle
GetModuleHandleA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetFileType
SetHandleCount
GetStdHandle
ExitProcess
GetCommandLineW
HeapDestroy
HeapCreate
VirtualAlloc
VirtualFree
FatalAppExitA
DeleteCriticalSection
LCMapStringW
MultiByteToWideChar
LCMapStringA
GetCurrentThread
GetCurrentThreadId
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleW
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
RtlUnwind
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
WriteConsoleW
WriteFile
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoA
GetCommandLineA
HeapReAlloc
CreateThread
ResumeThread
ExitThread
GetProcAddress
SetLastError
CreateFileA
FindResourceA
LoadResource
SizeofResource
LockResource
GetCurrentProcess
GetLastError
CloseHandle
LocalAlloc
LoadLibraryA
Sleep
LocalFree
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
SetEndOfFile
ReadFile
GetTimeZoneInformation
HeapSize
GetLocaleInfoW
CompareStringA
CompareStringW
GetSystemTimeAsFileTime
SetEnvironmentVariableA

user32

TranslateAcceleratorA
TranslateMessage
DispatchMessageA
RegisterClassA
LoadMenuA
InsertMenuA
GetMessageA
PostQuitMessage
LoadStringA
DialogBoxParamA
GetSubMenu
EnableMenuItem
TrackPopupMenu
LoadAcceleratorsA
CreateMenu
UpdateWindow
DestroyIcon
SetDlgItemTextA
GetParent
ChildWindowFromPoint
InvalidateRect
SetCapture
ReleaseCapture
SetWindowLongA
GetWindowLongA
GetClientRect
CreateWindowExA
SetFocus
CallWindowProcA
GetSysColor
LoadIconA
DrawIconEx
InvalidateRgn
SetWindowPos
GetMenu
CheckMenuItem
SetTimer
KillTimer
GetWindowRect
IsIconic
IsZoomed
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetFocus
GetDC
DrawTextA
ReleaseDC
GetSystemMetrics
MoveWindow
ShowWindow
ClientToScreen
ScreenToClient
PostMessageA
DestroyWindow
DefWindowProcA
MessageBoxA
DialogBoxIndirectParamA
GetDlgItem
GetSysColorBrush
EndDialog
SetWindowTextA
LoadCursorA
SetCursor
InflateRect
SendMessageA
GetCursorPos

gdi32

EndDoc
EndPage
StartPage
StartDocA
SetMapMode
GetDeviceCaps
SetBkMode
SetTextColor
SelectObject
CreateFontIndirectA
GetObjectA
GetStockObject
GetTextExtentPoint32A
ExtTextOutA
SetBkColor
DeleteObject
CreateCompatibleDC
CreateSolidBrush
GetTextMetricsA

comdlg32

ChooseFontA
PrintDlgA
GetSaveFileNameA

advapi32

RegOpenKeyExA
RegOpenKeyA
RegQueryValueExA
RegCreateKeyA
RegSetValueExA
RegCloseKey
RegDeleteKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

shell32

ShellExecuteA
SHGetFileInfoA

Sections

.gs01
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.textbss
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f939f7d5a83f34b4c01f4ad8b7c50c7c

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:06:27:81:00:00:00:00:00:08Certificate

Extended Key Usages

Key Usages

61:49:7c:ed:00:00:00:00:00:05Certificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

47:21:e7:68:a0:1e:c3:c8:34:d0:82:81:c6:3a:ca:9d:41:7d:ca:63Signer

Signature Validations

Verification

16/03/2009, 19:17 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

version

ws2_32

iphlpapi

comctl32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

Sections

.gs01 Size: 133KB - Virtual size: 132KB

.rdata Size: 27KB - Virtual size: 26KB

.data Size: 5KB - Virtual size: 14KB

.rsrc Size: 21KB - Virtual size: 21KB

.textbss Size: 83KB - Virtual size: 82KB

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:06:27:81:00:00:00:00:00:08
Certificate

61:49:7c:ed:00:00:00:00:00:05
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

47:21:e7:68:a0:1e:c3:c8:34:d0:82:81:c6:3a:ca:9d:41:7d:ca:63
Signer

16/03/2009, 19:17
Valid: false

.gs01
Size: 133KB - Virtual size: 132KB

.rdata
Size: 27KB - Virtual size: 26KB

.data
Size: 5KB - Virtual size: 14KB

.rsrc
Size: 21KB - Virtual size: 21KB

.textbss
Size: 83KB - Virtual size: 82KB