SetupVSE_Win8[.]Exe

Sharing

Copy URL

Twitter E-mail

General

Target

SetupVSE_Win8.Exe
Size

97KB
MD5

8e93e9490c443814e026bd1a65ad76fc
SHA1

f89c2cf222877671c372e1e7720fd212a0533361
SHA256

9ef91d817e95d2fb859b09d3534ca5ff24cf13c3bab5a870021412de43ee0603
SHA512

6e8d891ab68b62ec46c86a09fcdbda4ea08d001600b4aa3e9b0790bc21d4ad5da66ae84a3bd12cac53a96ab0c8b4556b73048778d575fe7ff46fa3662df0c4d4
SSDEEP

1536:122PxeHs4zT76BPCeWs0Nm3f0Wrc6P7kkzaj8QKCkQ9zIt2lyQx4:jPKT7i3+Saj8RCkQFIt2lyr

Score

1^/10

Malware Config

Signatures

Files

SetupVSE_Win8.Exe
.exe windows x86

c3a99dc87c173a4c00d0342b94ad96a1

Code Sign

22:d8:78:bd:5f:56:04:31:89:22:60:a2:e8:8c:d3:50
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01-05-2012 00:00

Not After

02-12-2013 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

68:a5:c8:47:24:52:e9:8d:42:54:88:c3:98:1c:28:f8
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

06-10-2011 00:00

Not After

31-12-2013 23:59

Subject

CN=McAfee\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IIS,O=McAfee\, Inc.,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

bb:5b:b0:c8:82:f0:1e:1a:d6:a8:a7:e1:cc:f4:d7:8b:1b:63:8b:e8
Signer

Actual PE Digest

bb:5b:b0:c8:82:f0:1e:1a:d6:a8:a7:e1:cc:f4:d7:8b:1b:63:8b:e8

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=McAfee\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IIS,O=McAfee\, Inc.,L=Santa Clara,ST=California,C=US

15-01-2013 00:41
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

lz32

LZClose
LZSeek
LZOpenFileW
LZRead

kernel32

GetSystemDirectoryW
CopyFileW
DeleteFileW
SetFileAttributesW
FreeLibrary
GetProcAddress
LoadLibraryW
CloseHandle
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
GetFileAttributesW
Sleep
GetLastError
CreateMutexW
GetCurrentProcess
CreateThread
GlobalFree
GlobalAlloc
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
WriteFile
GetStdHandle
DebugBreak
GetShortPathNameW
SetFilePointer
FindFirstFileW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetTickCount
GetSystemTimeAsFileTime
SetStdHandle
GetModuleHandleW
LocalAlloc
LoadLibraryA
RaiseException
GetCPInfo
GetLocaleInfoA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetModuleFileNameA
GetStringTypeW
GetStringTypeA
HeapSize
ExitProcess
GetFileType
SetHandleCount
LCMapStringW
WideCharToMultiByte
LCMapStringA
MultiByteToWideChar
VirtualQuery
FindClose
GetCommandLineW
lstrlenW
GetUserDefaultLCID
GetModuleFileNameW
GetVersionExW
lstrcmpiW
GetTempPathW
CreateDirectoryW
GetPrivateProfileIntW
GetPrivateProfileStringW
FlushFileBuffers
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
QueryPerformanceCounter
GetCurrentProcessId
GetACP
GetOEMCP
SetEnvironmentVariableW
HeapReAlloc
HeapAlloc
GetLocalTime
RtlUnwind
HeapFree
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
VirtualProtect
GetSystemInfo

user32

FindWindowW
ShowWindow
DialogBoxParamW
GetDlgItem
SendMessageW
SetWindowTextW
EndDialog
MessageBoxW
wsprintfW
CharNextW
SetFocus

advapi32

GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
LookupPrivilegeValueW
OpenProcessToken
AdjustTokenPrivileges
InitiateSystemShutdownExW
RegSetValueExW
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c3a99dc87c173a4c00d0342b94ad96a1

Code Sign

22:d8:78:bd:5f:56:04:31:89:22:60:a2:e8:8c:d3:50Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

68:a5:c8:47:24:52:e9:8d:42:54:88:c3:98:1c:28:f8Certificate

Extended Key Usages

Key Usages

bb:5b:b0:c8:82:f0:1e:1a:d6:a8:a7:e1:cc:f4:d7:8b:1b:63:8b:e8Signer

Signature Validations

Verification

15-01-2013 00:41 Valid: false

Headers

File Characteristics

Imports

version

lz32

kernel32

user32

advapi32

Sections

.text Size: 60KB - Virtual size: 59KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 4KB - Virtual size: 13KB

.rsrc Size: 8KB - Virtual size: 7KB

22:d8:78:bd:5f:56:04:31:89:22:60:a2:e8:8c:d3:50
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

68:a5:c8:47:24:52:e9:8d:42:54:88:c3:98:1c:28:f8
Certificate

bb:5b:b0:c8:82:f0:1e:1a:d6:a8:a7:e1:cc:f4:d7:8b:1b:63:8b:e8
Signer

15-01-2013 00:41
Valid: false

.text
Size: 60KB - Virtual size: 59KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 4KB - Virtual size: 13KB

.rsrc
Size: 8KB - Virtual size: 7KB