91b7aea9c34e3e18301ae36000ad89f46952b58754bd76be4519f509d1420183[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

91b7aea9c34e3e18301ae36000ad89f46952b58754bd76be4519f509d1420183.zip
Size

15.2MB
MD5

31211c553ad31b5178c9aaa7820bd25f
SHA1

619bce3e5f8364461ebf17a6920a13fc9df2bc43
SHA256

a3997581117092d5ccb18a26056b17c6686c65d8b6da6bd7cf85f8930d7b3553
SHA512

32a5f0f92d459fc37f033e21d8c9e13679d8c36b627d1ea1c1182a63847e279a57f659b0ad684f9de3833a497c6b79dfc0bd4c2445dc85b02cd5ccacd620819e
SSDEEP

393216:YwK/9Ob5ak3C9M5XGD/BJtc/YbZ/bI9Q9xPrE:Bbb5F+cWD/BJ1tMe3PrE

Score

1^/10

Malware Config

Signatures

Files

91b7aea9c34e3e18301ae36000ad89f46952b58754bd76be4519f509d1420183.zip
.zip

Password: infected
91b7aea9c34e3e18301ae36000ad89f46952b58754bd76be4519f509d1420183
.exe windows x86

Password: infected

95520c30e6966ec1c97f32e1a002191f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

73:33:c4:03:8c:d2:78:92:9a:b9:05:4f:3c:5f:7e:42
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

03/07/2014, 00:00

Not After

10/07/2016, 23:59

Subject

CN=beyerdynamic GmbH & Co. KG,O=beyerdynamic GmbH & Co. KG,L=Heilbronn,ST=Baden-Wuerttemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

67:96:f0:9f:a5:31:d6:25:ff:3e:87:ec:0b:ea:af:22:2e:4b:b3:ae
Signer

Actual PE Digest

67:96:f0:9f:a5:31:d6:25:ff:3e:87:ec:0b:ea:af:22:2e:4b:b3:ae

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=beyerdynamic GmbH & Co. KG,O=beyerdynamic GmbH & Co. KG,L=Heilbronn,ST=Baden-Wuerttemberg,C=DE

09/10/2014, 07:18
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteCriticalSection
GetModuleFileNameW
InterlockedIncrement
InterlockedDecrement
GetLastError
GetDriveTypeW
CompareStringW
lstrcmpiW
lstrlenW
InitializeCriticalSection
GlobalUnlock
GlobalLock
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
ExitProcess
IsValidCodePage
FreeLibrary
GetACP
HeapCreate
GetStringTypeW
LCMapStringW
GlobalAlloc
GetCPInfo
RtlUnwind
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetSystemTimeAsFileTime
GetStartupInfoW
IsDebuggerPresent
UnhandledExceptionFilter
GetLocaleInfoA
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
PeekNamedPipe
OpenEventW
TerminateProcess
OpenProcess
SearchPathW
ConnectNamedPipe
CreateNamedPipeW
ResetEvent
MoveFileW
TerminateThread
GetEnvironmentVariableW
GetSystemDirectoryW
lstrcpynW
GetLocalTime
OutputDebugStringW
GlobalMemoryStatus
GetVersion
GetWindowsDirectoryW
GetSystemTime
lstrcmpW
CreateFileW
WriteFile
CreateMutexW
GetFileSize
ReadFile
GlobalFree
GetTempPathW
GetTempPathA
GetTempFileNameW
DeleteFileW
GetTempFileNameA
DeleteFileA
FindFirstFileW
RemoveDirectoryW
FindNextFileW
GetLogicalDriveStringsW
WaitForMultipleObjects
GetSystemInfo
InterlockedExchange
WideCharToMultiByte
GetModuleHandleW
LoadLibraryExW
MultiByteToWideChar
FindClose
SetFileAttributesW
CreateFileA
LCMapStringA
GetFileAttributesW
GetProcAddress
LoadLibraryW
CreateDirectoryW
GetCurrentProcessId
CloseHandle
GetExitCodeThread
SetEvent
WaitForSingleObject
CreateEventW
SetLastError
Sleep
EnterCriticalSection
GetUserDefaultLangID
GetSystemDefaultLangID
GetLocaleInfoW
EnumResourceLanguagesW
CopyFileW
SetCurrentDirectoryW
GetCommandLineW
UnlockFile
GetCurrentThreadId
LockFile
SetFilePointer
GetExitCodeProcess
CreateProcessA
CreateProcessW
GetStdHandle
DuplicateHandle
GetModuleFileNameA
FlushFileBuffers
GetCurrentThread
FormatMessageW
GetDiskFreeSpaceExW
LeaveCriticalSection
MulDiv
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
FlushInstructionCache
GetCurrentProcess
GetOEMCP
LocalAlloc
LocalFree
LoadLibraryA
GetVersionExW
SetUnhandledExceptionFilter
CreateThread
GetShortPathNameW
RaiseException

user32

GetParent
GetClientRect
BeginPaint
GetDlgItem
IsRectEmpty
IntersectRect
EqualRect
GetDC
ReleaseDC
GetWindowRect
GetSysColorBrush
IsWindowVisible
MapWindowPoints
PtInRect
SetRectEmpty
CreateWindowExW
CallWindowProcW
DefWindowProcW
GetWindowLongW
SetWindowLongW
SendMessageW
EndPaint
DrawFrameControl
RegisterWindowMessageW
InvalidateRgn
GetDesktopWindow
GetKeyState
DrawStateW
DrawTextExW
ValidateRect
DestroyMenu
AppendMenuW
CreatePopupMenu
TrackPopupMenu
InflateRect
LoadBitmapW
CharNextW
DrawFocusRect
GetClassNameW
ReleaseCapture
GetCapture
SetCapture
UpdateWindow
DestroyIcon
GetDlgCtrlID
SetScrollInfo
GetScrollPos
GetClassInfoExW
RegisterClassExW
SetScrollPos
FillRect
SetRect
MoveWindow
GetScrollInfo
ScreenToClient
GetMessagePos
GetSysColor
SystemParametersInfoW
GetActiveWindow
TrackMouseEvent
GetAsyncKeyState
GetWindowDC
KillTimer
DestroyCursor
GetWindowRgn
CopyRect
IsZoomed
SetWindowRgn
GetComboBoxInfo
DestroyAcceleratorTable
CreateAcceleratorTableW
TranslateAcceleratorW
CreateDialogParamW
EndDialog
DialogBoxParamW
InvalidateRect
GetNextDlgTabItem
SetFocus
SetCursor
GetWindow
MonitorFromWindow
GetMonitorInfoW
LoadImageW
IsDialogMessageW
IsChild
GetFocus
PostQuitMessage
LoadStringW
MessageBoxW
PostMessageW
SetForegroundWindow
SetCursorPos
GetCursorPos
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
LoadIconW
DialogBoxIndirectParamW
GetForegroundWindow
GetPropW
GetSystemMenu
EnableMenuItem
MsgWaitForMultipleObjects
ModifyMenuW
FindWindowW
MessageBeep
ExitWindowsEx
GetScrollRange
SetPropW
RemovePropW
LoadMenuW
GetSubMenu
SetTimer
OpenClipboard
CloseClipboard
EmptyClipboard
SetClipboardData
FrameRect
UnregisterClassA
LoadCursorW
RedrawWindow
IsWindowEnabled
ShowWindow
EnableWindow
SetWindowTextW
DestroyWindow
IsWindow
DrawTextW
DrawIconEx
GetWindowTextLengthW
GetWindowTextW
GetSystemMetrics
SetWindowPos
ClientToScreen
OffsetRect

gdi32

GetTextMetricsW
ExtTextOutW
SetBkColor
GetWindowExtEx
GetViewportExtEx
SetMapMode
GetMapMode
CreateDIBSection
GetBrushOrgEx
CreateFontIndirectW
GetObjectW
CreateSolidBrush
GetRgnBox
EqualRgn
CreatePolygonRgn
CreateRectRgnIndirect
GetStockObject
GetBitmapBits
ExcludeClipRect
SetBkMode
SetTextColor
SetViewportOrgEx
GetDeviceCaps
SetBrushOrgEx
CreatePatternBrush
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
FillRgn
SelectClipRgn
CombineRgn
CreateRectRgn
DeleteObject
DeleteDC
CreateBitmapIndirect
CreateFontW

advapi32

UnlockServiceDatabase
LookupPrivilegeValueW
OpenProcessToken
StartServiceW
QueryServiceStatus
OpenServiceW
RegDeleteValueA
RegQueryValueExA
RegOpenKeyA
RegSetValueExA
RegCreateKeyA
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyA
OpenSCManagerW
LockServiceDatabase
AdjustTokenPrivileges
CloseServiceHandle
RegOpenKeyExA
RegEnumValueA
RegOpenKeyW
GetUserNameW

shell32

ShellExecuteW
ShellExecuteExW
SHGetFolderPathW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetFileInfoW

ole32

CoTaskMemRealloc
CoTaskMemFree
CoInitializeEx
CoUninitialize
OleInitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CoCreateInstance
CreateStreamOnHGlobal
CoInitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
OleLockRunning
StringFromGUID2
OleUninitialize
CoTaskMemAlloc

oleaut32

OleLoadPicture
VarDateFromStr
VarUI4FromStr
SysAllocStringByteLen
SysStringByteLen
SysAllocStringLen
LoadTypeLi
LoadRegTypeLi
SysStringLen
OleCreateFontIndirect
VariantCopy
VariantInit
VariantClear
SysAllocString
SysFreeString

dbghelp

SymGetLineFromAddr
SymSetSearchPath
SymCleanup
SymInitialize
SymSetOptions
SymFunctionTableAccess
SymGetModuleBase
StackWalk

shlwapi

PathIsUNCW
PathFileExistsW
PathIsDirectoryW

comctl32

_TrackMouseEvent
InitCommonControlsEx
ImageList_LoadImageW
ImageList_SetBkColor
ImageList_GetIcon
ImageList_AddMasked
ImageList_ReplaceIcon
ImageList_Create
ImageList_Destroy
DestroyPropertySheetPage
PropertySheetW
CreatePropertySheetPageW

msimg32

AlphaBlend
TransparentBlt

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

netapi32

NetUserGetLocalGroups

comdlg32

GetOpenFileNameW
GetSaveFileNameW

Sections

.text
Size: 823KB - Virtual size: 822KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 201KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

95520c30e6966ec1c97f32e1a002191f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

73:33:c4:03:8c:d2:78:92:9a:b9:05:4f:3c:5f:7e:42Certificate

Extended Key Usages

Key Usages

67:96:f0:9f:a5:31:d6:25:ff:3e:87:ec:0b:ea:af:22:2e:4b:b3:aeSigner

Signature Validations

Verification

09/10/2014, 07:18 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

dbghelp

shlwapi

comctl32

msimg32

version

netapi32

comdlg32

Sections

.text Size: 823KB - Virtual size: 822KB

.rdata Size: 201KB - Virtual size: 201KB

.data Size: 11KB - Virtual size: 35KB

.rsrc Size: 124KB - Virtual size: 124KB

.reloc Size: 80KB - Virtual size: 79KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

73:33:c4:03:8c:d2:78:92:9a:b9:05:4f:3c:5f:7e:42
Certificate

67:96:f0:9f:a5:31:d6:25:ff:3e:87:ec:0b:ea:af:22:2e:4b:b3:ae
Signer

09/10/2014, 07:18
Valid: false

.text
Size: 823KB - Virtual size: 822KB

.rdata
Size: 201KB - Virtual size: 201KB

.data
Size: 11KB - Virtual size: 35KB

.rsrc
Size: 124KB - Virtual size: 124KB

.reloc
Size: 80KB - Virtual size: 79KB