3fcceddc5b020f4fd3e3cf114639ccb1166da260790286643414aa10fca21d51

Sharing

Copy URL

Twitter E-mail

General

Target

3fcceddc5b020f4fd3e3cf114639ccb1166da260790286643414aa10fca21d51
Size

5.1MB
MD5

2dd815a4d97fa875fddaa2fd9920a6fe
SHA1

d591930b8300796fd004e65b1dfe49e9c70a2b87
SHA256

3fcceddc5b020f4fd3e3cf114639ccb1166da260790286643414aa10fca21d51
SHA512

190c7f8cd9add2cc57d941f0254c7f56914077ff8772c1446dff8bce40d71866f8641881c5652f1c20d41c50baf4202be4fb2833601790e768fed9a493d97761
SSDEEP

98304:TS2U/JDQ9/flTWDUs2lyR/t/twIMe/MJ+1/wb1Yt4MkCrgc5L:nwF+dCD6Wtt/MJ+1/wb1Yt4MkCrg

Score

1^/10

Malware Config

Signatures

Files

3fcceddc5b020f4fd3e3cf114639ccb1166da260790286643414aa10fca21d51
.exe windows x86

93b3443d5c17c3a9622a05b44a60a5b1

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:09:9a:76:aa:1b:ef:ca:e6:a0:9b:67:16:fc:de:b5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

12-02-2009 00:00

Not After

12-02-2010 23:59

Subject

CN=KOEI Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Software Division,O=KOEI Co.\, Ltd.,L=Yokohama,ST=Kanagawa,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c4:04:1d:99:8d:45:58:9d:59:97:4d:78:d6:27:06:77:54:52:11:66
Signer

Actual PE Digest

c4:04:1d:99:8d:45:58:9d:59:97:4d:78:d6:27:06:77:54:52:11:66

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=KOEI Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Software Division,O=KOEI Co.\, Ltd.,L=Yokohama,ST=Kanagawa,C=JP

02-12-2009 02:21
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetShortPathNameA
LocalAlloc
TlsAlloc
GlobalFree
GlobalUnlock
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
MulDiv
GlobalFlags
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
lstrcatA
GetCurrentDirectoryA
SetLastError
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
LockResource
LoadResource
FindResourceA
GetProcessVersion
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileAttributesA
GetFileSize
GetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFileTime
SetFileAttributesA
SetErrorMode
GetCPInfo
GetOEMCP
GlobalSize
CopyFileA
RtlUnwind
ExitProcess
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetThreadLocale
HeapAlloc
GetStartupInfoA
GetCommandLineA
ExitThread
RaiseException
HeapReAlloc
HeapSize
GetACP
FatalAppExitA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
IsBadWritePtr
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
Sleep
IsBadCodePtr
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
SetConsoleCtrlHandler
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetLocaleInfoW
GetStringTypeExA
GetFullPathNameA
FindFirstFileA
FindClose
lstrcpyA
MoveFileA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
ReadFile
DuplicateHandle
lstrcpynA
lstrlenW
InterlockedDecrement
InterlockedIncrement
lstrlenA
CreateEventA
SuspendThread
SetThreadPriority
ResumeThread
SetEvent
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
GetCurrentThread
GetCurrentThreadId
GetWindowsDirectoryA
WideCharToMultiByte
MultiByteToWideChar
VirtualAlloc
ReadProcessMemory
VirtualFree
WriteProcessMemory
SetFilePointer
CreateDirectoryA
GetLogicalDrives
Module32First
DeviceIoControl
QueryDosDeviceA
FindNextFileA
WriteFile
CreateProcessA
DeleteFileA
CreateThread
lstrcmpiA
VirtualProtect
GetModuleFileNameA
GetUserDefaultLangID
OutputDebugStringA
IsBadReadPtr
DeleteCriticalSection
GetSystemInfo
InitializeCriticalSection
GetProcAddress
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
GetSystemDirectoryA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GetVersion
WaitForSingleObject
_lclose
_lcreat
CreateFileW
CreateFileA
TerminateProcess
SleepEx
LoadLibraryA
GetTickCount
QueryPerformanceCounter
GetVersionExA
QueryPerformanceFrequency
IsDebuggerPresent
CreateToolhelp32Snapshot
Process32First
OpenProcess
GetPriorityClass
CloseHandle
Process32Next
_lopen
CreateRemoteThread
GetDriveTypeA
GetVolumeInformationA
GetLastError
FormatMessageA
LocalFree
VirtualQuery
GetModuleHandleA
HeapFree
GetCurrentProcess

user32

wvsprintfA
GetSysColorBrush
LoadCursorA
LoadIconA
UpdateWindow
MapWindowPoints
GetSysColor
SetActiveWindow
IsWindow
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetClientRect
BeginDeferWindowPos
CopyRect
EndDeferWindowPos
ScrollWindow
GetScrollInfo
SetScrollInfo
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
IsChild
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetSubMenu
GetMenuItemID
TrackPopupMenu
SetWindowPlacement
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
RemoveMenu
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
SetFocus
ShowWindow
SetWindowPos
MoveWindow
SetWindowLongA
GetWindowTextLengthA
IsDialogMessageA
ScrollWindowEx
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
SendDlgItemMessageA
GetDlgItemTextA
GetDlgItemInt
GetDlgItem
CheckRadioButton
CheckDlgButton
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ScreenToClient
GetMenuStringA
DeleteMenu
InsertMenuA
UnhookWindowsHookEx
GetDesktopWindow
GetWindowTextA
SetWindowTextA
AppendMenuA
DestroyMenu
DefWindowProcA
LoadStringA
ClientToScreen
GetWindow
GetDlgCtrlID
UnregisterClassA
GetWindowRect
PtInRect
GetClassNameA
GetSystemMetrics
CharUpperA
OemToCharA
CharToOemA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
EnableWindow
SetCursor
ShowOwnedPopups
SendMessageA
PostQuitMessage
wsprintfA
SendMessageTimeoutA
MessageBoxA
PostMessageA
FindWindowA
GetWindowThreadProcessId
GetMenuItemCount

gdi32

CreatePatternBrush
CreateDIBPatternBrushPt
PtVisible
RectVisible
TextOutA
ExtTextOutA
CreateHatchBrush
GetDCOrgEx
GetObjectA
CopyMetaFileA
CreateDCA
CreateSolidBrush
ExtCreatePen
CreatePen
GetWindowExtEx
GetViewportExtEx
GetDeviceCaps
PlayMetaFile
EnumMetaFile
GetObjectType
PlayMetaFileRecord
ExtSelectClipRgn
SelectClipPath
SetArcDirection
CreateRectRgn
GetClipRgn
PolyBezierTo
SetColorAdjustment
PolylineTo
Escape
CreateBitmap
ArcTo
GetCurrentPositionEx
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
LineTo
MoveToEx
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
SelectClipRgn
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
SetBkColor
SelectPalette
GetStockObject
SelectObject
RestoreDC
SaveDC
StartDocA
DeleteDC
DeleteObject
PolyDraw

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

FreeSid
RegCreateKeyA
RegSetValueA
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
EqualSid
GetTokenInformation
OpenProcessToken
AllocateAndInitializeSid
RegEnumKeyExA

shell32

SHGetFileInfoA
SHGetSpecialFolderPathA
DragAcceptFiles

comctl32

ord17

ole32

WriteFmtUserTypeStg
WriteClassStg
OleRegGetUserType
SetConvertStg
CreateBindCtx
OleDuplicateData
CoCreateInstance
CoTaskMemAlloc
CoDisconnectObject
CoTaskMemFree
CoInitialize
ReadFmtUserTypeStg
ReadClassStg
StringFromCLSID
CoTreatAsClass
ReleaseStgMedium
CLSIDFromString

oleaut32

LoadTypeLi
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayUnlock
SafeArrayLock
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayAllocDescriptor
SafeArrayPutElement
VariantInit
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayUnaccessData
SafeArrayDestroy
SafeArrayAccessData
SafeArrayCreateVector
VariantCopy
VariantClear
VariantChangeType
SysAllocStringLen
SysReAllocStringLen
SysFreeString
SysAllocString
SysStringLen
SysAllocStringByteLen
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
SafeArrayRedim
SysStringByteLen
VarCyFromStr
VarBstrFromCy
VarDateFromStr
VarBstrFromDate
SafeArrayCopy
SafeArrayAllocData

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

imagehlp

MapFileAndCheckSumA

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 756KB - Virtual size: 752KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 240KB - Virtual size: 12.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CFB
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

93b3443d5c17c3a9622a05b44a60a5b1

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

47:09:9a:76:aa:1b:ef:ca:e6:a0:9b:67:16:fc:de:b5Certificate

Extended Key Usages

Key Usages

c4:04:1d:99:8d:45:58:9d:59:97:4d:78:d6:27:06:77:54:52:11:66Signer

Signature Validations

Verification

02-12-2009 02:21 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

ole32

oleaut32

version

imagehlp

Sections

.text Size: 2.8MB - Virtual size: 2.8MB

.rdata Size: 756KB - Virtual size: 752KB

.data Size: 240KB - Virtual size: 12.5MB

.rsrc Size: 20KB - Virtual size: 19KB

.CFB Size: 1.4MB - Virtual size: 1.4MB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

47:09:9a:76:aa:1b:ef:ca:e6:a0:9b:67:16:fc:de:b5
Certificate

c4:04:1d:99:8d:45:58:9d:59:97:4d:78:d6:27:06:77:54:52:11:66
Signer

02-12-2009 02:21
Valid: false

.text
Size: 2.8MB - Virtual size: 2.8MB

.rdata
Size: 756KB - Virtual size: 752KB

.data
Size: 240KB - Virtual size: 12.5MB

.rsrc
Size: 20KB - Virtual size: 19KB

.CFB
Size: 1.4MB - Virtual size: 1.4MB