IE9Windows7[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

IE9Windows7.exe
Size

17.8MB
MD5

c751a35b9472be2fed4627cad8fa0cab
SHA1

5f797f389e8719d0c611b2dae553a04b02d666aa
SHA256

4c4cfc93c0e221c836538d71db0bff5debfdfe3f4c458addcbc4da52cf4936f8
SHA512

41db5e840f266ab74bc282100fa564ae147386f7bbed57dec23e40ff400f39532584a52b42b28c8910781db2b3d95017541dc5b54ff7e95a21b0673196152dbd
SSDEEP

393216:WV6/042x90GvO8Lt7ERwscZyIeahFjsNEw1DqqHbuHZMDyAF8v:WIc4e0GvPawsc9ekVsN/JDuHZMxCv

Score

1^/10

Malware Config

Signatures

Files

IE9Windows7.exe
.exe windows x86

9162049698b1e1fe97141761334e7434

Code Sign

61:08:77:5f:00:00:00:00:00:4a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-07-2010 22:53

Not After

19-10-2011 22:53

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:03:dc:f6:00:00:00:00:00:0c
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25-07-2008 19:12

Not After

25-07-2011 19:22

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:159C-A3F7-2570,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:15:08:27:00:00:00:00:00:0c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

25-01-2006 23:22

Not After

25-01-2017 23:32

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

ea:01:ba:2e:f5:11:31:66:6a:10:ca:7e:b3:bf:10:b7:8f:8c:94:33
Signer

Actual PE Digest

ea:01:ba:2e:f5:11:31:66:6a:10:ca:7e:b3:bf:10:b7:8f:8c:94:33

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

advapi32

RegDeleteKeyW
RegEnumValueW
RegOpenKeyExW
RegCloseKey
CloseServiceHandle
OpenSCManagerW
OpenServiceW
QueryServiceStatusEx
OpenProcessToken
DuplicateTokenEx
LookupPrivilegeValueW
AdjustTokenPrivileges

kernel32

GetTempFileNameW
FindFirstFileW
FindResourceExW
SetEnvironmentVariableW
CreateDirectoryW
InitializeCriticalSectionAndSpinCount
GetVersionExW
MoveFileW
FindClose
RemoveDirectoryW
FindNextFileW
GetUserDefaultUILanguage
GetWindowsDirectoryW
DeleteFileW
WaitForSingleObject
SetEvent
GetTickCount
InitializeCriticalSection
GetSystemDirectoryW
Sleep
FormatMessageW
GetExitCodeProcess
CreateEventW
WaitForMultipleObjects
CreateThread
lstrcmpiW
FreeLibrary
GetCurrentProcess
CreateProcessW
OpenProcess
LoadLibraryW
GetProcAddress
SetFilePointer
WriteFile
CreateFileW
FlushFileBuffers
SetLastError
GetLocalTime
MoveFileExW
GetTempPathW
SetProcessShutdownParameters
SetFileAttributesW
EnumResourceNamesW
LoadResource
GetLocaleInfoW
LocalAlloc
EnumUILanguagesW
LockResource
EnumResourceLanguagesW
MulDiv
InterlockedDecrement
RaiseException
GetSystemDefaultLangID
GetUserDefaultLangID
GlobalMemoryStatusEx
GetCurrentDirectoryW
ExpandEnvironmentStringsW
LocalFree
CloseHandle
GetModuleHandleW
DeleteCriticalSection
GetCommandLineW
CreateMutexW
FindResourceW
OutputDebugStringW
ResumeThread
CreateFileMappingW
IsWow64Process
MapViewOfFile
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
OutputDebugStringA
GetStartupInfoA
InterlockedCompareExchange
GetEnvironmentVariableW
lstrlenA
lstrcmpiA
lstrlenW
WideCharToMultiByte
InterlockedExchange
GetVersionExA
GetLastError
SizeofResource
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetModuleFileNameW
GetSystemInfo

gdi32

GetDeviceCaps
GetObjectW
SetTextColor
CreateFontIndirectW

user32

GetDlgCtrlID
SendMessageW
SetDlgItemTextW
CreateDialogParamW
GetSysColorBrush
ShowWindow
SendDlgItemMessageW
EndDialog
GetDlgItem
LoadIconW
IsDialogMessageW
TranslateMessage
KillTimer
PostMessageW
LoadImageW
PostQuitMessage
GetMessageW
SetTimer
DestroyWindow
GetWindowThreadProcessId
CopyRect
SetWindowPos
GetDesktopWindow
SystemParametersInfoW
BringWindowToTop
OffsetRect
SetForegroundWindow
GetWindowRect
CharToOemW
ExitWindowsEx
ReleaseDC
GetDC
UpdateWindow
UnregisterClassA
DispatchMessageW
CharNextW
FindWindowW
LoadStringW

msvcrt

_write
_lseeki64
__getmainargs
_CxxThrowException
calloc
memset
free
_fileno
_isatty
_errno
ungetc
_amsg_exit
_initterm
_acmdln
_wcsicmp
??2@YAPAXI@Z
_vsnwprintf
??_V@YAXPAX@Z
??_U@YAPAXI@Z
iswdigit
_wtol
iswalpha
_wcsnicmp
wcschr
??3@YAXPAX@Z
_read
__pioinfo
exit
_ismbblead
__badioinfo
wcstombs
_cexit
_exit
_XcptFilter
iswctype
ferror
wctomb
_itoa
_snprintf
_iob
localeconv
isxdigit
isleadbyte
__mb_cur_max
mbtowc
isdigit
_controlfp
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_onexit
_lock
__dllonexit
_unlock
realloc
memcpy
__set_app_type
__p__fmode
__p__commode
__setusermatherr
malloc

comctl32

ord334
ord336
ord328
ord339
InitCommonControlsEx
ord332
ord329

ntdll

RtlUnwind

ole32

CoCreateInstance
CLSIDFromString
CoInitializeEx
CoUninitialize
CoTaskMemFree
CoSetProxyBlanket

oleaut32

SysFreeString
SysAllocString
SysStringLen
VariantClear
VariantInit
SysReAllocString
SysAllocStringLen
SysStringByteLen

shell32

SHCreateDirectoryExW
CommandLineToArgvW
SHGetFolderPathW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

shlwapi

PathIsDirectoryW
PathIsRelativeW
PathRemoveFileSpecW
SHGetValueW
PathRemoveExtensionW
PathFindFileNameW
PathStripPathW
PathFileExistsW
PathFindExtensionW
SHRegSetUSValueW
ord388
SHDeleteKeyW
StrChrW
SHRegGetUSValueW
SHRegGetValueW
SHSetValueW
PathIsFileSpecW
StrCmpNIW
ord158

uxtheme

IsThemeActive

crypt32

CertVerifyCertificateChainPolicy

wintrust

WTHelperGetProvSignerFromChain
WinVerifyTrust
WTHelperProvDataFromStateData

Sections

.text
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17.7MB - Virtual size: 17.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9162049698b1e1fe97141761334e7434

Code Sign

61:08:77:5f:00:00:00:00:00:4aCertificate

Extended Key Usages

Key Usages

61:03:dc:f6:00:00:00:00:00:0cCertificate

Extended Key Usages

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

61:15:08:27:00:00:00:00:00:0cCertificate

Extended Key Usages

Key Usages

ea:01:ba:2e:f5:11:31:66:6a:10:ca:7e:b3:bf:10:b7:8f:8c:94:33Signer

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

msvcrt

comctl32

ntdll

ole32

oleaut32

shell32

version

shlwapi

uxtheme

crypt32

wintrust

Sections

.text Size: 116KB - Virtual size: 115KB

.data Size: 3KB - Virtual size: 41KB

.rsrc Size: 17.7MB - Virtual size: 17.7MB

.reloc Size: 6KB - Virtual size: 6KB

61:08:77:5f:00:00:00:00:00:4a
Certificate

61:03:dc:f6:00:00:00:00:00:0c
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

61:15:08:27:00:00:00:00:00:0c
Certificate

ea:01:ba:2e:f5:11:31:66:6a:10:ca:7e:b3:bf:10:b7:8f:8c:94:33
Signer

.text
Size: 116KB - Virtual size: 115KB

.data
Size: 3KB - Virtual size: 41KB

.rsrc
Size: 17.7MB - Virtual size: 17.7MB

.reloc
Size: 6KB - Virtual size: 6KB