launcher[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

launcher.exe
Size

398KB
MD5

14bf9b98c672ef88f6e8a0df6defb0d6
SHA1

2cfd34d954e0b60c78521b3920e0a83021428939
SHA256

2a20576672c51e52c3b1388dd75311ec668ef69d1da2510c21589a8735559ddd
SHA512

3f3ea1dd8808a14f6618fb802bb58b8d4d94c9de9830239927f057f946f1a2f7cc2e2cee16b80395cb463aba545e2e3d943f647591c1d93d35508302725571aa
SSDEEP

6144:nqUfFNfQJ0pNMSGEazp180SQrCiBYnSEYVavaaRjTj8xfOnvO5roQ:qUfzfm07MXSKjYnSejRjTjpnJQ

Score

1^/10

Malware Config

Signatures

Files

launcher.exe
.exe windows x86

00fdfd8157328443a6f0299bb8eac498

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:99:45:31:fd:f1:b2:eb:b8:c7:82:1b:f6:50:fd:cf
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

18/12/2008, 00:00

Not After

18/12/2011, 23:59

Subject

CN=Hewlett-Packard Company,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Hewlett-Packard Company,O=Hewlett-Packard Company,L=Palo Alto,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b6:c7:cc:49:e9:33:66:4c:9c:32:c8:3d:b7:e1:67:aa:e2:8e:4c:79
Signer

Actual PE Digest

b6:c7:cc:49:e9:33:66:4c:9c:32:c8:3d:b7:e1:67:aa:e2:8e:4c:79

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FlushFileBuffers
GetLocalTime
SetEndOfFile
GetUserDefaultLangID
WaitForSingleObject
CreateThread
IsBadReadPtr
GetCurrentProcessId
SetUnhandledExceptionFilter
ReadFile
GetCommandLineW
LocalFree
SetEvent
InterlockedDecrement
FreeLibrary
GetSystemDefaultLangID
CompareStringA
GetModuleHandleA
GetModuleFileNameA
GetWindowsDirectoryA
GetSystemDirectoryA
LoadLibraryA
GetLastError
GetThreadLocale
FindClose
GlobalHandle
GlobalFree
SetFilePointer
CloseHandle
WriteFile
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
SizeofResource
MulDiv
GetProcessHeap
HeapFree
SetLastError
lstrlenA
LoadResource
LockResource
GlobalAlloc
GlobalUnlock
GlobalLock
GetLocaleInfoA
LocalAlloc
GetACP
InterlockedIncrement
HeapSize
GetOEMCP
SetStdHandle
GetStringTypeA
IsBadCodePtr
LCMapStringA
InterlockedExchange
HeapReAlloc
OutputDebugStringA
DebugBreak
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetCommandLineA
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
TerminateProcess
HeapValidate
IsBadWritePtr
RtlUnwind
ExitProcess
GetVersionExA

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

gdi32

SetMapMode
GetStockObject
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
DeleteDC
GetDeviceCaps
SetTextColor
CreateSolidBrush
DeleteObject
SetBkMode
CreatePen
SelectObject
MoveToEx
LineTo

comctl32

InitCommonControlsEx

xmlparse

XML_Parse
XML_ParserFree
XML_ParserCreate
XML_SetElementHandler
XML_SetUserData

gdiplus

GdipDisposeImage
GdipCloneImage
GdipGetImageDimension
GdiplusShutdown
GdiplusStartup
GdipSetSolidFillColor
GdipCreateLineBrushFromRectI
GdipSetPenColor
GdipSetSmoothingMode
GdipDrawLineI
GdipDrawPolygonI
GdipFillPolygonI
GdipGetCellAscent
GdipGetLineSpacing
GdipGetFontHeight
GdipLoadImageFromFileICM
GdipDrawImageRectRectI
GdipMeasureString
GdipDrawRectangleI
GdipSetTextRenderingHint
GdipDeletePen
GdipCreatePen1
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipDeleteFont
GdipCreateFont
GdipIsStyleAvailable
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDrawString
GdipFillRectangleI
GdipDeleteGraphics
GdipCreateFromHDC
GdipSetStringFormatHotkeyPrefix
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipDeleteStringFormat
GdipCreateStringFormat
GdipAlloc
GdipFree
GdipCloneBrush
GdipCreateSolidFill
GdipLoadImageFromFile
GdipDeleteBrush

Sections

.text
Size: 256KB - Virtual size: 253KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.HPCUE
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

00fdfd8157328443a6f0299bb8eac498

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

08:99:45:31:fd:f1:b2:eb:b8:c7:82:1b:f6:50:fd:cfCertificate

Extended Key Usages

Key Usages

b6:c7:cc:49:e9:33:66:4c:9c:32:c8:3d:b7:e1:67:aa:e2:8e:4c:79Signer

Headers

File Characteristics

Imports

kernel32

advapi32

gdi32

comctl32

xmlparse

gdiplus

Sections

.text Size: 256KB - Virtual size: 253KB

.rdata Size: 72KB - Virtual size: 69KB

.data Size: 8KB - Virtual size: 11KB

.HPCUE Size: 4KB - Virtual size: 4B

.rsrc Size: 48KB - Virtual size: 46KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

08:99:45:31:fd:f1:b2:eb:b8:c7:82:1b:f6:50:fd:cf
Certificate

b6:c7:cc:49:e9:33:66:4c:9c:32:c8:3d:b7:e1:67:aa:e2:8e:4c:79
Signer

.text
Size: 256KB - Virtual size: 253KB

.rdata
Size: 72KB - Virtual size: 69KB

.data
Size: 8KB - Virtual size: 11KB

.HPCUE
Size: 4KB - Virtual size: 4B

.rsrc
Size: 48KB - Virtual size: 46KB