NA_NA_208cf42e2b403cexeexe_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NA_NA_208cf42e2b403cexeexe_JC.exe
Size

18.2MB
MD5

208cf42e2b403c99bab262e99b363e70
SHA1

f091c8f24dd43bd8c9f9bf137044b02fe8b80c6a
SHA256

72296de92455ea53ea5ff41b587ae222b8d881b0b9449c157ab05a6645274fa4
SHA512

c7fa6a6a01bbca5a81cda968c97bc755415764bdd3ff0262556b9575b6625ffa4e70c4a760489fc585013ff7806f2127c6657b15a4d33cd499ce6967387d33f9
SSDEEP

393216:sM7Dgbc/WpF6AtS+fCY+hTJsv6tWKFdu9CDnLk:sqGc/WpVS+fCb5no

Score

1^/10

Malware Config

Signatures

Files

NA_NA_208cf42e2b403cexeexe_JC.exe
.exe windows x86

ca668eba05197253f66402a026aa0001

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:b5:a6:68:d5:55:81:14:46:56:d0:31:01:04:7c:e0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/12/2011, 00:00

Not After

17/01/2015, 23:59

Subject

CN=Guillemot Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Research and Development,O=Guillemot Corporation,L=CARENTOIR,ST=NONE,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4e:f4:ea:61:a3:54:b3:8b:52:98:5a:b3:0b:6b:7a:0a:81:3b:ff:b6
Signer

Actual PE Digest

4e:f4:ea:61:a3:54:b3:8b:52:98:5a:b3:0b:6b:7a:0a:81:3b:ff:b6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

midiInMessage
midiOutOpen
midiStreamOpen
midiStreamProperty
midiStreamRestart
midiInOpen
midiInGetNumDevs
waveOutGetDevCapsA
waveOutMessage
waveOutGetNumDevs
midiInGetDevCapsA
waveInGetDevCapsA
waveInMessage
waveInGetNumDevs
midiOutMessage
timeEndPeriod
timeKillEvent
timeGetTime
timeSetEvent
timeBeginPeriod
midiOutGetDevCapsA
midiOutGetNumDevs
midiOutGetErrorTextA
midiInGetErrorTextA
midiInAddBuffer
midiInPrepareHeader
midiInClose
midiInReset
midiInStop
midiInUnprepareHeader
midiStreamPosition
midiStreamClose
midiOutClose
midiStreamStop
midiStreamOut
midiOutLongMsg
midiOutPrepareHeader
midiOutShortMsg
midiOutUnprepareHeader
midiInStart
PlaySoundW

imm32

ImmGetDefaultIMEWnd
ImmReleaseContext
ImmNotifyIME
ImmGetCompositionStringW
ImmAssociateContext
ImmSetCandidateWindow
ImmSetCompositionWindow
ImmSetCompositionFontW
ImmGetContext

ws2_32

WSANtohs
WSAStartup
inet_addr
gethostbyaddr
ntohl
gethostbyname
WSAGetLastError
gethostname
getsockopt
htonl
WSACleanup
WSAIoctl
WSASocketW
setsockopt
getpeername
getsockname
WSAAsyncSelect
WSASend
WSASendTo
bind
WSAConnect
WSAHtons
WSAHtonl
closesocket
WSANtohl
select
__WSAFDIsSet
WSARecv
WSARecvFrom
WSAAccept
listen

kernel32

FreeLibraryAndExitThread
GetModuleHandleW
DeleteFileW
LoadLibraryW
WriteFile
CreateFileW
GetTempPathW
QueryPerformanceCounter
QueryPerformanceFrequency
FindNextFileA
FindFirstFileA
GetSystemPowerStatus
WaitForSingleObject
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetEvent
InitializeCriticalSectionAndSpinCount
CreateEventA
OpenMutexW
CreateMutexW
ReleaseMutex
WaitForMultipleObjects
InitializeCriticalSection
InterlockedCompareExchange
MultiByteToWideChar
WideCharToMultiByte
AreFileApisANSI
UnlockFile
LockFile
LockFileEx
UnlockFileEx
GetTickCount
GetSystemTime
LocalFree
FormatMessageA
FormatMessageW
SetFilePointer
ReadFile
SetEndOfFile
FlushFileBuffers
GetFileSize
GetTempPathA
GetFileAttributesA
DeleteFileA
GetFileAttributesW
GetFileAttributesExW
CreateFileA
GetFullPathNameW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
UnmapViewOfFile
GetSystemInfo
MapViewOfFile
CreateFileMappingW
SetErrorMode
GetLocaleInfoW
GetUserDefaultLangID
GetStartupInfoW
GetVolumeInformationW
GetDriveTypeW
ExpandEnvironmentStringsW
InterlockedDecrement
IsValidLocale
IsValidLanguageGroup
GlobalUnlock
GlobalLock
GlobalAlloc
GetLongPathNameW
lstrcmpW
GlobalSize
GlobalFree
GetProfileStringW
FreeLibrary
lstrlenA
CreateEventW
DisconnectNamedPipe
PeekNamedPipe
ResetEvent
GetOverlappedResult
WaitNamedPipeW
ConnectNamedPipe
CreateNamedPipeW
CompareStringW
GetUserDefaultLCID
GetCommandLineW
GetLocalTime
TlsFree
SwitchToThread
GetCurrentThread
TlsAlloc
TerminateThread
SetThreadPriority
TlsSetValue
ResumeThread
GetThreadPriority
TlsGetValue
CreateThread
DuplicateHandle
ReleaseSemaphore
CreateSemaphoreW
GetModuleFileNameW
OutputDebugStringW
LoadLibraryExW
GetSystemDirectoryW
WaitForSingleObjectEx
GetFileType
SetFilePointerEx
GetLogicalDrives
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
FindClose
FindFirstFileW
GetFileInformationByHandle
CreateDirectoryW
RemoveDirectoryW
CopyFileW
MoveFileW
DeviceIoControl
GetCurrentDirectoryW
SetCurrentDirectoryW
GetDateFormatW
GetTimeFormatW
GetCurrencyFormatW
GetUserDefaultUILanguage
FindCloseChangeNotification
FindFirstChangeNotificationW
FindNextChangeNotification
FindNextFileW
FindFirstFileExW
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetLastError
CloseHandle
LocalAlloc
InterlockedExchange
RaiseException
RtlUnwind
DecodePointer
EncodePointer
GetCommandLineA
HeapSetInformation
HeapFree
HeapAlloc
GetTimeZoneInformation
GetSystemTimeAsFileTime
Sleep
SetThreadExecutionState
GetSystemTimes
CreateProcessW
GetVersionExW
SetUnhandledExceptionFilter
LoadLibraryA
ExitProcess
GetProcAddress
HeapReAlloc
GetProcessHeap
WriteConsoleW
GetStdHandle
ExitThread
GetConsoleCP
GetConsoleMode
SetStdHandle
SetFileAttributesW
InterlockedIncrement
SetLastError
UnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
SetHandleCount
IsProcessorFeaturePresent
FatalAppExitA
SetConsoleCtrlHandler
HeapSize
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapQueryInformation
LCMapStringW
SetEnvironmentVariableW
SetEnvironmentVariableA
GetStringTypeW
GetLocaleInfoA
EnumSystemLocalesA
lstrlenW
GetFullPathNameA

user32

DestroyCursor
SetCursorPos
CreateIconIndirect
CreateCursor
RegisterWindowMessageW
GetKeyboardLayoutList
TranslateMessage
HideCaret
CreateCaret
SetCaretPos
DestroyCaret
GetKeyboardLayout
ToUnicode
ToAscii
MapVirtualKeyW
TrackPopupMenuEx
SetMenuItemInfoW
GetKeyboardState
GetMenu
DrawIconEx
GetIconInfo
RegisterClipboardFormatW
GetAsyncKeyState
ChangeClipboardChain
SetClipboardViewer
LoadIconW
GetClipboardFormatNameW
CharNextExA
GetMessageW
GetQueueStatus
RegisterClassW
DispatchMessageW
MsgWaitForMultipleObjectsEx
SetForegroundWindow
UnhookWindowsHookEx
DestroyIcon
CallNextHookEx
GetClassInfoW
LoadImageW
GetSysColorBrush
RegisterClassExW
GetCursorPos
DefWindowProcW
GetWindowRgn
UnregisterClassW
GetSystemMetrics
SendMessageW
GetDesktopWindow
IsIconic
GetUpdateRect
InvalidateRect
InvalidateRgn
BeginPaint
EndPaint
ClientToScreen
ScreenToClient
SetWindowPos
GetSysColor
SetCapture
WindowFromPoint
GetParent
GetDoubleClickTime
SetDoubleClickTime
SetCaretBlinkTime
PeekMessageW
PostMessageW
GetKeyState
ReleaseCapture
SetCursor
GetCaretBlinkTime
FlashWindowEx
MessageBeep
ReleaseDC
GetDC
GetWindowLongW
SetWindowLongW
GetActiveWindow
IsChild
GetFocus
SetFocus
GetSystemMenu
EnableMenuItem
DestroyWindow
LoadCursorA
RegisterClassExA
CreateWindowExA
SetWindowLongA
ShowWindow
UpdateWindow
DefWindowProcA
GetWindowLongA
PostQuitMessage
SystemParametersInfoW
SetTimer
KillTimer
RegisterDeviceNotificationW
CreateWindowExW
SetParent
ValidateRgn
GetWindowPlacement
GetClientRect
SetWindowPlacement
GetWindowRect
IsWindowVisible
IsZoomed
MoveWindow
SetWindowRgn
SetWindowsHookExW
SetWindowTextW
AdjustWindowRectEx
ClipCursor
ScrollWindowEx

gdi32

GetNearestPaletteIndex
GetPaletteEntries
CreatePalette
CreateCompatibleDC
DeleteDC
GetOutlineTextMetricsW
ExtTextOutW
SetTextAlign
SetBkMode
SetTextColor
GetGlyphOutlineW
SetWorldTransform
SetGraphicsMode
GetTextExtentPoint32W
GetCharABCWidthsFloatW
GetCharABCWidthsI
GetCharABCWidthsW
GetDIBits
CreateDIBSection
GetDeviceCaps
BitBlt
CreateCompatibleBitmap
GdiFlush
SelectClipRgn
ResetDCW
EndDoc
EndPage
AbortDoc
CreateEllipticRgn
GetBkMode
CreatePen
CreateSolidBrush
RestoreDC
StretchBlt
SaveDC
SetPolyFillMode
EndPath
MoveToEx
CloseFigure
LineTo
CombineRgn
OffsetRgn
EnumFontFamiliesExW
GetTextMetricsW
GetTextFaceW
CreateFontIndirectW
SelectObject
SelectClipPath
StartDocW
CreateDCW
GetFontData
PtInRegion
DeleteObject
SelectPalette
RealizePalette
GetStockObject
CreateRectRgn
StartPage
GetRegionData
CreateBitmap
PolyBezierTo
BeginPath
FillPath
StrokePath
ExtCreatePen
GetObjectW

winspool.drv

OpenPrinterW
GetPrinterW
DeviceCapabilitiesW
EnumPrintersW
EnumFormsW
ClosePrinter

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExW
RegFlushKey
RegSetValueExW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW
GetTokenInformation
GetLengthSid
CopySid
FreeSid
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
OpenProcessToken

shell32

SHFileOperationW
SHGetFolderPathA
ShellExecuteW
SHGetFileInfoW

ole32

OleInitialize
CoCreateGuid
StringFromGUID2
OleUninitialize
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
CoInitialize
ReleaseStgMedium
CoTaskMemFree
CoCreateInstance
OleGetClipboard
OleSetClipboard
OleFlushClipboard
OleIsCurrentClipboard
CoGetMalloc
CoUninitialize
DoDragDrop

oleaut32

CreateErrorInfo
VariantClear
VariantChangeType
GetErrorInfo
VariantInit
SysAllocStringLen
SysFreeString
SysStringLen
SysAllocString
SetErrorInfo

Exports

Exports

?CreateInstance@CtONaRT_If@@SAHAAPAV1@HHM@Z
?DestroyInstance@CtONaRT_If@@SAHAAPAV1@@Z

Sections

.text
Size: 12.2MB - Virtual size: 12.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5.1MB - Virtual size: 5.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 73KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 365KB - Virtual size: 365KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 536KB - Virtual size: 536KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ca668eba05197253f66402a026aa0001

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

1a:b5:a6:68:d5:55:81:14:46:56:d0:31:01:04:7c:e0Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

4e:f4:ea:61:a3:54:b3:8b:52:98:5a:b3:0b:6b:7a:0a:81:3b:ff:b6Signer

Headers

DLL Characteristics

File Characteristics

Imports

winmm

imm32

ws2_32

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 12.2MB - Virtual size: 12.2MB

.rdata Size: 5.1MB - Virtual size: 5.1MB

.data Size: 73KB - Virtual size: 109KB

.rsrc Size: 365KB - Virtual size: 365KB

.reloc Size: 536KB - Virtual size: 536KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

1a:b5:a6:68:d5:55:81:14:46:56:d0:31:01:04:7c:e0
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

4e:f4:ea:61:a3:54:b3:8b:52:98:5a:b3:0b:6b:7a:0a:81:3b:ff:b6
Signer

.text
Size: 12.2MB - Virtual size: 12.2MB

.rdata
Size: 5.1MB - Virtual size: 5.1MB

.data
Size: 73KB - Virtual size: 109KB

.rsrc
Size: 365KB - Virtual size: 365KB

.reloc
Size: 536KB - Virtual size: 536KB