646c1ed2a1fa595bcca229e8e014fa9f0f53783c54dba38a2afa89bd9661ca65

Sharing

Copy URL Twitter E-mail

General

Target

646c1ed2a1fa595bcca229e8e014fa9f0f53783c54dba38a2afa89bd9661ca65
Size

667KB
MD5

13674b1a31091761bb1b2c4aaac510dc
SHA1

f7e10ca82665d5fc8f3384fdfb75fbc16f0d0914
SHA256

646c1ed2a1fa595bcca229e8e014fa9f0f53783c54dba38a2afa89bd9661ca65
SHA512

36d57de0eaf8fdcf434f2bef02fcc30126d8db70ba83991cf07faf44abf961de546c2d261afee26a56100a01257554a6658ec4712bfae869d0aa919a0cedf053
SSDEEP

12288:Gypq0S+h33GAI3GABttahvwcU2xjZOeFgbEPNRFVJSu:GypJnIta1/ZOeFgbEPNTVcu

Score

1^/10

Malware Config

Signatures

Files

646c1ed2a1fa595bcca229e8e014fa9f0f53783c54dba38a2afa89bd9661ca65
.exe windows x86

f5294797d4ccaaafeec8de86dbe46fea

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:ab:dc:40:57:ff:b3:d2:b4:61:cf:e8:5a:3f:58:0f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

26/03/2007, 00:00

Not After

25/03/2010, 23:59

Subject

CN=Sony Ericsson Mobile Communication,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=PCSW,O=Sony Ericsson Mobile Communication,ST=Skane,C=SE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

9a:e0:6b:d9:cd:7c:3d:14:12:fb:df:08:e3:5c:4f:e2:09:5a:93:c2
Signer

Actual PE Digest

9a:e0:6b:d9:cd:7c:3d:14:12:fb:df:08:e3:5c:4f:e2:09:5a:93:c2

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdipGetImageWidth
GdipFree
GdipCreateBitmapFromFile
GdipBitmapLockBits
GdipGetImageHeight
GdipAlloc
GdipDisposeImage
GdipCloneImage

kernel32

GetLocaleInfoW
SetThreadLocale
lstrlenW
InterlockedExchange
GetTempPathW
FreeLibrary
GetVersionExW
GetModuleFileNameW
GetCommandLineW
SetCurrentDirectoryW
Sleep
GetCurrentProcess
FlushInstructionCache
SetLastError
RaiseException
DeleteAtom
lstrcpynW
AddAtomW
GetAtomNameW
WideCharToMultiByte
lstrlenA
MultiByteToWideChar
GetModuleFileNameA
CreateFileA
GetFileTime
FileTimeToSystemTime
GetDateFormatA
GetTimeFormatA
CreateFileW
WriteFile
lstrcmpiW
CopyFileW
GetLastError
SetFileAttributesW
MoveFileExW
CreateDirectoryW
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
Thread32Next
Process32FirstW
Process32NextW
lstrcpyA
lstrcpynA
lstrcatA
GetTempFileNameW
DeleteFileW
FindResourceExW
SizeofResource
LoadResource
LockResource
DeviceIoControl
SetFilePointerEx
ReadFile
SystemTimeToFileTime
LocalFileTimeToFileTime
GetThreadLocale
lstrcatW
SetFileTime
UnmapViewOfFile
GetFileSize
GetPrivateProfileStringW
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapReAlloc
HeapCreate
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
ExitProcess
HeapSize
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStdHandle
GetStartupInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
QueryPerformanceCounter
LoadLibraryA
LocalAlloc
EnumSystemLocalesW
FindClose
RtlUnwind
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
FindNextFileW
GetFileAttributesW
lstrcpyW
lstrcmpW
FindFirstFileW
GetModuleHandleW
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetProcAddress
LoadLibraryW
GetTickCount
WaitForSingleObject
ResumeThread
CreateThread
InterlockedDecrement
InterlockedIncrement
CloseHandle
SetEvent
CreateEventW
GetStringTypeA
GetStringTypeW
GetCurrentDirectoryW
GetSystemTimeAsFileTime

user32

wvsprintfA
SetWindowLongA
CallWindowProcA
CallWindowProcW
ScreenToClient
GetCursorPos
DefWindowProcA
IsWindowUnicode
InvalidateRect
wsprintfA
GetWindowTextLengthW
SetCursor
FindWindowA
SystemParametersInfoW
IsWindowVisible
IsIconic
GetDesktopWindow
GetParent
GetDlgCtrlID
UnregisterClassA
DialogBoxParamW
MoveWindow
GetSystemMetrics
LoadImageW
SetForegroundWindow
GetWindowThreadProcessId
GetClassNameW
EnumWindows
SendDlgItemMessageW
SetWindowPos
GetSysColor
SetDlgItemTextW
PostQuitMessage
UpdateWindow
SendNotifyMessageW
GetAsyncKeyState
FlashWindow
GetWindowTextW
GetActiveWindow
wsprintfW
LoadStringW
UpdateLayeredWindow
LoadCursorW
RegisterClassExW
MapWindowPoints
GetWindowRect
DefWindowProcW
SetTimer
ReleaseDC
GetDC
GetClientRect
EndPaint
BeginPaint
CreateWindowExW
RegisterWindowMessageW
GetWindowLongW
SetWindowLongW
DispatchMessageW
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjects
ShowWindow
EndDialog
GetDlgItem
DestroyWindow
CreateDialogParamW
SetWindowTextW
EnableWindow
SendMessageW
PtInRect

gdi32

CreateSolidBrush
BitBlt
GetTextColor
SetTextColor
SetBkMode
SetBkColor
CreateFontIndirectW
GetCurrentPositionEx
GetDeviceCaps
SaveDC
CreateDIBSection
GetTextExtentPoint32W
TextOutW
RestoreDC
OffsetWindowOrgEx
CreateRectRgnIndirect
OffsetRgn
SelectClipRgn
SetWindowOrgEx
GetLayout
GetStockObject
GetObjectW
DeleteDC
DeleteObject
SelectObject
GetCurrentObject
CreateCompatibleDC

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyW

shell32

SHFileOperationW
ShellExecuteW
CommandLineToArgvW
ShellExecuteExW

ole32

CoInitialize
CoUninitialize

shlwapi

PathFindFileNameA
PathFindExtensionW
PathRemoveFileSpecW
PathAppendW
PathRemoveExtensionW
PathAddExtensionW
PathGetDriveNumberW
PathRemoveBackslashW
PathAddBackslashW
StrToIntExW
PathFindFileNameW

comctl32

InitCommonControlsEx

msimg32

AlphaBlend

Sections

.text
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 518KB - Virtual size: 518KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f5294797d4ccaaafeec8de86dbe46fea

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

54:ab:dc:40:57:ff:b3:d2:b4:61:cf:e8:5a:3f:58:0fCertificate

Extended Key Usages

Key Usages

9a:e0:6b:d9:cd:7c:3d:14:12:fb:df:08:e3:5c:4f:e2:09:5a:93:c2Signer

Headers

DLL Characteristics

File Characteristics

Imports

gdiplus

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

comctl32

msimg32

Sections

.text Size: 94KB - Virtual size: 94KB

.rdata Size: 34KB - Virtual size: 34KB

.data Size: 5KB - Virtual size: 10KB

.rsrc Size: 518KB - Virtual size: 518KB

.reloc Size: 11KB - Virtual size: 11KB

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

54:ab:dc:40:57:ff:b3:d2:b4:61:cf:e8:5a:3f:58:0f
Certificate

9a:e0:6b:d9:cd:7c:3d:14:12:fb:df:08:e3:5c:4f:e2:09:5a:93:c2
Signer

.text
Size: 94KB - Virtual size: 94KB

.rdata
Size: 34KB - Virtual size: 34KB

.data
Size: 5KB - Virtual size: 10KB

.rsrc
Size: 518KB - Virtual size: 518KB

.reloc
Size: 11KB - Virtual size: 11KB