489cd01384280dd81eea309cf7661db8cb24c93938aef458494dce7123e4fefd[.]exe[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

489cd01384280dd81eea309cf7661db8cb24c93938aef458494dce7123e4fefd.exe.zip
Size

64.4MB
MD5

166fcaf8b024d077bb0de31240b4fc42
SHA1

10ce559f537dd54aae2944bebfce201301885c95
SHA256

c03c11df410165bfdf84b35c979bc5e42af11e3642b33b7ae1d9a94bd8cc0fef
SHA512

9e98da3012750907349ad550fbbfe279fa8e6cc4997d6bd0f26bd328925143947000464ea7063a7d37357e838d9ef9ca3a0afd3a57f291e0c2c6542f25376641
SSDEEP

1572864:5j0tnm/5wFUSdu6Zf4UW7xkU2OSYBBgqN/t7:5wMqPduafUK4xNh

Score

1^/10

Malware Config

Signatures

Files

489cd01384280dd81eea309cf7661db8cb24c93938aef458494dce7123e4fefd.exe.zip
.zip

Password: infected
489cd01384280dd81eea309cf7661db8cb24c93938aef458494dce7123e4fefd.exe
.exe windows:4 windows x86

4ce17a7d7115c902390c0ef9deb890aa

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3f:43:86:05:76:7e:cb:f2:76:d6:a7:b6:f4:da:88:1b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

24/02/2009, 00:00

Not After

15/04/2012, 23:59

Subject

CN=Freedom Scientific Inc,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=BLV,O=Freedom Scientific Inc,L=St Petersburg,ST=Florida,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c0:98:d3:a0:9a:45:56:26:90:38:19:63:49:c6:44:c4:a7:6e:b6:67
Signer

Actual PE Digest

c0:98:d3:a0:9a:45:56:26:90:38:19:63:49:c6:44:c4:a7:6e:b6:67

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetWindowThreadProcessId
UnhookWindowsHookEx
SetCursor
LoadCursorA
GetDlgItemTextA
EndDialog
keybd_event
LoadIconA
SendMessageA
SetWindowTextA
SetDlgItemTextA
DialogBoxParamA
ChangeDisplaySettingsExA
GetWindowRect
GetSystemMetrics
MoveWindow
LoadStringA
wvsprintfA
EnumDisplayDevicesA
RegisterWindowMessageA
FindWindowA
SetWindowsHookExA
GetKeyState
CallNextHookEx
GetWindowTextA
GetDlgItem
LoadBitmapA
SendDlgItemMessageA
EnumDisplaySettingsA
RegisterClassExA
CreateWindowExA
AttachThreadInput
GetForegroundWindow
SetForegroundWindow
SystemParametersInfoA
DefWindowProcA
ExitWindowsEx
DestroyWindow
UnregisterClassA
MessageBoxA
PostMessageA

shlwapi

PathUnquoteSpacesA
wvnsprintfA
PathRemoveFileSpecA
PathRemoveBlanksA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

msi

ord31
ord204
ord67
ord159
ord117
ord8
ord91
ord160

kernel32

FindResourceA
LocalFree
FormatMessageA
WriteFile
CreateFileA
SizeofResource
LockResource
LoadResource
GetPrivateProfileStringA
GetExitCodeProcess
WaitForSingleObject
GetModuleFileNameA
SetCurrentDirectoryA
GetCurrentDirectoryA
InterlockedDecrement
GetLongPathNameA
GetTempPathA
GetCurrentThreadId
CopyFileA
CreateMutexA
GetTickCount
GetModuleHandleA
GetPrivateProfileIntA
GetPrivateProfileSectionA
OpenProcess
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoA
RtlUnwind
GetFileAttributesA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
ExitThread
ResumeThread
GetWindowsDirectoryA
ExitProcess
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThread
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringA
MultiByteToWideChar
LCMapStringW
Sleep
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
GetStringTypeA
GetStringTypeW
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapSize
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
GetSystemDirectoryA
CloseHandle
DeleteFileA
GetProcAddress
SetErrorMode
LoadLibraryA
GetLastError
FreeLibrary
GetVersionExA
GetLocalTime
LocalAlloc
CreateThread

gdi32

DeleteDC
CreateDCA
CreateSolidBrush
ExtEscape

advapi32

OpenThreadToken
DuplicateToken
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
IsValidSecurityDescriptor
AccessCheck
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegDeleteValueA
RegCreateKeyA
RegFlushKey
RegSetValueExA
RegCloseKey
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
FreeSid
CheckTokenMembership
AllocateAndInitializeSid

shell32

ShellExecuteExA

winmm

PlaySoundA

Sections

.text
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68.3MB - Virtual size: 68.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

4ce17a7d7115c902390c0ef9deb890aa

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

3f:43:86:05:76:7e:cb:f2:76:d6:a7:b6:f4:da:88:1bCertificate

Extended Key Usages

Key Usages

c0:98:d3:a0:9a:45:56:26:90:38:19:63:49:c6:44:c4:a7:6e:b6:67Signer

Headers

File Characteristics

Imports

user32

shlwapi

version

msi

kernel32

gdi32

advapi32

shell32

winmm

Sections

.text Size: 99KB - Virtual size: 99KB

.rdata Size: 29KB - Virtual size: 28KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 68.3MB - Virtual size: 68.3MB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

3f:43:86:05:76:7e:cb:f2:76:d6:a7:b6:f4:da:88:1b
Certificate

c0:98:d3:a0:9a:45:56:26:90:38:19:63:49:c6:44:c4:a7:6e:b6:67
Signer

.text
Size: 99KB - Virtual size: 99KB

.rdata
Size: 29KB - Virtual size: 28KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 68.3MB - Virtual size: 68.3MB