peerblock[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

peerblock.exe
Size

1.8MB
MD5

96755f31ceb74885f69a2132fce91f99
SHA1

73617783d2b26381f721c1db1e30bb4e2e2e5cc4
SHA256

346ae8ba802e6c68f0fc5b5101a9965faab9543ece25676da5e5f404c62df025
SHA512

c12192654978ba8dff759859c0735a8b966b5ba18297fe498af53eb4b2cedda289478efbc5e3f264795cd87fd312184bf5debc07ee29d774914c7741fd356cf4
SSDEEP

49152:WewLZbe7W6M/2/zazWM1dR+WTiMPPNWoy:9wLZbe7W6M/27wWM1dXe

Score

1^/10

Malware Config

Signatures

Files

peerblock.exe
.exe windows:5 windows x86

cae0c8293255cfe55bbf9f1216054600

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:2b:41:c4:8d:af
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

24/09/2010, 02:59

Not After

25/10/2011, 02:59

Subject

CN=PeerBlock\, LLC,O=PeerBlock\, LLC,L=Dix Hills,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:00

Not After

23/05/2016, 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8a:59:f8:b0:63:30:1c:df:6b:8f:95:31:31:cc:e1:bf:ce:21:fc:3f
Signer

Actual PE Digest

8a:59:f8:b0:63:30:1c:df:6b:8f:95:31:31:cc:e1:bf:ce:21:fc:3f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

CreatePropertySheetPageW
PropertySheetW
InitCommonControlsEx

ws2_32

inet_addr
getservbyport
getservbyname
gethostbyaddr
gethostbyname
ioctlsocket
listen
accept
__WSAFDIsSet
WSASetLastError
send
connect
WSAGetLastError
ntohs
getsockname
setsockopt
recv
bind
socket
getsockopt
closesocket
ntohl
WSAAddressToStringW
htonl
select
WSAStartup
WSACleanup
htons
inet_ntoa

dnsapi

DnsQueryConfig

iphlpapi

GetAdaptersInfo
GetInterfaceInfo

shlwapi

PathIsSameRootW
PathAppendW
PathFileExistsW
PathIsURLW
PathRemoveBackslashW
PathRelativePathToW
PathIsRelativeW
PathAddBackslashW

kernel32

GetLastError
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
CreateFileW
GetFileSize
CloseHandle
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CopyFileW
DeleteFileW
MoveFileExW
SearchPathW
Sleep
DeviceIoControl
CancelIo
GetOverlappedResult
LoadLibraryW
GetProcAddress
VirtualProtect
WriteProcessMemory
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
TryEnterCriticalSection
GetLocalTime
CreateDirectoryW
GlobalAlloc
GlobalLock
GlobalUnlock
GetFileTime
ResumeThread
SetThreadPriority
InitializeCriticalSection
DeleteCriticalSection
GetTickCount
SetProcessWorkingSetSize
InterlockedCompareExchange
GetVersionExW
GetSystemInfo
OpenMutexW
CreateMutexW
SetUnhandledExceptionFilter
CreateEventW
CreateThread
SetEvent
WaitForSingleObject
WaitForMultipleObjects
ResetEvent
FreeResource
MulDiv
ReleaseMutex
FormatMessageW
SleepEx
SetLastError
ExpandEnvironmentStringsA
FreeLibrary
GetSystemDirectoryA
LoadLibraryA
GetFullPathNameW
GetFullPathNameA
CreateFileA
LockResource
SetEndOfFile
QueryPerformanceCounter
UnlockFile
LockFile
GetSystemTimeAsFileTime
WriteFile
GetFileAttributesA
GetFileAttributesW
ReadFile
FlushFileBuffers
LocalFree
LockFileEx
GetDiskFreeSpaceW
GetDiskFreeSpaceA
GetVersionExA
GetTempPathA
GetSystemTime
AreFileApisANSI
DeleteFileA
SetStdHandle
GetConsoleMode
GetConsoleCP
GetStartupInfoA
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetOEMCP
GetACP
ExitProcess
HeapSize
VirtualAlloc
VirtualFree
HeapCreate
GetModuleFileNameA
GetStdHandle
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
CompareStringW
CompareStringA
GetDateFormatA
GetTimeFormatA
GetStringTypeW
LCMapStringW
LCMapStringA
RtlUnwind
RaiseException
FindFirstFileA
GetDriveTypeA
GetFileType
PeekNamedPipe
GetFileInformationByHandle
HeapReAlloc
GetStartupInfoW
GetCPInfo
FindFirstFileW
GetDriveTypeW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetProcessHeap
FindClose
ExitThread
HeapAlloc
HeapFree
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetLocaleInfoA
InterlockedExchange
LoadResource
SizeofResource
FindResourceW
GetModuleHandleW
GetTimeZoneInformation
GetCurrentDirectoryA
GetStringTypeA
GetCommandLineW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
FormatMessageA
GetTempPathW
InterlockedDecrement
GetModuleHandleA
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
SetEnvironmentVariableA
SetEnvironmentVariableW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetFilePointer

user32

RegisterWindowMessageW
PostQuitMessage
KillTimer
GetSystemMetrics
SetTimer
AnimateWindow
InsertMenuItemW
PostMessageW
WindowFromPoint
GetAncestor
GetCursorPos
CheckMenuItem
SendNotifyMessageW
GetMessageW
TranslateMessage
DispatchMessageW
GetDlgItemInt
SetDlgItemInt
GetDC
ReleaseDC
GetDesktopWindow
CheckRadioButton
SystemParametersInfoW
IsWindowVisible
LoadImageW
DestroyWindow
SetDlgItemTextA
SendMessageW
LoadIconW
EndDialog
GetParent
LoadStringW
EnableWindow
GetWindowTextLengthW
GetDlgItem
SetDlgItemTextW
GetWindowLongW
IsDlgButtonChecked
GetWindowTextW
SetWindowLongW
CheckDlgButton
InsertMenuW
GetSubMenu
LoadMenuW
SetWindowTextW
DestroyMenu
TrackPopupMenuEx
SetForegroundWindow
AppendMenuW
CreatePopupMenu
SetClipboardData
EmptyClipboard
OpenClipboard
CreateDialogParamW
CreateWindowExW
ShowWindow
CallWindowProcW
SendDlgItemMessageW
GetDlgItemTextW
GetMenu
MoveWindow
SetFocus
MapDialogRect
SetWindowPos
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
GetWindowRect
MessageBoxW
DialogBoxParamW
RegisterClassW
LoadCursorW
DefWindowProcW
EndPaint
FillRect
BeginPaint
GetClientRect
GetDlgCtrlID
InvalidateRect
CloseClipboard

gdi32

DeleteObject
GetStockObject
CreateFontIndirectW
GetDeviceCaps
CreateSolidBrush

comdlg32

GetOpenFileNameW
ChooseColorW
GetSaveFileNameW

advapi32

OpenSCManagerW
RegQueryValueExW
RegCloseKey
RegDeleteValueW
RegSetValueExW
RegOpenKeyExW
StartServiceW
DeleteService
ControlService
QueryServiceStatus
QueryServiceConfigW
CloseServiceHandle
OpenServiceW
CreateServiceW

shell32

SHGetPathFromIDListW
ord155
SHBrowseForFolderW
ord680
ShellExecuteW
Shell_NotifyIconW

ole32

CreateStreamOnHGlobal
CoInitializeEx

oleaut32

OleLoadPicture

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 297KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cae0c8293255cfe55bbf9f1216054600

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4eCertificate

Key Usages

04:00:00:00:00:01:20:19:c1:90:66Certificate

Key Usages

01:00:00:00:00:01:25:b0:b4:cc:01Certificate

Extended Key Usages

Key Usages

01:00:00:00:00:01:2b:41:c4:8d:afCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:1e:44:a5:ec:beCertificate

Key Usages

61:0b:7f:6b:00:00:00:00:00:19Certificate

Key Usages

8a:59:f8:b0:63:30:1c:df:6b:8f:95:31:31:cc:e1:bf:ce:21:fc:3fSigner

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

ws2_32

dnsapi

iphlpapi

shlwapi

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 297KB - Virtual size: 296KB

.data Size: 17KB - Virtual size: 35KB

.rsrc Size: 86KB - Virtual size: 85KB

.reloc Size: 68KB - Virtual size: 68KB

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

04:00:00:00:00:01:20:19:c1:90:66
Certificate

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

01:00:00:00:00:01:2b:41:c4:8d:af
Certificate

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

61:0b:7f:6b:00:00:00:00:00:19
Certificate

8a:59:f8:b0:63:30:1c:df:6b:8f:95:31:31:cc:e1:bf:ce:21:fc:3f
Signer

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 297KB - Virtual size: 296KB

.data
Size: 17KB - Virtual size: 35KB

.rsrc
Size: 86KB - Virtual size: 85KB

.reloc
Size: 68KB - Virtual size: 68KB