6faca2bc5bdc62cb6e430c7c46689348

Sharing

Copy URL Twitter E-mail

General

Target

6faca2bc5bdc62cb6e430c7c46689348
Size

6.5MB
MD5

6faca2bc5bdc62cb6e430c7c46689348
SHA1

737c8bf42a2a36251886bd5f33257b6b84bd82a2
SHA256

3d694c42b060cf3a570c8bf3d54cd2ffb9856d624c2ff56928c669ef65d7725b
SHA512

108f05f59b8ef8891b66f7fc092cbe2ca6add4f0ccd6e74d1d114b9c0e2cd50175f76e04af0bc1153707ade1af53003d2d0b02dc7db11c71e1f71e733ea932c8
SSDEEP

196608:rYT5CSb4lAUZ/wesQnR/dcKj7uRZOZMBAOC+uhC+uwT:r8CjhZ/5sQPj7uRZO+BADgwT

Score

1^/10

Malware Config

Signatures

Files

6faca2bc5bdc62cb6e430c7c46689348
.exe windows:5 windows x86 arch:x86

cca3c86e099f014405edc3f41060689f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1e:70:a1:73:a8:67:73:3d:42:ab:11:6a:23:44:6a:cd
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

24/02/2012, 00:00

Not After

23/03/2014, 23:59

Subject

CN=Araxis Ltd,OU=SECURE APPLICATION DEVELOPMENT,O=Araxis Ltd,L=Douglas,ST=Isle of Man,C=IM

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0c:06:8b:b4:fe:12:cb:3a:39:27:d0:42:e4:a3:7f:d1:f5:96:f5:4b
Signer

Actual PE Digest

0c:06:8b:b4:fe:12:cb:3a:39:27:d0:42:e4:a3:7f:d1:f5:96:f5:4b

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

dbghelp

MiniDumpWriteDump

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetCompositionStringW
ImmGetContext
ImmGetOpenStatus

crypt32

CryptUnprotectData
CryptProtectData

vcomp100

_vcomp_set_num_threads
_vcomp_fork
_vcomp_barrier
_vcomp_for_static_simple_init
_vcomp_for_static_end

kernel32

IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetStringTypeW
UnhandledExceptionFilter
CreateFileA
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetProcessHeap
SetEnvironmentVariableA
IsProcessorFeaturePresent
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetStdHandle
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameW
lstrlenW
GetLastError
InitializeCriticalSectionAndSpinCount
GetFileType
SizeofResource
LockResource
LoadResource
FindResourceW
HeapAlloc
HeapCreate
GetTempPathW
GetTempFileNameW
CreateFileW
WriteFile
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
CloseHandle
HeapDestroy
TerminateProcess
SetUnhandledExceptionFilter
SetLastError
SetFilePointer
WideCharToMultiByte
ReadFile
LoadLibraryW
FreeLibrary
FormatMessageW
LocalFree
GetProcAddress
GetModuleHandleW
InterlockedCompareExchange
GetStringTypeExA
SetStdHandle
HeapSize
HeapQueryInformation
GetSystemTimeAsFileTime
HeapReAlloc
RtlUnwind
GetConsoleMode
GetConsoleCP
WriteConsoleW
CreateThread
ExitThread
VirtualQuery
GetSystemInfo
VirtualAlloc
SetConsoleCtrlHandler
DecodePointer
EncodePointer
HeapFree
GetStartupInfoW
HeapSetInformation
GetCommandLineW
LoadLibraryA
ExpandEnvironmentStringsA
SearchPathW
SetErrorMode
GetWindowsDirectoryW
GetFileSizeEx
LocalFileTimeToFileTime
GetFileAttributesExW
GetVolumeInformationW
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
MoveFileW
LCMapStringA
DeleteFileA
GetFileAttributesA
lstrcmpiW
GetStringTypeExW
RaiseException
MultiByteToWideChar
LoadLibraryExW
GlobalAlloc
lstrcpyW
GetSystemDirectoryW
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
TlsGetValue
LocalAlloc
VirtualProtect
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
lstrcmpA
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
CompareStringA
InterlockedExchange
lstrlenA
GetProfileIntW
SuspendThread
SetThreadPriority
GetDiskFreeSpaceW
GetFullPathNameW
GetFileTime
SetFileTime
ReplaceFileW
ReleaseActCtx
CreateActCtxW
GlobalFindAtomW
CompareStringW
lstrcmpW
FreeResource
CopyFileW
QueryPerformanceFrequency
QueryPerformanceCounter
GetCurrentDirectoryW
GetExitCodeProcess
CreateProcessW
GetFileSize
GetLocalTime
IsDBCSLeadByteEx
GetFileAttributesW
FindNextFileW
GetUserDefaultLangID
ResumeThread
GetNumberFormatW
GlobalGetAtomNameW
GlobalDeleteAtom
GlobalAddAtomW
GetTimeFormatW
GetTimeZoneInformation
FileTimeToLocalFileTime
SystemTimeToFileTime
GetCurrentThread
DuplicateHandle
GlobalLock
GetThreadLocale
GetVersionExW
Sleep
GetLongPathNameW
FindResourceExW
GetShortPathNameW
GetTickCount
ExitProcess
ActivateActCtx
DeactivateActCtx
GetUserDefaultLCID
EnumSystemLocalesW
EnumSystemCodePagesW
GetModuleFileNameA
GetLocaleInfoW
GetDateFormatW
FileTimeToSystemTime
FindClose
FindFirstFileW
ExpandEnvironmentStringsW
ReleaseMutex
CreateMutexW
ResetEvent
WaitForSingleObject
SetEvent
WaitForMultipleObjects
ReleaseSemaphore
InitializeCriticalSection
CreateEventW
CreateSemaphoreW
MulDiv
DeleteFileW
Beep
GlobalReAlloc
GlobalSize
GlobalFree
GlobalUnlock

user32

SetClassLongW
DestroyAcceleratorTable
DrawIconEx
GetIconInfo
NotifyWinEvent
EnableScrollBar
GetMenuDefaultItem
CreateMenu
InvalidateRgn
CopyAcceleratorTableW
PostThreadMessageW
SetParent
CharUpperW
UnregisterClassW
EnumDisplayMonitors
CopyImage
RealChildWindowFromPoint
DestroyCursor
DrawIcon
ShowOwnedPopups
GetAsyncKeyState
SetWindowContextHelpId
MapDialogRect
WaitMessage
MapVirtualKeyW
GetKeyNameTextW
GetMessageW
DestroyMenu
LoadAcceleratorsW
InsertMenuItemW
TranslateAcceleratorW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
CheckMenuItem
ShowWindow
MoveWindow
SetDlgItemTextW
CheckDlgButton
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetWindowTextLengthW
GetForegroundWindow
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
SetMenu
SetScrollRange
GetScrollRange
GetScrollPos
ShowScrollBar
ValidateRect
CreateWindowExW
RegisterClassW
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
GetMenu
SetWindowPos
GetWindowThreadProcessId
GetLastActivePopup
GrayStringW
DrawTextExW
TabbedTextOutW
CreateDialogIndirectParamW
DestroyWindow
EndDialog
GetMenuState
GetMenuStringW
LoadStringW
DrawStateW
GetTabbedTextExtentW
IntersectRect
SetCaretPos
DrawTextW
IsClipboardFormatAvailable
HideCaret
ShowCaret
CreateCaret
DestroyCaret
GetKeyboardLayout
GetWindowDC
SetRectEmpty
ModifyMenuW
ReuseDDElParam
IsWindowUnicode
UnpackDDElParam
EndPaint
BeginPaint
SetLayeredWindowAttributes
MsgWaitForMultipleObjects
GetClassInfoExW
GetComboBoxInfo
DispatchMessageW
TranslateMessage
LoadBitmapW
SetWindowRgn
InvertRect
CallMsgFilterW
IsDialogMessageW
GetDlgCtrlID
GetNextDlgTabItem
IsWindowEnabled
CharLowerBuffW
GetNextDlgGroupItem
CreatePopupMenu
GetSystemMenu
LoadIconW
AdjustWindowRect
GetActiveWindow
EqualRect
DestroyIcon
InsertMenuW
RemovePropW
SetWindowLongW
SetPropW
DeleteMenu
CallWindowProcW
DefWindowProcW
GetPropW
MessageBoxW
RegisterClipboardFormatW
LoadStringA
SetMenuItemInfoW
WindowFromPoint
GetClassInfoW
GetMenuItemID
AppendMenuW
RemoveMenu
GetMenuItemInfoW
GetMenuItemCount
DrawMenuBar
GetClipboardData
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
EnableMenuItem
LoadImageW
SetWindowTextW
GetClassNameW
LockWindowUpdate
SetKeyboardState
GetKeyboardState
GetCaretPos
PeekMessageW
IsChild
DrawEdge
ToUnicodeEx
CreateAcceleratorTableW
SetCursorPos
IsCharLowerW
MapVirtualKeyExW
UpdateLayeredWindow
MonitorFromPoint
IsMenu
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
SetMenuDefaultItem
SetFocus
IsWindow
MessageBeep
FrameRect
OffsetRect
GetSystemMetrics
DrawFrameControl
SetCapture
ReleaseCapture
GetCapture
PtInRect
DrawFocusRect
FillRect
GetSysColor
GetUpdateRect
CopyIcon
CharUpperBuffW
GetDoubleClickTime
SubtractRect
GetWindowRgn
UnionRect
InflateRect
GetFocus
GetSubMenu
ClientToScreen
LoadMenuW
IsRectEmpty
CopyRect
SetScrollPos
UpdateWindow
PostMessageW
GetKeyState
ReleaseDC
GetDC
SetRect
PostQuitMessage
CharNextW
IsZoomed
IsIconic
IsWindowVisible
SetForegroundWindow
SetActiveWindow
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
GetDlgItem
SystemParametersInfoW
GetWindowLongW
LoadCursorW
SetCursor
InvalidateRect
SetTimer
KillTimer
ScreenToClient
GetCursorPos
GetWindowTextW
GetWindowRect
RedrawWindow
RegisterWindowMessageW
GetClientRect
GetDesktopWindow
EnableWindow
SendMessageW
BringWindowToTop
GetWindow
GetParent
AdjustWindowRectEx
GetSysColorBrush

gdi32

CreateSolidBrush
CreateCompatibleBitmap
SetTextColor
DeleteDC
GetNearestColor
PatBlt
Polyline
Rectangle
GdiFlush
CreateEllipticRgn
CreateDIBSection
GetTextColor
CreateRoundRectRgn
FillRgn
GetDIBColorTable
SetDIBColorTable
CreateRectRgn
ExtSelectClipRgn
SelectClipRgn
GetWindowExtEx
SetMapMode
SetWindowExtEx
GetTextAlign
GetCurrentPositionEx
GetCharWidthW
MoveToEx
CreatePen
ExtCreatePen
CreateRectRgnIndirect
CombineRgn
SetWinMetaFileBits
SetEnhMetaFileBits
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
CopyMetaFileW
CreateDCW
SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
GetClipBox
ExcludeClipRect
IntersectClipRect
LineTo
SetTextAlign
GetLayout
SetLayout
DPtoLP
GetViewportExtEx
GetPixel
PtVisible
RectVisible
TextOutW
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetDIBits
ScaleWindowExtEx
GetObjectType
CreateHatchBrush
CloseMetaFile
DeleteMetaFile
SetRectRgn
GetMapMode
GetBkColor
LPtoDP
Ellipse
GetViewportOrgEx
EnumFontFamiliesW
GetTextCharsetInfo
GetRgnBox
EnumFontFamiliesExW
GetBkMode
GetPolyFillMode
GetROP2
GetStretchBltMode
GetTextFaceW
GetWindowOrgEx
GetNearestPaletteIndex
GetSystemPaletteEntries
CreatePolygonRgn
StretchBlt
SetPixel
OffsetRgn
PtInRegion
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
SetPixelV
AbortDoc
EndDoc
StartDocW
SetAbortProc
BitBlt
SetBrushOrgEx
CreateCompatibleDC
SelectObject
GetPaletteEntries
Polygon
CreatePatternBrush
CreateBitmap
PolyPolyline
GetTextMetricsW
CloseEnhMetaFile
CreateEnhMetaFileW
DeleteEnhMetaFile
PlayEnhMetaFile
GetDeviceCaps
GetEnhMetaFileW
SetBkColor
CreateDIBitmap
GetDIBits
RealizePalette
GetStockObject
CreatePalette
EndPage
OffsetWindowOrgEx
StartPage
SetDIBitsToDevice
SetStretchBltMode
SelectPalette
DeleteObject
GetTextExtentPoint32W
ExtTextOutW
GetObjectW
CreateFontIndirectW

msimg32

GradientFill
AlphaBlend
TransparentBlt

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
ClosePrinter
GetJobW
OpenPrinterW

advapi32

RegQueryValueW
RegSetValueExW
RegCloseKey
RegDeleteKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW
RegEnumValueW
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExW
RegEnumKeyW
GetFileSecurityW
SetFileSecurityW
RegSetValueW

shell32

SHGetSpecialFolderLocation
ShellExecuteExW
SHGetFileInfoW
SHGetDesktopFolder
DragQueryFileW
SHBrowseForFolderW
SHGetPathFromIDListW
SHAppBarMessage
ShellExecuteW
SHAddToRecentDocs
ExtractIconW
DragFinish

comctl32

ImageList_DrawEx
_TrackMouseEvent
ImageList_Create
ImageList_Add
ImageList_GetImageInfo
ImageList_Destroy
ImageList_LoadImageW
ImageList_AddMasked
ImageList_GetIconSize

shlwapi

SHStrDupW
PathRemoveFileSpecW
PathFindExtensionW
PathRemoveExtensionW
PathFindFileNameW
PathStripToRootW
SHAutoComplete
PathIsUNCW

ole32

OleDestroyMenuDescriptor
OleCreateMenuDescriptor
IsAccelerator
OleTranslateAccelerator
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoRegisterMessageFilter
CoGetClassObject
DoDragDrop
OleFlushClipboard
OleIsCurrentClipboard
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CLSIDFromString
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleGetClipboard
OleDuplicateData
ProgIDFromCLSID
CLSIDFromProgID
CoInitializeEx
ReleaseStgMedium
PropVariantClear
GetHGlobalFromStream
CreateStreamOnHGlobal
CoRegisterClassObject
CoRevokeClassObject
StringFromCLSID
CoCreateInstance
CoTaskMemRealloc
CoTaskMemFree
OleLockRunning
CoUninitialize
CoInitialize
CoTaskMemAlloc
StringFromGUID2
OleDraw
CoCreateGuid
CoFileTimeNow

oleaut32

SysAllocStringLen
VarUI4FromStr
OleCreateFontIndirect
VarBstrFromDate
VariantClear
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
VariantChangeType
VariantInit
LoadTypeLi
LoadRegTypeLi
SysStringLen
CreateErrorInfo
SetErrorInfo
RegisterTypeLi
UnRegisterTypeLi
GetErrorInfo
SysFreeString
VariantCopy
SysAllocString

oledlg

OleUIBusyW

urlmon

URLOpenBlockingStreamW

oleacc

CreateStdAccessibleObject
LresultFromObject
AccessibleObjectFromWindow

winmm

PlaySoundW

Sections

.text
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1005KB - Virtual size: 1005KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 121KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 960KB - Virtual size: 960KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 386KB - Virtual size: 386KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cca3c86e099f014405edc3f41060689f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

1e:70:a1:73:a8:67:73:3d:42:ab:11:6a:23:44:6a:cdCertificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

0c:06:8b:b4:fe:12:cb:3a:39:27:d0:42:e4:a3:7f:d1:f5:96:f5:4bSigner

Headers

DLL Characteristics

File Characteristics

Imports

dbghelp

imm32

crypt32

vcomp100

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

urlmon

oleacc

winmm

Sections

.text Size: 4.1MB - Virtual size: 4.1MB

.rdata Size: 1005KB - Virtual size: 1005KB

.data Size: 121KB - Virtual size: 183KB

.tls Size: 512B - Virtual size: 512B

.rsrc Size: 960KB - Virtual size: 960KB

.reloc Size: 386KB - Virtual size: 386KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

1e:70:a1:73:a8:67:73:3d:42:ab:11:6a:23:44:6a:cd
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

0c:06:8b:b4:fe:12:cb:3a:39:27:d0:42:e4:a3:7f:d1:f5:96:f5:4b
Signer

.text
Size: 4.1MB - Virtual size: 4.1MB

.rdata
Size: 1005KB - Virtual size: 1005KB

.data
Size: 121KB - Virtual size: 183KB

.tls
Size: 512B - Virtual size: 512B

.rsrc
Size: 960KB - Virtual size: 960KB

.reloc
Size: 386KB - Virtual size: 386KB