087aeb11dc39f4a80533983165fe3ed4

Sharing

Copy URL Twitter E-mail

General

Target

087aeb11dc39f4a80533983165fe3ed4
Size

241KB
MD5

087aeb11dc39f4a80533983165fe3ed4
SHA1

701127a080cec6dbc74a659d97b01f592b680ddd
SHA256

5f912133e7323677508e084cd6135905cd441c31717516b553cf15bfc65034fc
SHA512

2d19106a68fdbd2c6bc9c0d1b65be806dd9d32dc038d833bc3cdf36da8c60d74ee1c1d384c841435464dc265a0bb6889840dc6e4e33739233a6f1e42027e3eec
SSDEEP

6144:DsY7cf92DU4H9nBn4hbbuVyUWYgH4Va5X3g4sVs:DSFufH1BnOPuPM4OX3gts

Score

1^/10

Malware Config

Signatures

Files

087aeb11dc39f4a80533983165fe3ed4
.exe windows:4 windows x86 arch:x86

78efd8842f682695264b0d82bc988f3a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4d:4e:dd:77:06:ef:6b:31:31:d0:0b:1c:67:91:d0:c1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

05/11/2009, 00:00

Not After

10/12/2010, 23:59

Subject

CN=Adobe Systems Incorporated,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Information Systems,O=Adobe Systems Incorporated,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ae:c3:95:92:3a:8c:98:5b:fd:37:a5:c9:e5:a6:5b:b3:e9:af:89:4d
Signer

Actual PE Digest

ae:c3:95:92:3a:8c:98:5b:fd:37:a5:c9:e5:a6:5b:b3:e9:af:89:4d

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalDeleteAtom
LoadLibraryExA
GetTempFileNameA
LoadLibraryA
MulDiv
RaiseException
SetCalendarInfoA
GetProcessHeaps
lstrcatA
CreateMutexW
HeapCreate
GetShortPathNameA
GetLongPathNameW
EnumDateFormatsW
GlobalAlloc
GetLocaleInfoW
GetWindowsDirectoryA
GetDiskFreeSpaceW
GetLogicalDrives
GetDiskFreeSpaceA
GetUserDefaultLangID
GetThreadPriority
lstrcat
SetCurrentDirectoryA
GlobalFindAtomW
lstrcmpiA
GetEnvironmentVariableA
DeleteAtom
MultiByteToWideChar
InitializeCriticalSection
OpenSemaphoreW
lstrcpy
GetTimeFormatW
GetProcAddress
GetEnvironmentVariableW
IsBadStringPtrA
GetTempFileNameW
CreateEventW
CreateSemaphoreA
ReplaceFileA
LoadResource
GetEnvironmentStringsA
GetVolumeInformationW
lstrcpyn
IsBadReadPtr
GetCPInfo
FileTimeToLocalFileTime
ExpandEnvironmentStringsW
GetTimeFormatA
GetExitCodeThread
lstrcatW
GetEnvironmentStringsW
LoadLibraryW

user32

MonitorFromRect
TrackPopupMenuEx
GetCapture
DefWindowProcW
WaitForInputIdle
ShowCursor
GetForegroundWindow
GetMessageW
GetMenuStringW
mouse_event
LoadMenuW
PostQuitMessage
SetForegroundWindow
GetScrollPos
IsMenu
GetDlgItemTextA
OffsetRect
GetKeyboardType
CreateMenu
GetMessageA
SetWindowRgn
SetDlgItemTextA
InsertMenuA
EndMenu
WaitMessage
InsertMenuItemA
LoadBitmapA
LoadBitmapW
GetSystemMetrics
SetWindowLongW
CreateAcceleratorTableA
PeekMessageW
LoadMenuIndirectA
CheckMenuItem
IsChild
CreateWindowExA
GetMenuInfo
CharUpperW
MonitorFromPoint
SetCapture
CreateAcceleratorTableW
DialogBoxIndirectParamW
PostMessageW
MessageBoxW
SetTimer
AdjustWindowRect
ActivateKeyboardLayout
DestroyMenu
DialogBoxParamW
RemoveMenu
DefWindowProcA
WinHelpA
GetClassInfoA
GetDesktopWindow
GetMenuItemInfoW
SetCursorPos
LoadIconA
IsIconic
CharPrevA
PeekMessageA
TrackPopupMenu
wsprintfW
GetSubMenu
SendDlgItemMessageA
SetActiveWindow
SetDlgItemTextW
DestroyIcon
GetSysColor
EndDialog
CreateDialogParamA
EnumClipboardFormats
ShowWindow
OpenClipboard
GetDlgItemTextW
LoadIconW
DialogBoxParamA
EmptyClipboard
CharLowerA
MoveWindow
GetCaretPos
MessageBeep
CharPrevW
GetActiveWindow
GetCapture
UnregisterClassA
RegisterClassW
LoadMenuIndirectW
PostMessageA
GetKeyboardLayout
CreateDialogParamW
wsprintfA
WinHelpW
AppendMenuW
MessageBoxIndirectA
GetMenu
GetMenuStringA
CharUpperA
GetMenuItemRect
CreateWindowExW

advapi32

LsaClose
SystemFunction003
CloseCodeAuthzLevel
OpenTraceW
RegSaveKeyExW

shell32

StrChrA
SHGetDiskFreeSpaceExA
SHGetSpecialFolderLocation

oleaut32

VarR4FromUI8
SafeArrayCreateVector
VariantClear
DispGetIDsOfNames
VarI4FromDisp
VarUI2FromCy
VarI2FromDec
VarUI4FromDec

winmm

mmioRenameA
mixerSetControlDetails
waveOutGetDevCapsA
midiOutLongMsg
mciGetErrorStringW
waveOutGetPitch
midiInReset
mciGetDeviceIDA
waveInGetID
auxOutMessage
midiStreamOut
mciDriverNotify
waveInGetErrorTextW
mciGetDeviceIDFromElementIDA
midiOutOpen
midiInGetErrorTextW
mmioInstallIOProcA
mixerGetLineControlsW
midiOutCacheDrumPatches

printui

bFolderEnumPrinters
RegisterPrintNotify

Sections

.XQlFJn
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.TIb
Size: 5KB - Virtual size: 458KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.K
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.p
Size: 1KB - Virtual size: 389KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CW
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bvH
Size: 3KB - Virtual size: 470KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gmIeg
Size: 5KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.WVRX
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.q
Size: 12KB - Virtual size: 277KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.px
Size: 1KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

78efd8842f682695264b0d82bc988f3a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

4d:4e:dd:77:06:ef:6b:31:31:d0:0b:1c:67:91:d0:c1Certificate

Extended Key Usages

Key Usages

ae:c3:95:92:3a:8c:98:5b:fd:37:a5:c9:e5:a6:5b:b3:e9:af:89:4dSigner

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

oleaut32

winmm

printui

Sections

.XQlFJn Size: 1KB - Virtual size: 1KB

.TIb Size: 5KB - Virtual size: 458KB

.K Size: 91KB - Virtual size: 90KB

.p Size: 1KB - Virtual size: 389KB

.CW Size: 12KB - Virtual size: 12KB

.bvH Size: 3KB - Virtual size: 470KB

.gmIeg Size: 5KB - Virtual size: 23KB

.WVRX Size: 90KB - Virtual size: 90KB

.q Size: 12KB - Virtual size: 277KB

.px Size: 1KB - Virtual size: 149KB

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 1KB - Virtual size: 1KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

4d:4e:dd:77:06:ef:6b:31:31:d0:0b:1c:67:91:d0:c1
Certificate

ae:c3:95:92:3a:8c:98:5b:fd:37:a5:c9:e5:a6:5b:b3:e9:af:89:4d
Signer

.XQlFJn
Size: 1KB - Virtual size: 1KB

.TIb
Size: 5KB - Virtual size: 458KB

.K
Size: 91KB - Virtual size: 90KB

.p
Size: 1KB - Virtual size: 389KB

.CW
Size: 12KB - Virtual size: 12KB

.bvH
Size: 3KB - Virtual size: 470KB

.gmIeg
Size: 5KB - Virtual size: 23KB

.WVRX
Size: 90KB - Virtual size: 90KB

.q
Size: 12KB - Virtual size: 277KB

.px
Size: 1KB - Virtual size: 149KB

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 1KB - Virtual size: 1KB