1da519560eb899c888b75d4d86145224

Sharing

Copy URL

Twitter E-mail

General

Target

1da519560eb899c888b75d4d86145224
Size

304KB
MD5

1da519560eb899c888b75d4d86145224
SHA1

61068e32dd52068230bf4df9dde0aa868f26e29f
SHA256

221d71ee0ea1cf2f714ad366ec02efd4490458ba848cbbf9ed98923d26d9350d
SHA512

26baed74e9b28739fbccd78e267468cb21c970fd2b852599a7a888f2b165cc8ae47fc86aa8c4dadef1c78cfe0c91629d98e3b10621f57b873e53bf10318f72ae
SSDEEP

6144:Q44OP+lBPPsSbX3E/AReQHjcHav+gMh8VQTBQNWrbb5KS:FBmlBP0SbX3E/ARtHg6v+mQT24

Score

1^/10

Malware Config

Signatures

Files

1da519560eb899c888b75d4d86145224
.exe windows:4 windows x86 arch:x86

9f331aefb3261581d5fc841738db3d36

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:57:4a:c3:e8:a3:00:1f:70:f9:ae:c1:e7:03:4a:d1
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

17/09/2012, 00:00

Not After

17/09/2013, 23:59

Subject

CN=Visan Industries,OU=SECURE APPLICATION DEVELOPMENT,O=Visan Industries,L=Folsom,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

65:24:fc:99:06:49:be:62:e1:3c:67:5f:10:a9:b8:b6:33:3e:b8:fc
Signer

Actual PE Digest

65:24:fc:99:06:49:be:62:e1:3c:67:5f:10:a9:b8:b6:33:3e:b8:fc

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

wininet

HttpQueryInfoA
InternetOpenUrlW
CommitUrlCacheEntryW
DeleteUrlCacheEntryW
CreateUrlCacheEntryW
InternetOpenA
InternetOpenUrlA
InternetCloseHandle
InternetReadFile

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

kernel32

GetTempPathA
SetFilePointer
GetFileAttributesA
InterlockedIncrement
DeleteFileW
InterlockedDecrement
GetProcAddress
DeleteFileA
GetFileAttributesExA
SetEndOfFile
GetTempFileNameA
CreateFileW
GetTempFileNameW
CreateDirectoryW
GetTempPathW
ExpandEnvironmentStringsA
GetModuleFileNameW
GetCurrentDirectoryA
SetCurrentDirectoryA
ResetEvent
CreateEventA
SetLastError
CreateMutexA
LoadLibraryA
CopyFileW
MoveFileExW
GetFullPathNameW
FindClose
FindFirstFileW
GetCurrentProcessId
Process32Next
ProcessIdToSessionId
Process32First
CreateToolhelp32Snapshot
FreeLibrary
OpenProcess
LocalFree
LocalAlloc
CreateDirectoryA
GetUserDefaultLangID
GetUserGeoID
RemoveDirectoryA
CreateFileA
FindFirstFileA
IsBadReadPtr
FlushFileBuffers
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
CreateProcessA
LCMapStringA
GetTimeZoneInformation
UnhandledExceptionFilter
HeapSize
GetCurrentProcess
TerminateProcess
GetFileType
GetStdHandle
SetHandleCount
TlsAlloc
TlsFree
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
SetUnhandledExceptionFilter
EnterCriticalSection
LeaveCriticalSection
GetTickCount
QueryPerformanceCounter
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
CreateThread
TlsGetValue
TlsSetValue
GetCurrentThreadId
ExitThread
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
RtlUnwind
RaiseException
ExitProcess
WriteFile
Sleep
lstrlenW
GlobalAlloc
GlobalFree
WaitForSingleObject
SetEvent
CloseHandle
ReleaseMutex
GetModuleFileNameA
lstrlenA
GetLastError
DeleteCriticalSection
InitializeCriticalSection
SetEnvironmentVariableA
LCMapStringW
ReadFile
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
IsBadCodePtr
GetOEMCP
GetCPInfo
GetStringTypeA
GetStringTypeW
SetStdHandle
VirtualProtect
GetSystemInfo
VirtualQuery
CompareStringA
CompareStringW
FindNextFileA

user32

RealGetWindowClassA
IsIconic
SendMessageA
ShowWindow
SetForegroundWindow
IsWindow
PostMessageA
PostQuitMessage
DestroyIcon
DispatchMessageA
TranslateMessage
TranslateAcceleratorA
GetMessageA
LoadAcceleratorsA
MessageBoxA
CloseDesktop
SwitchDesktop
OpenDesktopA
GetUserObjectInformationA
GetProcessWindowStation
IsWindowVisible
UnregisterClassA
GetWindowLongA
GetParent
SetWindowPos
ClientToScreen
GetWindowRect
SetCapture
EnumWindows
PeekMessageA
AdjustWindowRectEx
LoadCursorA
RegisterClassExA
RegisterWindowMessageA
DialogBoxParamA
BeginDeferWindowPos
SetParent
InvalidateRect
wsprintfA
GetClientRect
DialogBoxParamW
SetDlgItemTextW
SetWindowTextW
GetDlgItem
MoveWindow
CreateWindowExA
SetWindowLongA
EnumChildWindows
GetSystemMetrics
GetDesktopWindow
EndDialog
BeginPaint
FillRect
EndPaint
DefWindowProcA
DestroyWindow
ReleaseCapture

gdi32

GetStockObject

advapi32

RevertToSelf
GetNamedSecurityInfoA
GetAclInformation
GetLengthSid
InitializeAcl
GetAce
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
CryptImportKey
CryptVerifySignatureA
CryptDestroyKey
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
CreateProcessAsUserA
ImpersonateLoggedOnUser
OpenProcessToken
SetNamedSecurityInfoA
AddAccessAllowedAce
AddAce
EqualSid
IsValidSid

shell32

ExtractIconA
SHGetSpecialFolderPathA
ShellExecuteA

ole32

CoCreateInstance
OleUninitialize
OleInitialize
CreateBindCtx
CoFileTimeNow
CoTaskMemAlloc
PropVariantClear

oleaut32

SysAllocStringLen
SysFreeString
SysAllocString
SysStringByteLen
VarBstrCat
VariantInit
VariantClear
VariantChangeType
SysStringLen
VariantCopy
SysAllocStringByteLen

shlwapi

PathCanonicalizeW
SHStrDupW
PathAppendW
PathCombineA
PathFileExistsA
PathStripPathA
PathFileExistsW
PathCanonicalizeA
PathCombineW
PathAppendA
PathRemoveFileSpecA
UrlUnescapeW
PathRemoveFileSpecW

urlmon

URLDownloadToFileW
CreateURLMoniker
ObtainUserAgentString
CoInternetGetSession
URLDownloadToCacheFileA
UrlMkSetSessionOption
RegisterBindStatusCallback

Sections

.text
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9f331aefb3261581d5fc841738db3d36

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

03:57:4a:c3:e8:a3:00:1f:70:f9:ae:c1:e7:03:4a:d1Certificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

65:24:fc:99:06:49:be:62:e1:3c:67:5f:10:a9:b8:b6:33:3e:b8:fcSigner

Headers

File Characteristics

Imports

version

wininet

userenv

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

urlmon

Sections

.text Size: 180KB - Virtual size: 179KB

.rdata Size: 60KB - Virtual size: 58KB

.data Size: 16KB - Virtual size: 102KB

.rsrc Size: 44KB - Virtual size: 44KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

03:57:4a:c3:e8:a3:00:1f:70:f9:ae:c1:e7:03:4a:d1
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

65:24:fc:99:06:49:be:62:e1:3c:67:5f:10:a9:b8:b6:33:3e:b8:fc
Signer

.text
Size: 180KB - Virtual size: 179KB

.rdata
Size: 60KB - Virtual size: 58KB

.data
Size: 16KB - Virtual size: 102KB

.rsrc
Size: 44KB - Virtual size: 44KB