0555154d1ca3dca5bd0301f514aeb7c5

Sharing

Copy URL

Twitter E-mail

General

Target

0555154d1ca3dca5bd0301f514aeb7c5
Size

190KB
MD5

0555154d1ca3dca5bd0301f514aeb7c5
SHA1

64c24bce50e5f349fe01a80a56210bea10004003
SHA256

2505b1583091a9a1116585b53cc29c144d8d3b6a3cd61ceac5d6e118d8dd1092
SHA512

8224d7bea3038bb6ba5699aa592b1f4579ade179c6daff0dc37aee8fcb1dcb1f010baf7f61d0976821502b87b2f2645f17be1837f89f89e57f7927d38061342e
SSDEEP

3072:eG624DSMcTiVB5bz3j+7dFoLPzNuPvj4axoSKB2dm5fYcmx:ebzciWdFMPxhSKqmOf

Score

1^/10

Malware Config

Signatures

Files

0555154d1ca3dca5bd0301f514aeb7c5
.exe windows:5 windows x86 arch:x86

570f483f959a14f76daf06fca2582884

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

43:bb:43:7d:60:98:66:28:6d:d8:39:e1:d0:03:09:f5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

02/09/2011, 00:00

Not After

01/09/2014, 23:59

Subject

CN=NVIDIA Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Software,O=NVIDIA Corporation,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

59:d4:e4:f8:ec:c7:a6:bd:c5:62:1c:58:a7:fa:93:bb:bf:c7:33:a1
Signer

Actual PE Digest

59:d4:e4:f8:ec:c7:a6:bd:c5:62:1c:58:a7:fa:93:bb:bf:c7:33:a1

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

powrprof

CallNtPowerInformation

setupapi

SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList

kernel32

WaitForMultipleObjects
CreateEventW
InitializeCriticalSection
InterlockedIncrement
InterlockedDecrement
TerminateThread
lstrcmpiW
PulseEvent
CreateFileW
GetVersionExA
CreateFileA
LoadLibraryA
DeviceIoControl
GetModuleHandleA
GetConsoleMode
GetConsoleCP
SetFilePointer
MultiByteToWideChar
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
GetFileType
LocalFree
SetHandleCount
GetEnvironmentStringsW
ResetEvent
GetModuleFileNameA
RtlUnwind
GetModuleFileNameW
GetStdHandle
ExitProcess
HeapCreate
LCMapStringW
TlsFree
DecodePointer
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapSetInformation
GetCommandLineA
HeapAlloc
FormatMessageW
HeapFree
GetStringTypeW
WideCharToMultiByte
GetSystemDirectoryW
GetCurrentThreadId
GetVersionExW
DeleteCriticalSection
GetCurrentProcess
OpenEventW
FreeEnvironmentStringsW
LocalAlloc
SetEvent
GetUserDefaultLangID
GetThreadLocale
GetSystemPowerStatus
lstrlenW
CreateNamedPipeW
ConnectNamedPipe
ReadFile
WriteFile
FlushFileBuffers
DisconnectNamedPipe
SetLastError
lstrcmpW
WaitForSingleObject
FreeLibrary
CreateThread
CloseHandle
EnterCriticalSection
LeaveCriticalSection
GetTickCount
lstrcatW
Sleep
GetModuleHandleW
lstrcpyW
GetLastError
LoadLibraryW
GetProcAddress
CreateProcessW
lstrcpynW
HeapReAlloc
SetStdHandle
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapSize

user32

DispatchMessageW
DefWindowProcW
PostQuitMessage
SetTimer
UnregisterDeviceNotification
RegisterDeviceNotificationW
KillTimer
PostThreadMessageW
GetWindowThreadProcessId
RegisterWindowMessageW
OpenWindowStationW
SetProcessWindowStation
BroadcastSystemMessageW
ExitWindowsEx
GetThreadDesktop
SetThreadDesktop
GetLastInputInfo
OpenInputDesktop
OpenDesktopW
GetUserObjectInformationW
CloseDesktop
EnumDisplayDevicesW
GetDesktopWindow
TranslateMessage
GetTopWindow
GetClassNameW
PostMessageW
MonitorFromWindow
EqualRect
wsprintfW
ChangeDisplaySettingsExW
EnumDisplaySettingsW
IsRectEmpty
FindWindowExW
GetCursorPos
SetCursorPos
SendMessageW
SetWindowPos
GetDC
ReleaseDC
SubtractRect
InvalidateRect
GetSystemMetrics
IntersectRect
FindWindowW
GetWindowRect
SystemParametersInfoW
GetMessageW
CreateWindowExW
RegisterClassExW
GetWindow
CloseWindow

gdi32

CreateDCW
ExtEscape
DeleteDC
CreateDCA

advapi32

RegisterServiceCtrlHandlerW
SetServiceStatus
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
IsValidSid
RegGetKeySecurity
IsValidSecurityDescriptor
GetSecurityDescriptorDacl
GetAclInformation
GetAce
GetLengthSid
InitializeAcl
AddAccessAllowedAceEx
AddAce
RegEnumValueW
RegSetKeySecurity
RegQueryInfoKeyW
RegDeleteKeyW
RegCreateKeyExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegDeleteValueW
RegEnumKeyExW
RegSetValueExW
OpenServiceW
ControlService
QueryServiceStatus
DeleteService
OpenSCManagerW
CreateServiceW
CloseServiceHandle
GetTokenInformation
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
CreateProcessAsUserW
FreeSid
ConvertStringSidToSidW
StartServiceCtrlDispatcherW
AllocateAndInitializeSid
SetEntriesInAclW

Sections

.text
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

570f483f959a14f76daf06fca2582884

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

43:bb:43:7d:60:98:66:28:6d:d8:39:e1:d0:03:09:f5Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

59:d4:e4:f8:ec:c7:a6:bd:c5:62:1c:58:a7:fa:93:bb:bf:c7:33:a1Signer

Headers

DLL Characteristics

File Characteristics

Imports

powrprof

setupapi

kernel32

user32

gdi32

advapi32

Sections

.text Size: 114KB - Virtual size: 114KB

.rdata Size: 21KB - Virtual size: 20KB

.data Size: 6KB - Virtual size: 40KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 46KB - Virtual size: 46KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

43:bb:43:7d:60:98:66:28:6d:d8:39:e1:d0:03:09:f5
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

59:d4:e4:f8:ec:c7:a6:bd:c5:62:1c:58:a7:fa:93:bb:bf:c7:33:a1
Signer

.text
Size: 114KB - Virtual size: 114KB

.rdata
Size: 21KB - Virtual size: 20KB

.data
Size: 6KB - Virtual size: 40KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 46KB - Virtual size: 46KB