1316fb31f7358e82ce39e9d9a0529075

Sharing

Copy URL

Twitter E-mail

General

Target

1316fb31f7358e82ce39e9d9a0529075
Size

18KB
MD5

1316fb31f7358e82ce39e9d9a0529075
SHA1

c4366ac8f86f63815be0788bdb0b25ea7c3ed3bb
SHA256

7dc267b3049b7f52ffb65b08fe2b38758523231a6c7dc29938cca7aa4d145339
SHA512

e74fe432d798eceea0bb3f854f9b9d40318bd26588a77cadc4f7b9b03739180e53b2865061f11ccf68645ff33ad67019a329c21b5477b4edf5f29c9a16f761df
SSDEEP

384:vp2BNhYwZF1fL76VrTejcfOs9MGZWf1HmZlagt6v5ui7IQ/yGTY:oXY0fL76tThGyMGZVlagt6RuKZKp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Setup_ver1.1494.exe

Files

1316fb31f7358e82ce39e9d9a0529075
.cab
RU.exe
.exe windows:4 windows x86 arch:x86

f80ce6a239a383c38d49bba98395cc79

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:1a:08:4a:db:55:30:1d:92:e3:4a:44:41:be:81:87
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

08/12/2006, 00:00

Not After

07/12/2008, 23:59

Subject

CN=Summitsoft Corporation,OU=Secure Application Development,O=Summitsoft Corporation,L=Omaha,ST=Nebraska,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

ec:05:7b:dd:51:9a:a7:a4:c2:a7:4b:94:47:2e:cf:4b:ec:6c:85:f4
Signer

Actual PE Digest

ec:05:7b:dd:51:9a:a7:a4:c2:a7:4b:94:47:2e:cf:4b:ec:6c:85:f4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaFreeVar
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
ord517
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
_adj_fdivr_m16i
ord520
__vbaBoolVarNull
_CIsin
ord631
__vbaChkstk
__vbaFileClose
ord526
EVENT_SINK_AddRef
__vbaStrCmp
__vbaVarTstEq
__vbaI2I4
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
ord607
__vbaFPException
__vbaStrVarVal
__vbaVarCat
__vbaI2Var
_CIlog
__vbaErrorOverflow
__vbaFileOpen
ord648
__vbaInStr
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaVarTstNe
__vbaI4Var
__vbaStrToAnsi
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Setup_ver1.1494.exe
.exe windows:4 windows x86 arch:x86

dfeafe0d35a7beaa992d5cc51ccfdd43

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

AddAtomA
CloseHandle
CreateFileA
ExitProcess
FindAtomA
GetAtomNameA
GetCommandLineA
GetModuleHandleA
GetStartupInfoA
SetUnhandledExceptionFilter
WriteFile

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_iob
_onexit
_setmode
abort
atexit
fflush
fprintf
free
malloc
signal

shell32

ShellExecuteA

user32

DefWindowProcA
PostQuitMessage

wininet

InternetOpenA
InternetOpenUrlA
InternetReadFile

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 176B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f80ce6a239a383c38d49bba98395cc79

Code Sign

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0b:1a:08:4a:db:55:30:1d:92:e3:4a:44:41:be:81:87Certificate

Extended Key Usages

ec:05:7b:dd:51:9a:a7:a4:c2:a7:4b:94:47:2e:cf:4b:ec:6c:85:f4Signer

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 24KB - Virtual size: 22KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 8KB - Virtual size: 6KB

dfeafe0d35a7beaa992d5cc51ccfdd43

Headers

File Characteristics

Imports

kernel32

msvcrt

shell32

user32

wininet

Sections

.text Size: 3KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 80B

.rdata Size: 512B - Virtual size: 304B

.bss Size: - Virtual size: 176B

.idata Size: 1KB - Virtual size: 1KB

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0b:1a:08:4a:db:55:30:1d:92:e3:4a:44:41:be:81:87
Certificate

ec:05:7b:dd:51:9a:a7:a4:c2:a7:4b:94:47:2e:cf:4b:ec:6c:85:f4
Signer

.text
Size: 24KB - Virtual size: 22KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 8KB - Virtual size: 6KB

.text
Size: 3KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 80B

.rdata
Size: 512B - Virtual size: 304B

.bss
Size: - Virtual size: 176B

.idata
Size: 1KB - Virtual size: 1KB