2671bbc10668d673e20a014dd7b0a084

Sharing

Copy URL Twitter E-mail

General

Target

2671bbc10668d673e20a014dd7b0a084
Size

719KB
MD5

2671bbc10668d673e20a014dd7b0a084
SHA1

0441bd88796341f740eb8fb6e559798ad2174051
SHA256

5871042606e83640a1126ea33e77d28f23b7877fcae7a4c2452d1e244fad16cb
SHA512

5a84b6b2302d88683cb9874f69f96927a55a0bce1696f4643c7ba9c55fa3165be3223d17f78fab03f53964955b21a673ccc5ae01277bcbb91c03a5ffad64e0a5
SSDEEP

12288:r+7lT7QRmstU7YJr2etQlVeZfdcb3HkREn1hcZxXIQU1yCwr0X888888888888Wv:rSlQREa2etQlVeZ1cb3HkR4axuyF

Score

1^/10

Malware Config

Signatures

Files

2671bbc10668d673e20a014dd7b0a084
.exe windows:5 windows x86 arch:x86

c4bc119e2c0531b2cb3880ecb6a8622b

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

18:5c:da:57:c8:29:0e:39:c0:a0:49:c3:af:29:4b:0a
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/12/2010, 00:00

Not After

09/12/2012, 23:59

Subject

CN=Summitsoft Corporation,O=Summitsoft Corporation,POSTALCODE=68122,STREET=9615 Ida St,L=Omaha,ST=NE,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

99:c6:32:34:23:01:f3:37:cf:8d:33:99:10:8a:95:b0:6f:30:44:13
Signer

Actual PE Digest

99:c6:32:34:23:01:f3:37:cf:8d:33:99:10:8a:95:b0:6f:30:44:13

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
GetErrorInfo
SysFreeString
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegQueryInfoKeyW
RegOpenKeyExW
RegFlushKey
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCloseKey
OpenProcessToken
GetTokenInformation
GetLengthSid
GetKernelObjectSecurity
QueryServiceStatus
OpenServiceW
OpenSCManagerW
DeleteService
ControlService
CloseServiceHandle

user32

LoadStringW
MessageBoxA
CharNextW
WaitForInputIdle
TranslateMessage
SystemParametersInfoW
ShowWindow
ShowOwnedPopups
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetPropA
SetParent
SetForegroundWindow
SetClassLongW
SendMessageTimeoutA
SendMessageTimeoutW
SendMessageCallbackA
SendMessageA
SendMessageW
RemovePropA
PostThreadMessageA
PostMessageA
OffsetRect
MsgWaitForMultipleObjects
MessageBoxW
LoadStringW
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsIconic
GetWindowThreadProcessId
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetTopWindow
GetSystemMetrics
GetPropA
GetParent
GetWindow
GetMessageW
GetMenu
GetForegroundWindow
GetClientRect
GetClassNameA
GetClassLongW
FindWindowExA
FindWindowExW
FindWindowW
EnumWindows
EnumThreadWindows
EnableWindow
DispatchMessageW
DestroyWindow
DestroyIcon
ChildWindowFromPointEx
CharUpperBuffW
CharNextW
CharLowerBuffW
AttachThreadInput
CharLowerBuffA
CharUpperBuffA
AdjustWindowRectEx

kernel32

lstrcmpiA
LoadLibraryA
LocalFree
LocalAlloc
GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
IsValidLocale
GetSystemDefaultUILanguage
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetUserDefaultUILanguage
GetLocaleInfoW
GetLastError
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
CompareStringW
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleW
lstrlenW
lstrcmpA
WriteProcessMemory
WriteFile
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQueryEx
VirtualQuery
VirtualProtectEx
VirtualFree
VirtualAlloc
UnmapViewOfFile
TerminateThread
TerminateProcess
SwitchToThread
SuspendThread
Sleep
SignalObjectAndWait
SetThreadPriority
SetThreadContext
SetThreadAffinityMask
SetPriorityClass
SetLastError
SetFilePointer
SetEvent
SetEndOfFile
ResumeThread
ResetEvent
ReleaseMutex
ReadProcessMemory
ReadFile
PulseEvent
OutputDebugStringW
OpenProcess
OpenFileMappingA
OpenFileMappingW
OpenEventA
MultiByteToWideChar
MapViewOfFile
LockResource
LocalFree
LocalAlloc
LoadResource
LoadLibraryExA
LoadLibraryA
LoadLibraryW
LeaveCriticalSection
IsBadReadPtr
InitializeCriticalSection
GlobalUnlock
GlobalSize
GlobalLock
GlobalFree
GlobalAlloc
GetWindowsDirectoryW
GetVersionExA
GetVersionExW
GetVersion
GetThreadPriority
GetThreadLocale
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetSystemDirectoryW
GetStringTypeExA
GetStringTypeExW
GetStdHandle
GetStartupInfoW
GetProcessVersion
GetProcessAffinityMask
GetProcAddress
GetPriorityClass
GetModuleHandleA
GetModuleHandleW
GetModuleFileNameA
GetModuleFileNameW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileAttributesA
GetFileAttributesW
GetExitCodeThread
GetExitCodeProcess
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCommandLineA
GetCPInfo
GetACP
InterlockedIncrement
InterlockedExchangeAdd
InterlockedExchange
InterlockedDecrement
InterlockedCompareExchange
FreeLibrary
FormatMessageA
FormatMessageW
FindResourceW
FindFirstFileA
FindClose
ExitProcess
EnumCalendarInfoW
EnterCriticalSection
DuplicateHandle
DeleteCriticalSection
CreateThread
CreateSemaphoreW
CreateProcessW
CreateMutexA
CreateMutexW
CreateFileMappingA
CreateFileMappingW
CreateFileA
CreateFileW
CreateEventA
CreateEventW
CompareStringA
CompareStringW
CloseHandle
Sleep
GetVersionExW
CreateMutexW

version

VerQueryValueA
VerQueryValueW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
GetFileVersionInfoA
GetFileVersionInfoW

shell32

SHGetFileInfoA
Shell_NotifyIconW
SHGetSpecialFolderLocation
SHGetPathFromIDListW

ole32

CreateStreamOnHGlobal
CoUninitialize
CoInitialize
GetHGlobalFromStream
CreateStreamOnHGlobal

comctl32

ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetIcon
ImageList_ReplaceIcon
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
ImageList_Write

Sections

.text
Size: 486KB - Virtual size: 486KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 538KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 12B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 198KB - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c4bc119e2c0531b2cb3880ecb6a8622b

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

18:5c:da:57:c8:29:0e:39:c0:a0:49:c3:af:29:4b:0aCertificate

Extended Key Usages

Key Usages

99:c6:32:34:23:01:f3:37:cf:8d:33:99:10:8a:95:b0:6f:30:44:13Signer

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

version

shell32

ole32

comctl32

Sections

.text Size: 486KB - Virtual size: 486KB

.itext Size: 5KB - Virtual size: 4KB

.data Size: 15KB - Virtual size: 15KB

.bss Size: - Virtual size: 538KB

.idata Size: 8KB - Virtual size: 8KB

.tls Size: - Virtual size: 12B

.rdata Size: 512B - Virtual size: 24B

.rsrc Size: 198KB - Virtual size: 198KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

18:5c:da:57:c8:29:0e:39:c0:a0:49:c3:af:29:4b:0a
Certificate

99:c6:32:34:23:01:f3:37:cf:8d:33:99:10:8a:95:b0:6f:30:44:13
Signer

.text
Size: 486KB - Virtual size: 486KB

.itext
Size: 5KB - Virtual size: 4KB

.data
Size: 15KB - Virtual size: 15KB

.bss
Size: - Virtual size: 538KB

.idata
Size: 8KB - Virtual size: 8KB

.tls
Size: - Virtual size: 12B

.rdata
Size: 512B - Virtual size: 24B

.rsrc
Size: 198KB - Virtual size: 198KB