25012373c84cf6588aff9b26ebff69b1

Sharing

Copy URL

Twitter E-mail

General

Target

25012373c84cf6588aff9b26ebff69b1
Size

2.4MB
MD5

25012373c84cf6588aff9b26ebff69b1
SHA1

56219a4c847c4738cf2ab581acd6a8bdfdd426ea
SHA256

68fee81b6b33cb40bd80bb4dccdbf19dfadee2209c5efacda58a0903c7144a72
SHA512

fd8430ba5616926a2be531d834114e8596b08c5775eca21d0ae8cb0a159158406950427ae0ac5af525d4d756293d4fb033e2965ca2ed75503e877edc29b93003
SSDEEP

49152:UHPOvvE9V8dKXrArSpV8hS560N0BTdD0xpCKB+3UTnU2TpRZBJxjWx:2iKMrcuS5XETipCKB+3OpRZBJxY

Score

1^/10

Malware Config

Signatures

Files

25012373c84cf6588aff9b26ebff69b1
.exe windows:4 windows x86 arch:x86

03e2bd48722ccccf073973c612a85f28

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0c:22:d8:97:c8:20:00:1a:2c:4c:01:d3:ae:bb:98:e8
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

02/09/2009, 00:00

Not After

27/09/2011, 23:59

Subject

CN=TMRG\, Inc.,OU=SECURE APPLICATION DEVELOPMENT,O=TMRG\, Inc.,L=Reston,ST=Virginia,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

recv
__WSAFDIsSet
select
accept
ioctlsocket
listen
htonl
shutdown
connect
ntohs
recvfrom
bind
htons
closesocket
setsockopt
socket
ntohl
inet_addr
gethostbyname
WSACleanup
WSAStartup
WSASetLastError
WSAGetLastError
getservbyname
getservbyport
gethostbyaddr
send

wininet

InternetReadFile
InternetCloseHandle
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetQueryOptionA
HttpQueryInfoA
InternetSetOptionA
DeleteUrlCacheEntry
RetrieveUrlCacheEntryStreamA
ReadUrlCacheEntryStream
UnlockUrlCacheEntryStream
InternetOpenA
InternetOpenUrlA
InternetGetConnectedState

comctl32

ImageList_LoadImageA

rpcrt4

UuidCompare
UuidCreate

winmm

auxGetNumDevs
mixerGetNumDevs
midiInGetNumDevs
waveInGetNumDevs
joyGetNumDevs
midiOutGetNumDevs
waveOutGetNumDevs

iphlpapi

GetIpForwardTable
GetAdaptersInfo
GetNetworkParams
GetAdaptersAddresses

setupapi

SetupDiCreateDeviceInfoList
SetupDiOpenDeviceInfoA
SetupDiGetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiGetDeviceInstanceIdA
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA

ws2_32

WSAEventSelect
WSACreateEvent
WSACloseEvent
WSAWaitForMultipleEvents
WSAEnumNetworkEvents

oleacc

AccessibleObjectFromPoint

kernel32

LoadLibraryExA
FlushFileBuffers
GetCommandLineA
FileTimeToLocalFileTime
CreateThread
ExitThread
GetConsoleMode
GetConsoleCP
GetFileInformationByHandle
PeekNamedPipe
lstrlenA
GetLastError
InterlockedExchange
lstrcmpiA
GetVersion
GetEnvironmentVariableA
MultiByteToWideChar
WideCharToMultiByte
CompareStringA
lstrlenW
CompareStringW
GetStringTypeExA
QueryPerformanceCounter
GetTickCount
WriteFile
CloseHandle
CreateFileA
SetEvent
CreateEventA
WaitForMultipleObjects
OpenProcess
DeleteFileA
LocalAlloc
LocalFree
FormatMessageA
GetProcAddress
LoadLibraryA
FreeLibrary
GetFileSize
GetSystemTimeAsFileTime
ReadFile
SetFilePointer
CopyFileA
WaitForSingleObject
RemoveDirectoryA
GetFileAttributesA
GetStartupInfoA
Sleep
GetCurrentProcessId
GetVersionExA
GetTempPathA
CreateProcessA
GetTempFileNameA
CreateDirectoryA
OpenMutexA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
QueryPerformanceFrequency
SetThreadPriority
GetCurrentThread
InterlockedDecrement
GetCurrentThreadId
InterlockedIncrement
GetModuleHandleA
GetSystemInfo
GetFileType
GetComputerNameA
GetCurrentProcess
IsBadReadPtr
GlobalMemoryStatus
ResumeThread
HeapAlloc
HeapFree
GetProcessHeap
IsDebuggerPresent
SetUnhandledExceptionFilter
ExitProcess
TlsAlloc
TlsFree
GlobalAlloc
WriteProcessMemory
GlobalFree
GlobalLock
GlobalUnlock
CreateRemoteThread
SetFileTime
FindNextFileA
FindClose
CompareFileTime
GetLogicalDriveStringsA
GetModuleFileNameA
GetDriveTypeA
FindFirstFileA
MoveFileExA
GetWindowsDirectoryA
WritePrivateProfileStringA
GetShortPathNameA
FindResourceA
SizeofResource
LoadResource
LockResource
GetUserDefaultLangID
GetLocalTime
MoveFileA
MulDiv
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GlobalMemoryStatusEx
SetConsoleCtrlHandler
DuplicateHandle
GetTimeZoneInformation
GetSystemDefaultLCID
CreateMutexA
ReleaseMutex
GetSystemDefaultLangID
SetFileAttributesA
GetSystemDirectoryA
CreateToolhelp32Snapshot
Thread32First
Thread32Next
GetSystemTime
GetProcessTimes
Process32First
Module32First
Process32Next
GlobalSize
RemoveDirectoryW
CreateDirectoryW
RaiseException
FlushInstructionCache
lstrcmpA
GetExitCodeThread
TerminateThread
GetLongPathNameA
GetLogicalDrives
GetUserDefaultLCID
SystemTimeToFileTime
FileTimeToSystemTime
ResetEvent
LCMapStringA
LCMapStringW
GetCPInfo
GetOEMCP
RtlUnwind
UnhandledExceptionFilter
TerminateProcess
VirtualQuery
VirtualProtect
IsValidCodePage
TlsGetValue
GetPrivateProfileSectionA
WritePrivateProfileSectionA
GetDateFormatA
GetTimeFormatA
lstrcpyA
OutputDebugStringA
LocalFileTimeToFileTime
GetModuleHandleW
InterlockedCompareExchange
GetACP
GetLocaleInfoA
GetThreadLocale
HeapDestroy
HeapReAlloc
HeapSize
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
TlsSetValue
HeapCreate
GetModuleFileNameW
GetStdHandle
CreateFileW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetHandleCount
SetStdHandle
GetFullPathNameA
GetCurrentDirectoryA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
SetEndOfFile
SetEnvironmentVariableA
ReleaseSemaphore
CreateSemaphoreA
FindFirstFileW
DeleteFileW
FindNextFileW
GetDiskFreeSpaceA
SetLastError
OpenEventA

user32

GetFocus
ScreenToClient
DestroyAcceleratorTable
ClientToScreen
SetWindowPos
FlashWindowEx
SetClassLongA
GetSystemMetrics
GetDlgItem
SetCapture
CallNextHookEx
GetParent
ReleaseCapture
IsChild
GetWindowTextLengthA
RedrawWindow
GetWindowTextA
GetSysColor
CreateAcceleratorTableA
GetWindow
EnumWindows
IsWindowVisible
InvalidateRect
DrawTextA
UpdateLayeredWindow
KillTimer
SetTimer
GetClientRect
GetDesktopWindow
ReleaseDC
GetDC
InsertMenuItemA
CreatePopupMenu
LoadImageA
TrackPopupMenu
GetCursorPos
DestroyMenu
DestroyIcon
FindWindowA
GetClassInfoExA
GetWindowRect
DestroyWindow
PeekMessageA
MsgWaitForMultipleObjects
SetWindowTextA
UpdateWindow
CreateWindowExA
RegisterClassExA
LoadCursorA
LoadIconA
BeginPaint
FillRect
CharNextA
EndPaint
PostMessageA
IsDialogMessageA
TranslateAcceleratorA
LoadAcceleratorsA
ShowWindow
RegisterWindowMessageA
CallWindowProcA
DefWindowProcA
GetMenu
CheckMenuItem
SetForegroundWindow
SetFocus
SetActiveWindow
MoveWindow
PostQuitMessage
SendMessageA
SetWindowLongA
TranslateMessage
GetWindowLongA
GetWindowThreadProcessId
DispatchMessageA
GetMessageA
PostThreadMessageA
MessageBoxA
wsprintfA
UnhookWindowsHookEx
SetWindowsHookExA
GetClassNameA
InvalidateRgn
SystemParametersInfoA
SetDlgItemTextA
SetDlgItemInt
UnregisterDeviceNotification
RegisterDeviceNotificationA
CreateDialogParamA
RemoveMenu
LoadMenuA
GetSubMenu
EnableWindow
IsWindow
EndDialog
ExitWindowsEx
UnregisterClassA
RegisterClassA
MsgWaitForMultipleObjectsEx
IsWindowEnabled
EnumChildWindows
LoadStringA

gdi32

GetStockObject
GetDeviceCaps
GetObjectA
CreateSolidBrush
GetDIBits
CreateFontA
BitBlt
CreateCompatibleBitmap
DeleteObject
DeleteDC
CreateCompatibleDC
CreateDIBSection
SelectObject
SetBkMode
SetTextColor

winspool.drv

EnumPrintersA

comdlg32

GetSaveFileNameA
FindTextA

advapi32

GetSidSubAuthority
InitializeSid
DeleteService
SetFileSecurityA
GetSidSubAuthorityCount
GetTokenInformation
SetTokenInformation
RegSetKeySecurity
SetSecurityInfo
CreateProcessAsUserA
DuplicateTokenEx
RegCreateKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
CopySid
GetLengthSid
IsValidSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetUserNameA
SetSecurityDescriptorOwner
RegDeleteKeyA
SetSecurityDescriptorGroup
RegOpenKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegQueryValueExA
AddAccessAllowedAce
InitializeAcl
RegOpenKeyExA
RegNotifyChangeKeyValue
RegEnumValueA
RegSetValueExA
RegEnumKeyA
AddAce
GetAclInformation
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
MakeSelfRelativeSD
GetSecurityDescriptorLength
GetSecurityDescriptorControl
RegEnumKeyExA
SetNamedSecurityInfoW
MakeAbsoluteSD
SetNamedSecurityInfoA
GetSidLengthRequired

shell32

SHGetSpecialFolderPathW
SHGetSpecialFolderPathA
Shell_NotifyIconA

ole32

CoCreateInstance
CoInitialize
CoUninitialize
CoCreateGuid
StringFromGUID2
CreateStreamOnHGlobal
OleRun
CoGetMarshalSizeMax
CoInitializeEx
CoSetProxyBlanket
GetHGlobalFromStream
CLSIDFromString
OleInitialize
OleUninitialize
CoTaskMemAlloc
CLSIDFromProgID
CoGetClassObject
CoTaskMemFree
OleLockRunning
CoMarshalInterface

oleaut32

VariantClear
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
VariantInit
VariantCopy
VariantChangeType
SysAllocString
SysStringLen
DispGetParam
SafeArrayGetLBound
SysStringByteLen
LoadTypeLi
SysAllocStringLen
LoadRegTypeLi
OleCreateFontIndirect
SysFreeString

shlwapi

SHCopyKeyA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

Exports

Exports

??0CNGCTraceProxy@@QAE@ABV0@@Z
??0CNGCTraceProxy@@QAE@XZ
??4CNGCTraceProxy@@QAEAAV0@ABV0@@Z
??_7CNGCTraceProxy@@6B@

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 477KB - Virtual size: 476KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

03e2bd48722ccccf073973c612a85f28

Code Sign

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

0c:22:d8:97:c8:20:00:1a:2c:4c:01:d3:ae:bb:98:e8Certificate

Extended Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

wsock32

wininet

comctl32

rpcrt4

winmm

iphlpapi

setupapi

ws2_32

oleacc

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

version

Exports

Exports

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 477KB - Virtual size: 476KB

.data Size: 35KB - Virtual size: 193KB

.rsrc Size: 36KB - Virtual size: 35KB

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

0c:22:d8:97:c8:20:00:1a:2c:4c:01:d3:ae:bb:98:e8
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 477KB - Virtual size: 476KB

.data
Size: 35KB - Virtual size: 193KB

.rsrc
Size: 36KB - Virtual size: 35KB