31fab1bd8902c5fd7d04ef45cbd8f795

Sharing

Copy URL

Twitter E-mail

General

Target

31fab1bd8902c5fd7d04ef45cbd8f795
Size

2.8MB
MD5

31fab1bd8902c5fd7d04ef45cbd8f795
SHA1

83cb357e2fdaaf2f2e556a932a3d0c512d0d44a4
SHA256

1196b533ea57585e540664fb783c1ec1d6d4f55c4600fad4c6c68c9c6851e96c
SHA512

f53423d075177e11827edf43145631d56d6acc20182b332ffec53f62821e8ab3c987717d4cd97d5fffe168e5df675b595e7f3ffeb01a15545c3ba7500b358d1c
SSDEEP

49152:VMurxmB6CIonOApCstnDO8c0uEvsim9A/5AVjuDbGcTaY2nmAF:+uI6CjOA4ii8chEvsO/5AVjuDbG9

Score

1^/10

Malware Config

Signatures

Files

31fab1bd8902c5fd7d04ef45cbd8f795
.exe windows:4 windows x86 arch:x86

ced5f51fa8881c83f33e3960cff738b8

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3e:61:0c:00:c4:d7:25:b9:68:92:79:cc:88:ee:a5:94
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

21/07/2011, 00:00

Not After

11/01/2013, 23:59

Subject

CN=TMRG\, Inc.,O=TMRG\, Inc.,L=Reston,ST=Virginia,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

send
shutdown
recv
connect
__WSAFDIsSet
select
htonl
ioctlsocket
accept
listen
ntohs
recvfrom
htons
bind
closesocket
setsockopt
socket
ntohl
inet_addr
gethostbyname
WSAStartup
WSASetLastError
WSACleanup
WSAGetLastError
gethostbyaddr
getservbyport
getservbyname

wininet

HttpSendRequestA
InternetQueryOptionA
HttpQueryInfoA
InternetSetOptionA
DeleteUrlCacheEntry
RetrieveUrlCacheEntryStreamA
ReadUrlCacheEntryStream
HttpOpenRequestA
InternetConnectA
InternetCloseHandle
UnlockUrlCacheEntryStream
InternetOpenUrlA
InternetOpenA
InternetGetConnectedState
InternetReadFile

comctl32

ImageList_LoadImageA

rpcrt4

UuidCreate
UuidCompare

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

winmm

waveInGetNumDevs
mixerGetNumDevs
waveOutGetNumDevs
midiInGetNumDevs
midiOutGetNumDevs
joyGetNumDevs
auxGetNumDevs

iphlpapi

GetIpForwardTable
GetAdaptersInfo
GetNetworkParams
GetAdaptersAddresses

setupapi

SetupDiOpenDeviceInfoA
SetupDiGetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList
SetupDiCreateDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetDeviceInstanceIdA
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA
SetupDiGetClassDevsA

ws2_32

WSAWaitForMultipleEvents
WSAEnumNetworkEvents
WSACreateEvent
WSAEventSelect
WSACloseEvent

oleacc

AccessibleObjectFromPoint

kernel32

HeapDestroy
GetThreadLocale
GetLocaleInfoA
GetACP
FindFirstFileW
VirtualQuery
VirtualProtect
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapSize
HeapReAlloc
GetModuleHandleW
TerminateProcess
lstrlenA
GetLastError
InterlockedExchange
lstrcmpiA
GetVersion
GetEnvironmentVariableA
MultiByteToWideChar
WideCharToMultiByte
CompareStringA
lstrlenW
CompareStringW
GetStringTypeExA
QueryPerformanceCounter
GetCurrentProcessId
GetTickCount
WriteFile
CloseHandle
CreateFileA
CreateEventA
WaitForMultipleObjects
SetEvent
LocalFree
FormatMessageA
GetProcAddress
LoadLibraryA
FreeLibrary
GetFileSize
GetSystemTimeAsFileTime
ReadFile
SetFilePointer
OpenProcess
DeleteFileA
LocalAlloc
GetStartupInfoA
Sleep
GetTempPathA
CreateProcessA
GetVersionExA
GetTempFileNameA
OpenMutexA
CreateDirectoryA
WaitForSingleObject
CopyFileA
RemoveDirectoryA
GetFileAttributesA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
QueryPerformanceFrequency
SetThreadPriority
GetCurrentThread
InterlockedDecrement
GetCurrentThreadId
InterlockedIncrement
GetModuleHandleA
GetSystemInfo
SetLastError
GetComputerNameA
GetCurrentProcess
IsBadReadPtr
GlobalMemoryStatus
ResumeThread
UnhandledExceptionFilter
HeapFree
GetProcessHeap
IsDebuggerPresent
GetThreadTimes
GetProcessTimes
CreateToolhelp32Snapshot
Thread32First
OpenThread
Thread32Next
SetUnhandledExceptionFilter
ExitProcess
TlsAlloc
TlsFree
WriteProcessMemory
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
CreateRemoteThread
FindFirstFileA
SetFileTime
FindNextFileA
FindClose
GetDriveTypeA
GetModuleFileNameA
CompareFileTime
GetLogicalDriveStringsA
GetShortPathNameA
MoveFileExA
GetWindowsDirectoryA
WritePrivateProfileStringA
FindResourceA
SizeofResource
LoadResource
LockResource
GetUserDefaultLangID
GetLocalTime
MoveFileA
RemoveDirectoryW
MulDiv
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
SetConsoleCtrlHandler
GetTimeZoneInformation
GetSystemDefaultLCID
OpenEventA
DuplicateHandle
ReleaseMutex
CreateMutexA
ResetEvent
GetSystemDefaultLangID
GlobalMemoryStatusEx
GetSystemDirectoryA
SetFileAttributesA
InitializeSListHead
InterlockedPopEntrySList
GetSystemTime
Process32First
Module32First
Process32Next
GlobalSize
FormatMessageW
SetEndOfFile
GetDiskFreeSpaceA
GetFileAttributesW
InterlockedCompareExchange
UnlockFile
CreateFileW
LockFile
GetFileAttributesExW
FlushFileBuffers
UnlockFileEx
GetTempPathW
DeleteFileW
GetFullPathNameW
RtlUnwind
LockFileEx
AreFileApisANSI
GetDiskFreeSpaceW
LoadLibraryW
GetThreadContext
ReadProcessMemory
OutputDebugStringA
GetCurrentDirectoryA
SuspendThread
CreateDirectoryW
FlushInstructionCache
lstrcmpA
RaiseException
GetExitCodeThread
TerminateThread
GetLongPathNameA
GetPrivateProfileStringA
GetLogicalDrives
GetUserDefaultLCID
FileTimeToSystemTime
SystemTimeToFileTime
InterlockedPushEntrySList
FindNextFileW
CreateSemaphoreA
ReleaseSemaphore
GetModuleFileNameW
LoadLibraryExA
GetPrivateProfileSectionA
WritePrivateProfileSectionA
GetDateFormatA
GetTimeFormatA
lstrcpyA
LocalFileTimeToFileTime
GetConsoleCP
GetConsoleMode
ExitThread
CreateThread
FileTimeToLocalFileTime
GetCommandLineA
GetFileInformationByHandle
PeekNamedPipe
GetFileType
GetCPInfo
LCMapStringA
LCMapStringW
GetOEMCP
IsValidCodePage
TlsGetValue
TlsSetValue
HeapCreate
GetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetHandleCount
SetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
GetLocaleInfoW
SetEnvironmentVariableA
HeapAlloc
GetFullPathNameA

user32

GetSubMenu
RemoveMenu
RegisterDeviceNotificationA
UnregisterDeviceNotification
GetWindowTextLengthA
RedrawWindow
GetWindowTextA
GetSysColor
CreateAcceleratorTableA
GetWindow
SystemParametersInfoA
InvalidateRgn
GetClassNameA
CharNextA
EndPaint
FillRect
BeginPaint
GetClassInfoExA
GetFocus
EnumWindows
IsWindowVisible
MsgWaitForMultipleObjectsEx
GetDesktopWindow
ReleaseDC
GetDC
InvalidateRect
DrawTextA
UpdateLayeredWindow
KillTimer
SetTimer
GetClientRect
CreatePopupMenu
LoadImageA
TrackPopupMenu
GetCursorPos
DestroyMenu
DestroyIcon
InsertMenuItemA
FindWindowA
LoadMenuA
GetWindowRect
DestroyWindow
PeekMessageA
MsgWaitForMultipleObjects
SetWindowTextA
UpdateWindow
SetFocus
SetActiveWindow
MoveWindow
PostQuitMessage
SendMessageA
SetWindowLongA
GetWindowLongA
CreateWindowExA
TranslateMessage
RegisterClassExA
LoadCursorA
LoadIconA
PostMessageA
IsDialogMessageA
TranslateAcceleratorA
LoadAcceleratorsA
ShowWindow
RegisterWindowMessageA
EnableWindow
EndDialog
SetDlgItemInt
SetDlgItemTextA
CallWindowProcA
DefWindowProcA
GetMenu
CheckMenuItem
SetForegroundWindow
GetWindowThreadProcessId
PostThreadMessageA
DispatchMessageA
GetMessageA
MessageBoxA
wsprintfA
SetWindowsHookExA
UnhookWindowsHookEx
CreateDialogParamA
ScreenToClient
DestroyAcceleratorTable
ClientToScreen
SetWindowPos
FlashWindowEx
SetClassLongA
GetSystemMetrics
GetDlgItem
SetCapture
CallNextHookEx
GetParent
ReleaseCapture
IsWindow
ExitWindowsEx
UnregisterClassA
RegisterClassA
IsWindowEnabled
EnumChildWindows
LoadStringA
IsChild

gdi32

GetDeviceCaps
SetTextColor
SetBkMode
SelectObject
CreateDIBSection
CreateCompatibleDC
DeleteDC
DeleteObject
GetStockObject
CreateFontA
CreateCompatibleBitmap
BitBlt
GetDIBits
CreateSolidBrush
GetObjectA

winspool.drv

EnumPrintersA

comdlg32

FindTextA
GetSaveFileNameA

advapi32

IsValidSid
GetLengthSid
DeleteService
SetFileSecurityA
GetSidSubAuthorityCount
GetTokenInformation
SetTokenInformation
RegSetKeySecurity
SetSecurityInfo
CreateProcessAsUserA
DuplicateTokenEx
RegCreateKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
SetNamedSecurityInfoA
SetNamedSecurityInfoW
GetAclInformation
AddAce
MakeAbsoluteSD
GetSecurityDescriptorControl
GetSecurityDescriptorLength
MakeSelfRelativeSD
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
InitializeSecurityDescriptor
RegEnumValueA
RegDeleteValueA
RegCloseKey
RegEnumKeyExA
SetSecurityDescriptorDacl
RegOpenKeyExA
GetUserNameA
InitializeAcl
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
RegOpenKeyA
RegDeleteKeyA
RegCreateKeyExA
RegQueryValueExA
AddAccessAllowedAce
RegNotifyChangeKeyValue
RegSetValueExA
RegEnumKeyA
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
CopySid

shell32

SHGetSpecialFolderPathA
SHGetSpecialFolderPathW
Shell_NotifyIconA

ole32

CoInitialize
CoUninitialize
CoCreateInstance
CoCreateGuid
StringFromGUID2
OleRun
CoMarshalInterface
CoGetMarshalSizeMax
CoInitializeEx
GetHGlobalFromStream
CoSetProxyBlanket
CoTaskMemAlloc
CLSIDFromProgID
CoGetClassObject
OleLockRunning
CLSIDFromString
OleInitialize
CoTaskMemFree
CreateStreamOnHGlobal
OleUninitialize

oleaut32

SysFreeString
SysStringLen
SysAllocString
VariantClear
VariantCopy
DispGetParam
VariantChangeType
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
VariantInit
SysStringByteLen
OleCreateFontIndirect
LoadTypeLi
SysAllocStringLen
LoadRegTypeLi

shlwapi

SHCopyKeyA

Exports

Exports

??0CNGCTraceProxy@@QAE@ABV0@@Z
??0CNGCTraceProxy@@QAE@XZ
??4CNGCTraceProxy@@QAEAAV0@ABV0@@Z
??_7CNGCTraceProxy@@6B@

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 526KB - Virtual size: 526KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ced5f51fa8881c83f33e3960cff738b8

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

3e:61:0c:00:c4:d7:25:b9:68:92:79:cc:88:ee:a5:94Certificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

wsock32

wininet

comctl32

rpcrt4

version

winmm

iphlpapi

setupapi

ws2_32

oleacc

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

Exports

Exports

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 526KB - Virtual size: 526KB

.data Size: 40KB - Virtual size: 199KB

.rsrc Size: 36KB - Virtual size: 35KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

3e:61:0c:00:c4:d7:25:b9:68:92:79:cc:88:ee:a5:94
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 526KB - Virtual size: 526KB

.data
Size: 40KB - Virtual size: 199KB

.rsrc
Size: 36KB - Virtual size: 35KB