474941d9691c0bd9b245697a1df536d4

Sharing

Copy URL Twitter E-mail

General

Target

474941d9691c0bd9b245697a1df536d4
Size

246KB
MD5

474941d9691c0bd9b245697a1df536d4
SHA1

4cc9f246eeec8749ede4b05a93818f3371235be5
SHA256

30ddc826b2fee94cfe94988e5acff6bfa05b0e4b6f2e513882f74b491c0c7dbb
SHA512

40fa092decf263c8ee3884e6c328f6d2f30c01786a1ba0f3e006e76b1acd5fc04d34836757842ba9f025e823e8f5b49a3064c524f71af6910e01ded84ce60e2a
SSDEEP

6144:Q3lTZFrlz/Yb53QQqPesa+xsHcm1t4EKGgw:QVFJlU3QDPkHcmNT

Score

1^/10

Malware Config

Signatures

Files

474941d9691c0bd9b245697a1df536d4
.exe windows:4 windows x86 arch:x86

3e7c8bca2db1a94d7cca39b21b859d38

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:94:d7:39:bc:82:c7:14:9e:be:00:e2:c8:d7:be:f6
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

18/05/2010, 00:00

Not After

16/02/2011, 23:59

Subject

CN=Trend Micro\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=RD,O=Trend Micro\, Inc.,L=Taipei,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:7d:9d:30:2e:e6:62:39:3f:67:42:2f:99:9c:45:de:d4:0c:e2:ed
Signer

Actual PE Digest

74:7d:9d:30:2e:e6:62:39:3f:67:42:2f:99:9c:45:de:d4:0c:e2:ed

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetNumberFormatA
SetUnhandledExceptionFilter
FindAtomW
GetCPInfo
GetLocalTime
GetThreadLocale
GetSystemInfo
GetComputerNameA
AddAtomA
GetMailslotInfo
LoadLibraryExA
GetLastError
OpenFile
GetVolumeInformationA
GetCurrentProcessId
DosDateTimeToFileTime
AddAtomW
lstrcatA
ExpandEnvironmentStringsW
FindResourceA
SetErrorMode
GetCurrentDirectoryW
QueryPerformanceFrequency
OpenSemaphoreA
LoadLibraryA
SleepEx
CopyFileA
CreateMutexA
GetLocaleInfoA
SetComputerNameA
GetProcAddress
DisconnectNamedPipe
OpenMutexW
CreatePipe
GetTickCount
SetCurrentDirectoryA
GetTempFileNameA
GlobalFindAtomW
RemoveDirectoryW
GetThreadPriority
lstrcmp
OpenWaitableTimerA
WaitForSingleObject
OpenWaitableTimerW
SetCalendarInfoW
CreateSemaphoreA
GetVersionExA
CreateEventA
lstrcmpW
SetCalendarInfoA
lstrcpynA
GetHandleInformation
GetLogicalDriveStringsA
ConnectNamedPipe
GetSystemDirectoryA
GetUserDefaultLCID
GetFileAttributesW
FindResourceW
GetVersionExW
BeginUpdateResourceA
GlobalFindAtomA
lstrlenW
GetModuleFileNameA
OpenEventW
CompareFileTime
FileTimeToDosDateTime
OpenEventA
lstrcpyA
GetAtomNameW
LocalAlloc
GetLogicalDrives

user32

DialogBoxParamW
AdjustWindowRect
RegisterClassW
RegisterWindowMessageW
LoadMenuA
wvsprintfW
GetSysColor
DialogBoxParamA
EnumClipboardFormats
SendMessageW
PeekMessageW
RegisterWindowMessageA
CreateDialogParamA
LoadMenuIndirectA
UnregisterClassA
GetClassInfoA
GetAsyncKeyState
CharUpperW
SetDlgItemTextW
CreateAcceleratorTableA
FindWindowW
GetSystemMetrics
SetParent
GetDlgItemTextA
CreateMenu
CreateWindowExA
ShowCursor
wsprintfW
SetForegroundWindow
GetDlgItemInt
DialogBoxIndirectParamA
ShowWindow
SetWindowLongW
SetWindowRgn
LoadIconW
GetMenuStringA
MonitorFromRect
GetForegroundWindow
OffsetRect
GetMenuItemInfoW
GetMenuItemInfoA
mouse_event
GetSysColorBrush
SetDlgItemTextA
EmptyClipboard
SetCursorPos
wsprintfA
PostMessageA
GetCapture
GetFocus
DialogBoxIndirectParamW
MonitorFromWindow
RegisterClassA
OpenClipboard
GetMenuState

gdi32

CreateRectRgn
CreateFontW
UpdateICMRegKeyA
GetTextExtentPointW
GetMetaFileA
UpdateICMRegKeyW
CreateBitmapIndirect
AddFontResourceW
CreateScalableFontResourceA
CreateEllipticRgn
CreatePatternBrush
CreateICW
SelectBrushLocal
CreatePolyPolygonRgn
AddFontResourceA
GetEnhMetaFilePixelFormat
RemoveFontResourceExW
CreateHatchBrush
ExtCreateRegion
GetEnhMetaFileA
CreateMetaFileW
CreateCompatibleDC
StretchDIBits
RemoveFontResourceExA
CreateDIBPatternBrush
GetEnhMetaFileW
CreateMetaFileA

shell32

SHCreateDirectory
StrChrIW
SHGetDiskFreeSpaceExW
StrChrA
StrNCmpIA
StrNCmpA
StrCmpNA
StrRChrW
Shell_NotifyIcon
SHGetFolderPathW
SHGetDiskFreeSpaceA
ShellExecuteW
ExtractIconExW

shlwapi

SHDeleteOrphanKeyA
ColorAdjustLuma
SHRegDeleteEmptyUSKeyA
PathRemoveBlanksW

comdlg32

PrintDlgExA
ReplaceTextW
FindTextA
GetSaveFileNameW
FindTextW
GetOpenFileNameA
PageSetupDlgW
ReplaceTextA
PrintDlgExW
PrintDlgA

setupapi

CM_Open_Class_Key_ExW
SetupDiGetSelectedDriverA

wininet

HttpCheckDavCompliance
CreateUrlCacheGroup
InternetCombineUrlW
InternetOpenUrlA
ShowSecurityInfo
InternetGoOnlineW
InternetOpenW
FreeUrlCacheSpaceW
CommitUrlCacheEntryW
UnlockUrlCacheEntryFileW
IsHostInProxyBypassList
InternetConfirmZoneCrossingA
InternetAutodial
SetUrlCacheEntryGroupA
HttpQueryInfoA
HttpOpenRequestW
GetUrlCacheGroupAttributeW
ForceNexusLookup
InternetOpenUrlW

urlmon

URLDownloadToFileA
DllRegisterServer
RegisterFormatEnumerator
IsLoggingEnabledA
DllCanUnloadNow
HlinkNavigateString
CreateFormatEnumerator
URLDownloadToCacheFileW
FindMimeFromData
FindMediaTypeClass

rasman

RasFreeBuffer
RasDeAllocateRoute

wsock32

WSACleanup
SetServiceA
bind
EnumProtocolsW
AcceptEx
WSApSetPostRoutine
sendto
getservbyport
WSACancelBlockingCall
WSAAsyncSelect
WSACancelAsyncRequest
WSAUnhookBlockingHook
inet_network
rexec
WSAIsBlocking
setsockopt
getpeername
getprotobynumber
select
htons
WSAAsyncGetProtoByName
recv
htonl
connect
WSAAsyncGetHostByAddr

crypt32

CertSerializeCTLStoreElement
CertCreateCTLEntryFromCertificateContextProperties
CertEnumCertificateContextProperties
I_CertSyncStore
CertAddCRLContextToStore
CryptGetDefaultOIDDllList

Sections

.wD
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dW
Size: 4KB - Virtual size: 275KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mL
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.XcRuEA
Size: 1024B - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Gt
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.hZj
Size: 2KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gGF
Size: 3KB - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sd
Size: 7KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.BBdu
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gn
Size: 9KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qNm
Size: 1024B - Virtual size: 282KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.atp
Size: 1KB - Virtual size: 406KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3e7c8bca2db1a94d7cca39b21b859d38

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

04:94:d7:39:bc:82:c7:14:9e:be:00:e2:c8:d7:be:f6Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

74:7d:9d:30:2e:e6:62:39:3f:67:42:2f:99:9c:45:de:d4:0c:e2:edSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

shlwapi

comdlg32

setupapi

wininet

urlmon

rasman

wsock32

crypt32

Sections

.wD Size: 8KB - Virtual size: 8KB

.dW Size: 4KB - Virtual size: 275KB

.mL Size: 91KB - Virtual size: 90KB

.XcRuEA Size: 1024B - Virtual size: 87KB

.Gt Size: 12KB - Virtual size: 12KB

.hZj Size: 2KB - Virtual size: 224KB

.gGF Size: 3KB - Virtual size: 352KB

.sd Size: 7KB - Virtual size: 38KB

.BBdu Size: 92KB - Virtual size: 91KB

.gn Size: 9KB - Virtual size: 30KB

.qNm Size: 1024B - Virtual size: 282KB

.atp Size: 1KB - Virtual size: 406KB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 1024B - Virtual size: 1024B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

04:94:d7:39:bc:82:c7:14:9e:be:00:e2:c8:d7:be:f6
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

74:7d:9d:30:2e:e6:62:39:3f:67:42:2f:99:9c:45:de:d4:0c:e2:ed
Signer

.wD
Size: 8KB - Virtual size: 8KB

.dW
Size: 4KB - Virtual size: 275KB

.mL
Size: 91KB - Virtual size: 90KB

.XcRuEA
Size: 1024B - Virtual size: 87KB

.Gt
Size: 12KB - Virtual size: 12KB

.hZj
Size: 2KB - Virtual size: 224KB

.gGF
Size: 3KB - Virtual size: 352KB

.sd
Size: 7KB - Virtual size: 38KB

.BBdu
Size: 92KB - Virtual size: 91KB

.gn
Size: 9KB - Virtual size: 30KB

.qNm
Size: 1024B - Virtual size: 282KB

.atp
Size: 1KB - Virtual size: 406KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 1024B - Virtual size: 1024B