48a436f5ec047ee903afc33ecd9331d6

Sharing

Copy URL Twitter E-mail

General

Target

48a436f5ec047ee903afc33ecd9331d6
Size

165KB
MD5

48a436f5ec047ee903afc33ecd9331d6
SHA1

4ec59bf6be706e490afba7746a4dda9c0f63ed05
SHA256

e4c900d2e193bdb780e9b2fae71aa807bbcf03caaadfbe7b1a39aedcc1a91ba3
SHA512

173f4a8a1225697639c8a0b98db8ecb5dde29ba8765cbc0b0d71cc26921fa3c8554de3ab6c0acfa3d1dfcee631213c7b9810d2e5657ca20faa9ae6d4051870e2
SSDEEP

1536:g05rwyyF+Td11v4J/uXfjDHuQyjfgfbhgj6Db2PiZB7MgslrRIstbRSJd5:PbMJ/sfjDHmwNBDb/MTlrRIstbRSt

Score

1^/10

Malware Config

Signatures

Files

48a436f5ec047ee903afc33ecd9331d6
.exe windows:4 windows x86 arch:x86

e97dedba77d35a6ad9280c997d9dfd3e

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4f:80:0f:35:3b:7b:15:9f:c7:1a:64:28:b9:48:7d:b8
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

27/01/2009, 00:00

Not After

13/02/2011, 23:59

Subject

CN=Make The Web Better\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Make The Web Better\, LLC,L=Englewood Cliffs,ST=NewJersey,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

22:b6:a2:b3:29:21:11:5f:84:93:e1:c7:8d:a7:39:ed:05:bb:b2:20
Signer

Actual PE Digest

22:b6:a2:b3:29:21:11:5f:84:93:e1:c7:8d:a7:39:ed:05:bb:b2:20

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetCloseHandle
InternetConnectW
HttpOpenRequestW
InternetOpenW
HttpSendRequestW

kernel32

MultiByteToWideChar
TerminateProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CreateMutexW
HeapFree
InterlockedIncrement
GetLastError
DeleteFileW
GetVersionExW
GetCurrentProcess
HeapAlloc
LoadLibraryW
CopyFileW
GetProcessHeap
GetExitCodeProcess
FreeLibrary
Sleep
DebugBreak
WinExec
lstrlenW
OutputDebugStringW
GetShortPathNameW
WideCharToMultiByte
lstrlenA
CloseHandle
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LoadLibraryA
InterlockedDecrement
GetSystemInfo
OpenProcess
GetModuleHandleW
RemoveDirectoryW
GetLocaleInfoW
CreateFileA
CreateFileW
SetEndOfFile
GetProcAddress
GetThreadLocale
SetEnvironmentVariableA
CompareStringW
CompareStringA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetVersionExA
InterlockedExchange
GetACP
GetLocaleInfoA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
HeapReAlloc
LCMapStringA
LCMapStringW
GetCPInfo
RtlUnwind
GetModuleHandleA
ExitProcess
GetStringTypeA
GetStringTypeW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
WriteFile
GetConsoleCP
GetConsoleMode
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
SetFilePointer
GetOEMCP
IsValidCodePage
ReadFile
FlushFileBuffers
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
WriteConsoleW

user32

CharNextW
LoadStringW
CharLowerW
MessageBoxW
UnregisterClassA

advapi32

RegCloseKey
RegOpenKeyExW
GetSidIdentifierAuthority
IsValidSid
GetTokenInformation
OpenProcessToken
RegDeleteKeyW
GetSidSubAuthority
GetSidSubAuthorityCount
RegQueryValueExW
RegSetValueExW

ole32

CoUninitialize
CoInitialize

oleaut32

SysAllocString

Sections

.text
Size: 116KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e97dedba77d35a6ad9280c997d9dfd3e

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

4f:80:0f:35:3b:7b:15:9f:c7:1a:64:28:b9:48:7d:b8Certificate

Extended Key Usages

Key Usages

22:b6:a2:b3:29:21:11:5f:84:93:e1:c7:8d:a7:39:ed:05:bb:b2:20Signer

Headers

File Characteristics

Imports

wininet

kernel32

user32

advapi32

ole32

oleaut32

Sections

.text Size: 116KB - Virtual size: 114KB

.rdata Size: 28KB - Virtual size: 26KB

.data Size: 8KB - Virtual size: 13KB

.rsrc Size: 4KB - Virtual size: 2KB

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

4f:80:0f:35:3b:7b:15:9f:c7:1a:64:28:b9:48:7d:b8
Certificate

22:b6:a2:b3:29:21:11:5f:84:93:e1:c7:8d:a7:39:ed:05:bb:b2:20
Signer

.text
Size: 116KB - Virtual size: 114KB

.rdata
Size: 28KB - Virtual size: 26KB

.data
Size: 8KB - Virtual size: 13KB

.rsrc
Size: 4KB - Virtual size: 2KB