4fb53b74e2cf54e6b502081516f2424d

Sharing

Copy URL Twitter E-mail

General

Target

4fb53b74e2cf54e6b502081516f2424d
Size

994KB
MD5

4fb53b74e2cf54e6b502081516f2424d
SHA1

15f60654f2c1677d84c9fee8b9528ad3e41a86e9
SHA256

5a06037b377bc2763eeebaf9631f82d8e0e3e6854e978f175b756fe8e4b2631b
SHA512

01a0c4b2235d369cbe77fd0e85d328aa4d53bafa96aad8b7d0afc857f3ff255bf2a4390bc3fbbf59b932a5bdce200d5a5a015ccb998e2e7352ac5b5cca11476c
SSDEEP

24576:K1vT90etYUGlirh9X5dP9fNvpf/Tz0Fu5Vb2b4VMlVEA4:KJT9SYrhVvPlNhMcMkMXX4

Score

1^/10

Malware Config

Signatures

Files

4fb53b74e2cf54e6b502081516f2424d
.exe windows:5 windows x86 arch:x86

fd4f086e581a21453d9235d27676bd89

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

67:ec:9d:51:41:ec:2a:9d:9d:3d:6e:db:2f:30:1c:9b
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

12/04/2012, 00:00

Not After

12/04/2013, 23:59

Subject

CN=Softnyx Co.\, Ltd.,OU=Server Development Team,O=Softnyx Co.\, Ltd.,L=Geumcheon-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3f:2c:32:4f:01:a6:4b:a0:2d:b7:5e:ae:8f:16:53:f8:6a:48:6c:b8
Signer

Actual PE Digest

3f:2c:32:4f:01:a6:4b:a0:2d:b7:5e:ae:8f:16:53:f8:6a:48:6c:b8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA
SetCursor

dbghelp

SymFromAddr
SymCleanup
SymEnumSymbols
SymGetLineFromAddr
SymInitialize
SymSetContext
StackWalk
SymGetModuleBase
MiniDumpWriteDump
SymFunctionTableAccess
SymSetOptions
SymGetTypeInfo

kernel32

IsDebuggerPresent
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetModuleHandleA
ExitProcess
GetTickCount
LoadLibraryA
FreeLibrary
GetProcAddress
GetModuleFileNameA
VirtualQuery
GetCurrentThread
CloseHandle
SetUnhandledExceptionFilter
GetCurrentProcessId
CreateFileA
OpenThread
GetCurrentProcess
SuspendThread
GetPrivateProfileIntA
CreateThread
GetCurrentThreadId
ExitThread
Sleep
OutputDebugStringA
OpenFileMappingA
Process32Next
DeleteFileA
GetLastError
CreateToolhelp32Snapshot
Process32First
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
SetFileAttributesA
VirtualFree
VirtualAlloc
IsBadStringPtrA
FormatMessageA
WriteFile
GetFileSize
SetFilePointer
SetEndOfFile
LocalFree
GetFileAttributesA
TerminateProcess
UnhandledExceptionFilter
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
GetCommandLineA
GetVersionExA
GetProcessHeap
GetStartupInfoA
RaiseException
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
HeapSize
WideCharToMultiByte
GetTimeZoneInformation
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
MultiByteToWideChar
ReadFile
GetConsoleCP
GetConsoleMode
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
FlushFileBuffers
HeapDestroy
HeapCreate
HeapReAlloc
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSection
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
OutputDebugStringA

d3dx9_29

D3DXVec3Transform

winmm

timeKillEvent

mss32

_AIL_set_sample_3D_position@16

gdi32

DeleteObject

ole32

CoFreeUnusedLibraries

msvcp100

?_Orphan_all@_Container_base12@std@@QAEXXZ

msvcr100

_endthread

ws2_32

WSASetLastError

bugtrap

BT_SetActivityType

shlwapi

PathCanonicalizeA

d3d9

Direct3DCreate9

dinput8

DirectInput8Create

oleaut32

SysAllocString

Exports

Exports

??0_Mutex@std@@QAE@W4_Uninitialized@1@@Z
??4_Init_locks@std@@QAEAAV01@ABV01@@Z
LTGetILTMemory
SetMasterDatabase

Sections

.text
Size: - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 291KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.axZ
Size: 819KB - Virtual size: 820KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.axL
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fd4f086e581a21453d9235d27676bd89

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6dCertificate

Key Usages

67:ec:9d:51:41:ec:2a:9d:9d:3d:6e:db:2f:30:1c:9bCertificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

3f:2c:32:4f:01:a6:4b:a0:2d:b7:5e:ae:8f:16:53:f8:6a:48:6c:b8Signer

Headers

File Characteristics

Imports

user32

dbghelp

kernel32

d3dx9_29

winmm

mss32

gdi32

ole32

msvcp100

msvcr100

ws2_32

bugtrap

shlwapi

d3d9

dinput8

oleaut32

Exports

Exports

Sections

.text Size: - Virtual size: 2.4MB

.rdata Size: - Virtual size: 291KB

.data Size: - Virtual size: 240KB

.rsrc Size: 20KB - Virtual size: 20KB

.reloc Size: - Virtual size: 181KB

.axZ Size: 819KB - Virtual size: 820KB

.axL Size: 148KB - Virtual size: 148KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

67:ec:9d:51:41:ec:2a:9d:9d:3d:6e:db:2f:30:1c:9b
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

3f:2c:32:4f:01:a6:4b:a0:2d:b7:5e:ae:8f:16:53:f8:6a:48:6c:b8
Signer

.text
Size: - Virtual size: 2.4MB

.rdata
Size: - Virtual size: 291KB

.data
Size: - Virtual size: 240KB

.rsrc
Size: 20KB - Virtual size: 20KB

.reloc
Size: - Virtual size: 181KB

.axZ
Size: 819KB - Virtual size: 820KB

.axL
Size: 148KB - Virtual size: 148KB