53b8875093ce19a6ead5def8c64b9644

Sharing

Copy URL

Twitter E-mail

General

Target

53b8875093ce19a6ead5def8c64b9644
Size

172KB
MD5

53b8875093ce19a6ead5def8c64b9644
SHA1

5ed19054aa6b5f8defe0a75fc141ad4b17e69f91
SHA256

13f465cffd8aeb043eaee30a4fd7d6dce6f17f7fe2dd08e8a82ed48da22de115
SHA512

0ec26a5c4b1969c9998c2bf0a74eb2f9c4aed43a6ce71dda4d5d98d9c8b50088c5a77485f386244df3cbdb4873c0f969406ba700d1f25695bbbc339a2cfbf8a3
SSDEEP

3072:GGTiapwPDCZWgQQ/ye6MqInJM1SVKfeZDY9JKwxls7xfggaXaCf1mHe/ZlV:G7Q/yXRI4eZDY9JOFCKCICj

Score

1^/10

Malware Config

Signatures

Files

53b8875093ce19a6ead5def8c64b9644
.exe windows:4 windows x86 arch:x86

85eeda1139037fe0ba54896b7ad8b977

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2009, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0f:e7:c5:f7:c1:07:16:f0:a4:eb:0d:4b:4d:58:13:71
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

10/07/2006, 00:00

Not After

10/07/2007, 23:59

Subject

CN=Google Inc,OU=Digital ID Class 3 - Netscape Object Signing,O=Google Inc,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7c:6e:cf:e7:ef:6b:ca:47:19:34:ed:04:50:e4:68:66:47:bd:62:de
Signer

Actual PE Digest

7c:6e:cf:e7:ef:6b:ca:47:19:34:ed:04:50:e4:68:66:47:bd:62:de

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
SetUnhandledExceptionFilter
GetCPInfo
GetOEMCP
LoadLibraryA
LCMapStringA
LCMapStringW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
DeleteTimerQueueTimer
CreateTimerQueueTimer
lstrcmpW
DuplicateHandle
GetProcAddress
LoadLibraryW
GetCurrentThread
CreateThread
lstrcpyW
GetCurrentProcessId
CloseHandle
GetCurrentThreadId
GetVersionExA
lstrcatW
lstrcmpiW
SetProcessWorkingSetSize
CreateEventW
LockResource
GetThreadLocale
GetLastError
InterlockedExchange
RaiseException
GetTempPathW
lstrlenW
MultiByteToWideChar
GetACP
GetModuleFileNameW
lstrcpynW
GetVersionExW
SizeofResource
Sleep
OpenProcess
InitializeCriticalSection
GetModuleHandleW
SetEvent
WaitForSingleObject
GetCommandLineW
GetCurrentProcess
InterlockedDecrement
InterlockedIncrement
LoadLibraryExW
LoadResource
FreeLibrary
FindResourceW
FindResourceExW
GetLocaleInfoA
DeleteTimerQueueEx
CreateTimerQueue
GetTempFileNameW
GetStdHandle
GetStringTypeW
GetStringTypeA
IsBadWritePtr
VirtualFree
HeapDestroy
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
DeleteCriticalSection
FreeEnvironmentStringsW
HeapCreate
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
RtlUnwind
GetStartupInfoW
GetModuleHandleA
GetSystemInfo
VirtualAlloc
VirtualProtect
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
SetLastError
FindFirstFileW
DeleteFileW
FindNextFileW
GetFileAttributesW
RemoveDirectoryW
GetTickCount
GetExitCodeProcess
FindClose
ResetEvent
CreateFileW
CreateProcessW
CreateMutexW
ReleaseMutex
EnterCriticalSection
LeaveCriticalSection
InterlockedCompareExchange
QueryPerformanceFrequency
QueryPerformanceCounter
VirtualQuery
GetFileAttributesExW
CopyFileW
MoveFileExW
FlushFileBuffers
SetFilePointer
WriteFile
GetSystemTimeAsFileTime
CompareFileTime
FileTimeToSystemTime
WideCharToMultiByte
GetSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
GetDateFormatW
GetTimeFormatW
ExitProcess
TerminateProcess
HeapAlloc

user32

SetTimer
CharLowerW
GetMessageW
CharNextW
wvsprintfW
KillTimer
TranslateMessage
LoadStringW
PostThreadMessageW
DispatchMessageW

ole32

CoRegisterClassObject
CoRevertToSelf
CoImpersonateClient
CoInitialize
CoRevokeClassObject
CoInitializeSecurity
StringFromGUID2
CoTaskMemRealloc
CoUninitialize
CoTaskMemAlloc
CoTaskMemFree
CoCreateGuid
CoCreateInstance

oleaut32

RegisterTypeLi
SysAllocString
LoadTypeLi
UnRegisterTypeLi
SysFreeString
VarUI4FromStr

advapi32

AllocateAndInitializeSid
FreeSid
CheckTokenMembership
OpenThreadToken
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
RegSetValueExW
RegCloseKey
RegEnumKeyExW
ControlService
GetLengthSid
ReportEventW
RegisterServiceCtrlHandlerW
MakeSelfRelativeSD
GetSecurityDescriptorSacl
AddAce
InitializeSid
GetSidLengthRequired
RegOpenKeyExW
IsValidSid
GetSecurityDescriptorOwner
SetSecurityDescriptorOwner
SetServiceStatus
InitializeAcl
ChangeServiceConfigW
MakeAbsoluteSD
RegDeleteValueW
QueryServiceStatus
StartServiceW
ChangeServiceConfig2W
GetSecurityDescriptorLength
SetSecurityDescriptorDacl
RegDeleteKeyW
InitializeSecurityDescriptor
DeregisterEventSource
RegQueryInfoKeyW
RegQueryValueExW
GetSecurityDescriptorControl
RegCreateKeyExW
CopySid
GetAclInformation
OpenServiceW
SetSecurityDescriptorGroup
SetSecurityDescriptorControl
StartServiceCtrlDispatcherW
OpenSCManagerW
DeleteService
GetSidSubAuthority
CloseServiceHandle
RegisterEventSourceW
CreateServiceW

shlwapi

StrRetToStrW
SHQueryValueExW
PathFindExtensionW

crypt32

CertEnumCertificatesInStore
CryptQueryObject
CertNameToStrW
CertFreeCertificateContext
CertDuplicateCertificateContext
CertCloseStore

shell32

SHFileOperationW
SHGetFolderLocation
SHCreateDirectoryExW
SHGetDesktopFolder

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

wintrust

WinVerifyTrust

Sections

.text
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

85eeda1139037fe0ba54896b7ad8b977

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0aCertificate

Extended Key Usages

Key Usages

0f:e7:c5:f7:c1:07:16:f0:a4:eb:0d:4b:4d:58:13:71Certificate

Extended Key Usages

Key Usages

7c:6e:cf:e7:ef:6b:ca:47:19:34:ed:04:50:e4:68:66:47:bd:62:deSigner

Headers

File Characteristics

Imports

kernel32

user32

ole32

oleaut32

advapi32

shlwapi

crypt32

shell32

version

wintrust

Sections

.text Size: 94KB - Virtual size: 93KB

.rdata Size: 20KB - Virtual size: 20KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 52KB - Virtual size: 52KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

0f:e7:c5:f7:c1:07:16:f0:a4:eb:0d:4b:4d:58:13:71
Certificate

7c:6e:cf:e7:ef:6b:ca:47:19:34:ed:04:50:e4:68:66:47:bd:62:de
Signer

.text
Size: 94KB - Virtual size: 93KB

.rdata
Size: 20KB - Virtual size: 20KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 52KB - Virtual size: 52KB