577e79b370810a694ffa323b4d7024ac

Sharing

Copy URL Twitter E-mail

General

Target

577e79b370810a694ffa323b4d7024ac
Size

406KB
MD5

577e79b370810a694ffa323b4d7024ac
SHA1

3ad06d1f42006956fd407380b4b655a7ba73d372
SHA256

7909148be6ba504f9bd374f14f13d6710dd596f9769270a8c4b811b6884738d3
SHA512

dfc97bc236ef5662d21100ece3aa1e899e35e487503fa738259d9a6b39bf1da73adef89f871eea1a133bf2855961b8730cfe9e4204e25ce35a01dec7f9d5fe54
SSDEEP

6144:sh/ubE5AuEuQNMXwiVPY4LGHSc192xkamR2hMQuck3Xe/2qIASzTVovKJb:sh/0EmUMHScv2xkamR2hB63XMwdovAb

Score

1^/10

Malware Config

Signatures

Files

577e79b370810a694ffa323b4d7024ac
.exe windows:5 windows x86 arch:x86

7ba6c4321409f073a3acc9585e5d19fb

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7a:be:f8:db:40:cf:30:09:88:0c:81:81:b1:34:de:dc
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2011, 00:00

Not After

12/04/2012, 23:59

Subject

CN=DSNR,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=DSNR labs,O=DSNR,L=Raanana,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

18:f0:75:62:08:14:b7:07:6a:0f:6b:a8:4e:e4:8d:d5:6f:ff:73:b8
Signer

Actual PE Digest

18:f0:75:62:08:14:b7:07:6a:0f:6b:a8:4e:e4:8d:d5:6f:ff:73:b8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetFolderPathW
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteW
ShellExecuteExW

gdiplus

GdiplusStartup
GdipCloneImage
GdipDrawImageI
GdipCreateFromHDC
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdiplusShutdown

comctl32

InitCommonControlsEx

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

kernel32

WriteConsoleW
SetStdHandle
GetConsoleOutputCP
WriteConsoleA
GetCurrentProcessId
QueryPerformanceCounter
SetFilePointer
CreateFileW
CloseHandle
ReadFile
SystemTimeToFileTime
LocalFileTimeToFileTime
MultiByteToWideChar
WideCharToMultiByte
CreateDirectoryW
GetFileAttributesW
GetCurrentDirectoryW
SetFileTime
WriteFile
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
LockResource
LoadResource
SizeofResource
FindResourceW
Process32NextW
TerminateProcess
OpenProcess
Process32FirstW
CreateToolhelp32Snapshot
Sleep
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
GetModuleFileNameW
WaitForSingleObject
GetVersionExW
OutputDebugStringW
DeleteFileW
ExpandEnvironmentStringsW
FindClose
GetLastError
GetLocaleInfoA
FindFirstFileW
CreateThread
FileTimeToSystemTime
GetFileInformationByHandle
GetTickCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
IsValidCodePage
GetOEMCP
GetACP
GetCurrentDirectoryA
PeekNamedPipe
GetFullPathNameW
FlushFileBuffers
GetFileType
SetHandleCount
InitializeCriticalSectionAndSpinCount
LoadLibraryA
InterlockedExchange
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
GetModuleHandleA
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetLocaleInfoW
InitializeCriticalSection
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetEndOfFile
GetProcessHeap
CreateFileA
GetDriveTypeA
CompareStringA
CompareStringW
SetEnvironmentVariableA
InterlockedCompareExchange
FindNextFileW
GetStdHandle
HeapReAlloc
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
VirtualFree
HeapCreate
GetStartupInfoA
HeapFree
HeapAlloc
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
InterlockedDecrement
GetCPInfo
GetModuleHandleW
GetProcAddress
ExitProcess
FileTimeToLocalFileTime
GetDriveTypeW
GetCommandLineA

user32

wsprintfW
PostMessageW
InvalidateRect
DestroyWindow
GetMessageW
DispatchMessageW
TranslateMessage
LoadIconW
RegisterClassW
GetClientRect
MoveWindow
GetForegroundWindow
GetWindowThreadProcessId
GetKeyboardLayout
GetKeyboardLayoutList
SetFocus
FillRect
SetWindowPos
UpdateWindow
IsCharAlphaNumericW
MessageBoxW
CreateWindowExW
BeginPaint
LoadBitmapW
GetDC
DrawTextW
ReleaseDC
EndPaint
SetCursor
GetSystemMetrics
LoadCursorW
PostQuitMessage
DefWindowProcW
SendMessageW
ShowWindow

gdi32

Polyline
CreateSolidBrush
GetStockObject
CreatePen
SelectObject
StretchBlt
DeleteDC
SetBkColor
SetTextColor
CreateFontW
DeleteObject
CreateCompatibleDC

advapi32

RegOpenKeyExW
RegSetValueExW
RegCloseKey

ole32

CoInitialize
CoCreateGuid
CoCreateInstance
CoUninitialize
CreateStreamOnHGlobal

wininet

InternetReadFile
InternetOpenUrlW
InternetOpenW
InternetCloseHandle

Sections

.text
Size: 227KB - Virtual size: 226KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7ba6c4321409f073a3acc9585e5d19fb

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

7a:be:f8:db:40:cf:30:09:88:0c:81:81:b1:34:de:dcCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

18:f0:75:62:08:14:b7:07:6a:0f:6b:a8:4e:e4:8d:d5:6f:ff:73:b8Signer

Headers

DLL Characteristics

File Characteristics

Imports

shell32

gdiplus

comctl32

version

kernel32

user32

gdi32

advapi32

ole32

wininet

Sections

.text Size: 227KB - Virtual size: 226KB

.rdata Size: 43KB - Virtual size: 43KB

.data Size: 7KB - Virtual size: 14KB

.rsrc Size: 122KB - Virtual size: 121KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

7a:be:f8:db:40:cf:30:09:88:0c:81:81:b1:34:de:dc
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

18:f0:75:62:08:14:b7:07:6a:0f:6b:a8:4e:e4:8d:d5:6f:ff:73:b8
Signer

.text
Size: 227KB - Virtual size: 226KB

.rdata
Size: 43KB - Virtual size: 43KB

.data
Size: 7KB - Virtual size: 14KB

.rsrc
Size: 122KB - Virtual size: 121KB