56b772507cbe05a4cf34a385ee24d651

Sharing

Copy URL Twitter E-mail

General

Target

56b772507cbe05a4cf34a385ee24d651
Size

225KB
MD5

56b772507cbe05a4cf34a385ee24d651
SHA1

07eed7cad30a64af9bc04f23ac1d36c800b5f1aa
SHA256

23a1e3acdd9e460c48f3b97ecf980b00ae8b7a4ea8006cc13e0bfe6f4e971b3d
SHA512

457afb65de210ad22beca8aa8a7d60654368a0b1cdfaa94e290c6f17963d137c96555f4f560d7514b1c17c0d359b6b29b817e7c990552890eee56cfaedf26cbe
SSDEEP

3072:g0fN81j1g64U6DFVuCIJ46WoKEmd+k0kGwLtLkq4VYEMPvjC52Kk:gI81j1g6Uvt6WtjxWwxT4VYd

Score

1^/10

Malware Config

Signatures

Files

56b772507cbe05a4cf34a385ee24d651
.exe windows:4 windows x86 arch:x86

dd8c3762a2452525231971d69fd61704

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

77:cd:29:82:4e:78:8d:f7:e6:68:5c:73:59:26:a0:3b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

02/12/2010, 00:00

Not After

05/01/2014, 23:59

Subject

CN=Trusteer,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Trusteer,L=Tel-Aviv,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5c:2a:cb:fc:ea:36:94:65:33:e2:47:b9:61:96:ff:33:f3:b4:dd:31
Signer

Actual PE Digest

5c:2a:cb:fc:ea:36:94:65:33:e2:47:b9:61:96:ff:33:f3:b4:dd:31

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHDeleteKeyA
PathAppendA
SHDeleteValueA

kernel32

InitializeCriticalSection
CreateProcessA
GetProcAddress
LoadLibraryA
FreeLibrary
RemoveDirectoryA
DeleteFileA
CompareStringA
lstrlenA
GetModuleFileNameA
lstrcpyA
lstrcpynA
GetSystemDirectoryA
GetExitCodeProcess
GetFileAttributesA
CreateDirectoryA
WideCharToMultiByte
LoadResource
GetUserDefaultLangID
FindResourceExA
FindResourceA
SizeofResource
LockResource
CreateMutexA
GlobalFree
GlobalAlloc
GetCurrentProcess
GetModuleHandleA
GetVersionExA
GetEnvironmentVariableA
GetTickCount
GetTempPathA
TerminateProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
LocalFree
FormatMessageA
OutputDebugStringA
MultiByteToWideChar
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
HeapSize
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
WaitForSingleObject
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualFree
VirtualAlloc
SetFilePointer
WriteFile
ReadFile
CloseHandle
CreateFileA
GetLastError
FlushFileBuffers
SetLastError
FreeEnvironmentStringsA
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
LocalAlloc
InterlockedExchange
RaiseException
HeapAlloc
HeapFree
GetCurrentThreadId
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetProcessHeap
GetStartupInfoA
HeapReAlloc
HeapDestroy
HeapCreate
ExitProcess
GetStdHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
Sleep
GetCPInfo

user32

CreateDialogParamA
SetWindowTextA
MoveWindow
SetFocus
ShowWindow
SetForegroundWindow
LoadIconA
LoadCursorA
GetDlgItem
SendMessageA
PeekMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
SetDlgItemTextA
DestroyWindow
GetWindowRect
SystemParametersInfoA
GetSystemMetrics
GetForegroundWindow
MessageBoxA
CharPrevA
CharNextA
SetCursor

advapi32

CryptReleaseContext
EqualSid
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
FreeSid
QueryServiceStatus
OpenSCManagerA
OpenServiceA
StartServiceA
CloseServiceHandle
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey
CryptAcquireContextA
CryptGenRandom

shell32

SHGetFolderPathW
ShellExecuteExA
ShellExecuteA
SHGetFolderPathA
SHFileOperationA

Sections

.text
Size: 128KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dd8c3762a2452525231971d69fd61704

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

77:cd:29:82:4e:78:8d:f7:e6:68:5c:73:59:26:a0:3bCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

5c:2a:cb:fc:ea:36:94:65:33:e2:47:b9:61:96:ff:33:f3:b4:dd:31Signer

Headers

File Characteristics

Imports

shlwapi

kernel32

user32

advapi32

shell32

Sections

.text Size: 128KB - Virtual size: 126KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 52KB - Virtual size: 48KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

77:cd:29:82:4e:78:8d:f7:e6:68:5c:73:59:26:a0:3b
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

5c:2a:cb:fc:ea:36:94:65:33:e2:47:b9:61:96:ff:33:f3:b4:dd:31
Signer

.text
Size: 128KB - Virtual size: 126KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 52KB - Virtual size: 48KB