5e3dc41da3141ec09b8e84bb5d3c550a

Sharing

Copy URL Twitter E-mail

General

Target

5e3dc41da3141ec09b8e84bb5d3c550a
Size

1.6MB
MD5

5e3dc41da3141ec09b8e84bb5d3c550a
SHA1

decb4a8bb5d6e3456d39ccc302a0885cf3897d29
SHA256

81702f85e047455ffed171a8d5cbf635a25061a4b71c9d4cbee7b3d3727cae24
SHA512

d38253be438d0e8cce4c5a7352fa743c21293efe272bf3a4158c346e5693fa0497471719327ded1e1854c854df979afb3ae0490702cb27463c61f21e7aef33b4
SSDEEP

24576:a3zNZKFKizP+FnWmpzM2milTnT3LshBAUA/JpR:5duTT3LOAUA/Jf

Score

1^/10

Malware Config

Signatures

Files

5e3dc41da3141ec09b8e84bb5d3c550a
.exe windows:5 windows x86 arch:x86

67bd57f19a40101c388f37d08a956be8

Code Sign

01:00:00:00:00:01:11:db:40:c7:65
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

10/04/2007, 11:28

Not After

10/04/2009, 11:28

Subject

CN=uvnc bvba,O=uvnc bvba,C=BE,1.2.840.113549.1.9.1=#0c15727564692e64652e766f7340736b796e65742e6265

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageKeyEncipherment
KeyUsageDataEncipherment

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 12:00

Not After

27/01/2014, 11:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:08:d9:61:24:48
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 09:00

Not After

27/01/2014, 10:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

cd:78:e5:2a:9c:15:8b:33:3f:f4:b5:39:57:c7:52:f5:04:da:ee:40
Signer

Actual PE Digest

cd:78:e5:2a:9c:15:8b:33:3f:f4:b5:39:57:c7:52:f5:04:da:ee:40

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

listen
accept
inet_addr
gethostname
send
closesocket
connect
getpeername
gethostbyname
WSAStartup
ioctlsocket
htonl
WSAGetLastError
htons
getsockname
shutdown
setsockopt
WSACleanup
recv
bind
socket

winmm

timeSetEvent
timeGetTime

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

wtsapi32

WTSEnumerateSessionsA
WTSFreeMemory

userenv

CreateEnvironmentBlock
ExpandEnvironmentStringsForUserA
DestroyEnvironmentBlock

kernel32

GetExitCodeProcess
Process32Next
CreateToolhelp32Snapshot
OutputDebugStringA
GetVersionExA
GetCurrentProcessId
SetCurrentDirectoryA
GetComputerNameA
ResumeThread
CreateThread
IsBadReadPtr
IsBadWritePtr
CreateFileA
GetFileSize
GetSystemInfo
SetFilePointer
lstrlenA
MoveFileExA
SetEndOfFile
SetErrorMode
SystemTimeToFileTime
SetFileTime
WriteFile
GetDriveTypeA
FileTimeToSystemTime
ReadFile
FlushFileBuffers
CreateDirectoryA
GetLogicalDriveStringsA
MoveFileA
GetFileTime
GetSystemTime
GlobalLock
GetCurrentThread
GlobalAlloc
CreateProcessA
TerminateProcess
SetThreadPriority
GlobalUnlock
OpenEventA
SetProcessShutdownParameters
FindResourceA
LoadResource
SizeofResource
LockResource
AllocConsole
FormatMessageA
GetStdHandle
WriteConsoleA
GlobalDeleteAtom
GlobalGetAtomNameA
GetTempPathA
SetEvent
ResetEvent
GlobalFree
CreateEventA
GetACP
HeapSize
ExitThread
RaiseException
GetTimeZoneInformation
HeapReAlloc
PeekNamedPipe
GetFileInformationByHandle
GetCPInfo
MultiByteToWideChar
InterlockedDecrement
InterlockedIncrement
RtlUnwind
GetCurrentDirectoryA
SetEnvironmentVariableA
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetCommandLineA
SetStdHandle
ExitProcess
GetModuleHandleW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
TlsAlloc
DuplicateHandle
TlsSetValue
TlsFree
TlsGetValue
CreateSemaphoreA
ReleaseSemaphore
DeleteCriticalSection
SetVolumeLabelA
SetFileAttributesA
GetLocaleInfoA
GetLocalTime
lstrcmpiA
lstrcpynA
InterlockedExchange
InitializeCriticalSection
GetProcessHeap
HeapAlloc
HeapFree
GetFileType
GetVersion
DosDateTimeToFileTime
LocalFileTimeToFileTime
FileTimeToLocalFileTime
GetFullPathNameA
GetVolumeInformationA
GetFileAttributesA
lstrcpyA
lstrcatA
Sleep
HeapCreate
VirtualFree
LCMapStringW
Process32First
SetLastError
GetCurrentProcess
OpenFileMappingA
ReleaseMutex
CreateMutexA
CreateFileMappingA
WaitForSingleObject
UnmapViewOfFile
MapViewOfFile
CloseHandle
GetPrivateProfileStructA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
OpenProcess
WritePrivateProfileSectionA
WritePrivateProfileStructA
WinExec
DeleteFileA
FindNextFileA
FindClose
EnterCriticalSection
CopyFileA
GetLastError
FindFirstFileA
LeaveCriticalSection
FreeLibrary
WideCharToMultiByte
GetCurrentThreadId
GetModuleHandleA
GetModuleFileNameA
LoadLibraryA
GetProcAddress
VirtualAlloc
SetHandleCount
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetConsoleOutputCP
WriteConsoleW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
SetEnvironmentVariableW
GetLocaleInfoW
CompareStringA
CompareStringW
GetOEMCP
IsValidCodePage
LCMapStringA
GlobalAddAtomA
RemoveDirectoryA

user32

IsDlgButtonChecked
TrackPopupMenu
GetMenuItemID
GetSubMenu
LoadMenuA
EnableMenuItem
SetMenuDefaultItem
DestroyMenu
EnableWindow
ToAscii
GetKeyState
GetAsyncKeyState
MapVirtualKeyA
VkKeyScanA
SetRect
WaitMessage
PeekMessageA
IsIconic
DestroyWindow
EnumDesktopWindows
CloseClipboard
CheckDlgButton
OpenDesktopA
DrawIconEx
WaitForInputIdle
WindowFromPoint
RegisterWindowMessageA
EnumWindows
GetIconInfo
GetWindowTextA
GetClipboardData
EmptyClipboard
ChangeClipboardChain
IsWindow
OpenClipboard
IsWindowVisible
SetClipboardData
SetClipboardViewer
GetClipboardOwner
keybd_event
GetKeyboardState
mouse_event
SetActiveWindow
MessageBeep
SetDlgItemInt
GetDlgItemInt
ExitWindowsEx
GetProcessWindowStation
GetClassNameA
FlashWindow
ChangeDisplaySettingsExA
EnumDisplaySettingsA
SetCursor
ScreenToClient
GetWindowRect
SendDlgItemMessageA
SetCapture
SetForegroundWindow
LoadStringA
GetParent
GetClientRect
SetFocus
GetDC
GetScrollInfo
InvalidateRect
ReleaseDC
GetDlgItem
EndDialog
GetCursorPos
PostMessageA
SetCaretBlinkTime
ReleaseCapture
SetWindowTextA
CallWindowProcA
GetDlgItemTextA
DialogBoxParamA
GetCaretBlinkTime
SetDlgItemTextA
MoveWindow
MessageBoxA
wsprintfA
FindWindowA
GetWindowThreadProcessId
SystemParametersInfoA
GetForegroundWindow
SendMessageA
GetMessageA
GetUserObjectInformationA
SetTimer
RegisterClassExA
PostQuitMessage
GetThreadDesktop
KillTimer
LoadIconA
OpenInputDesktop
CloseDesktop
TranslateMessage
SetWindowLongA
GetWindowLongA
CreateWindowExA
DefWindowProcA
SetWindowPos
ShowWindow
SetThreadDesktop
DispatchMessageA
GetSystemMetrics
LoadImageA
AdjustWindowRect
LoadCursorA
IsRectEmpty
wvsprintfA
OemToCharA
CharToOemA
GetDesktopWindow

gdi32

GetBitmapBits
GetObjectA
CreateDIBSection
SetDIBColorTable
GdiFlush
CreatePalette
CreateCompatibleBitmap
RealizePalette
SelectPalette
GetPixel
BitBlt
ExtEscape
GetSystemPaletteEntries
MoveToEx
LineTo
SetROP2
PatBlt
DeleteDC
StretchBlt
CreateSolidBrush
GetStockObject
GetClipBox
CreateCompatibleDC
SelectObject
DeleteObject
SetBkMode
GetDeviceCaps
GetDIBits
CreateDCA

advapi32

GetSecurityDescriptorControl
SetKernelObjectSecurity
IsValidSecurityDescriptor
GetSecurityDescriptorDacl
IsValidAcl
GetSecurityDescriptorSacl
GetSecurityDescriptorOwner
IsValidSid
GetSecurityDescriptorGroup
GetSecurityDescriptorLength
GetKernelObjectSecurity
LookupAccountSidA
RegCreateKeyA
SetServiceStatus
QueryServiceStatus
RegCreateKeyExA
CreateServiceA
RegisterServiceCtrlHandlerA
DeleteService
StartServiceCtrlDispatcherA
AdjustTokenPrivileges
DuplicateTokenEx
LookupPrivilegeValueA
SetTokenInformation
FreeSid
RevertToSelf
AllocateAndInitializeSid
ImpersonateLoggedOnUser
EqualSid
GetTokenInformation
OpenProcessToken
CreateProcessAsUserA
RegCloseKey
RegOpenKeyExA
GetUserNameA
RegQueryValueExA
RegSetValueExA
QueryServiceConfigA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
EnumServicesStatusA

shell32

SHAppBarMessage
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation
SHFileOperationA
ShellExecuteA
ShellExecuteExA
Shell_NotifyIconA

ole32

CoInitialize
CoUninitialize
CoCreateInstance

imm32

ImmGetDefaultIMEWnd

Sections

.text
Size: 604KB - Virtual size: 603KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 438KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 916KB - Virtual size: 916KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

67bd57f19a40101c388f37d08a956be8

Code Sign

01:00:00:00:00:01:11:db:40:c7:65Certificate

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:08:d9:61:1c:d6Certificate

Key Usages

04:00:00:00:00:01:08:d9:61:24:48Certificate

Key Usages

cd:78:e5:2a:9c:15:8b:33:3f:f4:b5:39:57:c7:52:f5:04:da:ee:40Signer

Headers

DLL Characteristics

File Characteristics

Imports

wsock32

winmm

version

wtsapi32

userenv

kernel32

user32

gdi32

advapi32

shell32

ole32

imm32

Sections

.text Size: 604KB - Virtual size: 603KB

.rdata Size: 111KB - Virtual size: 111KB

.data Size: 14KB - Virtual size: 438KB

.rsrc Size: 916KB - Virtual size: 916KB

01:00:00:00:00:01:11:db:40:c7:65
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

04:00:00:00:00:01:08:d9:61:24:48
Certificate

cd:78:e5:2a:9c:15:8b:33:3f:f4:b5:39:57:c7:52:f5:04:da:ee:40
Signer

.text
Size: 604KB - Virtual size: 603KB

.rdata
Size: 111KB - Virtual size: 111KB

.data
Size: 14KB - Virtual size: 438KB

.rsrc
Size: 916KB - Virtual size: 916KB