63538ba1194fb6edab5a7405d3dc61c7

Sharing

Copy URL

Twitter E-mail

General

Target

63538ba1194fb6edab5a7405d3dc61c7
Size

262KB
MD5

63538ba1194fb6edab5a7405d3dc61c7
SHA1

2f3a6f25f39a86ce43c6f4e936ff2911c5285029
SHA256

539d94b81480df672bf2de2cacf076208bd49046de997c474553db297cfc6f68
SHA512

8b0e06d90794870b88669fcc6fc01bee457364923066670ee4ae81ddc92b5b46acb69f65f7fbde92589fe64e79926f638709abda9312d0b06c055faa4fccdf0d
SSDEEP

6144:i7Y3QPWMcdCHQdvX+kAyGGrnvYh/TMPEUrODC0:i7Y3TC0AKvYpTLe0

Score

1^/10

Malware Config

Signatures

Files

63538ba1194fb6edab5a7405d3dc61c7
.exe windows:4 windows x86 arch:x86

74537637f8620e3b56def3ebf4c7fe53

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01-08-1996 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

7e:1b:96:85:8d:71:ee:78:11:69:12:bc:31:80:70:2c
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

30-09-2009 00:00

Not After

20-10-2011 23:59

Subject

CN=CJSC Computing Forces,OU=IT,O=CJSC Computing Forces,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempFileNameA
LoadResource
lstrlen
lstrcpy
BeginUpdateResourceA
IsBadStringPtrW
TlsAlloc
SetComputerNameW
GlobalFindAtomA
GetCPInfo
CompareFileTime
GetFileAttributesW
WinExec
DisconnectNamedPipe
GetEnvironmentStringsA
LocalAlloc
LoadLibraryA
GetTimeFormatA
EnumDateFormatsA
lstrcatW
GetModuleHandleA
GetSystemDefaultLCID
FileTimeToDosDateTime
GetComputerNameA
lstrcmpiW
SetCurrentDirectoryW
GetLastError
lstrcpynW
GetEnvironmentVariableA
ExitProcess
GetExpandedNameW
GetLocaleInfoW
CreateNamedPipeA
lstrcpyA
OpenSemaphoreA
CreateMailslotA
BeginUpdateResourceW
lstrcatA
LoadLibraryA
GetStartupInfoA
EnumCalendarInfoW
GetStartupInfoW
GetCurrentProcessId
SleepEx
MultiByteToWideChar
GetDateFormatW
SetEvent
GetThreadPriority
DosDateTimeToFileTime
WaitForSingleObject
GetProcessHeaps
GetHandleInformation
GetWindowsDirectoryW
GetLocaleInfoA
GetModuleHandleW
HeapCreate
GetCurrentThreadId
FindAtomA
GetEnvironmentStringsW
lstrcmpiA
GetLogicalDriveStringsA
OpenWaitableTimerA
ExpandEnvironmentStringsW
GetCurrentDirectoryA
lstrcmpA
lstrcpynA
GetNumberFormatW
RemoveDirectoryA
GetSystemDirectoryA
GetCurrentThread
GetACP
IsBadCodePtr
CreateMutexA
lstrcmp
lstrcmpi
IsDebuggerPresent
GetSystemTime
GetTickCount
SearchPathA
GetSystemDirectoryW
GetTempFileNameW
GetShortPathNameA
lstrlenA
Sleep
CreateMutexW
LoadLibraryW
GetExitCodeProcess
GetCurrentProcess
FindResourceA
GetLogicalDriveStringsW
SetLocaleInfoW
GetLocalTime
GetShortPathNameW
SetComputerNameA
GlobalFindAtomW
GetLongPathNameW
OpenFile
GetOEMCP
CreatePipe
OpenEventA
GetSystemInfo
GetProcAddress

user32

InsertMenuA
OffsetRect
AppendMenuA
MessageBoxA
WaitForInputIdle
MonitorFromWindow
CharPrevW
GetMenuItemRect
GetActiveWindow
WinHelpW
AdjustWindowRect
TrackPopupMenuEx
CreateDialogParamW
LoadMenuW
IsWindow
RegisterClassA
mouse_event
GetDCEx
GetDlgItemInt
PeekMessageA
LoadIconA
CharNextW
DialogBoxIndirectParamA
RegisterClassExW
UnregisterClassW
GetMenuStringA
GetMenu
UnregisterClassA
CharLowerA
SetCursorPos
GetClassInfoExA
GetSysColorBrush
wsprintfW
GetKeyState
CreateDialogIndirectParamA
CharLowerW
LoadMenuIndirectW
CreateDialogIndirectParamW
EnumWindows
wvsprintfA
SendDlgItemMessageW
GetDesktopWindow
LoadImageW
EndMenu
SetDlgItemInt
CharUpperA
InvalidateRect
CreateDesktopA
AppendMenuW
GetKeyboardLayout
CharPrevA
GetTopWindow
GetMenuItemInfoW
GetCapture
GetSystemMetrics
GetForegroundWindow
GetFocus
TrackPopupMenu
InsertMenuItemW
DialogBoxIndirectParamW
SetCursor
CreateDesktopW
SetParent
SetForegroundWindow
SetDlgItemTextW
RegisterWindowMessageA
CopyRect
GetSysColor
RegisterClassW
ShowCaret
GetMenuItemInfoA
GetMenuStringW
GetDlgItemTextA
MessageBoxIndirectW
IsIconic
InvalidateRgn
LoadImageA
MessageBeep
wsprintfA
GetMessageA
LoadBitmapA
WaitMessage
GetCursorPos
CreateAcceleratorTableA
RegisterWindowMessageW
LoadCursorA
SetCapture
GetActiveWindow
SetMenu
WinHelpA
GetSubMenu
SendDlgItemMessageA
CreateDialogParamA
ActivateKeyboardLayout
GetClassInfoA
GetWindowRgn
LoadIconW
GetAsyncKeyState
DialogBoxParamA
GetCapture
DefWindowProcA
CharUpperW
SetActiveWindow
UpdateLayeredWindow
ShowWindow
SetWindowTextA
EnableWindow
PostQuitMessage
CreateWindowExW
SetWindowRgn
SetWindowLongW
FindWindowA
SetFocus
keybd_event
DefWindowProcW
GetIconInfo
PostMessageW
SetWindowPos
SetTimer
GetMenuItemID
GetMenuInfo
SendMessageW
CreateAcceleratorTableW

gdi32

CreateDIBPatternBrush
CreatePatternBrush
GetStockObject
GetTextExtentPointW
CreateCompatibleDC
GdiGetBatchLimit
TranslateCharsetInfo
CreatePalette
CreateDIBSection
CreateFontIndirectExA
CreateRoundRectRgn
CreateDIBPatternBrushPt
SetWinMetaFileBits
GetEnhMetaFileA
GetEnhMetaFilePixelFormat
CreatePen
CreateScalableFontResourceA
CreateBrushIndirect
CreatePolygonRgn
CreateFontA
SetMetaFileBitsEx
GetEnhMetaFileW
GetTextExtentPointA
GetRasterizerCaps
CreateBitmapIndirect
AddFontResourceA
UpdateICMRegKeyA
RemoveFontResourceW
CreateFontIndirectExW
RemoveFontResourceA
GetMetaFileA
RemoveFontResourceExA
CreateFontW

advapi32

CryptCreateHash
CryptDuplicateKey
SystemFunction004
GetUserNameA
CloseCodeAuthzLevel
CopySid
DecryptFileW
LookupPrivilegeValueA

shell32

SHGetDataFromIDListW
DuplicateIcon
ExtractIconW
SHCreateDirectoryExA
StrChrA
StrChrIA

comctl32

CreateMappedBitmap
CreatePropertySheetPageW
ImageList_GetImageInfo
LBItemFromPt
DllGetVersion
ImageList_ReplaceIcon
CreatePropertySheetPage
ImageList_Draw
ImageList_Duplicate
ImageList_AddIcon
ImageList_SetBkColor

oleaut32

LoadTypeLib

setupapi

SetupGetMultiSzFieldA
CM_Open_Class_Key_ExW
SetupDiSetDeviceInstallParamsA
SetupQueryInfVersionInformationA
SetupInstallFilesFromInfSectionA
SetupDiRegisterCoDeviceInstallers
SetupDiGetClassDescriptionW
CM_Set_DevNode_Problem_Ex
SetupAddSectionToDiskSpaceListW
SetupQueryInfOriginalFileInformationW

winmm

midiOutShortMsg
midiStreamStop
mmioStringToFOURCCA
mciSendCommandW
PlaySoundA
mmioInstallIOProcA
joyReleaseCapture

rasmontr

RutlFree
RutlDwordDup

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 1KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 5KB - Virtual size: 368KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

74537637f8620e3b56def3ebf4c7fe53

Code Sign

01Certificate

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

7e:1b:96:85:8d:71:ee:78:11:69:12:bc:31:80:70:2cCertificate

Extended Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

comctl32

oleaut32

setupapi

winmm

rasmontr

Sections

.text Size: 12KB - Virtual size: 12KB

.edata Size: 107KB - Virtual size: 106KB

.edata Size: 1KB - Virtual size: 109KB

.rdata Size: 8KB - Virtual size: 17KB

.data Size: 6KB - Virtual size: 226KB

.edata Size: 108KB - Virtual size: 107KB

.edata Size: 5KB - Virtual size: 368KB

.rsrc Size: 6KB - Virtual size: 5KB

01
Certificate

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

7e:1b:96:85:8d:71:ee:78:11:69:12:bc:31:80:70:2c
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

.text
Size: 12KB - Virtual size: 12KB

.edata
Size: 107KB - Virtual size: 106KB

.edata
Size: 1KB - Virtual size: 109KB

.rdata
Size: 8KB - Virtual size: 17KB

.data
Size: 6KB - Virtual size: 226KB

.edata
Size: 108KB - Virtual size: 107KB

.edata
Size: 5KB - Virtual size: 368KB

.rsrc
Size: 6KB - Virtual size: 5KB