743164a9672cdf3a947c2f447231d12c

Sharing

Copy URL

Twitter E-mail

General

Target

743164a9672cdf3a947c2f447231d12c
Size

123KB
MD5

743164a9672cdf3a947c2f447231d12c
SHA1

b58d49b686caf7391e97d167ed7aa51063381ab5
SHA256

14ac1b5f607de908692b4c065162db7ec1518a71588c9a9cc8f56481d34a5315
SHA512

3eadcb502115449a172b0b901554e4c3d401bc5aae7a69e9fe78d68596b7a832b7afe5590b1f5934d802bce0b99001991eab4b0f5bcc86e7fffb0685b244f78b
SSDEEP

3072:uPL2cH7SzxG2f47lhFqZxV5dETfH9+VXKgOj8sfysQF1v:xc8b4ZhwxVafH9+VXKgOjIF1v

Score

1^/10

Malware Config

Signatures

Files

743164a9672cdf3a947c2f447231d12c
.exe windows:4 windows x86 arch:x86

ad8b70a54c6c4b09def1a2ee064deaee

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3b:d8:c5:02:dd:23:79:9e:05:49:bd:38:96:5a:a6:8d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

14-04-2009 00:00

Not After

14-04-2011 23:59

Subject

CN=AnchorFree Inc,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=AnchorFree Inc,L=Sunnyvale,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6e:f9:ee:22:e2:f1:f2:65:4d:32:bc:11:ac:1f:b3:ec:c2:25:fd:2e
Signer

Actual PE Digest

6e:f9:ee:22:e2:f1:f2:65:4d:32:bc:11:ac:1f:b3:ec:c2:25:fd:2e

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

wininet

HttpOpenRequestW
HttpSendRequestW
InternetCloseHandle
InternetConnectW
InternetOpenW
InternetReadFile

advapi32

RegCloseKey
RegEnumKeyExA
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExW

iphlpapi

GetAdaptersInfo

kernel32

AddAtomA
CloseHandle
CreateEventW
CreateThread
CreateToolhelp32Snapshot
DeleteCriticalSection
EnterCriticalSection
ExitProcess
FindAtomA
FreeLibrary
GetAtomNameA
GetCommandLineA
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetStartupInfoA
GetSystemTimeAsFileTime
GetTickCount
GetVolumeInformationW
InitializeCriticalSection
InterlockedExchange
LeaveCriticalSection
LoadLibraryExW
Process32FirstW
Process32NextW
SetEvent
SetUnhandledExceptionFilter
Sleep
WaitForSingleObject
lstrcpynW

msvcrt

_close
_open
_read
_stricmp
__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_assert
_cexit
_iob
_isctype
_onexit
_pctype
_setmode
_snprintf
_snwprintf
_stricmp
_wcsicmp
_wfopen
_wmkdir
_wsplitpath
abort
atexit
calloc
clock
ctime
exit
fclose
fflush
fopen
fprintf
fread
free
fseek
ftell
fwrite
malloc
memcpy
memmove
memset
realloc
signal
sscanf
strcat
strcmp
strcpy
strlen
strncat
strncmp
strncpy
strstr
time
vfprintf
wcscat
wcschr
wcscpy
wcslen
wcsncpy
wcsrchr

shell32

SHGetFolderPathW
ShellExecuteExW
Shell_NotifyIconW

user32

AppendMenuW
CreatePopupMenu
CreateWindowExW
DefWindowProcW
DestroyMenu
DestroyWindow
DialogBoxParamW
DispatchMessageW
EnableMenuItem
EndDialog
FindWindowW
GetCursorPos
GetDlgItem
GetMessageW
LoadCursorW
LoadIconW
LoadImageW
LoadStringW
MessageBoxW
PostMessageW
PostQuitMessage
RegisterClassExW
RegisterWindowMessageW
SendMessageW
SetDlgItemTextW
SetForegroundWindow
SetWindowTextW
TrackPopupMenu
TranslateMessage

ws2_32

gethostname

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 19KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ad8b70a54c6c4b09def1a2ee064deaee

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

3b:d8:c5:02:dd:23:79:9e:05:49:bd:38:96:5a:a6:8dCertificate

Extended Key Usages

Key Usages

6e:f9:ee:22:e2:f1:f2:65:4d:32:bc:11:ac:1f:b3:ec:c2:25:fd:2eSigner

Headers

File Characteristics

Imports

wininet

advapi32

iphlpapi

kernel32

msvcrt

shell32

user32

ws2_32

Sections

.text Size: 48KB - Virtual size: 48KB

.data Size: 1024B - Virtual size: 688B

.rdata Size: 4KB - Virtual size: 4KB

.bss Size: - Virtual size: 19KB

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 63KB - Virtual size: 63KB

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

3b:d8:c5:02:dd:23:79:9e:05:49:bd:38:96:5a:a6:8d
Certificate

6e:f9:ee:22:e2:f1:f2:65:4d:32:bc:11:ac:1f:b3:ec:c2:25:fd:2e
Signer

.text
Size: 48KB - Virtual size: 48KB

.data
Size: 1024B - Virtual size: 688B

.rdata
Size: 4KB - Virtual size: 4KB

.bss
Size: - Virtual size: 19KB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 63KB - Virtual size: 63KB