7e7166ca5659f9d0f3040fb601cc681c

Sharing

Copy URL Twitter E-mail

General

Target

7e7166ca5659f9d0f3040fb601cc681c
Size

145KB
MD5

7e7166ca5659f9d0f3040fb601cc681c
SHA1

48d8c558dd87e9231ef8e7fb2927f71dc8f8d778
SHA256

0ffca9072c5b2b46b693ac71ea0ac751f2c264369be448e51232ea63e3822369
SHA512

fa3bafbf62268c1cbde6527573376785b1bd5f8e995e860a922d9c84edaa0593dd1cc3540bb32f66cb8c06e84272eb1778a91b8867d685b09da9d5bf1d7e3c81
SSDEEP

3072:EsGQa+VKPeA9eRM24pFmRzIyn3zN5PR8Syh:EsGQFV/ceRMxGJ5PR8Syh

Score

1^/10

Malware Config

Signatures

Files

7e7166ca5659f9d0f3040fb601cc681c
.exe windows:3 windows x86 arch:x86

08cbd53ddfa2f341a607277729e1d46c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

75:e8:09:36:1d:af:be:7b:d7:2e:0e:5b:b7:65:95:52
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

11/02/2009, 00:00

Not After

11/02/2012, 23:59

Subject

CN=Avira GmbH,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Development 2009,O=Avira GmbH,L=Tettnang,ST=Baden-Wuerttemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetSystemDirectoryW
lstrlen
CreateFileA
GetVersion
SearchPathA
EndUpdateResourceW
ReplaceFileW
lstrcmp
CompareFileTime
GetModuleFileNameW
SetCurrentDirectoryA
FileTimeToSystemTime
GetMailslotInfo
CreateFiber
BeginUpdateResourceW
GetLocaleInfoW
IsValidLocale
GetFileAttributesW
GetDateFormatW
AddAtomA
GetLocaleInfoA
GetTempPathW
VirtualAlloc
lstrcmpW
MoveFileA
GetModuleHandleA
IsBadStringPtrW
OpenEventA
GetHandleInformation
SetLocaleInfoW

user32

GetDC
InvalidateRect
PostMessageA
SetDlgItemInt
AdjustWindowRect
EnumDesktopWindows
LoadCursorA
CreateDialogIndirectParamW
GetSysColorBrush
CallWindowProcA
CreateDialogIndirectParamA
GetMenuItemID
RegisterWindowMessageW
GetPropA
FindWindowW
ClientToScreen
DefDlgProcW
PostMessageW
CreateAcceleratorTableA
IsChild
FindWindowA
UpdateLayeredWindow
WaitForInputIdle
GetMessageA
MoveWindow
CascadeWindows
IsMenu
AppendMenuW

gdi32

RemoveFontResourceExA
StartDocW
GetICMProfileW
GetCharWidthI
GetCharABCWidthsFloatA
CreateFontIndirectExW
CreatePalette
RestoreDC
GetViewportOrgEx
GetRgnBox
AddFontResourceW
GetPath
ExtCreateRegion
DeleteObject
Polygon
Arc
CreateBitmap
InvertRgn

advapi32

RegEnumValueW
RegOpenKeyA
RegCreateKeyA

shell32

StrCmpNIW
ExtractAssociatedIconExW
Shell_NotifyIcon

shlwapi

SHCreateThread

ole32

CoCreateInstance
OleInitialize

oleaut32

VarUI4FromR4

version

VerLanguageNameW

ws2_32

WSACleanup
WSAEnumProtocolsW
getpeername

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.code_01
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.W
Size: 2KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.V8M
Size: 2KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.966
Size: 3KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

08cbd53ddfa2f341a607277729e1d46c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

75:e8:09:36:1d:af:be:7b:d7:2e:0e:5b:b7:65:95:52Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

ole32

oleaut32

version

ws2_32

Sections

.text Size: 13KB - Virtual size: 12KB

.code_01 Size: 4KB - Virtual size: 10KB

.W Size: 2KB - Virtual size: 23KB

.V8M Size: 2KB - Virtual size: 28KB

.966 Size: 3KB - Virtual size: 32KB

.rdata Size: 3KB - Virtual size: 2KB

.rsrc Size: 109KB - Virtual size: 109KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

75:e8:09:36:1d:af:be:7b:d7:2e:0e:5b:b7:65:95:52
Certificate

.text
Size: 13KB - Virtual size: 12KB

.code_01
Size: 4KB - Virtual size: 10KB

.W
Size: 2KB - Virtual size: 23KB

.V8M
Size: 2KB - Virtual size: 28KB

.966
Size: 3KB - Virtual size: 32KB

.rdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 109KB - Virtual size: 109KB