fb60b0a186c7c33f2e97c180c950c969

Sharing

Copy URL

Twitter E-mail

General

Target

fb60b0a186c7c33f2e97c180c950c969
Size

288KB
MD5

fb60b0a186c7c33f2e97c180c950c969
SHA1

bc41de764d5b327d780e8eb364fb9466db7308e5
SHA256

131e246c58113ec05ff47da417f6768d4dbdeab785548cf0ceee2f4071d9587e
SHA512

efbd35f758f378f00d457636926c581bb2c560c8589a332cda0fb580296a71939f83bf7afc554291a5fd6c04ca68c5b84cf89e402bb12fac91a801ed7a8aa122
SSDEEP

6144:MP8jKjCQp9UC/IniOD2Z6rGMnXgun+tZu4GDc19IWAwE4:MP8jKjCQp9lIni9ZyiZ

Score

1^/10

Malware Config

Signatures

Files

fb60b0a186c7c33f2e97c180c950c969
.exe windows:4 windows x64 arch:x64

b2c90427aa3bd2a7382dd8ce8e30913c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

05:46:6c:ad:10:af:83:77:6d:f8:7b:eb:6d:1b:a2:fe
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

31-03-2011 00:00

Not After

30-03-2012 23:59

Subject

CN=Alps Electric Co.\, LTD.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=HQ,O=Alps Electric Co.\, LTD.,L=1-7 Yukigaya Otsuka-cho Ota-ku,ST=Tokyo,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4d:54:c1:7c:6a:63:7a:2d:52:57:ae:aa:a9:ea:c3:e9:bc:c6:e7:14
Signer

Actual PE Digest

4d:54:c1:7c:6a:63:7a:2d:52:57:ae:aa:a9:ea:c3:e9:bc:c6:e7:14

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

FindFirstFileA
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GlobalDeleteAtom
GlobalAlloc
GlobalLock
FreeResource
LockResource
LoadResource
FindResourceA
GlobalFree
GlobalUnlock
lstrcpynA
lstrcmpiA
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetVersion
SetLastError
MulDiv
WritePrivateProfileStringA
lstrcpyA
GlobalFlags
GetLastError
LocalAlloc
LocalFree
LeaveCriticalSection
GlobalReAlloc
GlobalHandle
EnterCriticalSection
TlsGetValue
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
WideCharToMultiByte
GetProcessVersion
GetCPInfo
GetOEMCP
SetErrorMode
SetFilePointer
FlushFileBuffers
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoA
RtlUnwindEx
ExitProcess
RaiseException
RtlPcToFileHeader
GetACP
HeapReAlloc
HeapSize
Sleep
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapSetInformation
HeapCreate
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
GetLocaleInfoA
SetStdHandle
FindNextFileA
FindClose
RemoveDirectoryA
GetFileAttributesA
SetFileAttributesA
GetTickCount
GetSystemDirectoryA
GetWindowsDirectoryA
DeleteFileA
GetCurrentDirectoryA
ExpandEnvironmentStringsA
LoadLibraryA
FreeLibrary
CreateThread
GetModuleFileNameA
MultiByteToWideChar
lstrcmpA
GetVersionExA
GetModuleHandleA
GetProcAddress
CreateFileA
lstrlenA
WriteFile
CloseHandle
CreateProcessA
SetThreadPriority
GetCurrentThread
GetCurrentProcess
SetPriorityClass
lstrcatA
ResumeThread

advapi32

RegOpenKeyExA
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
RegEnumKeyExA
RegEnumKeyA
RegEnumValueA
RegDeleteKeyA
RegDeleteValueA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
GetUserNameA
LookupPrivilegeValueA

user32

GetClassInfoA
wsprintfA
GetMenuItemCount
GetMenuItemID
AdjustWindowRectEx
GetSubMenu
GetMenu
GetSysColor
UpdateWindow
MapWindowPoints
GetTopWindow
GetMessagePos
GetMessageTime
RemovePropA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
WinHelpA
GetCapture
RegisterWindowMessageA
IsDialogMessageA
TabbedTextOutA
DrawTextA
GrayStringA
ClientToScreen
BeginPaint
EndPaint
RegisterClassA
LoadCursorA
GetClassNameA
PtInRect
GetSysColorBrush
DestroyMenu
SetMenuItemBitmaps
GetFocus
GetNextDlgTabItem
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
SetWindowsHookExA
CallNextHookEx
GetActiveWindow
IsWindowVisible
GetMessageA
TranslateMessage
DispatchMessageA
GetKeyState
ValidateRect
PeekMessageA
GetCursorPos
GetWindowLongA
GetParent
GetLastActivePopup
IsWindowEnabled
SetCursor
UnhookWindowsHookEx
PostQuitMessage
PostMessageA
GetWindowTextA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowPos
GetWindowPlacement
GetWindowRect
GetWindow
ReleaseDC
GetDC
CopyRect
CreateDialogIndirectParamA
DestroyWindow
EndDialog
IsWindow
FindWindowA
MessageBoxA
GetWindowLongPtrA
SetWindowLongPtrA
ExitWindowsEx
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
SystemParametersInfoA
SetActiveWindow
SetForegroundWindow
LoadStringA
SetDlgItemTextA
GetDlgItem
SetWindowTextA
SendDlgItemMessageA
SetFocus
ShowWindow
GetSystemMetrics
EnableWindow
LoadIconA
GetClientRect
IsIconic
SendMessageA
DrawIcon
UnregisterClassA

shlwapi

PathCombineA
PathRemoveExtensionA
PathAddExtensionA
SHDeleteKeyA
PathAppendA

setupapi

SetupOpenInfFileA
SetupCloseInfFile
SetupGetLineTextA

netapi32

NetUserGetInfo
NetApiBufferFree

shell32

SHGetMalloc
SHGetPathFromIDListA
SHGetSpecialFolderLocation

comctl32

ord17

gdi32

DeleteObject
SetMapMode
RestoreDC
SaveDC
GetDeviceCaps
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
GetStockObject
SelectObject
DeleteDC
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateBitmap

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

Sections

.text
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

�
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b2c90427aa3bd2a7382dd8ce8e30913c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

05:46:6c:ad:10:af:83:77:6d:f8:7b:eb:6d:1b:a2:feCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

4d:54:c1:7c:6a:63:7a:2d:52:57:ae:aa:a9:ea:c3:e9:bc:c6:e7:14Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

user32

shlwapi

setupapi

netapi32

shell32

comctl32

gdi32

winspool.drv

Sections

.text Size: 125KB - Virtual size: 124KB

.rdata Size: 62KB - Virtual size: 62KB

.data Size: 11KB - Virtual size: 35KB

.pdata Size: 9KB - Virtual size: 9KB

� Size: 67KB - Virtual size: 67KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

05:46:6c:ad:10:af:83:77:6d:f8:7b:eb:6d:1b:a2:fe
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

4d:54:c1:7c:6a:63:7a:2d:52:57:ae:aa:a9:ea:c3:e9:bc:c6:e7:14
Signer

.text
Size: 125KB - Virtual size: 124KB

.rdata
Size: 62KB - Virtual size: 62KB

.data
Size: 11KB - Virtual size: 35KB

.pdata
Size: 9KB - Virtual size: 9KB

�
Size: 67KB - Virtual size: 67KB