fda5bbdf764433bd2975ec985cbf126d

Sharing

Copy URL

Twitter E-mail

General

Target

fda5bbdf764433bd2975ec985cbf126d
Size

170KB
MD5

fda5bbdf764433bd2975ec985cbf126d
SHA1

be5f50ce30aaa975c561ab0b5dcfed274b78c9c8
SHA256

5b79def214935c9ffde7a6910172aac0754eadcdfde71fbcc6931666289cef63
SHA512

994b8855c7081e50f8d2d628ee0aa5e515fef12ed24db47166416e68bb96c7b00728b8b4820b7d164651bc351db29775fb4940ca375f6779419247d8fd672abc
SSDEEP

3072:gcjbxcTHmyg7UK0wbyj+lMZuybXFS9JoNCG+ajcqeFCpBUcaudEGJVgIk:16ay+0wbyRLYu/rjzeFqWzudEGJVg3

Score

1^/10

Malware Config

Signatures

Files

fda5bbdf764433bd2975ec985cbf126d
.exe windows:4 windows x86 arch:x86

9141afdb9e16a6388b987f03c5e31000

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

75:e8:09:36:1d:af:be:7b:d7:2e:0e:5b:b7:65:95:52
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

11-02-2009 00:00

Not After

11-02-2012 23:59

Subject

CN=Avira GmbH,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Development 2009,O=Avira GmbH,L=Tettnang,ST=Baden-Wuerttemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscms

GetPS2ColorRenderingIntent
CreateProfileFromLogColorSpaceW
GetStandardColorSpaceProfileW
AssociateColorProfileWithDeviceA
CloseColorProfile
UnregisterCMMW
GetColorProfileFromHandle
UninstallColorProfileA
SetColorProfileElementReference
AssociateColorProfileWithDeviceW
InstallColorProfileA
RegisterCMMA

dbnetlib

ConnectionOpenW
ConnectionGetSvrUser
GenClientContext
ConnectionServerEnum
ConnectionErrorW

dhcpsapi

DhcpAddSubnetElementV5
DhcpEnumClasses
DhcpGetOptionInfoV5
DhcpEnumOptionsV5
DhcpDeleteClientInfo
DhcpAuditLogSetParams
DhcpGetServerBindingInfo
DhcpEnumMScopeElements
DhcpRemoveSubnetElementV5
DhcpAddSubnetElement
DhcpSetClientInfoV4
DhcpServerGetConfig
DhcpServerQueryDnsRegCredentials
DhcpAddMScopeElement
DhcpGetClassInfo
DhcpDeleteClass

uniplat

StopMonitoringHandle
UnimodemDeviceIoControlEx
UmPlatformDeinitialize

scrrun

DLLGetDocumentation

wmi

WmiQueryGuidInformation
WmiMofEnumerateResourcesW
WmiEnumerateGuids
CloseTrace
WmiMofEnumerateResourcesA
OpenTraceA
GetTraceEnableLevel
QueryAllTracesW

kbdca

KbdLayerDescriptor

shimeng

SE_DllLoaded

stobject

DllGetClassObject
DllCanUnloadNow

winscard

SCardState
SCardConnectA
SCardReleaseContext
SCardDisconnect
SCardStatusA
SCardIntroduceReaderGroupW

ntdll

ZwSetThreadExecutionState
RtlGetCurrentPeb
NtReleaseKeyedEvent
NtSaveKeyEx
NtFsControlFile
ZwQueryPortInformationProcess
ZwDebugContinue
RtlAddAccessAllowedAce
NtOpenSemaphore
RtlDowncaseUnicodeString
RtlDetermineDosPathNameType_U
NtCompleteConnectPort
strncat
_wtoi
RtlDeNormalizeProcessParams
RtlUpcaseUnicodeToMultiByteN
RtlDeleteSecurityObject
RtlpNtEnumerateSubKey
NtClearEvent
ZwSetInformationJobObject
NtCompareTokens
RtlCreateTimerQueue
RtlUnwind
_wcsnicmp
ZwSetHighEventPair
ZwMapViewOfSection
RtlAllocateAndInitializeSid
ZwSetVolumeInformationFile
iswxdigit
NtQueryPortInformationProcess
_vsnwprintf
_strnicmp
RtlCopyLuidAndAttributesArray
RtlIpv4AddressToStringA
NtRemoveIoCompletion
RtlFirstEntrySList
RtlGetSecurityDescriptorRMControl
NtAcceptConnectPort
RtlZeroHeap
RtlUpperChar
RtlDecompressBuffer
ZwSetSystemEnvironmentValueEx
NtWriteVirtualMemory
ZwAllocateLocallyUniqueId
NtSecureConnectPort
NtSetBootEntryOrder
RtlUnicodeStringToAnsiString
DbgBreakPoint
ZwAccessCheckByTypeResultListAndAuditAlarm
NtCreateDebugObject
NtRaiseException
NtSystemDebugControl
_snprintf
RtlEraseUnicodeString
ZwOpenJobObject
NtUnlockFile
_wcsicmp
NtSetSystemTime
NtDeviceIoControlFile
NtFindAtom
ZwQuerySystemEnvironmentValueEx
ZwSaveMergedKeys
LdrUnloadAlternateResourceModule
ZwLockVirtualMemory
NtQueryInformationFile
NtWriteRequestData
_memicmp
NtQueryEaFile
RtlQueueApcWow64Thread
RtlInitUnicodeString
DbgUiDebugActiveProcess
RtlIpv6StringToAddressW
RtlAppendUnicodeToString
RtlIpv4AddressToStringW
RtlCopySecurityDescriptor
NtInitializeRegistry
NtQueryInformationAtom
RtlUpcaseUnicodeToCustomCPN
RtlSetTimer
ZwAddBootEntry
NtWriteFileGather
RtlImageRvaToSection
RtlReleaseActivationContext
RtlHashUnicodeString
_i64tow
NtQuerySecurityObject
RtlLargeIntegerToChar
RtlConvertSharedToExclusive
memcpy
RtlpUnWaitCriticalSection
RtlTraceDatabaseCreate
RtlpApplyLengthFunction
wcscmp
RtlOpenCurrentUser
ZwFreeUserPhysicalPages
ZwOpenDirectoryObject
RtlCreateRegistryKey
ZwRenameKey
NtSetValueKey
NtCreateKey
__iscsymf
RtlPinAtomInAtomTable
RtlFindClearRuns
NtReplyWaitReceivePortEx
RtlSetCurrentEnvironment
NtFreeVirtualMemory
_wcsupr
vDbgPrintExWithPrefix
DbgQueryDebugFilterState
ZwCreateSymbolicLinkObject
NtSetUuidSeed
RtlRaiseStatus
RtlInt64ToUnicodeString
NtPowerInformation
RtlRemoveVectoredExceptionHandler
RtlQueryProcessLockInformation
_fltused
NtOpenJobObject
NtDeleteKey
NtWaitHighEventPair
ZwGetContextThread
ZwLockRegistryKey
RtlSetHeapInformation
RtlGetActiveActivationContext
RtlFindLeastSignificantBit
DbgUiConnectToDbg
RtlAcquireResourceShared
ZwAllocateVirtualMemory
ZwCompactKeys
RtlTraceDatabaseUnlock
ZwSetValueKey
RtlLookupElementGenericTableAvl
PfxFindPrefix
ZwCompressKey
RtlSetSecurityObject
RtlGetLastWin32Error
RtlSeekMemoryStream
RtlAreAnyAccessesGranted
RtlVerifyVersionInfo
RtlFindCharInUnicodeString
RtlLookupAtomInAtomTable
NtDeleteObjectAuditAlarm
ZwFindAtom
RtlUnicodeStringToOemSize
NtLockFile
ZwAdjustPrivilegesToken
NtQueryDebugFilterState
LdrFindResource_U
wcsncat
RtlInitializeAtomPackage
NtQueryDefaultLocale
ZwReadFile
NtTraceEvent
NtQueryQuotaInformationFile
RtlUnlockBootStatusData
RtlComputeImportTableHash
ZwMapUserPhysicalPagesScatter
ZwSetLdtEntries
RtlFormatCurrentUserKeyPath
strpbrk
NtQueryBootOptions
ZwLockFile
NtCreateMailslotFile
RtlNumberGenericTableElementsAvl
ZwDuplicateObject
RtlDestroyEnvironment
ZwWaitHighEventPair
RtlFlushSecureMemoryCache
NtWaitForKeyedEvent
ZwRemoveIoCompletion
RtlAddressInSectionTable
ZwDebugActiveProcess
NtProtectVirtualMemory
RtlInitializeSListHead
ZwRequestPort
NtReplyWaitReplyPort
wcsncpy
ZwCompleteConnectPort
RtlFreeOemString
RtlDeactivateActivationContextUnsafeFast
RtlInitializeCriticalSection
ZwDisplayString
NtReplyWaitReceivePort
RtlSetUserValueHeap
RtlReAllocateHeap
RtlInitAnsiString
NtReplyPort
RtlUnicodeToMultiByteN
ZwCreateJobSet
NtQueryPerformanceCounter
RtlComputePrivatizedDllName_U
__iscsym
RtlValidateUnicodeString
RtlFindMessage
RtlAddAccessDeniedAce
LdrVerifyImageMatchesChecksum
isxdigit
LdrShutdownProcess
RtlxUnicodeStringToOemSize
ZwOpenProcessTokenEx
RtlSelfRelativeToAbsoluteSD
ZwDuplicateToken
RtlDeleteAce

iassvcs

DllGetClassObject
IASReportEvent

sendmail

DllCanUnloadNow
DllGetClassObject

qdv

DllUnregisterServer
DllGetClassObject
DllCanUnloadNow
DllRegisterServer

kernel32

lstrcmpiW
FindFirstFileExW
CreateMemoryResourceNotification
DefineDosDeviceA
SetFileShortNameW
CreateSocketHandle
_lopen
SetLastConsoleEventActive
GetDriveTypeA
IsValidLocale
FileTimeToLocalFileTime
SwitchToFiber
GetProcAddress
FreeResource
WTSGetActiveConsoleSessionId
GetConsoleCursorMode
EnumDateFormatsA
InterlockedExchangeAdd
WriteProfileStringA
CreateFileMappingA
ReplaceFileA
GetConsoleOutputCP
DefineDosDeviceW
SetCriticalSectionSpinCount
lstrcpyA
SetConsoleCursor
SetConsoleWindowInfo
RestoreLastError
GetPrivateProfileSectionA
SetHandleContext
WritePrivateProfileSectionA
SetConsoleTextAttribute
HeapAlloc
GetTempPathA
lstrcpy
GetDiskFreeSpaceExW
lstrcatA
GetComPlusPackageInstallStatus
_lwrite
OpenEventA
GetPrivateProfileStructW
lstrlenA
EnumDateFormatsExA
GetCommandLineA
SetFileApisToANSI
IsProcessorFeaturePresent
SetComputerNameExW
CreateNamedPipeA
LZOpenFileW
GetLocaleInfoA
_hwrite
GetSystemInfo
BaseUpdateAppcompatCache
VerifyConsoleIoHandle
CallNamedPipeW
GetExpandedNameA
HeapSize
GetTapeStatus
CreateDirectoryW
SetFileApisToOEM
PeekConsoleInputA
GetSystemPowerStatus
IsBadStringPtrA
LZInit
SetConsoleCursorMode

user32

ChangeDisplaySettingsExA
UnlockWindowStation
EqualRect
GetRawInputDeviceInfoA
InsertMenuItemW
IsIconic
ShowScrollBar
IsGUIThread
IsRectEmpty
GetMouseMovePointsEx
SendIMEMessageExW
ToAscii
CharPrevW
LoadStringW
GetLastInputInfo
GetUserObjectInformationW
ReuseDDElParam
ReasonCodeNeedsBugID
GetAppCompatFlags
DestroyMenu
DdeSetUserHandle
MapVirtualKeyA
CreateIconFromResourceEx
CallNextHookEx
DrawCaptionTempA
ActivateKeyboardLayout
CreateIcon
DefWindowProcW
DrawIcon
CloseDesktop
CreateCaret
GetActiveWindow
DdeCmpStringHandles
AlignRects
GetDCEx
OemToCharBuffA
GetComboBoxInfo
RegisterHotKey
MapWindowPoints
DestroyCaret
DrawCaptionTempW
GetUpdateRect
UserHandleGrantAccess
PrintWindow
GetWindowRgnBox
DdeConnectList
NotifyWinEvent
SoftModalMessageBox
BeginDeferWindowPos
UnregisterClassW
ScrollChildren
HideCaret
PrivateExtractIconsW
SetDebugErrorLevel
DdeDisconnectList
GetMonitorInfoA
MessageBoxIndirectA
GetOpenClipboardWindow
SetWinEventHook
GetWindowLongA
SendDlgItemMessageA
GetGUIThreadInfo
EnableMenuItem
CreateDesktopA
GetWindowTextW
GetPropW
InSendMessage
EnumThreadWindows
GetClassInfoExW
SetProcessDefaultLayout

msoert2

PszMonthFromIndex
HrFindInetTimeZone
PVGetCertificateParam
FIsSpaceA
PszAllocA
CchFileTimeToDateTimeSz
BrowseForFolderW
MessageBoxInst
RicheditStreamOut
HrCopyStream
PszToUnicode
PszDayFromIndex
StripCRLF
AppendTempFileList
HrBSTRToLPSZ
FIsEmptyA
CryptFreeFunc

Sections

.AQVZuQ
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.eNvVD
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.Sn
Size: 3KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.SCp
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vCso
Size: 10KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xdJZQq
Size: 91KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9141afdb9e16a6388b987f03c5e31000

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

75:e8:09:36:1d:af:be:7b:d7:2e:0e:5b:b7:65:95:52Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

mscms

dbnetlib

dhcpsapi

uniplat

scrrun

wmi

kbdca

shimeng

stobject

winscard

ntdll

iassvcs

sendmail

qdv

kernel32

user32

msoert2

Sections

.AQVZuQ Size: 1KB - Virtual size: 1KB

.eNvVD Size: 20KB - Virtual size: 19KB

.Sn Size: 3KB - Virtual size: 39KB

.SCp Size: 13KB - Virtual size: 12KB

.vCso Size: 10KB - Virtual size: 46KB

.xdJZQq Size: 91KB - Virtual size: 154KB

.rsrc Size: 19KB - Virtual size: 19KB

.reloc Size: 3KB - Virtual size: 4KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

75:e8:09:36:1d:af:be:7b:d7:2e:0e:5b:b7:65:95:52
Certificate

.AQVZuQ
Size: 1KB - Virtual size: 1KB

.eNvVD
Size: 20KB - Virtual size: 19KB

.Sn
Size: 3KB - Virtual size: 39KB

.SCp
Size: 13KB - Virtual size: 12KB

.vCso
Size: 10KB - Virtual size: 46KB

.xdJZQq
Size: 91KB - Virtual size: 154KB

.rsrc
Size: 19KB - Virtual size: 19KB

.reloc
Size: 3KB - Virtual size: 4KB