f8ca902c903e6ca61d57bd69bd074d80

Sharing

Copy URL

Twitter E-mail

General

Target

f8ca902c903e6ca61d57bd69bd074d80
Size

4.0MB
MD5

f8ca902c903e6ca61d57bd69bd074d80
SHA1

01553c921aad3b700d74eebbc5a8ef3d04cb78cb
SHA256

5b96b5a1333ffee03618124fad5ee8363f48d3e80e3e75c3e684a1a228e8eff9
SHA512

3fd2133ea8e19b126270339c79050632ab20e69a3619e5d97dd6e6dbac2053cded4b274323c7e3a836c467ef2811c3e6f75f209f85b7ae43d3cfa8762b602a5f
SSDEEP

98304:JjlZcS44lJH2PGb1GFIJ4jfbYGaXIMxaV99cQrRkTlLLB:3ZcS44lJegzJ4jTYGaXBxicX

Score

1^/10

Malware Config

Signatures

Files

f8ca902c903e6ca61d57bd69bd074d80
.exe windows:5 windows x86 arch:x86

779aa7151cd0dc26d8deb97dba27b68e

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:11:99:44:22:54:83:d1:52:ee:7d:aa:24:75:48:0b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

30/04/2012, 00:00

Not After

30/04/2013, 23:59

Subject

CN=Via Advertising Group Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Via Advertising Group Limited,L=Nicosia,ST=Nicosia,C=CY

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

40:98:b6:a8:66:f5:62:ed:0b:c1:ca:65:6c:21:33:b3:05:9a:34:7d
Signer

Actual PE Digest

40:98:b6:a8:66:f5:62:ed:0b:c1:ca:65:6c:21:33:b3:05:9a:34:7d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAStartup

rpcrt4

UuidToStringW
RpcStringFreeW

shlwapi

SHDeleteValueW
PathFindFileNameW
PathRemoveExtensionW
SHSetValueW
SHDeleteKeyW
SHGetValueW

user32

SetWindowLongW
CreateWindowExW
GetSystemMetrics
LoadIconW
PostQuitMessage
PtInRect
GetWindowLongW
MapWindowPoints
DefWindowProcW
GetMessageW
TranslateMessage
RegisterClassExW
ShowWindow
FindWindowExW
MessageBoxIndirectW
SendMessageW
GetWindowThreadProcessId
GetShellWindow
LoadCursorW
GetWindowRect
DispatchMessageW

kernel32

GetStringTypeW
HeapReAlloc
RtlUnwind
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
HeapCreate
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
IsProcessorFeaturePresent
LCMapStringW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
InterlockedIncrement
GetCPInfo
GetTimeZoneInformation
GetStdHandle
HeapSize
IsDebuggerPresent
CreateProcessW
HeapAlloc
HeapFree
GetProcessHeap
OpenProcess
GetLastError
SetLastError
GetProcAddress
GetModuleHandleA
CloseHandle
GetCurrentProcessId
FindResourceA
FreeResource
LoadResource
MoveFileExW
GetTickCount
VirtualFree
LoadLibraryW
SizeofResource
CreateFileW
GetTempPathW
VirtualAlloc
LockResource
LocalFree
GetModuleHandleW
Sleep
DeleteCriticalSection
CopyFileW
DeleteFileW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
ExitProcess
CreateMutexW
MapViewOfFile
UnmapViewOfFile
SetEvent
OpenFileMappingW
OpenEventW
ReleaseMutex
GetVersionExW
GetModuleFileNameW
GetFileSize
FindFirstFileW
SetFilePointer
VirtualQuery
FreeLibrary
WideCharToMultiByte
ReadFile
MultiByteToWideChar
FindClose
RemoveDirectoryW
FindNextFileW
InterlockedDecrement
GetVersion
FindResourceW
GetCurrentThreadId
SetStdHandle
WriteConsoleW
FlushFileBuffers
CompareStringW
SetEnvironmentVariableA
InterlockedExchange
LoadLibraryA
RaiseException
CreateDirectoryW
WriteFile
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoW
HeapSetInformation
GetCommandLineA
GetSystemTimeAsFileTime
DecodePointer
LocalAlloc
EncodePointer

advapi32

SetEntriesInAclW
SetSecurityInfo
AllocateAndInitializeSid
GetSecurityInfo
DuplicateTokenEx
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
FreeSid

shell32

SHGetSpecialFolderPathW
ShellExecuteW

ole32

CoInitializeEx
CoCreateGuid
CoCreateInstance

oleaut32

VariantClear
VariantInit
SysAllocString
SysFreeString

Sections

.text
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

779aa7151cd0dc26d8deb97dba27b68e

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

54:11:99:44:22:54:83:d1:52:ee:7d:aa:24:75:48:0bCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

40:98:b6:a8:66:f5:62:ed:0b:c1:ca:65:6c:21:33:b3:05:9a:34:7dSigner

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

rpcrt4

shlwapi

user32

kernel32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 89KB - Virtual size: 89KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 5KB - Virtual size: 14KB

.rsrc Size: 3.8MB - Virtual size: 3.8MB

.reloc Size: 18KB - Virtual size: 18KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

54:11:99:44:22:54:83:d1:52:ee:7d:aa:24:75:48:0b
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

40:98:b6:a8:66:f5:62:ed:0b:c1:ca:65:6c:21:33:b3:05:9a:34:7d
Signer

.text
Size: 89KB - Virtual size: 89KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 5KB - Virtual size: 14KB

.rsrc
Size: 3.8MB - Virtual size: 3.8MB

.reloc
Size: 18KB - Virtual size: 18KB