034949b5c37c1647adbe3cac6ddb2cef

Sharing

Copy URL Twitter E-mail

General

Target

034949b5c37c1647adbe3cac6ddb2cef
Size

461KB
MD5

034949b5c37c1647adbe3cac6ddb2cef
SHA1

f0f6b8d87ab0bae9fe419ac5c5c7b4201457e195
SHA256

8c672c6c7d59d5397df4086c08c5869f8341a2d9926fb1757c5a5af8617f2d48
SHA512

a8955746f6d95aa16487b083eb457130f8ec422c5ce6a1a71f47488548448ba0f00517c5e3d9a5afaf69b9505b661cca9098792f1d3981274d40293b9c81a6d5
SSDEEP

6144:Yv49pz9cdrd77QUf9d9pTUEe3otMh4zzkY2h+lJmk3GbM98OtwEmEGInRXNl/OYp:2M6Jn1d9NQ3064PlTJ7L9QUn/lj/zTJ

Score

1^/10

Malware Config

Signatures

Files

034949b5c37c1647adbe3cac6ddb2cef
.exe windows:5 windows x86 arch:x86

50c0a4699493584e6fd1c146c36e6686

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4f:ea:b5:57:30:a7:55:a4:56:fe:6c:18:a4:79:1c:1a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

19/05/2009, 00:00

Not After

19/05/2011, 23:59

Subject

CN=Pinball Corporation.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Pinball Corporation.,L=Bellevue,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

e8:32:c5:04:9b:00:99:96:db:a9:a9:2f:1b:4a:4e:bf:19:f0:6c:d7
Signer

Actual PE Digest

e8:32:c5:04:9b:00:99:96:db:a9:a9:2f:1b:4a:4e:bf:19:f0:6c:d7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessHeap
HeapFree
ReadProcessMemory
SetFilePointer
GetModuleFileNameA
VirtualProtect
VirtualQuery
VirtualFree
VirtualAlloc
GetCurrentProcess
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
MulDiv
lstrcpyA
CreateEventA
CreateThread
CloseHandle
GetModuleHandleA
SetEvent
GetTickCount
WaitForSingleObject
WideCharToMultiByte
Sleep
FindResourceExA
FindResourceA
HeapAlloc
TerminateThread
ReadFile
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
SetStdHandle
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
InitializeCriticalSectionAndSpinCount
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
CreateFileA
DeleteFileA
GetCurrentProcessId
OpenMutexA
CreateMutexA
GetLastError
GetCommandLineA
GetModuleFileNameW
InterlockedDecrement
InterlockedIncrement
GetCurrentThreadId
MultiByteToWideChar
LoadResource
LockResource
SizeofResource
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapCreate
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemInfo
GetStartupInfoA
ExitProcess
GetModuleHandleW
RtlUnwind
IsProcessorFeaturePresent
InterlockedCompareExchange
HeapSize
HeapDestroy
LocalAlloc
SetErrorMode
GetDriveTypeA
GetComputerNameA
GetProcessTimes
DosDateTimeToFileTime
TerminateProcess
MoveFileExA
GetTempFileNameA
CreateProcessA
GetExitCodeProcess
CreateToolhelp32Snapshot
Module32First
GetVolumeInformationA
GetLocaleInfoA
GetComputerNameExA
CreateDirectoryA
OpenProcess
GetStdHandle
FreeConsole
AttachConsole
WriteConsoleA
Process32First
Process32Next
GetSystemDirectoryA
GetWindowsDirectoryA
GetTempPathA
GetVersionExA
GetShortPathNameA
FormatMessageA
EnterCriticalSection
LeaveCriticalSection
lstrlenA
lstrlenW
FlushInstructionCache
lstrcmpA
SetLastError
GetSystemTimeAsFileTime
SystemTimeToFileTime
GetLocalTime
GetSystemTime
HeapReAlloc
WaitForMultipleObjectsEx
ResumeThread
ReleaseMutex
WriteFile
FileTimeToSystemTime
GetVersion
GetFileSize
GetCurrentDirectoryA
OutputDebugStringA
GetExitCodeThread
FreeLibrary
GetProcAddress
LoadLibraryA
DeviceIoControl
LocalFree

user32

GetWindowLongA
ReleaseDC
SetRect
GetDC
SystemParametersInfoA
GetWindowRect
DefWindowProcA
SetWindowLongA
FindWindowExA
SendMessageA
PostMessageA
RedrawWindow
ReleaseCapture
SetWindowPos
GetCursorPos
SetCursor
PtInRect
ScreenToClient
GetFocus
GetParent
EnumWindows
GetWindowThreadProcessId
GetClassNameA
GetClientRect
GetWindowTextA
CreateDialogParamA
GetDesktopWindow
SetDlgItemTextA
UnregisterClassA
PostThreadMessageA
IsWindow
GetClassInfoExA
RegisterClassExA
BeginPaint
FillRect
DrawTextA
EndPaint
SetCapture
MessageBoxA
GetMessageA
TranslateMessage
DispatchMessageA
DestroyWindow
LoadCursorA
RegisterClassA
CreateWindowExA
ShowWindow
UpdateWindow
GetSystemMenu
EnableMenuItem
GetSysColorBrush
FrameRect
MoveWindow
GetSysColor
LoadImageA
GetSystemMetrics
CharNextA
ClientToScreen
InvalidateRect
InvalidateRgn
IsChild
GetDlgItem
CallWindowProcA
DestroyAcceleratorTable
SetFocus
GetWindow
CreateAcceleratorTableA
SetWindowTextA
GetWindowTextLengthA
RegisterWindowMessageA
AttachThreadInput
GetForegroundWindow
FindWindowA
InflateRect
SetTimer
KillTimer
BringWindowToTop
SetForegroundWindow

gdi32

CreateSolidBrush
GetDeviceCaps
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
CreateFontIndirectA
SetBkMode
SetTextColor
PatBlt
BitBlt
DeleteObject
DeleteDC
GetObjectA
GetStockObject

advapi32

RegQueryValueExA
CryptDestroyKey
CryptDestroyHash
CryptReleaseContext
CryptAcquireContextA
CryptHashData
CryptVerifySignatureA
CryptImportKey
CryptCreateHash
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegEnumKeyExA
RegSetValueExA
OpenProcessToken
DuplicateTokenEx
ConvertSidToStringSidA
LookupAccountNameA

ole32

CLSIDFromString
CoCreateGuid
CoSetProxyBlanket
CoInitializeSecurity
CoInitialize
CLSIDFromProgID
CoGetClassObject
CoTaskMemAlloc
StringFromGUID2
OleInitialize
OleUninitialize
CoUninitialize
CoInitializeEx
CreateStreamOnHGlobal
OleLockRunning
CoCreateInstance

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
VariantChangeType
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
SysStringByteLen
SysAllocStringByteLen
SysAllocString
VariantClear
VariantInit
SysStringLen
OleLoadPicture
SysAllocStringLen
SysFreeString

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

shlwapi

PathRemoveArgsA
UrlEscapeA
PathAddExtensionA
PathAppendA
PathQuoteSpacesA
PathFileExistsA
PathCombineA
PathStripPathA
PathRemoveExtensionA
PathFindExtensionA
PathUnquoteSpacesA
PathStripToRootA

ws2_32

WSACreateEvent
WSARecv
closesocket
WSASocketA
WSAEventSelect
WSASetEvent
WSACleanup
freeaddrinfo
getaddrinfo
WSASetLastError
WSACloseEvent
WSAEnumNetworkEvents
WSAGetLastError
WSAResetEvent
WSAStartup
WSASend
WSAGetOverlappedResult
WSAConnect

Sections

.text
Size: 289KB - Virtual size: 289KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.crepe
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

50c0a4699493584e6fd1c146c36e6686

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

4f:ea:b5:57:30:a7:55:a4:56:fe:6c:18:a4:79:1c:1aCertificate

Extended Key Usages

Key Usages

e8:32:c5:04:9b:00:99:96:db:a9:a9:2f:1b:4a:4e:bf:19:f0:6c:d7Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

version

shlwapi

ws2_32

Sections

.text Size: 289KB - Virtual size: 289KB

.crepe Size: 5KB - Virtual size: 5KB

.rdata Size: 68KB - Virtual size: 68KB

.data Size: 26KB - Virtual size: 36KB

.rsrc Size: 66KB - Virtual size: 66KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

4f:ea:b5:57:30:a7:55:a4:56:fe:6c:18:a4:79:1c:1a
Certificate

e8:32:c5:04:9b:00:99:96:db:a9:a9:2f:1b:4a:4e:bf:19:f0:6c:d7
Signer

.text
Size: 289KB - Virtual size: 289KB

.crepe
Size: 5KB - Virtual size: 5KB

.rdata
Size: 68KB - Virtual size: 68KB

.data
Size: 26KB - Virtual size: 36KB

.rsrc
Size: 66KB - Virtual size: 66KB