0864a41ff63c9c9cfff01403769d7bab

Sharing

Copy URL

Twitter E-mail

General

Target

0864a41ff63c9c9cfff01403769d7bab
Size

18.3MB
MD5

0864a41ff63c9c9cfff01403769d7bab
SHA1

1432993476353c21b847e31ba710f2a491606359
SHA256

36e331d66538bd70b846115b2398937dda07ed621887b4ca75c91c2beeebbb58
SHA512

511afe3485d4a88c17d23a0c00bfcaae37ced68a613a060644adaef495f6f7eb922e813fc75e11f415b96d9d3b4b28c30b945839a52ea1e17e3b9487f5eaeec1
SSDEEP

49152:G5AkcFhoLXLAowHj+jyTccGbL8ZmVQ5HmYGQBdy/6Bm35z:AhXAo66jTgZmu5SQBd4Ym35z

Score

1^/10

Malware Config

Signatures

Files

0864a41ff63c9c9cfff01403769d7bab
.exe windows:4 windows x86 arch:x86

a173e0dd5bc5e9ce06610f286db35498

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:68:6c:5c:e6:79:f8:3d:7d:47:22:26:96:8e:df:2f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

30-01-2008 00:00

Not After

05-04-2011 23:59

Subject

CN=AntiSpyware LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=AntiSpyware LLC,L=Las Vegas,ST=Nevada,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

bf:ff:94:7a:e3:88:cb:8c:1a:6c:fd:14:70:08:9f:ac:4f:b0:cd:07
Signer

Actual PE Digest

bf:ff:94:7a:e3:88:cb:8c:1a:6c:fd:14:70:08:9f:ac:4f:b0:cd:07

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

tcl

Tcl_EvalEx
Tcl_DeleteClone
Tcl_GetStringResult
Tcl_DeleteInterp
Tcl_CreateCommand
Tcl_SplitList
Tcl_FreeList
Tcl_ProcCmd
Tcl_CreateInterp
Tcl_CloneInterp
Tcl_SetResult

kernel32

GetLocaleInfoA
EnumResourceLanguagesA
ConvertDefaultLocale
GetCurrentThreadId
GetCurrentThread
GlobalDeleteAtom
GetModuleFileNameW
SetThreadPriority
SuspendThread
GlobalAddAtomA
GetCurrentProcessId
lstrcmpW
GlobalFindAtomA
GlobalGetAtomNameA
GetThreadLocale
SetFilePointer
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetVolumeInformationA
GetFullPathNameA
LocalAlloc
GetPrivateProfileIntA
GetPrivateProfileStringA
InterlockedIncrement
GlobalReAlloc
GlobalHandle
LocalReAlloc
GetCurrentDirectoryA
GlobalFlags
GetCPInfo
GetOEMCP
SetErrorMode
GetTickCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
lstrcmpA
VirtualProtect
VirtualQuery
GetCommandLineA
GetStartupInfoA
ExitThread
CreateThread
SetEnvironmentVariableA
SetStdHandle
GetFileType
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
ExitProcess
RaiseException
HeapSize
GetACP
IsValidCodePage
HeapDestroy
HeapCreate
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetDriveTypeA
GetLocaleInfoW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
WriteFile
CreateFileW
CreateProcessA
SearchPathA
GetLogicalDriveStringsA
lstrcatA
ReadFile
TlsFree
TlsGetValue
TlsSetValue
TlsAlloc
ConnectNamedPipe
VirtualFree
VirtualAlloc
DisconnectNamedPipe
FlushFileBuffers
SetCurrentDirectoryA
GetFileSize
TerminateThread
CreateFileA
GetSystemTime
SystemTimeToFileTime
InterlockedDecrement
WinExec
lstrcpynA
FileTimeToLocalFileTime
GetSystemDirectoryA
FindFirstFileA
FindNextFileA
FindClose
GetTempPathA
WritePrivateProfileStringA
HeapFree
GetProcessHeap
HeapAlloc
FreeLibrary
LoadLibraryA
GetFileAttributesA
CreateNamedPipeA
GetCurrentProcess
SetLastError
GetVersionExA
GetSystemInfo
FormatMessageA
FileTimeToSystemTime
GetFileTime
TerminateProcess
ExpandEnvironmentStringsA
DeleteFileA
LocalFree
CreateDirectoryA
GetLocalTime
Sleep
InitializeCriticalSection
GetModuleFileNameA
lstrcpyA
SetConsoleScreenBufferSize
LeaveCriticalSection
GetStdHandle
EnterCriticalSection
GetConsoleScreenBufferInfo
AllocConsole
DeleteCriticalSection
FreeConsole
GlobalUnlock
ResetEvent
GlobalLock
SetEvent
WaitForSingleObject
CloseHandle
GetWindowsDirectoryA
CreateEventA
GlobalAlloc
ResumeThread
GlobalFree
MulDiv
GetProcAddress
FreeResource
GetModuleHandleA
GetEnvironmentVariableA
lstrlenA
CompareStringW
CompareStringA
GetVersion
GetLastError
MultiByteToWideChar
InterlockedExchange
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
HeapReAlloc

user32

RegisterClipboardFormatA
PostThreadMessageA
GetNextDlgGroupItem
InvalidateRgn
IsRectEmpty
CopyAcceleratorTableA
SetCapture
MessageBeep
CharNextA
SetWindowContextHelpId
MapDialogRect
DestroyMenu
InflateRect
RegisterWindowMessageA
WinHelpA
IsChild
GetClassLongA
GetClassNameA
RemovePropA
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
TrackPopupMenu
UpdateWindow
GetMenu
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
GetScrollInfo
CallWindowProcA
OffsetRect
IntersectRect
GetWindowPlacement
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetNextDlgTabItem
EndDialog
GetWindowThreadProcessId
GetLastActivePopup
SetWindowsHookExA
CallNextHookEx
GetMessageA
GetActiveWindow
IsWindowVisible
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
EnableMenuItem
CheckMenuItem
GrayStringA
DrawTextExA
TabbedTextOutA
UnhookWindowsHookEx
GetKeyState
GetFocus
SetFocus
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SendDlgItemMessageA
GetDlgItem
GetWindow
PostQuitMessage
GetMenuState
GetMenuItemID
GetMenuItemCount
LoadBitmapA
RedrawWindow
CopyIcon
GetCaretPos
SetTimer
PeekMessageA
DispatchMessageA
TranslateMessage
GetSysColorBrush
SystemParametersInfoA
SetWindowPos
GetWindowDC
ScreenToClient
ModifyMenuA
EqualRect
IsWindow
DeleteMenu
HideCaret
SendMessageA
CharUpperA
EnableWindow
GetWindowRect
GetClassInfoExA
CopyRect
PostMessageA
GetWindowLongA
KillTimer
SetWindowLongA
SetRect
GetCursorPos
LoadMenuA
SetForegroundWindow
GetSubMenu
ReleaseDC
GetParent
LoadImageA
SetWindowRgn
GetClientRect
InvalidateRect
GetDC
SetCursor
SetClassLongA
LoadCursorA
FillRect
DestroyCursor
GetSysColor
DrawEdge
DrawFocusRect
ClientToScreen
ReleaseCapture
GetCapture
WindowFromPoint
PtInRect
LoadIconA
IsIconic
DrawIcon
FindWindowA
GetDesktopWindow
ExitWindowsEx
MessageBoxA
TrackMouseEvent
GetSystemMetrics
GetWindowTextA
GetWindowTextLengthA
SendMessageCallbackA
CreateWindowExA
EndPaint
BeginPaint
SetPropA
GetDlgCtrlID
DefWindowProcA
GetPropA
UnregisterClassA
RegisterClassExA
DrawTextA

gdi32

ExtSelectClipRgn
CreatePen
CreateRectRgnIndirect
GetMapMode
DPtoLP
GetBkColor
GetTextColor
GetRgnBox
DeleteObject
GetTextExtentPoint32A
GetObjectA
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
MoveToEx
LineTo
GetClipBox
SetMapMode
RestoreDC
SaveDC
GetDIBits
CreateFontA
SetTextColor
SetBkColor
SetBkMode
CreateFontIndirectA
SelectClipRgn
ExtTextOutA
GetTextMetricsA
DeleteDC
SelectObject
GetDeviceCaps
Rectangle
GetStockObject
CreatePatternBrush
CreateCompatibleBitmap
BitBlt
StretchBlt
CombineRgn
CreateCompatibleDC
CreateBitmap
ExtCreateRegion
CreateRectRgn
CreateSolidBrush
GetCurrentObject
GetPixel
ArcTo

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

comctl32

ord17
_TrackMouseEvent

shlwapi

PathFileExistsA
UrlUnescapeA
PathIsUNCA
PathStripToRootA
PathFindFileNameA
PathFindExtensionA
SHDeleteKeyA
PathIsDirectoryA

oledlg

ord8

ole32

CoCreateInstance
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CLSIDFromString
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CLSIDFromProgID
OleUninitialize
CoTaskMemFree
CoUninitialize
CoInitializeEx
CreateStreamOnHGlobal
CoTaskMemAlloc

oleaut32

OleLoadPicture
SysFreeString
VariantClear
SysAllocString
VariantTimeToSystemTime
SystemTimeToVariantTime
VariantChangeType
VariantInit
SysStringLen
SysAllocStringByteLen
SysAllocStringLen
OleCreateFontIndirect
VariantCopy
SafeArrayDestroy

wininet

InternetSetStatusCallback
HttpOpenRequestA
InternetOpenUrlA
InternetConnectA
HttpSendRequestA
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetOpenA
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetQueryOptionA
InternetSetOptionExA
InternetQueryDataAvailable
HttpQueryInfoA
InternetCloseHandle
InternetGetLastResponseInfoA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

zlib

inflate
inflateInit2_
inflateEnd

msimg32

GradientFill

Sections

.text
Size: 744KB - Virtual size: 741KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 168KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17.4MB - Virtual size: 17.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a173e0dd5bc5e9ce06610f286db35498

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

2b:68:6c:5c:e6:79:f8:3d:7d:47:22:26:96:8e:df:2fCertificate

Extended Key Usages

Key Usages

bf:ff:94:7a:e3:88:cb:8c:1a:6c:fd:14:70:08:9f:ac:4f:b0:cd:07Signer

Headers

File Characteristics

Imports

tcl

kernel32

user32

gdi32

comdlg32

winspool.drv

comctl32

shlwapi

oledlg

ole32

oleaut32

wininet

version

zlib

msimg32

Sections

.text Size: 744KB - Virtual size: 741KB

.rdata Size: 168KB - Virtual size: 164KB

.data Size: 20KB - Virtual size: 34KB

.rsrc Size: 17.4MB - Virtual size: 17.4MB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

2b:68:6c:5c:e6:79:f8:3d:7d:47:22:26:96:8e:df:2f
Certificate

bf:ff:94:7a:e3:88:cb:8c:1a:6c:fd:14:70:08:9f:ac:4f:b0:cd:07
Signer

.text
Size: 744KB - Virtual size: 741KB

.rdata
Size: 168KB - Virtual size: 164KB

.data
Size: 20KB - Virtual size: 34KB

.rsrc
Size: 17.4MB - Virtual size: 17.4MB