0c5239b81ffc25fd6b3ac41af53f90af

Sharing

Copy URL Twitter E-mail

General

Target

0c5239b81ffc25fd6b3ac41af53f90af
Size

876KB
MD5

0c5239b81ffc25fd6b3ac41af53f90af
SHA1

b2801aa57eacb3424dd1b8ad5ebfc2eca937c89c
SHA256

9395003919820a76ade5aa0ff3903b77f90a243df787e04c986017a152db8e9b
SHA512

eb0ebde993b1b5734af0d54246c7e71ab2ec857bf6f2684455db5c5212a1fc25804cd24b1425287602ebb0c6cb3462fc8e09213d9f09bab0e68f0ddb205454d8
SSDEEP

24576:c/SXUdZ7Oz4eWjVOdhrCh7V7ErSAAzXY6FKd:coUDTeWjarQEeAAzk

Score

1^/10

Malware Config

Signatures

Files

0c5239b81ffc25fd6b3ac41af53f90af
.exe windows:4 windows x86 arch:x86

0b8f8a718ab43ac7628578b8857dfb98

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

3d:49:cd:33:c1:1e:6c:1b:ba:e2:97:1e:37:76:c7:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

01/02/2008, 00:00

Not After

31/01/2009, 23:59

Subject

CN=InstallProvider Inc.,O=InstallProvider Inc.,POSTALCODE=DM,STREET=15 Cornwall Street,L=Roseau,ST=Dominica,C=DM

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHRegEnumUSKeyA
UrlGetLocationA
UrlCombineA
SHAutoComplete
StrChrIA
AssocQueryStringA
SHCreateStreamWrapper
PathStripToRootA
PathFindOnPathA
SHRegOpenUSKeyA
SHIsLowMemoryMachine
PathIsFileSpecA
UrlIsOpaqueA
PathAppendA
SHRegWriteUSValueA
PathFileExistsA
SHRegCreateUSKeyA
StrSpnA
PathQuoteSpacesA
SHDeleteValueA
StrToIntExA
StrIsIntlEqualA
HashData
PathGetDriveNumberA
StrCSpnA
PathSearchAndQualifyA
PathMakePrettyA
StrRChrIA
ColorHLSToRGB
PathCommonPrefixA

kernel32

ContinueDebugEvent
FileTimeToLocalFileTime
WinExec
PeekNamedPipe
GetAtomNameA
SetConsoleOutputCP
GlobalUnWire
WaitForMultipleObjects
LocalUnlock
PurgeComm
QueryPerformanceCounter
GetSystemPowerStatus
FoldStringA
HeapUnlock
SearchPathA
WaitForSingleObject
DeleteAtom
GetCurrentProcessId
GetTimeZoneInformation
GetPrivateProfileSectionNamesA
GlobalCompact
SetSystemTime
FindCloseChangeNotification
SetConsoleTextAttribute
SetMailslotInfo
SetVolumeLabelA
SetEvent
SetCommMask
SetNamedPipeHandleState
IsBadHugeReadPtr
SetFileApisToOEM
FindAtomA
FlushConsoleInputBuffer
GetNumberOfConsoleMouseButtons
CancelIo
VirtualLock
lstrcpy
ReadConsoleA
RequestDeviceWakeup
InitializeCriticalSection
GetCommModemStatus
GetProfileIntA
MulDiv
Heap32First
VirtualFree
ExpandEnvironmentStringsA
SystemTimeToTzSpecificLocalTime
Module32First
GetDiskFreeSpaceA
AddAtomA
GlobalReAlloc
_lread
LockFileEx
GetCommConfig
SetStdHandle
WaitCommEvent
TlsSetValue
TerminateThread
IsBadWritePtr
BuildCommDCBA

user32

SetProcessWindowStation

Sections

.stkt
Size: 638KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.lcxk
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edg
Size: 19KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dozc
Size: 512B - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qnchu
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pcj
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qpw
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.nmbax
Size: 48KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dcbct
Size: 132KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0b8f8a718ab43ac7628578b8857dfb98

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

3d:49:cd:33:c1:1e:6c:1b:ba:e2:97:1e:37:76:c7:0bCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

shlwapi

kernel32

user32

Sections

.stkt Size: 638KB - Virtual size: 1.3MB

.lcxk Size: 6KB - Virtual size: 8KB

.edg Size: 19KB - Virtual size: 27KB

.dozc Size: 512B - Virtual size: 21KB

.qnchu Size: 6KB - Virtual size: 15KB

.pcj Size: 512B - Virtual size: 56B

.qpw Size: 512B - Virtual size: 24B

.nmbax Size: 48KB - Virtual size: 77KB

.dcbct Size: 132KB - Virtual size: 1.7MB

.rsrc Size: 18KB - Virtual size: 20KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

3d:49:cd:33:c1:1e:6c:1b:ba:e2:97:1e:37:76:c7:0b
Certificate

.stkt
Size: 638KB - Virtual size: 1.3MB

.lcxk
Size: 6KB - Virtual size: 8KB

.edg
Size: 19KB - Virtual size: 27KB

.dozc
Size: 512B - Virtual size: 21KB

.qnchu
Size: 6KB - Virtual size: 15KB

.pcj
Size: 512B - Virtual size: 56B

.qpw
Size: 512B - Virtual size: 24B

.nmbax
Size: 48KB - Virtual size: 77KB

.dcbct
Size: 132KB - Virtual size: 1.7MB

.rsrc
Size: 18KB - Virtual size: 20KB