0e1e2685017adb87638bfd48612369ec

Sharing

Copy URL Twitter E-mail

General

Target

0e1e2685017adb87638bfd48612369ec
Size

278KB
MD5

0e1e2685017adb87638bfd48612369ec
SHA1

34f1ffc325dfce92ba056856401b12bf1647b35d
SHA256

66cb76fa5fcb03db5a805fb10505c74a5e5fa7145864f7a42b69c617d84f0c69
SHA512

db04008cd8bc106f597f2000b4f3f135252b069ed1ce009064c02357a359f70d27818cc76fbcd8568ed5283e2d8227d8c96eac30305e817d7b673d18d611ca07
SSDEEP

6144:760imrV9JwTI4EDAvNf2siQ4U2jNBh3yloxiag:77imzJUI/DCNNBOBCltF

Score

1^/10

Malware Config

Signatures

Files

0e1e2685017adb87638bfd48612369ec
.exe windows:4 windows x86 arch:x86

1c582aa2062764f3c39d7e5fe7fe78cd

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

22:5c:8b:52:64:05:84:16:3e:c1:83:50:17:de:d7:81
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

30/01/2007, 00:00

Not After

15/02/2008, 23:59

Subject

CN=Trend Micro\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=RD,O=Trend Micro\, Inc.,L=Taipei,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MulDiv
GetSystemDefaultLCID
GetCurrentThreadId
GetExpandedNameA
lstrlen
lstrcpyW
GetNumberFormatW
GlobalFindAtomA
LoadResource
GlobalGetAtomNameA
SetUnhandledExceptionFilter
OpenFile
GetEnvironmentStringsA
FatalAppExitA
GetTempFileNameA
CreateMutexW
GetCalendarInfoW
CreatePipe
SetCalendarInfoW
GetShortPathNameW
FileTimeToDosDateTime
SystemTimeToFileTime
GetExpandedNameW
GetExitCodeProcess
GetModuleHandleW
lstrcpynW
GetAtomNameA
FileTimeToLocalFileTime
IsBadStringPtrW
FileTimeToSystemTime
GetFileAttributesA
GetSystemInfo
DuplicateHandle
GetTempPathA
GetModuleHandleA
GlobalFindAtomW
GetCurrentDirectoryW
GetProcAddress
CopyFileExW
GetExitCodeThread
GetThreadLocale
GetLastError
SetComputerNameW
MoveFileA
SetCurrentDirectoryW
GetProcessHeap
DisconnectNamedPipe
lstrcmp
GetAtomNameW
FatalAppExitW
FindAtomW
GetDiskFreeSpaceW
OpenWaitableTimerW
lstrcatA
GetUserDefaultLangID
EnumCalendarInfoW
EnumDateFormatsW
GlobalGetAtomNameW
CreateDirectoryW
GetVolumeInformationA
GetVersion
GetHandleInformation
CreateMailslotW
BeginUpdateResourceW
GetUserDefaultLCID
GetSystemDefaultLangID
RemoveDirectoryW
GetLongPathNameA
OpenEventW
GlobalAlloc
IsBadCodePtr
lstrcpy
GetWindowsDirectoryW
SleepEx
CompareFileTime
GetStartupInfoA
ReadDirectoryChangesW
IsBadStringPtrA
MultiByteToWideChar
HeapCreate
GetNumberFormatA
GetShortPathNameA
AddAtomW
lstrcpyA
FindResourceA
RaiseException
CreateNamedPipeA
AddAtomA
GetEnvironmentVariableW
GetTempPathW
GetModuleFileNameW
ReplaceFileW
SetComputerNameA
GetModuleFileNameA
SetLocaleInfoW
LoadLibraryA
GetLongPathNameW
GetFullPathNameA
EnumTimeFormatsA
WinExec

user32

GetDCEx
LoadMenuA
CheckMenuItem
MessageBoxA
CreateAcceleratorTableW
GetDlgItemTextA
SetMenu
GetClassInfoExA
IsWindow
GetCursorPos
GetSubMenu
DialogBoxIndirectParamW
EndDialog
CreateDesktopW
MonitorFromRect
CreateWindowExW
CreateDialogIndirectParamA
CreateAcceleratorTableA
InsertMenuItemA
CharUpperA
PostQuitMessage
SetParent
LoadImageW
CopyRect
ShowCursor
SendDlgItemMessageA
LoadCursorW
UnregisterClassW
SetWindowLongW
wvsprintfW
CharPrevA
FindWindowA
CreateDialogParamA
DestroyCursor
wvsprintfA
SetWindowRgn
InsertMenuA
PeekMessageA
GetCapture
SetCursorPos
MonitorFromPoint
GetMenuItemID
MessageBoxIndirectW
DialogBoxIndirectParamA
GetScrollPos
GetMenuItemInfoA
MonitorFromWindow
GetMessageA
GetCaretPos
MoveWindow
GetIconInfo
GetMenuItemCount
GetWindowRgn
GetForegroundWindow
CharNextW
CreateMenu
GetClassInfoA
SetActiveWindow
GetMenuItemInfoW
CharLowerA
LoadMenuIndirectW
EnumWindows
WaitForInputIdle
CreateDesktopA
SetWindowTextA
CreateDialogParamW
RegisterClassA
MessageBoxIndirectA
GetSysColorBrush
GetMenuItemRect
GetKeyboardType
RegisterWindowMessageA
SetDlgItemInt
GetMenuState
IsChild
CharNextA
OpenClipboard
GetMenuStringA
RemoveMenu
SetDlgItemTextW
EndMenu
RegisterClassW
CreateWindowExA
CopyIcon
GetDlgItemInt
LoadMenuIndirectA
EnableMenuItem
GetDlgItemTextW
TrackPopupMenu
wsprintfA
EnableWindow
UpdateLayeredWindow
LoadBitmapA
WinHelpA
CharPrevW
FindWindowW
PostMessageA
UnregisterClassA
EnumClipboardFormats
GetKeyState
SetCursor
wsprintfW
SetWindowTextW
PeekMessageW
CreatePopupMenu
DestroyMenu
DefWindowProcA
DefWindowProcW
RegisterClassExA
SetFocus
GetClassInfoExW
DestroyIcon
AppendMenuW
OffsetRect
CharUpperW
DialogBoxParamA
MessageBoxW
AdjustWindowRect
RegisterClassExW
InvalidateRgn
DialogBoxParamW

gdi32

CreatePatternBrush
CreateFontIndirectW
AddFontResourceA
ExtCreateRegion
CreateBrushIndirect
CreateRoundRectRgn
SetWinMetaFileBits
CreatePen
GetTextExtentPointW
CreateColorSpaceA
GetRasterizerCaps
RemoveFontResourceA
CreateScalableFontResourceW
CreateScalableFontResourceA
CreateColorSpaceW
CreateDIBSection
CreateICA
CreateRectRgn
CreateICW
CreatePalette
RemoveFontResourceExW
AddFontResourceW
CreatePolyPolygonRgn
RemoveFontResourceW
GetStockObject
CreateFontIndirectA
GetEnhMetaFileA
CreatePolygonRgn
CreateBitmap
CreateDIBPatternBrushPt
GdiGetBatchLimit
CreateCompatibleDC
CreateBitmapIndirect
UpdateICMRegKeyA
DeleteObject
GetMetaFileW
CreateFontIndirectExW
CreateSolidBrush
SetMetaFileBitsEx

advapi32

SaferiCompareTokenLevels
SystemFunction011
RegRestoreKeyW
ProcessIdleTasks

shell32

Shell_NotifyIconA
SHBrowseForFolderW

comdlg32

FindTextA
ReplaceTextA
GetOpenFileNameW
ChooseFontW
ReplaceTextW
GetFileTitleW
PageSetupDlgW
PrintDlgExW
FindTextW
PageSetupDlgA

oleaut32

VarR4FromUI4
VarTokenizeFormatString
RevokeActiveObject
VarDecInt
VarR8FromStr
VarDateFromBool
SysFreeString
VarDiv
VarCat
VarI2FromUI8

setupapi

InstallCatalog
CM_Get_Device_Interface_Alias_ExA
pSetupVerifyQueuedCatalogs
SetupDiOpenDeviceInfoW
SetupDiCreateDeviceInterfaceRegKeyW

ws2_32

inet_addr
WSADuplicateSocketW
WSAGetLastError
accept
WSAEnumProtocolsA
htonl
inet_ntoa

hid

HidD_GetFeature
HidD_Hello

inetcomm

MimeOleSMimeCapAddCert
MimeOleFileTimeToInetDate
MimeEditDocumentFromStream
MimeOleEncodeHeader
MimeOleGetCodePageInfo
EssMLHistoryDecodeEx
MimeOleSetBodyPropA
MimeOleGetExtContentType
EssSecurityLabelDecodeEx
HrSaveAttachToFile
MimeOleSMimeCapGetEncAlg
MimeEditCreateMimeDocument
MimeOleGetInternat
HrGetDisplayNameWithSizeForFile
DllGetClassObject
MimeOleGetFileInfo
MimeOleStripHeaders
MimeEditGetBackgroundImageUrl
EssMLHistoryEncodeEx

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 3KB - Virtual size: 411KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 3KB - Virtual size: 316KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 2KB - Virtual size: 326KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 2KB - Virtual size: 318KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1c582aa2062764f3c39d7e5fe7fe78cd

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

22:5c:8b:52:64:05:84:16:3e:c1:83:50:17:de:d7:81Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

comdlg32

oleaut32

setupapi

ws2_32

hid

inetcomm

Sections

.text Size: 12KB - Virtual size: 12KB

.edata Size: 108KB - Virtual size: 107KB

.edata Size: 3KB - Virtual size: 411KB

.edata Size: 3KB - Virtual size: 316KB

.rdata Size: 9KB - Virtual size: 42KB

.data Size: 14KB - Virtual size: 63KB

.edata Size: 2KB - Virtual size: 326KB

.edata Size: 110KB - Virtual size: 109KB

.edata Size: 2KB - Virtual size: 318KB

.rsrc Size: 7KB - Virtual size: 7KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

22:5c:8b:52:64:05:84:16:3e:c1:83:50:17:de:d7:81
Certificate

.text
Size: 12KB - Virtual size: 12KB

.edata
Size: 108KB - Virtual size: 107KB

.edata
Size: 3KB - Virtual size: 411KB

.edata
Size: 3KB - Virtual size: 316KB

.rdata
Size: 9KB - Virtual size: 42KB

.data
Size: 14KB - Virtual size: 63KB

.edata
Size: 2KB - Virtual size: 326KB

.edata
Size: 110KB - Virtual size: 109KB

.edata
Size: 2KB - Virtual size: 318KB

.rsrc
Size: 7KB - Virtual size: 7KB