0fb04314ce56ceb73ab861edec2aa578

Sharing

Copy URL Twitter E-mail

General

Target

0fb04314ce56ceb73ab861edec2aa578
Size

1.3MB
MD5

0fb04314ce56ceb73ab861edec2aa578
SHA1

6bb4cd3c12e94bb299c239a529b07d18ad43f8db
SHA256

7e6c1feb601393a9bbc6c18d4a316de4c008105f859882bfbad61fc9cd863231
SHA512

becfc967fe0fe16a254f87f04227b699c77179445764c01e3229a817835223b08e52122468c49ad2beed3c4b4408c0827b612b3eb86565b4c519a28cfb4f6dab
SSDEEP

24576:OY9UvK5ksJaVMT0YtXsr+JLJC9I1aLeRdBzdQa1hweMWymmSqvh1Tw:bUiJLJCli/91hhepJhO

Score

1^/10

Malware Config

Signatures

Files

0fb04314ce56ceb73ab861edec2aa578
.exe windows:4 windows x86 arch:x86

3cc8ef255d5459aeef1a6b73ca727268

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

18:f4:ae:46:f2:76:ce:96:cc:56:ad:23:77:a7:63:44
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

03/05/2011, 00:00

Not After

02/05/2014, 23:59

Subject

CN=EA Digital Illusions CE AB,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=EA Digital Illusions CE AB,L=Stockholm,ST=Stockholms Lan,C=SE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

99:61:01:73:a8:df:0c:41:68:87:a9:71:02:80:60:85:ff:6e:92:b4
Signer

Actual PE Digest

99:61:01:73:a8:df:0c:41:68:87:a9:71:02:80:60:85:ff:6e:92:b4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetOpenA
InternetCrackUrlA
InternetSetCookieA
InternetOpenUrlA
HttpQueryInfoA
InternetReadFile
InternetCloseHandle
HttpAddRequestHeadersA
InternetSetOptionA
HttpSendRequestA
InternetConnectA
HttpOpenRequestA

gdiplus

GdipDeleteBrush
GdipGetFontCollectionFamilyList
GdipCloneFontFamily
GdipDeleteFontFamily
GdipGetImageHeight
GdipGetFontCollectionFamilyCount
GdipGetImageWidth
GdipPrivateAddMemoryFont
GdipDrawString
GdipCreateSolidFill
GdipSetTextRenderingHint
GdipCreateFont
GdipDisposeImage
GdipSetInterpolationMode
GdipDrawImageRectI
GdipCreateBitmapFromStream
GdipDeleteGraphics
GdipDeletePrivateFontCollection
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipFree
GdipAlloc
GdiplusStartup
GdipDeleteFont
GdipCloneBrush
GdipCreateFromHDC
GdipNewPrivateFontCollection
GdipCloneImage

kernel32

HeapCreate
HeapDestroy
SetLastError
ExitProcess
GetStringTypeW
GetStringTypeA
GetCPInfo
LCMapStringW
LCMapStringA
CreateMutexA
WaitForSingleObject
ReleaseMutex
CloseHandle
WideCharToMultiByte
lstrlenW
InterlockedExchange
lstrlenA
GetLastError
MultiByteToWideChar
FindResourceA
SizeofResource
LockResource
LoadResource
CreateFileA
SetFilePointerEx
GetFileSizeEx
ReadFile
WriteFile
GetModuleFileNameA
GetTickCount
CopyFileExA
CreateEventA
CreateThread
SetEvent
WaitForMultipleObjects
DeleteFileA
GetLocalTime
GetTempPathA
SetFilePointer
TerminateThread
CreateWaitableTimerA
SetWaitableTimer
RemoveDirectoryA
VirtualFree
FindClose
FindNextFileA
FindFirstFileA
MoveFileA
GetCurrentProcess
GetVersionExA
GetModuleHandleA
CreateProcessA
GetTempFileNameA
GetCommandLineA
Sleep
TerminateProcess
GetExitCodeProcess
LocalAlloc
LocalFree
GetDiskFreeSpaceExA
GlobalFree
GlobalAlloc
InterlockedIncrement
InterlockedDecrement
ResetEvent
GetCurrentThreadId
GlobalLock
GlobalUnlock
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
HeapReAlloc
HeapFree
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
HeapAlloc
InitializeCriticalSection
InterlockedCompareExchange
GetThreadLocale
GetLocaleInfoA
GetACP
VirtualAlloc
GetProcAddress
GetSystemTimeAsFileTime
GetProcessHeap
GetStartupInfoA
RtlUnwind
RaiseException
HeapSize
GetStdHandle
SetHandleCount
GetFileType
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
FlushFileBuffers
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
LoadLibraryA
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileW
SetEndOfFile
MoveFileExA

user32

ReleaseCapture
InvalidateRect
SetCapture
DispatchMessageA
PostQuitMessage
SetWindowPos
GetSystemMetrics
GetMessageA
PostThreadMessageA
EndDialog
EndPaint
DrawEdge
PtInRect
SetWindowTextA
GetDlgItem
SetWindowTextW
SetCursor
GetWindowRect
CreateIconFromResource
LoadIconA
RegisterClassExW
CreateWindowExW
SetLayeredWindowAttributes
SetWindowRgn
DefWindowProcW
DialogBoxParamW
GetWindowLongA
SetWindowLongA
DefWindowProcA
ShowWindow
GetClientRect
CreateWindowExA
RegisterClassExA
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
GetClassNameA
EnumChildWindows
GetDlgCtrlID
BeginPaint
LoadCursorA
UnregisterClassA
DestroyWindow
UpdateWindow
MoveWindow
ReleaseDC
GetDC
GetTopWindow
SendMessageA
MessageBoxW
MessageBoxA
GetWindow

gdi32

CreateRectRgn
CreateRoundRectRgn
SelectClipRgn
CreateDCA
GetTextFaceA
SelectObject
DeleteDC
CreateFontIndirectA
EnumFontFamiliesExA
DeleteObject
GetObjectA

advapi32

RegOpenKeyExA
GetSidSubAuthority
SetNamedSecurityInfoA
SetEntriesInAclA
CreateWellKnownSid
BuildExplicitAccessWithNameA
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetUserNameA
RegDeleteKeyA
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegQueryValueExA
RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA

shell32

ShellExecuteExA
SHGetFolderPathA
SHFileOperationA
ShellExecuteA
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFolderLocation
SHParseDisplayName
SHCreateDirectoryExA

ole32

CoCreateInstance
OleInitialize
CreateStreamOnHGlobal
OleCreate
OleSetContainedObject
CoTaskMemFree
OleUninitialize

oleaut32

SysAllocString
VariantClear

shlwapi

SHGetValueA
PathFileExistsA
PathIsRelativeA

Sections

.text
Size: 448KB - Virtual size: 447KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 776KB - Virtual size: 775KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3cc8ef255d5459aeef1a6b73ca727268

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

18:f4:ae:46:f2:76:ce:96:cc:56:ad:23:77:a7:63:44Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

99:61:01:73:a8:df:0c:41:68:87:a9:71:02:80:60:85:ff:6e:92:b4Signer

Headers

File Characteristics

Imports

wininet

gdiplus

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

Sections

.text Size: 448KB - Virtual size: 447KB

.rdata Size: 84KB - Virtual size: 83KB

.data Size: 12KB - Virtual size: 26KB

.rsrc Size: 776KB - Virtual size: 775KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

18:f4:ae:46:f2:76:ce:96:cc:56:ad:23:77:a7:63:44
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

99:61:01:73:a8:df:0c:41:68:87:a9:71:02:80:60:85:ff:6e:92:b4
Signer

.text
Size: 448KB - Virtual size: 447KB

.rdata
Size: 84KB - Virtual size: 83KB

.data
Size: 12KB - Virtual size: 26KB

.rsrc
Size: 776KB - Virtual size: 775KB