106b14692e82bf1a6ec6aac69c544343

Sharing

Copy URL

Twitter E-mail

General

Target

106b14692e82bf1a6ec6aac69c544343
Size

194KB
MD5

106b14692e82bf1a6ec6aac69c544343
SHA1

d1560582a209e06d845c05f60e5c0a03291121fb
SHA256

30c0d18b80178c2a0e2dbcb833795755d9c4655240b8469bdc34b4b12f4b3e9c
SHA512

4433a7bc3b528ce6be6a14a893c4f79307217eb352d80df9243da0bc6364d542d1e6b8049f16a666a99839e0211706a0862fb10e966f48aa55e84916dd55c9d4
SSDEEP

6144:3ON/XQvYFE9SM1yiLVRMmhZ8q3G6reQFMq:CWYFjiLVqUZrG4e+h

Score

1^/10

Malware Config

Signatures

Files

106b14692e82bf1a6ec6aac69c544343
.exe windows:0 windows x86 arch:x86

eff7d22528a8aa7ef5ba0fcd2aec0f62

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4f:53:8f:24:25:65:7e:95:05:19:3a:68:06:5f:ed:f6
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

21-09-2006 00:00

Not After

18-12-2009 23:59

Subject

CN=Agnitum Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Agnitum Ltd.,L=Nicosia,ST=Nicosia,C=CY

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1c:a0:c4:c1:9f:e8:94:73:f4:12:3e:00:07:ca:06:5d:03:11:5e:b1
Signer

Actual PE Digest

1c:a0:c4:c1:9f:e8:94:73:f4:12:3e:00:07:ca:06:5d:03:11:5e:b1

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

wcscmp
_wunlink
_unlink
_wrename
rename
fseek
toupper
wcsrchr
strrchr
wcscpy
_wmktemp
_mktemp
sprintf
_open
time
_read
_close
wcslen
wcscat
_wfopen
strcat
memmove
printf
free
_initterm
__dllonexit
fopen
fread
fclose
fwrite
strncpy
strcpy
strcmp
strlen
_onexit
_strnicmp
_stricmp
_strupr
_filelength
_wcsicmp
__CxxFrameHandler
_CxxThrowException
strstr
atoi
_purecall
isdigit
strncmp
_memccpy
sscanf
?terminate@@YAXXZ
malloc
memcmp
memcpy
memset
_ultoa

kernel32

GetTickCount
lstrlenW
GetSystemTime
DeviceIoControl
GetVersion
HeapFree
GetProcessHeap
GetModuleHandleA
FlushFileBuffers
lstrcpynA
ReadFile
WriteFile
SetFilePointer
HeapAlloc
VirtualFree
VirtualAlloc
GetModuleFileNameA
DuplicateHandle
GetCurrentThread
CreateEventA
ExitThread
OutputDebugStringA
FlushInstructionCache
VirtualProtect
DeleteCriticalSection
InitializeCriticalSection
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
GetProcessAffinityMask
CreateThread
SetThreadAffinityMask
SetThreadPriority
ResumeThread
SetEvent
GetSystemInfo
GetCurrentThreadId
LocalFree
LocalAlloc
EnterCriticalSection
LeaveCriticalSection
ReleaseMutex
WaitForSingleObject
GetLocalTime
GetSystemDirectoryW
SetFileAttributesW
GetSystemDirectoryA
lstrcmpA
RemoveDirectoryW
GetWindowsDirectoryW
CreateDirectoryW
LoadLibraryExA
SetFileAttributesA
GetFileAttributesW
GetWindowsDirectoryA
CreateDirectoryA
MultiByteToWideChar
WideCharToMultiByte
GetCurrentDirectoryW
SetCurrentDirectoryW
GetCurrentDirectoryA
SetCurrentDirectoryA
LoadLibraryA
GetProcAddress
FreeLibrary
GetVersionExA
CreateMutexA
OpenMutexA
GetLogicalDriveStringsA
GetFileAttributesA
CreateFileW
CreateFileA
GetFileSize
CloseHandle
FindFirstFileW
FindNextFileW
FindFirstFileA
FindNextFileA
FindClose
lstrcatA
DeleteFileW
DeleteFileA
MoveFileW
GetLastError
MoveFileA
CopyFileW
CopyFileA
lstrcpyA
GetDriveTypeA
SetErrorMode
CompareStringA
GetModuleHandleW
lstrcpynW
GetVolumeInformationA
IsBadWritePtr
lstrlenA
GetVersionExW
GetDiskFreeSpaceA
CompareStringW
QueryDosDeviceA
InterlockedExchange
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GlobalMemoryStatus
Sleep
WaitNamedPipeW
ResetEvent

user32

LoadIconA
LoadImageA
RegisterWindowMessageA
CharUpperA
CharLowerA
SendMessageA
wsprintfW
CharNextW
CharNextA
wsprintfA
CreateAcceleratorTableW
DestroyAcceleratorTable
ActivateKeyboardLayout
GetMenuItemCount
LoadIconW
FindWindowW
ScrollDC
IsWindow
DdeQueryConvInfo
ResolveDesktopForWOW
IsCharAlphaNumericW
SetShellWindowEx
GetSubMenu
EnterReaderModeHelper
IsCharUpperW
LookupIconIdFromDirectoryEx
CreateDialogParamA
TileChildWindows
DdeNameService
GetGuiResources
OemToCharBuffA
GetWindowTextLengthA
IsCharLowerW
DisableProcessWindowsGhosting
SetPropW
BroadcastSystemMessageA
TranslateMessage
GetClassInfoExA
CharToOemW
LoadCursorW
RecordShutdownReason
ToAsciiEx
LoadAcceleratorsW
ReasonCodeNeedsBugID
ChangeDisplaySettingsExW
GetActiveWindow
AppendMenuA
ChangeMenuW
SetParent
MonitorFromPoint
SetClassLongW
CalcMenuBar
MonitorFromWindow
MoveWindow
MenuItemFromPoint
IsDlgButtonChecked
SetWindowsHookExW
DrawCaptionTempA
SetKeyboardState
DlgDirSelectExW
CreateIconIndirect
CheckRadioButton
SetMessageQueue
SendMessageW
RegisterWindowMessageW
LoadMenuW
WaitForInputIdle
EnumWindowStationsA
GetListBoxInfo
LoadLocalFonts
EnumDesktopWindows
DragObject
DdeCreateStringHandleA
RemovePropW
CharLowerW
DefDlgProcA
GetWindowThreadProcessId
InSendMessageEx
DdeInitializeW
GetClassInfoExW
EnumDisplaySettingsW
ValidateRgn
CharToOemBuffW
DrawTextExW
SetWindowWord
IsCharUpperA
InSendMessage
GetWindowRect
GetScrollInfo
WindowFromDC
SetRect
PrintWindow
SetDlgItemTextW
GetPropW
CallNextHookEx
ClientThreadSetup
SetMessageExtraInfo
CreateIconFromResourceEx
SetMenuItemBitmaps
GetClipboardSequenceNumber
EnumWindows
DialogBoxIndirectParamAorW
RegisterClassW
CopyIcon
DdeGetLastError
CsrBroadcastSystemMessageExW
RegisterHotKey
CharToOemA
OpenDesktopW
RegisterSystemThread
OemToCharBuffW
LoadAcceleratorsA
ExcludeUpdateRgn
PrivateExtractIconsA
SetCursorContents

advapi32

RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegQueryInfoKeyW
RegQueryInfoKeyA
RegOpenKeyExW
RegOpenKeyA
RegEnumKeyA
RegQueryValueExW
RegCreateKeyExA
RegEnumKeyExA
CloseServiceHandle
OpenSCManagerA
ControlService
StartServiceA
QueryServiceStatus
OpenServiceA
SetNamedSecurityInfoW
GetSecurityDescriptorDacl
RegSetKeySecurity
RegDeleteValueA
RegOpenKeyW
RegSetValueExW
RegCloseKey

ole32

CLSIDFromString
StringFromCLSID
CoTaskMemAlloc
CoCreateGuid
CoTaskMemFree

winmm

auxGetNumDevs
waveOutGetErrorTextA
PlaySoundA
waveOutGetDevCapsW
PlaySoundW
mciGetDriverData
WOW32ResolveMultiMediaHandle
waveOutGetDevCapsA
waveInStop
mixerGetDevCapsA
waveOutGetID
CloseDriver
midiInGetErrorTextA
waveOutWrite
timeGetSystemTime
midiStreamPosition
mci32Message

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 151KB - Virtual size: 449KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eff7d22528a8aa7ef5ba0fcd2aec0f62

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

4f:53:8f:24:25:65:7e:95:05:19:3a:68:06:5f:ed:f6Certificate

Extended Key Usages

Key Usages

1c:a0:c4:c1:9f:e8:94:73:f4:12:3e:00:07:ca:06:5d:03:11:5e:b1Signer

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

advapi32

ole32

winmm

Sections

.text Size: 19KB - Virtual size: 19KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 151KB - Virtual size: 449KB

.reloc Size: 3KB - Virtual size: 68KB

.rsrc Size: 1024B - Virtual size: 760B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

4f:53:8f:24:25:65:7e:95:05:19:3a:68:06:5f:ed:f6
Certificate

1c:a0:c4:c1:9f:e8:94:73:f4:12:3e:00:07:ca:06:5d:03:11:5e:b1
Signer

.text
Size: 19KB - Virtual size: 19KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 151KB - Virtual size: 449KB

.reloc
Size: 3KB - Virtual size: 68KB

.rsrc
Size: 1024B - Virtual size: 760B