222c30e516c4ec626da5cc270e784be3

Sharing

Copy URL

Twitter E-mail

General

Target

222c30e516c4ec626da5cc270e784be3
Size

462KB
MD5

222c30e516c4ec626da5cc270e784be3
SHA1

f5274d15cdb9e4121aea623eeb256fd0f7626ab5
SHA256

9fe732aae839af5cd47d57a2b33f69dea2a5b1b8ec9ece543d784f0ad5eda1be
SHA512

f3743f76ee74fb5db1ded1fb70242adb45295d6aec5f4d2e9de053e9d9c31aec06549391bdbf3d6baa45b7e9eeab28f20b15c656c98ea2b544bbcd516928d24a
SSDEEP

6144:Iv49pz9cdrd77QUf9d9pTUEe3otMh4zzkY2h+lJmk3GbM98OtwEmEGInRXNl/OYR:GM6Jn1d9NQ3064PlTJ7L9QUn/luak8

Score

1^/10

Malware Config

Signatures

Files

222c30e516c4ec626da5cc270e784be3
.exe windows:5 windows x86 arch:x86

50c0a4699493584e6fd1c146c36e6686

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4f:ea:b5:57:30:a7:55:a4:56:fe:6c:18:a4:79:1c:1a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

19-05-2009 00:00

Not After

19-05-2011 23:59

Subject

CN=Pinball Corporation.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Pinball Corporation.,L=Bellevue,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

43:4b:29:0c:49:f9:2f:f4:0e:fe:e8:4b:16:b4:cb:c2:c7:c3:8d:c5
Signer

Actual PE Digest

43:4b:29:0c:49:f9:2f:f4:0e:fe:e8:4b:16:b4:cb:c2:c7:c3:8d:c5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessHeap
HeapFree
ReadProcessMemory
SetFilePointer
GetModuleFileNameA
VirtualProtect
VirtualQuery
VirtualFree
VirtualAlloc
GetCurrentProcess
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
MulDiv
lstrcpyA
CreateEventA
CreateThread
CloseHandle
GetModuleHandleA
SetEvent
GetTickCount
WaitForSingleObject
WideCharToMultiByte
Sleep
FindResourceExA
FindResourceA
HeapAlloc
TerminateThread
ReadFile
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
SetStdHandle
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
InitializeCriticalSectionAndSpinCount
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
CreateFileA
DeleteFileA
GetCurrentProcessId
OpenMutexA
CreateMutexA
GetLastError
GetCommandLineA
GetModuleFileNameW
InterlockedDecrement
InterlockedIncrement
GetCurrentThreadId
MultiByteToWideChar
LoadResource
LockResource
SizeofResource
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapCreate
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemInfo
GetStartupInfoA
ExitProcess
GetModuleHandleW
RtlUnwind
IsProcessorFeaturePresent
InterlockedCompareExchange
HeapSize
HeapDestroy
LocalAlloc
SetErrorMode
GetDriveTypeA
GetComputerNameA
GetProcessTimes
DosDateTimeToFileTime
TerminateProcess
MoveFileExA
GetTempFileNameA
CreateProcessA
GetExitCodeProcess
CreateToolhelp32Snapshot
Module32First
GetVolumeInformationA
GetLocaleInfoA
GetComputerNameExA
CreateDirectoryA
OpenProcess
GetStdHandle
FreeConsole
AttachConsole
WriteConsoleA
Process32First
Process32Next
GetSystemDirectoryA
GetWindowsDirectoryA
GetTempPathA
GetVersionExA
GetShortPathNameA
FormatMessageA
EnterCriticalSection
LeaveCriticalSection
lstrlenA
lstrlenW
FlushInstructionCache
lstrcmpA
SetLastError
GetSystemTimeAsFileTime
SystemTimeToFileTime
GetLocalTime
GetSystemTime
HeapReAlloc
WaitForMultipleObjectsEx
ResumeThread
ReleaseMutex
WriteFile
FileTimeToSystemTime
GetVersion
GetFileSize
GetCurrentDirectoryA
OutputDebugStringA
GetExitCodeThread
FreeLibrary
GetProcAddress
LoadLibraryA
DeviceIoControl
LocalFree

user32

GetWindowLongA
ReleaseDC
SetRect
GetDC
SystemParametersInfoA
GetWindowRect
DefWindowProcA
SetWindowLongA
FindWindowExA
SendMessageA
PostMessageA
RedrawWindow
ReleaseCapture
SetWindowPos
GetCursorPos
SetCursor
PtInRect
ScreenToClient
GetFocus
GetParent
EnumWindows
GetWindowThreadProcessId
GetClassNameA
GetClientRect
GetWindowTextA
CreateDialogParamA
GetDesktopWindow
SetDlgItemTextA
UnregisterClassA
PostThreadMessageA
IsWindow
GetClassInfoExA
RegisterClassExA
BeginPaint
FillRect
DrawTextA
EndPaint
SetCapture
MessageBoxA
GetMessageA
TranslateMessage
DispatchMessageA
DestroyWindow
LoadCursorA
RegisterClassA
CreateWindowExA
ShowWindow
UpdateWindow
GetSystemMenu
EnableMenuItem
GetSysColorBrush
FrameRect
MoveWindow
GetSysColor
LoadImageA
GetSystemMetrics
CharNextA
ClientToScreen
InvalidateRect
InvalidateRgn
IsChild
GetDlgItem
CallWindowProcA
DestroyAcceleratorTable
SetFocus
GetWindow
CreateAcceleratorTableA
SetWindowTextA
GetWindowTextLengthA
RegisterWindowMessageA
AttachThreadInput
GetForegroundWindow
FindWindowA
InflateRect
SetTimer
KillTimer
BringWindowToTop
SetForegroundWindow

gdi32

CreateSolidBrush
GetDeviceCaps
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
CreateFontIndirectA
SetBkMode
SetTextColor
PatBlt
BitBlt
DeleteObject
DeleteDC
GetObjectA
GetStockObject

advapi32

RegQueryValueExA
CryptDestroyKey
CryptDestroyHash
CryptReleaseContext
CryptAcquireContextA
CryptHashData
CryptVerifySignatureA
CryptImportKey
CryptCreateHash
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegEnumKeyExA
RegSetValueExA
OpenProcessToken
DuplicateTokenEx
ConvertSidToStringSidA
LookupAccountNameA

ole32

CLSIDFromString
CoCreateGuid
CoSetProxyBlanket
CoInitializeSecurity
CoInitialize
CLSIDFromProgID
CoGetClassObject
CoTaskMemAlloc
StringFromGUID2
OleInitialize
OleUninitialize
CoUninitialize
CoInitializeEx
CreateStreamOnHGlobal
OleLockRunning
CoCreateInstance

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
VariantChangeType
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
SysStringByteLen
SysAllocStringByteLen
SysAllocString
VariantClear
VariantInit
SysStringLen
OleLoadPicture
SysAllocStringLen
SysFreeString

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

shlwapi

PathRemoveArgsA
UrlEscapeA
PathAddExtensionA
PathAppendA
PathQuoteSpacesA
PathFileExistsA
PathCombineA
PathStripPathA
PathRemoveExtensionA
PathFindExtensionA
PathUnquoteSpacesA
PathStripToRootA

ws2_32

WSACreateEvent
WSARecv
closesocket
WSASocketA
WSAEventSelect
WSASetEvent
WSACleanup
freeaddrinfo
getaddrinfo
WSASetLastError
WSACloseEvent
WSAEnumNetworkEvents
WSAGetLastError
WSAResetEvent
WSAStartup
WSASend
WSAGetOverlappedResult
WSAConnect

Sections

.text
Size: 289KB - Virtual size: 289KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.crepe
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

50c0a4699493584e6fd1c146c36e6686

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

4f:ea:b5:57:30:a7:55:a4:56:fe:6c:18:a4:79:1c:1aCertificate

Extended Key Usages

Key Usages

43:4b:29:0c:49:f9:2f:f4:0e:fe:e8:4b:16:b4:cb:c2:c7:c3:8d:c5Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

version

shlwapi

ws2_32

Sections

.text Size: 289KB - Virtual size: 289KB

.crepe Size: 5KB - Virtual size: 5KB

.rdata Size: 68KB - Virtual size: 68KB

.data Size: 26KB - Virtual size: 36KB

.rsrc Size: 66KB - Virtual size: 66KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

4f:ea:b5:57:30:a7:55:a4:56:fe:6c:18:a4:79:1c:1a
Certificate

43:4b:29:0c:49:f9:2f:f4:0e:fe:e8:4b:16:b4:cb:c2:c7:c3:8d:c5
Signer

.text
Size: 289KB - Virtual size: 289KB

.crepe
Size: 5KB - Virtual size: 5KB

.rdata
Size: 68KB - Virtual size: 68KB

.data
Size: 26KB - Virtual size: 36KB

.rsrc
Size: 66KB - Virtual size: 66KB