2a0a9efd38db40117bfd10185c5b11a0

Sharing

Copy URL Twitter E-mail

General

Target

2a0a9efd38db40117bfd10185c5b11a0
Size

345KB
MD5

2a0a9efd38db40117bfd10185c5b11a0
SHA1

97aece8ada0d8c1afeeb1e59f4cceba4e744fa17
SHA256

db994acc4d4c49c01c1c5d4975c51f7b599950bbb018b1a33b93141290a49ce2
SHA512

b5ab5c9c22b9e263b4a0f9a2d776f3c5dcee2505f4a0f4fee518f48bb035490f055a005484d2b6f32dea298f951a0d4d48ba99bbe8d752f1df097d3991aeeee6
SSDEEP

6144:Yvaex3AzCkUSjIN0uI9xYjvZflwtlM8Yxt8zuXAXh2ijG7z6+lSGphuaDLPPLqgl:YiSjN+LkfWtlM8+81R2iK/fIGphuALXx

Score

1^/10

Malware Config

Signatures

Files

2a0a9efd38db40117bfd10185c5b11a0
.exe windows:4 windows x86 arch:x86

e92a52f1614a26581659c26e6dbb6abf

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

09:90:55:06:a9:56:6d:cc:27:d8:81:b7:01:38:15:5b
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

26/11/2009, 00:00

Not After

23/11/2010, 23:59

Subject

CN=pon software,OU=pon software development.,O=pon software,L=Miyazaki,ST=Miyazaki,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

fa:51:5b:f8:1c:f4:37:93:79:02:4a:bf:84:d1:53:b4:24:1b:27:2a
Signer

Actual PE Digest

fa:51:5b:f8:1c:f4:37:93:79:02:4a:bf:84:d1:53:b4:24:1b:27:2a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

crtdll

strrchr
_close
free
_read
_lseek
malloc
_filelength
_open
memcpy
memset
wcsrchr
strstr
_write
_tell
strtok
strchr
wcscpy
wcscat
wcschr
atoi
strncpy
wcsstr
wcscspn
wcslen
??2@YAPAXI@Z
_strnicmp
??3@YAXPAX@Z

kernel32

RemoveDirectoryA
DeleteFileA
SetFileAttributesA
lstrcmpiA
CloseHandle
WaitForSingleObject
CreateThread
GetFileAttributesA
lstrcatA
lstrlenA
GetModuleFileNameA
lstrcpyA
GlobalLock
GlobalReAlloc
GlobalAlloc
GetCurrentProcess
GetProcAddress
GetExitCodeProcess
Sleep
CreateProcessA
GetShortPathNameA
SearchPathA
GetWindowsDirectoryA
FileTimeToDosDateTime
FileTimeToLocalFileTime
GetFileSize
GetFileTime
GlobalHandle
IsDBCSLeadByte
FreeLibrary
LoadLibraryA
MultiByteToWideChar
WideCharToMultiByte
CreateDirectoryA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetSystemDirectoryA
GetTempPathA
lstrcmpA
FindClose
FindNextFileA
FindFirstFileA
CreateFileA
ExitProcess
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GlobalFree

user32

EndDialog
IsDlgButtonChecked
GetDlgItemTextA
DestroyIcon
GetDlgItem
UpdateWindow
DialogBoxParamA
CreateDialogParamA
PostQuitMessage
SetWindowPos
CreateWindowExA
DestroyWindow
PeekMessageA
SetDlgItemTextA
SendMessageA
WaitForInputIdle
IsWindow
FindWindowA
LoadStringA
ShowWindow
MessageBoxA
wsprintfA
GetMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
MessageBeep

shell32

SHGetMalloc
SHGetFileInfoA
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteExA
ShellExecuteA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

ole32

CoTaskMemFree

comctl32

ord17

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e92a52f1614a26581659c26e6dbb6abf

Code Sign

01Certificate

09:90:55:06:a9:56:6d:cc:27:d8:81:b7:01:38:15:5bCertificate

Extended Key Usages

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

fa:51:5b:f8:1c:f4:37:93:79:02:4a:bf:84:d1:53:b4:24:1b:27:2aSigner

Headers

File Characteristics

Imports

crtdll

kernel32

user32

shell32

advapi32

ole32

comctl32

Sections

.text Size: 39KB - Virtual size: 39KB

.data Size: 1KB - Virtual size: 14KB

.rsrc Size: 11KB - Virtual size: 10KB

01
Certificate

09:90:55:06:a9:56:6d:cc:27:d8:81:b7:01:38:15:5b
Certificate

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

fa:51:5b:f8:1c:f4:37:93:79:02:4a:bf:84:d1:53:b4:24:1b:27:2a
Signer

.text
Size: 39KB - Virtual size: 39KB

.data
Size: 1KB - Virtual size: 14KB

.rsrc
Size: 11KB - Virtual size: 10KB