39e8703fff9a0fac71605561b3a4687e

Sharing

Copy URL Twitter E-mail

General

Target

39e8703fff9a0fac71605561b3a4687e
Size

228KB
MD5

39e8703fff9a0fac71605561b3a4687e
SHA1

7bf1b7f5bb20baa95c0d382319b8ffe9816dc134
SHA256

3d72f9823a8ba44c41ced5d76e09a6a9ddf18c7ed799390abf2811e170962bb1
SHA512

76a47fa54e7ddae3a3096556d09c4361321419f31ab3e015bdfbe0fcddd4278c0fd8523f2a4ce402df850155e078cbf47332183568a0a397876051844d9dcde8
SSDEEP

6144:3Lc+jTfw2g7/0YuD+8h2KHPtPnnzfq80jFih2iA28PV7d:3Lc+I2g8+O2KpnzCNAh4Fd

Score

1^/10

Malware Config

Signatures

Files

39e8703fff9a0fac71605561b3a4687e
.exe windows:4 windows x86 arch:x86

cccbb1f84c576246754f793988b41313

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5c:b2:d3:c2:21:07:bc:a3:05:4c:66:a7:95:9f:1b:5f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

02/09/2009, 00:00

Not After

25/10/2012, 23:59

Subject

CN=Norman ASA,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Headquarter,O=Norman ASA,L=Lysaker,ST=Oslo,C=NO

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

39:6b:8e:04:5e:e0:59:93:ff:70:45:df:36:fd:68:9a:22:a2:25:be
Signer

Actual PE Digest

39:6b:8e:04:5e:e0:59:93:ff:70:45:df:36:fd:68:9a:22:a2:25:be

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SystemTimeToFileTime
CreateNamedPipeW
GetCurrentThread
CreateDirectoryA
IsValidCodePage
GetProcessHeaps
DeleteAtom
GetProcAddress
DosDateTimeToFileTime
SearchPathW
GetLogicalDriveStringsA
GetModuleHandleW
OpenEventA
GetDiskFreeSpaceW
ExpandEnvironmentStringsW
GetExitCodeProcess
EnumTimeFormatsA
GetMailslotInfo
GetComputerNameA
IsBadStringPtrA
GetVersionExA
AddAtomW
GetTimeFormatW
SetCurrentDirectoryA
GetSystemDirectoryA
SetComputerNameA
lstrcmp
SetCalendarInfoA
MoveFileW
lstrcmpA
GetEnvironmentStringsW
GetStartupInfoA
GetExpandedNameW
LoadLibraryExA
GetSystemTime
GetWindowsDirectoryW
FindAtomA

user32

GetMenuStringA
EnumClipboardFormats
SetActiveWindow
LoadMenuA
RegisterWindowMessageA
GetMenuItemID
GetKeyboardLayout
SetWindowLongW
GetSysColorBrush
GetCapture
SetParent
GetFocus
UpdateLayeredWindow
DefWindowProcW
GetIconInfo
TrackPopupMenu
PostQuitMessage
GetMenuItemRect
CharLowerA
IsIconic
MonitorFromWindow
GetScrollPos
SetWindowTextA
OpenClipboard
DialogBoxParamA
UnregisterClassW
AppendMenuW
wvsprintfA
DialogBoxParamW
WaitMessage
GetMessageW
GetCaretPos
CreateAcceleratorTableW
GetMenuInfo
AdjustWindowRect
EnumWindows
DialogBoxIndirectParamW
LoadIconA
CreateMenu
wvsprintfW
PostMessageA

shell32

ShellExecuteEx
StrStrIW
SHGetDesktopFolder
StrRStrIW
SHBrowseForFolderA
StrRStrW
StrRChrA
SHGetDiskFreeSpaceA

comdlg32

PageSetupDlgA
GetFileTitleW
PageSetupDlgW
PrintDlgExA

ole32

CoGetInstanceFromFile
CoInitialize
CLSIDFromProgID
CoGetInstanceFromIStorage
CoFileTimeNow

version

VerLanguageNameA
VerFindFileA
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
VerLanguageNameW
GetFileVersionInfoA
VerFindFileW

imm32

ImmReleaseContext
ImmRegisterWordA

oledlg

OleUICanConvertOrActivateAs
OleUIConvertW
OleUIChangeIconW
OleUIPasteSpecialA
OleUIEditLinksA
OleUIBusyW
OleUIChangeSourceW
OleUIPromptUserW

sqlunirl

_ObjectDeleteAuditAlarm_@12
_WaitNamedPipe_@8
_GetClassName_@12
_UpdateResource_@24
_CopyMetaFile_@8
__lopen_@8
_FindWindowEx_@16
_BeginUpdateResource_@8
_GetServiceDisplayName_@16

Sections

.rvJH
Size: 1024B - Virtual size: 635B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.I
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.NTHo
Size: 3KB - Virtual size: 478KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qYC
Size: 1KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.CZ
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.mwmI
Size: 4KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.trEUrt
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.YmaCRC
Size: 12KB - Virtual size: 360KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rMmJC
Size: 5KB - Virtual size: 347KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cccbb1f84c576246754f793988b41313

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

5c:b2:d3:c2:21:07:bc:a3:05:4c:66:a7:95:9f:1b:5fCertificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

39:6b:8e:04:5e:e0:59:93:ff:70:45:df:36:fd:68:9a:22:a2:25:beSigner

Headers

File Characteristics

Imports

kernel32

user32

shell32

comdlg32

ole32

version

imm32

oledlg

sqlunirl

Sections

.rvJH Size: 1024B - Virtual size: 635B

.I Size: 88KB - Virtual size: 88KB

.NTHo Size: 3KB - Virtual size: 478KB

.qYC Size: 1KB - Virtual size: 182KB

.CZ Size: 11KB - Virtual size: 11KB

.mwmI Size: 4KB - Virtual size: 52KB

.trEUrt Size: 88KB - Virtual size: 88KB

.YmaCRC Size: 12KB - Virtual size: 360KB

.rMmJC Size: 5KB - Virtual size: 347KB

.rsrc Size: 6KB - Virtual size: 5KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

5c:b2:d3:c2:21:07:bc:a3:05:4c:66:a7:95:9f:1b:5f
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

39:6b:8e:04:5e:e0:59:93:ff:70:45:df:36:fd:68:9a:22:a2:25:be
Signer

.rvJH
Size: 1024B - Virtual size: 635B

.I
Size: 88KB - Virtual size: 88KB

.NTHo
Size: 3KB - Virtual size: 478KB

.qYC
Size: 1KB - Virtual size: 182KB

.CZ
Size: 11KB - Virtual size: 11KB

.mwmI
Size: 4KB - Virtual size: 52KB

.trEUrt
Size: 88KB - Virtual size: 88KB

.YmaCRC
Size: 12KB - Virtual size: 360KB

.rMmJC
Size: 5KB - Virtual size: 347KB

.rsrc
Size: 6KB - Virtual size: 5KB