General

Malware Config

Signatures

Files

• 3f8b72d6e462b8684715712e958a42b4

  .exe windows:4 windows x86 arch:x86

  fd8be1baac142b32f659f1cd0e14e164

  
  

  Code Sign

  23:a8:b9:24:2b:0e:a9:60:bd:1e:a0:83:b3:3e:f0:db

  Certificate

  Issuer

  CN=Root Agency

  Not Before

  04-01-2012 19:52

  Not After

  31-12-2039 23:59

  Subject

  CN=samsung.com

  38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5

  Certificate

  Issuer

  CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

  Not Before

  15-06-2007 00:00

  Not After

  14-06-2012 23:59

  Subject

  CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4

  Certificate

  Issuer

  CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

  Not Before

  04-12-2003 00:00

  Not After

  03-12-2013 23:59

  Subject

  CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  8d:1f:d0:fc:7c:01:f0:90:8e:3d:9c:74:cd:a0:e4:17:08:19:8c:c7

  Signer

  Actual PE Digest

  8d:1f:d0:fc:7c:01:f0:90:8e:3d:9c:74:cd:a0:e4:17:08:19:8c:c7

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Headers

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  GetProcAddress

  WaitForSingleObject

  LoadLibraryA

  GetSystemDirectoryA

  VirtualProtect

  GetCurrentThread

  ResetEvent

  CloseHandle

  LockResource

  LoadResource

  FindResourceA

  HeapFree

  GetProcessHeap

  CreateEventA

  GetVersionExA

  VirtualProtectEx

  VirtualAllocEx

  GetCurrentProcess

  ExitProcess

  LocalFree

  LocalAlloc

  CreateFileA

  WriteFile

  GetModuleHandleA

  DeleteFileA

  GetStdHandle

  HeapAlloc

  GetComputerNameA

  ResumeThread

  InterlockedExchange

  RtlUnwind

  VirtualQuery

  advapi32

  GetUserNameA

  user32

  wsprintfA

  PostMessageA

  DefWindowProcA

  PostQuitMessage

  GetActiveWindow

  DispatchMessageA

  GetMessageA

  MoveWindow

  CreateWindowExA

  RegisterClassExA

  FindWindowA

  GetWindow

  GetSystemMetrics

  Sections

  .text

  Size: 52KB - Virtual size: 48KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 4KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 4KB - Virtual size: 116B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 80KB - Virtual size: 79KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 4KB - Virtual size: 28KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ