47a3ca27e941cabc3615461d22692501

Sharing

Copy URL Twitter E-mail

General

Target

47a3ca27e941cabc3615461d22692501
Size

353KB
MD5

47a3ca27e941cabc3615461d22692501
SHA1

3d76bdef93239fb71052b43a542819d63f3c23f5
SHA256

e7356246243a538278970910935060b09bcbc46f6e418f04b7f6e33d30595b59
SHA512

2fe54e5279ff49d6b664c6d8c0e27d4464e6040b390b3714ced11854b84fc0a99721de87fae167b743456000c59fd54425d01d49661d6e0931da389700593bd4
SSDEEP

6144:JjAfCBA5fS5NeJfsCtdHgp3jOvs3rDSYX9ixQL8a:JEqBeeNsfsCjC3ivUOY2QLB

Score

1^/10

Malware Config

Signatures

Files

47a3ca27e941cabc3615461d22692501
.exe windows:4 windows x86 arch:x86

8fe4b8a2bcfd3032d339ead749748ded

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

ad:40:a2:d9:7f:94:49:05:78:88:43:ef:22:60:41:70
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17/11/2005, 00:00

Not After

17/11/2007, 23:59

Subject

CN=Digital Enterprises\, Inc.,O=Digital Enterprises\, Inc.,POSTALCODE=91307,STREET=23705 Vanowen St. #119,L=West Hills,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

send
recv
ioctlsocket
getprotobyname
connect
accept
listen
WSAStartup
WSACleanup
inet_addr
gethostbyname
gethostname
WSAGetLastError
closesocket
socket
bind
htons
setsockopt

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

wininet

InternetConnectA
InternetCloseHandle
InternetOpenA
HttpSendRequestA
InternetGetConnectedState
HttpOpenRequestA
InternetReadFile

kernel32

GetSystemTime
CompareFileTime
SystemTimeToFileTime
FileTimeToSystemTime
GetVersionExA
GetLocaleInfoA
Sleep
GetModuleFileNameA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateMutexA
ReleaseMutex
CreateFileA
CopyFileA
CreateDirectoryA
WaitForSingleObject
CloseHandle
OutputDebugStringA
WriteFile
GetCurrentThreadId
ReadFile
GetCurrentThread
GetLocalTime
CreateEventA
SetEvent
WideCharToMultiByte
lstrlenW
SetFileAttributesA
GetLastError
SetCurrentDirectoryA
LocalFree
FormatMessageA
DeleteFileA
GetDriveTypeA
GetCurrentDirectoryA
lstrlenA
GetTickCount
GetDiskFreeSpaceExA
GetFileSize
SetEndOfFile
SetFilePointer
UnlockFile
LockFile
GetFileTime
GetFileAttributesA
MoveFileA
InterlockedDecrement
MultiByteToWideChar
lstrcmpiA
GetCommandLineA
GetShortPathNameA
GetModuleHandleA
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
lstrcpynA
IsDBCSLeadByte
InterlockedIncrement
GetProcAddress
LoadLibraryA
lstrcpyA
lstrcatA
GetCurrentProcess
InterlockedExchange
RtlUnwind
RaiseException
CreateThread
TlsSetValue
TlsGetValue
ExitThread
GetExitCodeThread
HeapAlloc
GetTimeZoneInformation
HeapReAlloc
GetStartupInfoA
GetVersion
ExitProcess
LCMapStringA
LCMapStringW
GetCPInfo
CompareStringA
CompareStringW
TlsAlloc
SetLastError
TerminateProcess
HeapSize
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetACP
GetOEMCP
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
FlushFileBuffers
IsValidLocale
IsValidCodePage
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
GetLocaleInfoW
SetEnvironmentVariableA
HeapFree

user32

MessageBoxA
LoadStringA
GetMessageA
DispatchMessageA
PostThreadMessageA
CharNextA
SendMessageTimeoutA

advapi32

RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
CloseServiceHandle
OpenServiceA
OpenSCManagerA
DeregisterEventSource
GetTokenInformation
OpenThreadToken
OpenProcessToken
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
GetLengthSid
CopySid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegEnumValueA
RegQueryInfoKeyA
RegEnumKeyExA
StartServiceCtrlDispatcherA
ControlService
DeleteService
CreateServiceA
SetServiceStatus
RegisterServiceCtrlHandlerA
RegisterEventSourceA
ReportEventA

ole32

CoDisconnectObject
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoInitialize
CoInitializeSecurity
CoCreateInstance
CoUninitialize
ProgIDFromCLSID

oleaut32

SysFreeString
SysAllocStringLen
VarUI4FromStr
SysAllocString
LoadTypeLi
RegisterTypeLi
LoadRegTypeLi
SysStringLen
SetErrorInfo
CreateErrorInfo

Sections

.text
Size: 256KB - Virtual size: 254KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8fe4b8a2bcfd3032d339ead749748ded

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

ad:40:a2:d9:7f:94:49:05:78:88:43:ef:22:60:41:70Certificate

Extended Key Usages

Key Usages

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

wsock32

version

wininet

kernel32

user32

advapi32

ole32

oleaut32

Sections

.text Size: 256KB - Virtual size: 254KB

.rdata Size: 44KB - Virtual size: 41KB

.data Size: 32KB - Virtual size: 39KB

.rsrc Size: 12KB - Virtual size: 8KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

ad:40:a2:d9:7f:94:49:05:78:88:43:ef:22:60:41:70
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

.text
Size: 256KB - Virtual size: 254KB

.rdata
Size: 44KB - Virtual size: 41KB

.data
Size: 32KB - Virtual size: 39KB

.rsrc
Size: 12KB - Virtual size: 8KB