5244b523233abf94e70c437b95e7acb1

Sharing

Copy URL

Twitter E-mail

General

Target

5244b523233abf94e70c437b95e7acb1
Size

210KB
MD5

5244b523233abf94e70c437b95e7acb1
SHA1

365c917f2f84953b599da8f43bb1d6cf402fc8dc
SHA256

88e05c65f5bb3fda76b3465f21153f96b50085b46aff56e72635ddb70e239338
SHA512

49d8e98376706a1e653190ca968d38614db03c532e792ccf8f52d95a925fe56dbc7e261c57b3c4542d5b1a81410f49224746c88ebdad135fd01cd268888e31fe
SSDEEP

3072:ytXUpirhYZ4z1sxtbjIUWnoRzqhYZ4z1sxtbjIUWnoRzu:yhoiiZ4zytbLhZ4zytbLK

Score

1^/10

Malware Config

Signatures

Files

5244b523233abf94e70c437b95e7acb1
.exe windows:4 windows x64 arch:x64

b999eea76c6811752cfb42e9fbf2143d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

68:22:15:ef:b7:b2:dc:6c:70:24:7e:61:31:35:f4:ea
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

20-08-2010 00:00

Not After

20-08-2011 23:59

Subject

CN=ALL WINNER (HONG KONG) LIMITED,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=System Design,O=ALL WINNER (HONG KONG) LIMITED,L=Hong Kong,ST=Hong Kong,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1c:c7:d5:7e:ce:03:f2:5c:12:c6:e1:11:05:72:1e:32:f3:55:43:a8
Signer

Actual PE Digest

1c:c7:d5:7e:ce:03:f2:5c:12:c6:e1:11:05:72:1e:32:f3:55:43:a8

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetModuleHandleA
GetCommandLineA
SetLastError
lstrlenA
LocalAlloc
LocalFree
GetLastError
FindFirstFileA
GetCurrentProcess
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

mfc42

ord1040
ord4483
ord626
ord1594
ord659
ord1063
ord6891
ord4531
ord2858
ord620
ord1506
ord1267
ord2641
ord1469
ord1690
ord2688
ord1263
ord621
ord1124
ord1635
ord1041
ord622
ord627
ord1122
ord618
ord1038
ord4446
ord2794
ord6552
ord6231
ord2795
ord4533
ord6057
ord2793
ord6714
ord6711
ord1265

msvcrt

__set_app_type
_fmode
__CxxFrameHandler
_commode
__setusermatherr
_initterm
__getmainargs
__initenv
exit
_cexit
_exit
_c_exit
_XcptFilter
__C_specific_handler
_onexit
__dllonexit
printf
strncpy
vsprintf
fwrite
fclose
fopen
memset
_mbscmp

msvcp60

??1_Winit@std@@QEAA@XZ
??1Init@ios_base@std@@QEAA@XZ
??0_Winit@std@@QEAA@XZ
??0Init@ios_base@std@@QEAA@XZ

setupapi

SetupDiGetDeviceInstallParamsA
SetupDiSetDeviceInstallParamsA
SetupDiBuildDriverInfoList
SetupDiEnumDriverInfoA
SetupDiGetDriverInfoDetailA
SetupDiDestroyDriverInfoList
SetupDiGetClassImageIndex
SetupDiGetINFClassA
SetupDiCreateDeviceInfoList
SetupDiCreateDeviceInfoA
SetupDiSetDeviceRegistryPropertyA
SetupDiCallClassInstaller
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList

newdev

UpdateDriverForPlugAndPlayDevicesA

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b999eea76c6811752cfb42e9fbf2143d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

68:22:15:ef:b7:b2:dc:6c:70:24:7e:61:31:35:f4:eaCertificate

Extended Key Usages

Key Usages

1c:c7:d5:7e:ce:03:f2:5c:12:c6:e1:11:05:72:1e:32:f3:55:43:a8Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

mfc42

msvcrt

msvcp60

setupapi

newdev

Sections

.text Size: 11KB - Virtual size: 10KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1024B - Virtual size: 1020B

.rsrc Size: 512B - Virtual size: 160B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

68:22:15:ef:b7:b2:dc:6c:70:24:7e:61:31:35:f4:ea
Certificate

1c:c7:d5:7e:ce:03:f2:5c:12:c6:e1:11:05:72:1e:32:f3:55:43:a8
Signer

.text
Size: 11KB - Virtual size: 10KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1024B - Virtual size: 1020B

.rsrc
Size: 512B - Virtual size: 160B