548414ee6cdf0bcc0f27a7cd4bff7cb4

Sharing

Copy URL

Twitter E-mail

General

Target

548414ee6cdf0bcc0f27a7cd4bff7cb4
Size

462KB
MD5

548414ee6cdf0bcc0f27a7cd4bff7cb4
SHA1

66e4b51a5ebd30d8d99cc0218f7a870ca95a0734
SHA256

028567efaef77b184023a7ef3a4fc6829b2345a2f63d035dcfae276280b3737a
SHA512

a0177400493768486d81a690eda3a1e4b8f46e26428aa56bbd7af7ec675871bf92fd5ca73ece15667ecb63fafe740f188da281a8576003541883f370c510bc81
SSDEEP

12288:2h8MFO7aGp51OueJ4VU5VTKJKi5GTQEWH8dkIa8:2aMwrp51NdVUeJKi0TQthy

Score

1^/10

Malware Config

Signatures

Files

548414ee6cdf0bcc0f27a7cd4bff7cb4
.exe windows:5 windows x86 arch:x86

3841b6d8601f6f4e0a94c3debbec5bf5

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:25:b9:20:7d:56:56:05:61:e7:12:46:2d:e8:7f:87
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

25/01/2012, 00:00

Not After

24/01/2014, 23:59

Subject

CN=Aeria Games and Entertainment,O=Aeria Games and Entertainment,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7d:61:b3:ff:ad:e0:5f:bb:1a:5c:a9:e5:7e:84:ec:e4:9c:d8:cb:60
Signer

Actual PE Digest

7d:61:b3:ff:ad:e0:5f:bb:1a:5c:a9:e5:7e:84:ec:e4:9c:d8:cb:60

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winhttp

WinHttpCloseHandle
WinHttpOpen
WinHttpConnect
WinHttpOpenRequest
WinHttpSetStatusCallback
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpReadData
WinHttpQueryHeaders

shlwapi

StrCpyW
StrCmpNW

kernel32

GlobalMemoryStatusEx
GetDiskFreeSpaceExW
SetFileAttributesW
GetFileAttributesW
TlsSetValue
TlsAlloc
TlsGetValue
IsWow64Process
WaitForSingleObject
CreateProcessW
GetSystemDirectoryW
LCMapStringW
CreateFileW
ReadFile
GetConsoleMode
GetConsoleCP
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
LoadLibraryW
GetStringTypeW
GetLocaleInfoW
WriteFile
HeapCreate
HeapSize
GetVersionExW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapReAlloc
GetStartupInfoW
HeapSetInformation
GetCommandLineW
CreateDirectoryW
ExitProcess
GetSystemTimeAsFileTime
DecodePointer
EncodePointer
RtlUnwind
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedPushEntrySList
InterlockedCompareExchange
GetStdHandle
GlobalFree
GetSystemInfo
WideCharToMultiByte
LockResource
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
FreeLibrary
LocalFree
SetEndOfFile
WriteConsoleW
FlushFileBuffers
SetStdHandle
SetEnvironmentVariableA
CompareStringW
SetFilePointer
lstrcmpiW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GlobalAlloc
GlobalLock
GlobalUnlock
GetModuleFileNameW
lstrcmpW
GetLastError
GetPrivateProfileStringW
CreateThread
SetLastError
Sleep
GetCurrentThreadId
ResumeThread
CloseHandle
GetModuleHandleW
GetProcAddress
LeaveCriticalSection
EnterCriticalSection
lstrlenA
MultiByteToWideChar
RaiseException
InterlockedIncrement
MulDiv
FlushInstructionCache
lstrlenW
InterlockedDecrement
GetCurrentProcess
TlsFree

user32

UnregisterClassA
GetMessageW
PeekMessageW
FindWindowW
TranslateMessage
SetWindowLongW
SetWindowTextW
MoveWindow
RedrawWindow
IsWindow
BeginPaint
EndPaint
DefWindowProcW
GetWindowLongW
CallWindowProcW
GetDC
CreateWindowExW
DispatchMessageW
LoadImageW
CreateAcceleratorTableW
RegisterClassExW
GetClassInfoExW
GetFocus
SetFocus
DestroyAcceleratorTable
GetDesktopWindow
FillRect
GetClassNameW
GetWindowTextW
GetWindowTextLengthW
GetMenu
SetWindowPos
GetClientRect
IsWindowEnabled
AdjustWindowRectEx
GetParent
DrawTextW
IsChild
InvalidateRgn
ReleaseDC
ScreenToClient
IsDialogMessageW
ModifyMenuW
EnableMenuItem
LoadCursorW
SetCursor
SendMessageW
DrawFocusRect
DrawEdge
InflateRect
GetSystemMetrics
GetSysColor
DestroyWindow
GetWindowRect
ClientToScreen
UpdateWindow
InvalidateRect
SetTimer
KillTimer
SetCapture
GetDlgCtrlID
SystemParametersInfoW
GetCapture
ReleaseCapture
PtInRect
EndDialog
GetDlgItem
MapWindowPoints
SetWindowRgn
GetActiveWindow
GetCursorPos
SetForegroundWindow
GetSubMenu
TrackPopupMenu
SetMenuDefaultItem
GetMenuItemID
MonitorFromPoint
DestroyMenu
LoadMenuW
PostMessageW
DialogBoxParamW
CreateDialogParamW
LoadStringW
ShowWindow
RegisterWindowMessageW
CharNextW
GetWindow
MonitorFromWindow
GetMonitorInfoW

gdi32

GetStockObject
GetObjectW
DeleteObject
CreateFontIndirectW
SetTextColor
SetBkMode
DeleteDC
SelectObject
CreateCompatibleDC
BitBlt
RestoreDC
SaveDC
CreateCompatibleBitmap
GetDeviceCaps
CreateSolidBrush
SetBkColor
ExtTextOutW
CreateRoundRectRgn

advapi32

CryptDestroyHash
CryptReleaseContext
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegDeleteValueW
RegCreateKeyExW
RegOpenKeyExW
CryptHashData
CryptCreateHash
CryptAcquireContextW
CryptGetHashParam

shell32

ShellExecuteW
Shell_NotifyIconW
SHGetSpecialFolderPathW

ole32

CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoTaskMemRealloc
CoTaskMemFree
CoUninitialize
CoInitializeEx
StringFromGUID2
CoSetProxyBlanket
CoCreateGuid
CoTaskMemAlloc

oleaut32

SysStringLen
SysFreeString
SysAllocStringLen
SysAllocString
VariantInit
VariantClear
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
VarUI4FromStr

gdiplus

GdipFree
GdipDisposeImage
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateHBITMAPFromBitmap
GdipCloneImage
GdiplusStartup
GdipAlloc

comctl32

ImageList_GetIconSize
_TrackMouseEvent
ImageList_Create
ImageList_Add
ImageList_Destroy
ImageList_Draw

iphlpapi

GetAdaptersInfo

ws2_32

WSACleanup
recv
closesocket
connect
htons
socket
gethostbyname
WSAStartup
send

wininet

InternetQueryOptionA
InternetCloseHandle
InternetErrorDlg
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetReadFile
HttpQueryInfoW
InternetSetOptionA

Exports

Exports

AGInitialize
AGInstall
AGUninitialize
AKDelete
AKDownload
AKGetAttr
AKGetFileAttr
AKGetFileSize
AKGetReceivedSize
AKPause
AKRetry
ak_acceptEULA
ak_cleanAttributes
ak_cleanFileAttributes
ak_deleteFile
ak_downloadFile
ak_errorToString
ak_fileStatusToString
ak_getAttributes
ak_getFileAttributes
ak_getLastError
ak_initialize
ak_install
ak_pauseFile
ak_setFileAttributeInt
ak_uninitialize

Sections

.text
Size: 197KB - Virtual size: 197KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 174KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3841b6d8601f6f4e0a94c3debbec5bf5

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

1a:25:b9:20:7d:56:56:05:61:e7:12:46:2d:e8:7f:87Certificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

7d:61:b3:ff:ad:e0:5f:bb:1a:5c:a9:e5:7e:84:ec:e4:9c:d8:cb:60Signer

Headers

DLL Characteristics

File Characteristics

Imports

winhttp

shlwapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

gdiplus

comctl32

iphlpapi

ws2_32

wininet

Exports

Exports

Sections

.text Size: 197KB - Virtual size: 197KB

.rdata Size: 56KB - Virtual size: 56KB

.data Size: 10KB - Virtual size: 18KB

.rsrc Size: 174KB - Virtual size: 174KB

.reloc Size: 17KB - Virtual size: 16KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

1a:25:b9:20:7d:56:56:05:61:e7:12:46:2d:e8:7f:87
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

7d:61:b3:ff:ad:e0:5f:bb:1a:5c:a9:e5:7e:84:ec:e4:9c:d8:cb:60
Signer

.text
Size: 197KB - Virtual size: 197KB

.rdata
Size: 56KB - Virtual size: 56KB

.data
Size: 10KB - Virtual size: 18KB

.rsrc
Size: 174KB - Virtual size: 174KB

.reloc
Size: 17KB - Virtual size: 16KB