5bd674294e5cf985a1e29cbe731bfc5e

Sharing

Copy URL Twitter E-mail

General

Target

5bd674294e5cf985a1e29cbe731bfc5e
Size

876KB
MD5

5bd674294e5cf985a1e29cbe731bfc5e
SHA1

7fe1c1a9acc5e354121c7e752fec6077b69fc41b
SHA256

766835a754e4d3efd7d84338273ff4cfe6b5d71f723fb68701c1df0aa42897e8
SHA512

453b2751cd3c292baa920c5ef339ca91575d5b3f34c2d7dc01b99caf55fdf42db8446802109388caeed166578641955fd5d7ee33f04bed4bcc278d62ebf61c32
SSDEEP

24576:E76SCwmmv3I29/nLqdMf4vvSr73uVE2siSZ8xFyuR:9Pwn/nLq22Sr73uV5DFy

Score

1^/10

Malware Config

Signatures

Files

5bd674294e5cf985a1e29cbe731bfc5e
.exe windows:4 windows x86 arch:x86

f788e6d15904b281c386022ea1ceae67

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

3d:49:cd:33:c1:1e:6c:1b:ba:e2:97:1e:37:76:c7:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

01/02/2008, 00:00

Not After

31/01/2009, 23:59

Subject

CN=InstallProvider Inc.,O=InstallProvider Inc.,POSTALCODE=DM,STREET=15 Cornwall Street,L=Roseau,ST=Dominica,C=DM

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

DdeUnaccessData
BringWindowToTop
DestroyAcceleratorTable
DdeQueryStringA
ScrollDC
UnhookWinEvent
DrawCaption
DestroyMenu
DrawMenuBar
DrawTextExA
EnableScrollBar
PostQuitMessage
SwitchToThisWindow
LoadAcceleratorsA
IsDialogMessage
GetSystemMenu
GetWindowWord
GetScrollBarInfo
SetWindowRgn
GetTopWindow
ArrangeIconicWindows
GetWindowInfo
CreateDialogParamA
DdeEnableCallback
GetMessagePos
AlignRects
CreateIconIndirect
GetNextDlgTabItem
ChildWindowFromPointEx
MapVirtualKeyExA
DefMDIChildProcA
RegisterWindowMessageA
RemovePropA
OemToCharA
CreateAcceleratorTableA
IMPGetIMEA
WinHelpA
DrawFrame
IsCharLowerA
MonitorFromPoint
GetMenuState
GetShellWindow
LoadMenuIndirectA
DdeCreateDataHandle
FreeDDElParam
wvsprintfA
GetClassInfoA
VkKeyScanA
CharToOemBuffA
GetIconInfo
GetProcessDefaultLayout
SetMenuDefaultItem

advapi32

CryptSetKeyParam
CopySid
CryptContextAddRef
GetServiceDisplayNameA
ObjectDeleteAuditAlarmA
GetSecurityDescriptorControl
BuildSecurityDescriptorA
IsTextUnicode
CryptEncrypt
OpenEventLogA
DeregisterEventSource
QueryServiceObjectSecurity
GetSidSubAuthority
GetAclInformation
PrivilegeCheck
GetNumberOfEventLogRecords
RegDeleteValueA
InitializeAcl
RevertToSelf
FindFirstFreeAce
BackupEventLogA
GetSecurityDescriptorOwner
CryptDestroyHash
SetEntriesInAuditListA
EnumDependentServicesA
AllocateAndInitializeSid
RegSaveKeyA
GetMultipleTrusteeA
GetExplicitEntriesFromAclA
CryptGenKey
RegFlushKey
AddAce
RegConnectRegistryA
AccessCheck
ControlService
CryptSignHashA
CryptHashSessionKey
RegOpenKeyA

kernel32

EnumResourceLanguagesA

Sections

.anc
Size: 638KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gvg
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xmb
Size: 19KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.czirs
Size: 512B - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pspoz
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.yleby
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.nixyd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.jwxsp
Size: 48KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.oxqt
Size: 132KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f788e6d15904b281c386022ea1ceae67

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

3d:49:cd:33:c1:1e:6c:1b:ba:e2:97:1e:37:76:c7:0bCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

user32

advapi32

kernel32

Sections

.anc Size: 638KB - Virtual size: 1.3MB

.gvg Size: 6KB - Virtual size: 8KB

.xmb Size: 19KB - Virtual size: 27KB

.czirs Size: 512B - Virtual size: 21KB

.pspoz Size: 6KB - Virtual size: 15KB

.yleby Size: 512B - Virtual size: 56B

.nixyd Size: 512B - Virtual size: 24B

.jwxsp Size: 48KB - Virtual size: 77KB

.oxqt Size: 132KB - Virtual size: 1.7MB

.rsrc Size: 18KB - Virtual size: 20KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

3d:49:cd:33:c1:1e:6c:1b:ba:e2:97:1e:37:76:c7:0b
Certificate

.anc
Size: 638KB - Virtual size: 1.3MB

.gvg
Size: 6KB - Virtual size: 8KB

.xmb
Size: 19KB - Virtual size: 27KB

.czirs
Size: 512B - Virtual size: 21KB

.pspoz
Size: 6KB - Virtual size: 15KB

.yleby
Size: 512B - Virtual size: 56B

.nixyd
Size: 512B - Virtual size: 24B

.jwxsp
Size: 48KB - Virtual size: 77KB

.oxqt
Size: 132KB - Virtual size: 1.7MB

.rsrc
Size: 18KB - Virtual size: 20KB