6533b13d29e75a9ce94765e7f4a7c78a

Sharing

Copy URL

Twitter E-mail

General

Target

6533b13d29e75a9ce94765e7f4a7c78a
Size

544KB
MD5

6533b13d29e75a9ce94765e7f4a7c78a
SHA1

f3673d5afaa1bd2f0226afa9f4187a51c809f057
SHA256

79a5d95da162af4ac92bdb2be3741dc91c563fc6c6193ef21a47362ac8dc1088
SHA512

028a19887bde50b1a041e494e5680de719f964424f95e738a6b1bc1d38c63369315b1c8893e1e29058c37565401d549a325170e2cd484a62254bdb5ab788958a
SSDEEP

6144:r2dIySCBqQBVjnJcTMF1hR5Ls3bU0WB9hRJN7aMkbIPvKXPgkqWYWtkYRTIR:r2Gd6rrj7o3bIjJsbIPvK/A7UksTs

Score

1^/10

Malware Config

Signatures

Files

6533b13d29e75a9ce94765e7f4a7c78a
.exe windows:4 windows x86 arch:x86

0a977a94c797bdf63dd82bfc9e11dc1f

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

4a:1a:57:2c:a6:42:3e:f3:66:bc:8c:42:61:f5:40:c1
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

28/02/2007, 00:00

Not After

27/02/2009, 23:59

Subject

CN=Sander \+ Partner GmbH,O=Sander \+ Partner GmbH,L=Goch,ST=NRW,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

df:38:97:bb:e7:3a:85:6f:5f:66:9e:c6:24:4f:73:f9:9b:7a:f4:66
Signer

Actual PE Digest

df:38:97:bb:e7:3a:85:6f:5f:66:9e:c6:24:4f:73:f9:9b:7a:f4:66

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetOEMCP
GetACP
GetCPInfo
SetFilePointer
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
MultiByteToWideChar
GetCurrentProcess
TerminateProcess
RaiseException
ReadFile
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
ExitProcess
GetVersion
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
SetEndOfFile
FlushFileBuffers
GetProcAddress
LoadLibraryA
GetTickCount
DeleteFileA
WriteFile
GetModuleFileNameA
GetComputerNameA
CreateFileA
GetFileSize
GetPrivateProfileSectionA
LeaveCriticalSection
EnterCriticalSection
CreateThread
GetThreadPriority
SetThreadPriority
Sleep
InitializeCriticalSection
CreateEventA
SetEvent
GlobalAlloc
GlobalLock
GlobalUnlock
WinExec
CreateProcessA
GetLastError
WaitForSingleObject
GetExitCodeProcess
CloseHandle
GetPrivateProfileStringA
OutputDebugStringA
HeapSize
HeapReAlloc
RtlUnwind
HeapFree
HeapAlloc

user32

ReleaseDC
GetDC
LoadCursorA
GetClientRect
SetWindowPos
SetTimer
KillTimer
CheckMenuItem
EnableMenuItem
InvalidateRect
GetKeyState
GetDesktopWindow
GetWindowRect
CreateWindowExA
LoadAcceleratorsA
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
MessageBeep
PostQuitMessage
BeginPaint
EndPaint
DefWindowProcA
DestroyWindow
ReleaseCapture
SetCapture
LoadStringA
LoadIconA
RegisterClassExA
EmptyClipboard
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
SetCursor
PostMessageA
ShowWindow
SetMenu
GetMenu

gdi32

GetSystemPaletteEntries
SelectPalette
RealizePalette
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
DeleteObject
CreatePalette
CreateDIBSection
GetDeviceCaps
GdiFlush

advapi32

RegQueryValueExA
RegConnectRegistryA
RegCreateKeyA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegDisablePredefinedCache
RegEnumKeyA
RegEnumKeyExA
RegEnumValueA
RegFlushKey
RegGetKeySecurity
RegLoadKeyA
RegNotifyChangeKeyValue
RegOpenKeyA
RegQueryInfoKeyA
RegQueryMultipleValuesA
RegQueryValueA
RegReplaceKeyA
RegRestoreKeyA
RegSaveKeyA
RegSetKeySecurity
RegSetValueA
RegSetValueExA
RegUnLoadKeyA
RegOpenKeyExA
RegCloseKey

shell32

ShellExecuteA

winmm

timeBeginPeriod
timeGetDevCaps
timeGetTime
waveOutPrepareHeader
waveOutWrite
waveOutReset
waveOutUnprepareHeader
waveOutClose
waveOutOpen
waveOutGetDevCapsA
timeEndPeriod

Sections

.text
Size: 236KB - Virtual size: 232KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 260KB - Virtual size: 270KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0a977a94c797bdf63dd82bfc9e11dc1f

Code Sign

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

4a:1a:57:2c:a6:42:3e:f3:66:bc:8c:42:61:f5:40:c1Certificate

Extended Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

df:38:97:bb:e7:3a:85:6f:5f:66:9e:c6:24:4f:73:f9:9b:7a:f4:66Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

winmm

Sections

.text Size: 236KB - Virtual size: 232KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 260KB - Virtual size: 270KB

.rsrc Size: 8KB - Virtual size: 7KB

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

4a:1a:57:2c:a6:42:3e:f3:66:bc:8c:42:61:f5:40:c1
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

df:38:97:bb:e7:3a:85:6f:5f:66:9e:c6:24:4f:73:f9:9b:7a:f4:66
Signer

.text
Size: 236KB - Virtual size: 232KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 260KB - Virtual size: 270KB

.rsrc
Size: 8KB - Virtual size: 7KB