71808b2464b3967a8e630022a7729b47

Sharing

Copy URL Twitter E-mail

General

Target

71808b2464b3967a8e630022a7729b47
Size

295KB
MD5

71808b2464b3967a8e630022a7729b47
SHA1

300fa274d21af85a35c459d73cf36be82eee7dc7
SHA256

14a274eccb888f3d65842b34f818eea6497548f5b8e522a57dc8c342bbbe4e5b
SHA512

845119a92c0a5e11c55ef247b1cc623e57fffa301c6d90a24bdaecc6690a7c716e0d6b02c0b533791467502560654de0a3d2beb87117666990c95403f29173e6
SSDEEP

6144:B72WvdiYxDzwxfG1l94/Qks1weSzPc7MxBqievPNOmEi7Z:B72QXxD0xfG1bEJsae61wJvPNOmJZ

Score

1^/10

Malware Config

Signatures

Files

71808b2464b3967a8e630022a7729b47
.exe windows:5 windows x86 arch:x86

99c9df8594ebb2cf7f1c0b086a220bef

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

30/09/2010, 00:00

Not After

01/01/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:e2:8b:26:db:59:3e:c4:e7:32:86:b6:64:99:c3:70
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

14/11/2011, 00:00

Not After

13/11/2014, 23:59

Subject

CN=Google Inc,OU=Digital ID Class 3 - Java Object Signing,O=Google Inc,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b3:22:9c:44:90:f5:5d:6b:00:56:31:ed:98:68:d4:83:95:6e:52:89
Signer

Actual PE Digest

b3:22:9c:44:90:f5:5d:6b:00:56:31:ed:98:68:d4:83:95:6e:52:89

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadConsoleOutputCharacterA
GetProcAddress
LoadLibraryA
LockResource
HeapReAlloc
GetStringTypeW
MultiByteToWideChar
LCMapStringW
EnumSystemLocalesA
RtlUnwind
Sleep
HeapFree
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetLocaleInfoW
LoadLibraryW
SetThreadPriority
SizeofResource
GetPriorityClass
GetCommProperties
CreateRemoteThread
SetEvent
FindCloseChangeNotification
QueryPerformanceCounter
LoadResource
FreeResource
HeapSize
FindResourceA
InterlockedExchange
FreeLibrary
SetConsoleCtrlHandler
EnterCriticalSection
FatalAppExitA
HeapAlloc
GetCommandLineA
HeapSetInformation
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
ExitProcess
DecodePointer
WriteFile
GetStdHandle
GetModuleFileNameW
HeapCreate
HeapDestroy
EncodePointer
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
GetLastError
InterlockedDecrement
GetCurrentThread
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
IsProcessorFeaturePresent

user32

LoadCursorA
FindWindowA
RedrawWindow
CreateDialogIndirectParamA
UnloadKeyboardLayout
IsIconic
CopyImage
CharUpperA
DrawIcon
CopyAcceleratorTableA
GetDoubleClickTime
WinHelpA
DrawFocusRect

gdi32

PlayEnhMetaFile
GetCurrentPositionEx
ArcTo
EndPage

advapi32

GetSecurityDescriptorSacl
AdjustTokenGroups
AreAllAccessesGranted
AccessCheckAndAuditAlarmA
RegSetValueExA
GetLengthSid

winmm

sndPlaySoundA
midiStreamProperty
midiInGetErrorTextA
joySetThreshold

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 225KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

99c9df8594ebb2cf7f1c0b086a220bef

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4Certificate

Extended Key Usages

Key Usages

09:e2:8b:26:db:59:3e:c4:e7:32:86:b6:64:99:c3:70Certificate

Extended Key Usages

Key Usages

b3:22:9c:44:90:f5:5d:6b:00:56:31:ed:98:68:d4:83:95:6e:52:89Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

winmm

Sections

.text Size: 48KB - Virtual size: 48KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 3KB - Virtual size: 9KB

.rsrc Size: 225KB - Virtual size: 224KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

09:e2:8b:26:db:59:3e:c4:e7:32:86:b6:64:99:c3:70
Certificate

b3:22:9c:44:90:f5:5d:6b:00:56:31:ed:98:68:d4:83:95:6e:52:89
Signer

.text
Size: 48KB - Virtual size: 48KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 3KB - Virtual size: 9KB

.rsrc
Size: 225KB - Virtual size: 224KB