74164f8ec855d21073a230d161156861

Sharing

Copy URL Twitter E-mail

General

Target

74164f8ec855d21073a230d161156861
Size

77KB
MD5

74164f8ec855d21073a230d161156861
SHA1

e6faece5a0aaecebe95eec8831873969f59aa6ad
SHA256

af90c78a3a7362a8f56f0eb9a2df70fb8f2d1ad78ebc49831364384b5242ab0c
SHA512

c4a30a4a11a1bbb859e1d1657a5cb5fc97add1609e908c5f4447710c5b7205dcfd864425d2ecbeaf17b1c63833f44570d5a5f0d361ea773e1a2c69161397a9dc
SSDEEP

1536:f7lVQcDHSFqNHJbctg1EPp1R2AFtnaJo2lhF3qnoTd5:9HSFBmazR/vnF+hF6n2d5

Score

1^/10

Malware Config

Signatures

Files

74164f8ec855d21073a230d161156861
.exe windows:4 windows x86 arch:x86

d4435350b08b921104f9a6d104a05ee0

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:bc:25
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

01/09/2005, 16:34

Not After

01/09/2006, 16:34

Subject

CN=SysProtect Inc.,OU=Technical Department,O=SysProtect Inc.,L=Roseau,ST=Roseau,C=DM

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shfolder

SHGetFolderPathA

shell32

SHFileOperationA
SHGetSpecialFolderPathA
Shell_NotifyIconA
ShellExecuteA

comctl32

InitCommonControlsEx

ws2_32

WSACleanup
htons
inet_addr
gethostbyname
socket
connect
closesocket
WSAStartup

shlwapi

StrRChrA
StrChrA
StrFormatByteSizeA
StrCmpW
PathAppendA
PathRemoveFileSpecA
PathStripPathA
wnsprintfA
StrToIntA
StrStrA
PathCombineA

iphlpapi

GetAdaptersInfo

kernel32

HeapSize
GetProcessHeap
HeapFree
HeapAlloc
HeapDestroy
GetStartupInfoA
QueryPerformanceCounter
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
WritePrivateProfileStringA
LocalAlloc
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
MultiByteToWideChar
RaiseException
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
GetLastError
WriteFile
CloseHandle
MapViewOfFileEx
CreateFileMappingA
GetFileSize
UnmapViewOfFile
GetProcAddress
GetModuleHandleA
CreateMutexA
lstrcmpiA
lstrlenA
GetStringTypeExA
WideCharToMultiByte
CreateFileA
Sleep
Module32Next
Module32First
CreateToolhelp32Snapshot
GetCurrentProcessId
GetSystemTime
FreeLibrary
GetCurrentProcess
GetCurrentThreadId
LoadLibraryA
GetSystemDirectoryA
ExitProcess
FreeResource
GetCommandLineA
GetFileAttributesA
CopyFileA
GetModuleFileNameA
SetErrorMode
SetUnhandledExceptionFilter
lstrcatA
lstrcpyA
lstrcmpA
GetTickCount
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
CreateDirectoryA
lstrcpynA
GetTempPathA
ReadFile
SetFilePointer
FlushFileBuffers
TerminateThread
WaitForSingleObject
DeleteFileA
FindClose
FindNextFileA
FindFirstFileA
TerminateProcess
CreateThread
GetPrivateProfileIntA
RtlUnwind
GetExitCodeProcess
CreateProcessA
GetSystemTimeAsFileTime
GetPrivateProfileSectionNamesA
GetPrivateProfileStringA
ResumeThread
SetEvent
GetVolumeInformationA
CreateEventA

user32

ShowWindow
CreateDialogParamA
wsprintfA
KillTimer
SetTimer
DestroyWindow
SetDlgItemTextA
GetDlgItemTextA
SendMessageA
IsWindowVisible
GetDlgItem
SetWindowTextA
DeleteMenu
LoadIconA
SetForegroundWindow
IsWindow
PeekMessageA
DefWindowProcA
UpdateWindow
EndDialog
DialogBoxParamA
LoadImageA
PostThreadMessageA
SetWindowPos
GetWindowTextLengthA
GetSysColor
GetMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
MessageBoxA
LoadStringA
wvsprintfA
LoadCursorA
GetSysColorBrush
RegisterClassExA
CharNextA
CharLowerA
RegisterWindowMessageA
PostQuitMessage
PostMessageA
GetSystemMenu

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegDeleteValueA
RegSetValueExA
RegFlushKey
RegCreateKeyExA
RegEnumKeyExA

ole32

CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

SysAllocString
VariantClear

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d4435350b08b921104f9a6d104a05ee0

Code Sign

01Certificate

0aCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

21:bc:25Certificate

Extended Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

shfolder

shell32

comctl32

ws2_32

shlwapi

iphlpapi

kernel32

user32

advapi32

ole32

oleaut32

Sections

.text Size: 42KB - Virtual size: 42KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 1024B - Virtual size: 11KB

.rsrc Size: 19KB - Virtual size: 19KB

01
Certificate

0a
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

21:bc:25
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

.text
Size: 42KB - Virtual size: 42KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 1024B - Virtual size: 11KB

.rsrc
Size: 19KB - Virtual size: 19KB