74b64a82f447487a3e86c545ea45d623

Sharing

Copy URL

Twitter E-mail

General

Target

74b64a82f447487a3e86c545ea45d623
Size

1.8MB
MD5

74b64a82f447487a3e86c545ea45d623
SHA1

0223379f6328524053497962a74f1f64d678dda4
SHA256

c624cb7576bd5b2f9e43c254e2c56e34fccd2145f345e0d472da5cc0605655c1
SHA512

4d0013aa96101118fb8b4777318bce08db0a83ab5d1d70fac4f8233ae2689a09802ba37eccacb921cbeba6b08aaa48c627362d8545b19ebfbc89ec8a27f05041
SSDEEP

24576:AI3VYIiC96Q35g3Z6hEYBOKKqw7gLS8wl2XIYToxEpYWX4+33IQk3:PmIfQf0L1MsToxyrIN

Score

1^/10

Malware Config

Signatures

Files

74b64a82f447487a3e86c545ea45d623
.exe windows:4 windows x86 arch:x86

bf3cf436ec29cbd6ed8d09a4f0c73023

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

29:f2:5a:23:90:6d:e1:bb:fa:2c:46:06:7e:ba:0d:dd
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

02-02-2009 00:00

Not After

07-02-2012 23:59

Subject

CN=CPUID,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=CPUID,L=DUNKERQUE,ST=NORD,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:01

Not After

23-05-2016 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a5:9e:38:a9:7a:a1:00:e1:b6:1a:5a:94:9f:1f:21:85:a1:19:25:79
Signer

Actual PE Digest

a5:9e:38:a9:7a:a1:00:e1:b6:1a:5a:94:9f:1f:21:85:a1:19:25:79

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

timeGetTime

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

FlushFileBuffers
SetEndOfFile
SetErrorMode
HeapAlloc
GetStartupInfoW
RaiseException
HeapReAlloc
VirtualAlloc
RtlUnwind
ExitProcess
HeapSize
SetUnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
SetStdHandle
GetConsoleOutputCP
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WritePrivateProfileStringW
GetThreadLocale
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
TlsGetValue
GlobalFlags
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedIncrement
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
lstrcmpW
FreeResource
GlobalLock
GlobalUnlock
FormatMessageW
MulDiv
GetSystemDirectoryA
GetModuleHandleA
FindResourceA
GetWindowsDirectoryA
RemoveDirectoryA
GetComputerNameA
GetCurrentDirectoryA
GetModuleFileNameA
CreateDirectoryA
GetLocalTime
DeleteFileA
SetCurrentDirectoryA
GetTempPathA
GetCurrentProcessId
CreateEventA
GetOverlappedResult
ReadFile
QueryPerformanceCounter
QueryPerformanceFrequency
GetTickCount
LocalAlloc
CreateFileA
DeviceIoControl
LocalFree
GetSystemInfo
GetProcessAffinityMask
GetCurrentThread
GetCurrentProcess
SetFilePointer
GetVersionExA
LoadLibraryA
CreateMutexA
SetLastError
ReleaseMutex
lstrlenA
lstrcmpiA
CompareStringW
WriteConsoleA
GetVersion
InterlockedExchange
GetProcessHeap
HeapFree
GetVersionExW
GlobalMemoryStatus
GetTempPathW
WinExec
lstrlenW
lstrcatW
lstrcpyW
CreateFileW
FreeLibrary
WriteFile
GetLastError
LoadLibraryW
WriteConsoleW
CreateThread
GetProcAddress
ExitThread
Sleep
SetThreadPriority
GetStdHandle
GetModuleHandleW
GetModuleFileNameW
InterlockedDecrement
MultiByteToWideChar
WaitForSingleObject
CloseHandle
WideCharToMultiByte
GlobalSize
GlobalReAlloc
GlobalAlloc
GlobalFree
GetComputerNameW
GetCurrentDirectoryW
SizeofResource
LoadResource
FindResourceW
SetCurrentDirectoryW
LockResource
FreeEnvironmentStringsW

user32

UnregisterClassW
LoadCursorW
GetSysColorBrush
DestroyMenu
PostQuitMessage
GetMessageW
TranslateMessage
GetCursorPos
ValidateRect
GetWindowThreadProcessId
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
SetDlgItemInt
EndPaint
BeginPaint
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
ShowWindow
LoadIconW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
UnregisterClassA
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
TrackPopupMenu
GetKeyState
SetForegroundWindow
GetMenu
PostMessageW
CreateWindowExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
ScreenToClient
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
SetWindowPos
SystemParametersInfoA
GetWindowPlacement
GetWindow
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetWindowLongW
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetFocus
GetParent
EnableMenuItem
CheckMenuItem
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
wsprintfA
AppendMenuW
CreatePopupMenu
ClientToScreen
PeekMessageW
ModifyMenuW
DestroyCursor
CreateCursor
SetWindowLongW
SetCursor
UpdateWindow
InvalidateRect
OffsetRect
GetSysColor
DrawIcon
GetSystemMetrics
IsIconic
SetTimer
LoadImageW
KillTimer
DestroyIcon
MessageBoxW
wsprintfW
GetWindowDC
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
ReleaseDC
GetClientRect
GetDC
SendMessageW
EnableWindow
GetWindowRect
LoadBitmapW
RegisterWindowMessageW
GetClassInfoExW
IsWindowVisible
DispatchMessageW

gdi32

DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
DeleteObject
CreateCompatibleBitmap
RealizePalette
SelectPalette
GetObjectW
GetStockObject
CreateCompatibleDC
SetMapMode
SetBkMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
CreateSolidBrush
GetTextExtentPoint32W
CreateFontIndirectW
GetPixel
CreateBitmap
CreateFontW
CreatePalette
GetSystemPaletteEntries
GetDeviceCaps
BitBlt
GetDIBits

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

advapi32

RegSetValueExW
RegCreateKeyExW
RegEnumKeyW
RegDeleteKeyW
RegQueryValueExW
RegOpenKeyW
ImpersonateSelf
OpenThreadToken
AllocateAndInitializeSid
FreeSid
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
IsValidSecurityDescriptor
AccessCheck
RevertToSelf
RegOpenKeyExA
RegQueryValueExA
OpenSCManagerA
ControlService
StartServiceA
OpenServiceA
DeleteService
CreateServiceA
CloseServiceHandle
OpenProcessToken
RegCloseKey
RegQueryValueW
RegOpenKeyExW

shell32

ShellExecuteW

shlwapi

PathFindFileNameW
PathFindExtensionW

ole32

CoInitializeEx
CoSetProxyBlanket
CoCreateInstance
CoUninitialize
CoInitialize
CoInitializeSecurity

oleaut32

SafeArrayGetElemsize
SysAllocString
SysAllocStringByteLen
SysStringByteLen
SysFreeString
VariantChangeType
VariantClear
VariantInit
SysStringLen
SafeArrayGetElement
SafeArrayGetVartype

Sections

.text
Size: 896KB - Virtual size: 895KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 208KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 92KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 664KB - Virtual size: 736KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bf3cf436ec29cbd6ed8d09a4f0c73023

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

29:f2:5a:23:90:6d:e1:bb:fa:2c:46:06:7e:ba:0d:ddCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

a5:9e:38:a9:7a:a1:00:e1:b6:1a:5a:94:9f:1f:21:85:a1:19:25:79Signer

Headers

File Characteristics

Imports

winmm

version

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

Sections

.text Size: 896KB - Virtual size: 895KB

.rdata Size: 208KB - Virtual size: 204KB

.data Size: 92KB - Virtual size: 112KB

.rsrc Size: 664KB - Virtual size: 736KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

29:f2:5a:23:90:6d:e1:bb:fa:2c:46:06:7e:ba:0d:dd
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

a5:9e:38:a9:7a:a1:00:e1:b6:1a:5a:94:9f:1f:21:85:a1:19:25:79
Signer

.text
Size: 896KB - Virtual size: 895KB

.rdata
Size: 208KB - Virtual size: 204KB

.data
Size: 92KB - Virtual size: 112KB

.rsrc
Size: 664KB - Virtual size: 736KB