7a84c90b8f2469cb2ad5da48aa5a3c4c

Sharing

Copy URL

Twitter E-mail

General

Target

7a84c90b8f2469cb2ad5da48aa5a3c4c
Size

236KB
MD5

7a84c90b8f2469cb2ad5da48aa5a3c4c
SHA1

07b4db2c22b5078d29318432adcfcb7d4605e874
SHA256

7033ae0d99c83f28606ea26f9b4a29f619e6418dc7a070473352a30186a9f46f
SHA512

cd6a1164dab874df4e717050c24e9c5490499aa200708ede59c1890ba537aeefc2af6acc14b3e5fded80af183b4028a05d93707529510f86c5082c8b65c37554
SSDEEP

6144:KQYoHEblz+hqyFRJIXILGn9yWo40DBiThaHAQ:5YdNxMRJ4IK9I5GYl

Score

1^/10

Malware Config

Signatures

Files

7a84c90b8f2469cb2ad5da48aa5a3c4c
.exe windows:4 windows x86 arch:x86

77aaaa2ea9faa0742237c336c5e7bb3e

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ed:f8:34:0c:df:06:0c:09:9e:1a:64:72:f7:6d:b4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

11/09/2006, 00:00

Not After

24/11/2007, 23:59

Subject

CN=Symantec Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Symantec Research Labs,O=Symantec Corporation,L=Santa Monica,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

73:4a:09:b5:bb:c6:f5:db:71:b2:bf:8c:34:4f:5b:d5:16:7e:dd:77
Signer

Actual PE Digest

73:4a:09:b5:bb:c6:f5:db:71:b2:bf:8c:34:4f:5b:d5:16:7e:dd:77

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetEnvironmentVariableA
GetCurrentProcessId
GetWindowsDirectoryA
OpenMutexW
GetTickCount
GetLocalTime
FindAtomW
DeleteAtom
lstrcpyW
RemoveDirectoryA
GetAtomNameW
SearchPathA
FindResourceW
ReplaceFileW
MoveFileA
GetStringTypeW
lstrcmp
SetComputerNameA
lstrcmpW
SetCurrentDirectoryA
GetThreadLocale
GetHandleInformation
lstrcmpA
ExpandEnvironmentStringsW
lstrlenA
CreateDirectoryW
lstrlen
GetOEMCP
CreateSemaphoreW
CompareFileTime
FileTimeToSystemTime
lstrcpynA
GetStartupInfoW
LoadLibraryA
AddAtomW
GetVersion
RemoveDirectoryW
CreateDirectoryA
GetSystemDirectoryA
GetProcAddress
GetNumberFormatA
GetComputerNameA
SetComputerNameW
BeginUpdateResourceW
GlobalFindAtomA
OpenEventW
GetEnvironmentStringsA
GetEnvironmentStringsW
CreateEventW
GetCurrentDirectoryA
CopyFileA
OpenWaitableTimerW
GetTempFileNameW
BeginUpdateResourceA

user32

SetParent
GetSystemMetrics
CharUpperA
IsIconic
RemoveMenu
CopyRect
TrackPopupMenu
CopyIcon
GetKeyboardLayout
DialogBoxIndirectParamW
GetDlgItemTextA
wsprintfA
GetMessageA
GetScrollPos
MonitorFromRect
SetCursor
MessageBoxIndirectA
CreateWindowExW
GetMenuItemRect
CharLowerA
wvsprintfW
CreateAcceleratorTableW
IsMenu
DestroyCursor
GetActiveWindow
SetWindowRgn
GetClassInfoW
EndMenu
GetMessageW
GetMenuItemCount
GetClassInfoExW
SendDlgItemMessageA
RegisterClassW
LoadMenuIndirectW
GetCapture

gdi32

SelectBrushLocal
UpdateICMRegKeyA
SetEnhMetaFileBits
CreateMetaFileW
CreateEllipticRgn
TranslateCharsetInfo
RemoveFontResourceExW
ExtCreateRegion
CreateFontIndirectExW
CreateICW
CreateHatchBrush
CreateICA
GetTextExtentPointW

shell32

StrCmpNIW
ExtractAssociatedIconA
StrRChrIW
Shell_NotifyIconW
StrStrA
SHGetDataFromIDListA
ShellExecuteA
SHCreateDirectory
SHGetDesktopFolder
SHGetFolderPathW

shlwapi

SHRegQueryInfoUSKeyW
PathFindExtensionW
SHDeleteValueA
PathIsSameRootA
PathUnExpandEnvStringsW
PathFindNextComponentA
SHEnumKeyExW
StrFormatByteSizeA
SHRegQueryUSValueA

version

VerQueryValueA
VerInstallFileA

winmm

timeGetSystemTime
joy32Message

rtm

RtmIsRoute
RtmDeleteRoute

inetcomm

MimeOleCreateVirtualStream
HrSaveAttachToFile
MimeOleGetPropW
MimeOleGetExtContentType
HrSaveAttachmentAs
HrGetLastOpenFileDirectoryW
MimeOleCreateByteStream
MimeOleGetPropA
CreateNNTPTransport

Sections

.tpzofm
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mh
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.Ixq
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.PZlQM
Size: 2KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dzN
Size: 4KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xkqstx
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.okBNP
Size: 11KB - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Utrbik
Size: 1024B - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

77aaaa2ea9faa0742237c336c5e7bb3e

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

01:ed:f8:34:0c:df:06:0c:09:9e:1a:64:72:f7:6d:b4Certificate

Extended Key Usages

Key Usages

73:4a:09:b5:bb:c6:f5:db:71:b2:bf:8c:34:4f:5b:d5:16:7e:dd:77Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

shlwapi

version

winmm

rtm

inetcomm

Sections

.tpzofm Size: 10KB - Virtual size: 9KB

.mh Size: 10KB - Virtual size: 10KB

.Ixq Size: 91KB - Virtual size: 90KB

.PZlQM Size: 2KB - Virtual size: 220KB

.dzN Size: 4KB - Virtual size: 51KB

.xkqstx Size: 90KB - Virtual size: 90KB

.okBNP Size: 11KB - Virtual size: 261KB

.Utrbik Size: 1024B - Virtual size: 212KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 1KB - Virtual size: 1KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

01:ed:f8:34:0c:df:06:0c:09:9e:1a:64:72:f7:6d:b4
Certificate

73:4a:09:b5:bb:c6:f5:db:71:b2:bf:8c:34:4f:5b:d5:16:7e:dd:77
Signer

.tpzofm
Size: 10KB - Virtual size: 9KB

.mh
Size: 10KB - Virtual size: 10KB

.Ixq
Size: 91KB - Virtual size: 90KB

.PZlQM
Size: 2KB - Virtual size: 220KB

.dzN
Size: 4KB - Virtual size: 51KB

.xkqstx
Size: 90KB - Virtual size: 90KB

.okBNP
Size: 11KB - Virtual size: 261KB

.Utrbik
Size: 1024B - Virtual size: 212KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 1KB - Virtual size: 1KB