7ad59cefb797e9f3be55526fea01d78f

Sharing

Copy URL

Twitter E-mail

General

Target

7ad59cefb797e9f3be55526fea01d78f
Size

421KB
MD5

7ad59cefb797e9f3be55526fea01d78f
SHA1

179837a6e60625770bd7a3eb3ffba13bc21a1fcf
SHA256

92e3151d7b1fa6dd5c10a755e6fef9369f3cbba87c5d10f77dfdd84632c7a359
SHA512

630befbbfb7833fb34c2a97a0c887df2944e141dbf68ef8460c973685d086cc1a7a42cdc8de2d02a4b7fad65b4e90d6ed12611b9403bfff5cc32d64d97aff02b
SSDEEP

12288:mY+q0ay4jg8y1ClA4viuIfe1bQep3pmhLm0JCT:mY+qDIfeb36LmIs

Score

1^/10

Malware Config

Signatures

Files

7ad59cefb797e9f3be55526fea01d78f
.exe windows:5 windows x86 arch:x86

4bcd7c8dbffaedf3af829592c91c94bf

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:e5:15:41:2e:c8:f5:d9:c5:e5:5c:1e:25:f6:7a:3e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

03-09-2009 00:00

Not After

24-09-2012 23:59

Subject

CN=Acronis\, Inc,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Headquarter,O=Acronis\, Inc,L=South San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a8:01:c0:67:c7:39:32:b8:2d:32:ea:1e:52:4d:8f:73:7b:a0:ac:1e
Signer

Actual PE Digest

a8:01:c0:67:c7:39:32:b8:2d:32:ea:1e:52:4d:8f:73:7b:a0:ac:1e

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\bs_hudson\workspace\atihSeagateDiscWizard\8326\exe\vs\release\schedul2.pdb

Imports

rpcrt4

NdrConformantArrayMarshall
I_RpcGetBuffer
NdrConformantArrayBufferSize
NdrConformantArrayUnmarshall
NdrConvert
NdrServerInitializeNew
RpcServerUnregisterIf
RpcRaiseException
RpcServerUseProtseqEpA
RpcServerRegisterIf
RpcServerListen
RpcImpersonateClient
RpcRevertToSelf

advapi32

GetSidSubAuthority
SetSecurityDescriptorOwner
StartServiceA
RegOpenKeyExW
RegEnumKeyExW
SetThreadToken
GetFileSecurityW
GetSecurityDescriptorOwner
SetFileSecurityW
GetUserNameW
RegEnumValueW
RegSetValueExA
RegDeleteValueA
RegQueryValueExA
AllocateAndInitializeSid
FreeSid
LookupAccountSidW
RegSetKeySecurity
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegEnumValueA
RegEnumKeyExA
OpenThreadToken
GetUserNameA
RegQueryValueExW
GetTokenInformation
AllocateLocallyUniqueId
RegSetValueExW
RevertToSelf
ImpersonateLoggedOnUser
LogonUserW
CreateProcessAsUserW
SetTokenInformation
SetKernelObjectSecurity
GetSidSubAuthorityCount
GetSidIdentifierAuthority
RegCreateKeyExW
RegDeleteValueW
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
CloseServiceHandle
OpenServiceA
OpenSCManagerA
OpenProcessToken
IsValidSid
AdjustTokenPrivileges
LookupPrivilegeValueA
CopySid
GetLengthSid
LookupPrivilegeNameW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
QueryServiceConfigW
QueryServiceStatus
OpenServiceW
RegDeleteKeyA
RegDeleteKeyW

kernel32

LCMapStringW
GetStringTypeA
GetStringTypeW
CreateEventA
CloseHandle
SetEvent
GetVersion
Sleep
TerminateProcess
GetCurrentProcess
WaitForMultipleObjects
TerminateThread
WaitForSingleObject
GetLastError
lstrcmpiW
ReadProcessMemory
OpenProcess
lstrcmpiA
GetCurrentThread
FreeLibrary
GetProcAddress
LoadLibraryA
GetDiskFreeSpaceExA
SetLastError
GetExitCodeProcess
GetComputerNameW
CreateProcessA
GetTimeZoneInformation
GetModuleHandleA
LocalFree
FormatMessageW
MultiByteToWideChar
FormatMessageA
WideCharToMultiByte
SetUnhandledExceptionFilter
CreateProcessW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ResetEvent
LocalAlloc
GetTickCount
CreateFileW
HeapFree
HeapAlloc
GetProcessHeap
FindNextFileW
FindFirstFileW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetTempPathW
GetTempFileNameW
GetLogicalDriveStringsW
GetDriveTypeW
GetSystemDirectoryW
GetWindowsDirectoryW
GetShortPathNameW
CreateDirectoryW
RemoveDirectoryW
QueryPerformanceCounter
SetFileAttributesW
DeleteFileW
CopyFileW
MoveFileW
MoveFileExW
GetFullPathNameW
OutputDebugStringW
ExpandEnvironmentStringsW
LoadLibraryW
LoadLibraryExW
GetStartupInfoW
SetComputerNameW
GetModuleFileNameW
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
GetNumberFormatW
WriteConsoleW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetSystemInfo
WriteConsoleA
GetConsoleOutputCP
FindNextFileA
FindFirstFileA
GetCurrentDirectoryA
SetCurrentDirectoryA
CreateFileA
GetTempPathA
GetTempFileNameA
GetLogicalDriveStringsA
GetDriveTypeA
GetSystemDirectoryA
GetWindowsDirectoryA
GetShortPathNameA
CreateDirectoryA
RemoveDirectoryA
GetFileAttributesA
SetFileAttributesA
DeleteFileA
CopyFileA
MoveFileA
GetFullPathNameA
OutputDebugStringA
ExpandEnvironmentStringsA
LoadLibraryExA
GetStartupInfoA
GetModuleFileNameA
GetComputerNameA
GetLocaleInfoA
GetTimeFormatA
GetDateFormatA
GetNumberFormatA
GetEnvironmentVariableA
SetEnvironmentVariableA
FindClose
GetLogicalDrives
SetFileApisToANSI
SetErrorMode
GetCurrentThreadId
FindCloseChangeNotification
FindNextChangeNotification
ReadFile
WriteFile
FlushFileBuffers
SetFilePointer
SetEndOfFile
LockFileEx
UnlockFileEx
SetProcessWorkingSetSize
GetProcessWorkingSetSize
DeviceIoControl
SetFileTime
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
CompareStringW
FindFirstChangeNotificationW
GetVolumeInformationW
GetDiskFreeSpaceW
GetCompressedFileSizeW
GetFileInformationByHandle
CompareStringA
FindFirstChangeNotificationA
GetDiskFreeSpaceA
GetVolumeInformationA
WritePrivateProfileStringA
EnumResourceLanguagesW
LockResource
LoadResource
FindResourceExW
ExitThread
GetSystemDefaultLangID
EnumResourceNamesW
GetSystemTimeAsFileTime
BackupRead
BackupWrite
GetFileTime
LCMapStringA
VirtualProtect
SetStdHandle
IsBadCodePtr
GetCPInfo
GetOEMCP
GetACP
IsBadWritePtr
VirtualAlloc
VirtualQuery
InterlockedExchange
HeapSize
HeapReAlloc
VirtualFree
HeapCreate
HeapDestroy
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
IsBadReadPtr
CreateThread
ExitProcess
RaiseException
RtlUnwind
GetVersionExA
GetCommandLineA
GetCurrentProcessId
CreateSemaphoreA
ReleaseSemaphore
GetFileAttributesW
SetComputerNameA

user32

VkKeyScanExW
WinHelpW
SendNotifyMessageA
CreateDialogIndirectParamA
VkKeyScanW
RegisterClassExA
CharUpperBuffA
CharUpperBuffW
VkKeyScanExA
VkKeyScanA
WinHelpA
GetClipboardFormatNameA
SystemParametersInfoA
SetWindowTextA
ModifyMenuA
RegisterClipboardFormatA
AppendMenuA
PeekMessageA
DefWindowProcA
SystemParametersInfoW
SetWindowTextW
ModifyMenuW
AppendMenuW
GetClipboardFormatNameW
RegisterClipboardFormatW
DispatchMessageW
PeekMessageW
CreateDialogIndirectParamW
PostMessageW
SendNotifyMessageW
SendMessageW
SetWindowLongW
GetWindowLongW
DefWindowProcW
RegisterClassExW
PostMessageA
wsprintfW
KillTimer
PostQuitMessage
RegisterClassA
CreateWindowExA
SetWindowLongA
GetMessageA
TranslateMessage
DispatchMessageA
SetTimer
SendMessageA
GetWindowLongA

gdi32

EnumFontFamiliesExA
CreateFontIndirectA
GetTextMetricsA
EnumFontFamiliesExW
CreateFontIndirectW
GetTextMetricsW

shell32

SHGetPathFromIDListA
ShellExecuteA
ShellExecuteExA
Shell_NotifyIconA
SHGetMalloc
SHGetFileInfoA
ShellExecuteExW
ShellExecuteW
SHGetDesktopFolder

comdlg32

GetSaveFileNameW
GetOpenFileNameA
GetSaveFileNameA
GetOpenFileNameW

mpr

WNetCancelConnection2W
WNetEnumResourceW
WNetOpenEnumW
WNetGetUniversalNameW
WNetAddConnection3W
WNetGetUniversalNameA
WNetAddConnection3A
WNetCloseEnum

ole32

CoInitialize
OleInitialize
CoCreateInstance
OleUninitialize
CoUninitialize

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

Sections

.text
Size: 316KB - Virtual size: 313KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4bcd7c8dbffaedf3af829592c91c94bf

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

21:e5:15:41:2e:c8:f5:d9:c5:e5:5c:1e:25:f6:7a:3eCertificate

Extended Key Usages

Key Usages

a8:01:c0:67:c7:39:32:b8:2d:32:ea:1e:52:4d:8f:73:7b:a0:ac:1eSigner

Headers

File Characteristics

PDB Paths

Imports

rpcrt4

advapi32

kernel32

user32

gdi32

shell32

comdlg32

mpr

ole32

version

Sections

.text Size: 316KB - Virtual size: 313KB

.rdata Size: 56KB - Virtual size: 53KB

.data Size: 8KB - Virtual size: 15KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 28KB - Virtual size: 26KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

21:e5:15:41:2e:c8:f5:d9:c5:e5:5c:1e:25:f6:7a:3e
Certificate

a8:01:c0:67:c7:39:32:b8:2d:32:ea:1e:52:4d:8f:73:7b:a0:ac:1e
Signer

.text
Size: 316KB - Virtual size: 313KB

.rdata
Size: 56KB - Virtual size: 53KB

.data
Size: 8KB - Virtual size: 15KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 28KB - Virtual size: 26KB