7ededf6fdbdbb73b0b1f48de22006f90

Sharing

Copy URL Twitter E-mail

General

Target

7ededf6fdbdbb73b0b1f48de22006f90
Size

1.0MB
MD5

7ededf6fdbdbb73b0b1f48de22006f90
SHA1

78c4b9c9c3be51f3e76188f38ccd246f138e1fe2
SHA256

366af94b66908ef51a3fbd0a266b8cab7346981f558f90996fa5dffe2383f684
SHA512

1043aa3a9ba834e3ea17d737a355054b2a4f12c7360a35a37ced8e27199016d0c93d96b879bcf8d5d736e2300e5c2918eb2afcf79d98159c771c60a117488910
SSDEEP

24576:GIcNUDrfFMNj59Ly1w90L8gS7QF6JI5qgFTPoa:PcNErK5y1w9g8D7HOqgFTPoa

Score

1^/10

Malware Config

Signatures

Files

7ededf6fdbdbb73b0b1f48de22006f90
.exe windows:4 windows x86 arch:x86

8b22d4b77ce2fc297bc528f11ea8d352

Code Sign

68:2b:2c:3c:d8:59:f9:61:d9:21:22:92:a7:2c:20:8b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

06/10/2009, 00:00

Not After

10/10/2012, 23:59

Subject

CN=LogMeIn\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=LogMeIn\, Inc.,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a0:f8:5b:b1:72:fb:ed:da:f4:d9:01:26:fc:07:20:3a:70:21:de:19
Signer

Actual PE Digest

a0:f8:5b:b1:72:fb:ed:da:f4:d9:01:26:fc:07:20:3a:70:21:de:19

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\perforce\gmancz_win_workspace2\3am\products\irv\1_1_0_native\host\out\x86\release\packed\joinme.pdb

Imports

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

kernel32

FreeResource
LockResource
lstrlenA
GetProcessHeap
CreateProcessA
FormatMessageA
MoveFileExA
GetWindowsDirectoryA
lstrcatA
WriteFile
GetModuleFileNameA
LoadResource
HeapAlloc
GetShortPathNameA
CreateFileA
OpenProcess
CreateDirectoryA
SetCurrentDirectoryA
GetExitCodeProcess
HeapFree
GetLastError
FindResourceA
SetLastError
GetTempPathA
RtlUnwind
lstrcpyA
SizeofResource
WaitForSingleObject
lstrcmpA
GetStdHandle
ExitProcess
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetCurrentProcess
TerminateProcess
GetTempFileNameA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
CloseHandle
DeleteFileA

user32

MessageBoxA
wvsprintfA
wsprintfA

advapi32

RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyExA

shell32

SHGetFolderPathA
ShellExecuteA

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 996B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8b22d4b77ce2fc297bc528f11ea8d352

Code Sign

68:2b:2c:3c:d8:59:f9:61:d9:21:22:92:a7:2c:20:8bCertificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

a0:f8:5b:b1:72:fb:ed:da:f4:d9:01:26:fc:07:20:3a:70:21:de:19Signer

Headers

File Characteristics

PDB Paths

Imports

version

kernel32

user32

advapi32

shell32

Sections

.text Size: 10KB - Virtual size: 9KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 996B

.rsrc Size: 1.0MB - Virtual size: 1.0MB

68:2b:2c:3c:d8:59:f9:61:d9:21:22:92:a7:2c:20:8b
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

a0:f8:5b:b1:72:fb:ed:da:f4:d9:01:26:fc:07:20:3a:70:21:de:19
Signer

.text
Size: 10KB - Virtual size: 9KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 996B

.rsrc
Size: 1.0MB - Virtual size: 1.0MB