tpoeurgC[.]pif

Sharing

Copy URL Twitter E-mail

General

Target

tpoeurgC.pif
Size

171KB
MD5

22331abcc9472cc9dc6f37faf333aa2c
SHA1

2a001c30ba79a19ceaf6a09c3567c70311760aa4
SHA256

bdfa725ec2a2c8ea5861d9b4c2f608e631a183fca7916c1e07a28b656cc8ec0c
SHA512

c7f5baad732424b975a426867d3d8b5424aa830aa172ed0ff0ef630070bf2b4213750e123a36d8c5a741e22d3999ca1d7e77c62d4b77d6295b20a38114b7843c
SSDEEP

3072:qjyOm0e6/bIhbuwxlEb1MpG+xUEyAn0fYuDGOpPXFZ7on+gUxloDMq:qjyl6ebX45OG+xUEWfYUGOpPXFZ7on+G

Score

1^/10

Malware Config

Signatures

Files

tpoeurgC.pif
.exe windows:1 windows x86 arch:x86

4e8d60922911eb6e50d7b9d51afdc286

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

bc:d9:48:45:db:dc:47:bc:fb:82:f9:d3:cd:06:18:61
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

06/10/2011, 00:00

Not After

05/10/2016, 23:59

Subject

CN=David Harris,O=David Harris,POSTALCODE=9058,STREET=Moray Place+STREET=P.O. Box 5451,L=Dunedin,ST=Otago,C=NZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

dd:b8:78:b0:81:a9:5c:24:d4:8e:bc:24:f8:c9:b6:bd:08:9d:4a:e1
Signer

Actual PE Digest

dd:b8:78:b0:81:a9:5c:24:d4:8e:bc:24:f8:c9:b6:bd:08:9d:4a:e1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

CloseHandle
CreateDirectoryA
CreateFileA
CreateFileW
DeleteFileA
DeleteFileW
EnterCriticalSection
ExitProcess
FileTimeToDosDateTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindNextFileA
FindResourceA
FormatMessageA
FreeLibrary
FreeResource
GetACP
GetCPInfo
GetCommandLineA
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatA
GetDiskFreeSpaceA
GetDriveTypeA
GetEnvironmentStrings
GetEnvironmentVariableA
GetFileAttributesA
GetFileAttributesW
GetFileSize
GetFileType
GetFullPathNameA
GetLastError
GetLocalTime
GetLogicalDrives
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetStdHandle
GetStringTypeW
GetSystemDirectoryA
GetTickCount
GetTimeZoneInformation
GetVersion
GetVersionExA
GetWindowsDirectoryA
GlobalAlloc
GlobalLock
GlobalMemoryStatus
GlobalUnlock
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LoadResource
LocalAlloc
LocalFree
LockResource
MoveFileA
MultiByteToWideChar
RaiseException
ReadFile
RtlUnwind
SetConsoleCtrlHandler
SetCurrentDirectoryA
SetEnvironmentVariableA
SetFilePointer
SetHandleCount
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WideCharToMultiByte
WinExec
WriteFile
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA

comdlg32

GetOpenFileNameA
GetSaveFileNameA

gdi32

BitBlt
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontA
CreateFontIndirectA
CreatePen
CreateSolidBrush
DPtoLP
DeleteDC
DeleteObject
Ellipse
ExtCreatePen
ExtTextOutA
GetDeviceCaps
GetNearestColor
GetObjectA
GetPixel
GetStockObject
GetTextExtentPoint32A
GetTextMetricsA
IntersectClipRect
LineTo
MoveToEx
Rectangle
SelectObject
SetBkColor
SetBkMode
SetPixel
SetPixelV
SetROP2
SetStretchBltMode
SetTextAlign
SetTextColor
StretchBlt

shell32

SHBrowseForFolderA
SHGetMalloc
SHGetPathFromIDListA

user32

BeginPaint
CallWindowProcA
CharUpperA
ClientToScreen
CloseClipboard
CreateDialogIndirectParamA
CreateDialogParamA
CreateWindowExA
DefWindowProcA
DestroyCursor
DestroyWindow
DialogBoxParamA
DrawFocusRect
DrawTextA
EmptyClipboard
EnableWindow
EndDialog
EndPaint
EnumChildWindows
EnumThreadWindows
FillRect
GetActiveWindow
GetAsyncKeyState
GetClassLongA
GetClassNameA
GetClientRect
GetCursorPos
GetDC
GetDesktopWindow
GetDlgCtrlID
GetDlgItem
GetDlgItemTextA
GetDoubleClickTime
GetFocus
GetKeyboardState
GetParent
GetScrollPos
GetSysColor
GetSystemMetrics
GetUpdateRect
GetWindow
GetWindowLongA
GetWindowPlacement
GetWindowRect
GetWindowTextA
GetWindowTextLengthA
GrayStringA
InflateRect
InvalidateRect
InvertRect
IsCharAlphaNumericA
IsWindow
IsWindowEnabled
KillTimer
LoadBitmapA
LoadCursorA
LoadStringA
MapWindowPoints
MessageBeep
MessageBoxA
MoveWindow
OpenClipboard
PostMessageA
PtInRect
RegisterClassA
RegisterWindowMessageA
ReleaseCapture
ReleaseDC
ScreenToClient
ScrollDC
SendDlgItemMessageA
SendMessageA
SetCapture
SetClassLongA
SetClipboardData
SetCursor
SetDlgItemTextA
SetFocus
SetForegroundWindow
SetScrollInfo
SetScrollPos
SetScrollRange
SetTimer
SetWindowLongA
SetWindowPos
SetWindowTextA
ShowWindow
UnregisterClassA
UpdateWindow
WinHelpA
WindowFromPoint
wsprintfA

Exports

Exports

@__lockDebuggerData$qv
@__unlockDebuggerData$qv
__DebuggerHookData
__GetExceptDLLinfo
___CPPdebugHook
task_proc

Sections

.text
Size: 130KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4e8d60922911eb6e50d7b9d51afdc286

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

bc:d9:48:45:db:dc:47:bc:fb:82:f9:d3:cd:06:18:61Certificate

Extended Key Usages

Key Usages

dd:b8:78:b0:81:a9:5c:24:d4:8e:bc:24:f8:c9:b6:bd:08:9d:4a:e1Signer

Headers

File Characteristics

Imports

kernel32

comdlg32

gdi32

shell32

user32

Exports

Exports

Sections

.text Size: 130KB - Virtual size: 132KB

.data Size: 20KB - Virtual size: 36KB

.tls Size: 512B - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.idata Size: 6KB - Virtual size: 8KB

.edata Size: 512B - Virtual size: 4KB

.reloc Size: 6KB - Virtual size: 8KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

bc:d9:48:45:db:dc:47:bc:fb:82:f9:d3:cd:06:18:61
Certificate

dd:b8:78:b0:81:a9:5c:24:d4:8e:bc:24:f8:c9:b6:bd:08:9d:4a:e1
Signer

.text
Size: 130KB - Virtual size: 132KB

.data
Size: 20KB - Virtual size: 36KB

.tls
Size: 512B - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.idata
Size: 6KB - Virtual size: 8KB

.edata
Size: 512B - Virtual size: 4KB

.reloc
Size: 6KB - Virtual size: 8KB