85fe163b01e67857ac0bf8ffdcdbde79

Sharing

Copy URL Twitter E-mail

General

Target

85fe163b01e67857ac0bf8ffdcdbde79
Size

237KB
MD5

85fe163b01e67857ac0bf8ffdcdbde79
SHA1

64f312ebce466368af3a9036b573b8225cad4466
SHA256

d5860b7b1fea75e27f3d9fec72c4e9da87918ea8fb20464cc061e34a4eab4174
SHA512

2dfff465ce294c29c46af6ab7324e001fea7e70c1e22e41d09b95c16fd998e2428d5c6eb1dccddf8f860cf4700dfecf152e5ee12b9a4af1c4a6b55d98c9d05be
SSDEEP

6144:r+NuDTPypWlWNr0viNy8ZnR5oRMfpJaFNezr8:rcunapWYBZERM8KA

Score

1^/10

Malware Config

Signatures

Files

85fe163b01e67857ac0bf8ffdcdbde79
.exe windows:4 windows x86 arch:x86

f2fe2d01d72d683e939230ab62e1eb84

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

31:a4:e3:40:b4:70:b6:9b:40:99:8f:7d:c4:94:d9:97
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

24/11/2008, 00:00

Not After

06/01/2011, 23:59

Subject

CN=Trusteer,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Trusteer,L=Tel-Aviv,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

94:80:f0:5f:46:9e:01:73:42:7e:46:ff:2e:9c:a6:68:33:83:e3:bb
Signer

Actual PE Digest

94:80:f0:5f:46:9e:01:73:42:7e:46:ff:2e:9c:a6:68:33:83:e3:bb

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCalendarInfoA
GetLogicalDrives
lstrlenW
GetCurrentProcess
GetLogicalDriveStringsA
OpenWaitableTimerA
GetSystemDefaultLangID
GetStringTypeW
FileTimeToDosDateTime
LoadLibraryExA
GetNumberFormatA
lstrlenA
GlobalDeleteAtom
HeapCreate
OpenSemaphoreA
CreateNamedPipeW
GetExpandedNameW
LocalFree
EnumCalendarInfoW
GetVersionExA
CreateMutexW
GetProcAddress
lstrcmpi
lstrcat

user32

GetMenuInfo
CharPrevA
PostMessageW
AppendMenuW
GetKeyState
SetWindowRgn
PostMessageA
LoadMenuIndirectA
GetMenuItemInfoW
GetMenuStringW
wvsprintfA
CharUpperW
GetFocus
MessageBoxIndirectW
CharLowerA
GetCursorPos
SetDlgItemInt
MessageBoxA
InsertMenuA
MessageBoxIndirectA
GetDCEx
SetParent
LoadImageA
SetFocus
GetMenuStringA
GetMenuState
GetClassInfoExW
GetCapture
GetMenu
IsWindow
SendMessageW
TrackPopupMenuEx
LoadMenuA
EmptyClipboard
SetWindowPos
GetSysColor
IsDlgButtonChecked
ShowWindow
RegisterWindowMessageW
SetCursor
SetCursorPos
LoadIconW
SetActiveWindow
CreateDialogIndirectParamW
WaitForInputIdle
GetDlgItemTextW
GetSubMenu
wvsprintfW
LoadImageW
GetMessageA
CreateDesktopW
InsertMenuItemA
LoadCursorA
DialogBoxParamA
MonitorFromRect
CharLowerW
GetActiveWindow
EndDialog
OpenClipboard
MessageBoxW

shell32

SHBrowseForFolderA
StrChrIW
StrStrA
StrRStrIW
ExtractIconExW
ExtractIconW
StrRChrIA
SHGetDataFromIDListA
ExtractAssociatedIconA
ExtractAssociatedIconExW
ExtractIconEx

comctl32

ImageList_DrawIndirect
ImageList_LoadImageA
ImageList_GetDragImage
CreatePropertySheetPage
ImageList_DragEnter
ImageList_Read
ImageList_SetDragCursorImage

setupapi

pSetupStringTableEnum
SetupDiGetDeviceInterfaceAlias
pSetupGetRealSystemTime
CM_Query_And_Remove_SubTreeA
CMP_Init_Detection
SetupFreeSourceListA

version

VerQueryValueW
VerFindFileW
VerQueryValueA
VerFindFileA
GetFileVersionInfoA
GetFileVersionInfoW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
VerLanguageNameA

urlmon

DllInstall
AsyncInstallDistributionUnit

winmm

timeEndPeriod
mciFreeCommandResource
mciDriverYield

printui

RegisterPrintNotify
bFolderRefresh

sqlunirl

_StartServiceCtrlDispatcher_@4
_EnumFontFamilies_@16
_ShellExecute_@24
_IsCharAlphaNumeric_@4
AllocConvertMultiSZNameToAEx
_CharPrev_@8
_ReplaceText_@4
_NDdeShareSetInfo_@24
_CharUpperBuff_@8
_EnumWindowStations_@8
_DefWindowProc@16
_RegLoadKey_@12
_OemToCharBuff_@12
_MapVirtualKeyEx_@12
_NDdeIsValidShareName_@4
_GetCharABCWidthsFloat_@16
_GetKeyNameText_@12
_CharNext_@4
_CreateStatusWindow_@16
_GetTempPath_@8
_RegEnumKeyEx_@32
_GetFileVersionInfoSize_@8
_GrayString_@36
_FindExecutable_@12

Sections

.LUd
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pTVul
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.jP
Size: 5KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.VMKPoS
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.MHXL
Size: 4KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.KCf
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.S
Size: 11KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.T
Size: 4KB - Virtual size: 271KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f2fe2d01d72d683e939230ab62e1eb84

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

31:a4:e3:40:b4:70:b6:9b:40:99:8f:7d:c4:94:d9:97Certificate

Extended Key Usages

Key Usages

94:80:f0:5f:46:9e:01:73:42:7e:46:ff:2e:9c:a6:68:33:83:e3:bbSigner

Headers

File Characteristics

Imports

kernel32

user32

shell32

comctl32

setupapi

version

urlmon

winmm

printui

sqlunirl

Sections

.LUd Size: 7KB - Virtual size: 7KB

.pTVul Size: 90KB - Virtual size: 90KB

.jP Size: 5KB - Virtual size: 164KB

.VMKPoS Size: 10KB - Virtual size: 10KB

.MHXL Size: 4KB - Virtual size: 17KB

.KCf Size: 92KB - Virtual size: 91KB

.S Size: 11KB - Virtual size: 202KB

.T Size: 4KB - Virtual size: 271KB

.rsrc Size: 6KB - Virtual size: 5KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

31:a4:e3:40:b4:70:b6:9b:40:99:8f:7d:c4:94:d9:97
Certificate

94:80:f0:5f:46:9e:01:73:42:7e:46:ff:2e:9c:a6:68:33:83:e3:bb
Signer

.LUd
Size: 7KB - Virtual size: 7KB

.pTVul
Size: 90KB - Virtual size: 90KB

.jP
Size: 5KB - Virtual size: 164KB

.VMKPoS
Size: 10KB - Virtual size: 10KB

.MHXL
Size: 4KB - Virtual size: 17KB

.KCf
Size: 92KB - Virtual size: 91KB

.S
Size: 11KB - Virtual size: 202KB

.T
Size: 4KB - Virtual size: 271KB

.rsrc
Size: 6KB - Virtual size: 5KB