99963a2933d34d92c2abb2f5102e177d

Sharing

Copy URL Twitter E-mail

General

Target

99963a2933d34d92c2abb2f5102e177d
Size

273KB
MD5

99963a2933d34d92c2abb2f5102e177d
SHA1

4e8adb612759ddc1bd6af9914543118323b281df
SHA256

6067e54311c75111e6dbb7568f59cecb52c69fb1c797f6c2093dac15340685d1
SHA512

8a3c2f2694739bf1ff6019f44032a4b82902bb6a48df37d05842554d4ffdbefcfa63589e8589edb4a472a3bfdde70ac12fb0e46687457a6d621a679d8d005dfa
SSDEEP

6144:BesVRRuMOteGgex1JhEc9otunrGuSnKou8I:BesVRRZOteCJb9Wurcu8I

Score

1^/10

Malware Config

Signatures

Files

99963a2933d34d92c2abb2f5102e177d
.exe windows:4 windows x86 arch:x86

b1dec5f776004b6cc5db4f6b4eead70d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4f:53:8f:24:25:65:7e:95:05:19:3a:68:06:5f:ed:f6
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

21/09/2006, 00:00

Not After

18/12/2009, 23:59

Subject

CN=Agnitum Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Agnitum Ltd.,L=Nicosia,ST=Nicosia,C=CY

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

55:e7:9a:ab:76:04:4e:8f:6e:00:11:92:51:87:d6:9b:4f:ab:6b:de
Signer

Actual PE Digest

55:e7:9a:ab:76:04:4e:8f:6e:00:11:92:51:87:d6:9b:4f:ab:6b:de

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateEventA
GetFullPathNameA
GetTempFileNameA
TlsAlloc
lstrcpy
GetUserDefaultLangID
GetUserDefaultLCID
FatalAppExitW
EnumTimeFormatsA
GetFileAttributesW
GetStartupInfoA
EnumDateFormatsA
GetExitCodeProcess
OpenMutexA
OpenFile
GetHandleInformation
LoadLibraryA
GetLogicalDriveStringsW
CopyFileA
CreateSemaphoreW
FindResourceA
GlobalDeleteAtom
GetShortPathNameA
GetProcessHeap
FreeLibrary
GetTempPathW
lstrcat
SetCalendarInfoW
GetCurrentDirectoryA
AddAtomA
IsBadWritePtr
SetCalendarInfoA
DuplicateHandle
lstrcmpW
CreateMailslotW
lstrcpyn
ReplaceFileA
lstrcmpiW
LocalFree
GetMailslotInfo
GetVersionExA
RaiseException
ExpandEnvironmentStringsA
SetComputerNameW
LoadLibraryA
QueryPerformanceFrequency
GetProcAddress
CreateDirectoryW
GetModuleFileNameW
IsValidCodePage
Beep
DeleteAtom
OpenEventA
GetCurrentDirectoryW
GetEnvironmentStringsW
ReplaceFileW
lstrcpynA
GetSystemTime
EnumCalendarInfoA
GetSystemDirectoryW
CreateSemaphoreA
lstrcatA
SearchPathW
SetUnhandledExceptionFilter
GlobalFindAtomA
GetCurrentThread
InitializeCriticalSection
GetVolumeInformationA
GlobalGetAtomNameA
GetLocalTime
CreateMailslotA
QueryPerformanceCounter
FileTimeToSystemTime
WaitForMultipleObjects
IsBadReadPtr
ExitProcess
GetLogicalDriveStringsA
CreateNamedPipeW
GetLocaleInfoA
OpenMutexW

user32

PostMessageA
EnableMenuItem
SetParent
LoadIconA
AppendMenuA
WinHelpW
GetMessageW
DialogBoxParamA
GetSysColor
PostMessageW
DestroyCursor
GetFocus
EnumWindows
SetDlgItemInt
ActivateKeyboardLayout
SetWindowTextA
DialogBoxParamW
GetCapture
UpdateLayeredWindow
LoadMenuW
OffsetRect
GetDesktopWindow
AdjustWindowRect
WaitForInputIdle
GetMenuStringW
GetClassInfoExW
RegisterClassA
PostQuitMessage
GetMenuItemInfoA
DefWindowProcA
CharNextW
CreateDialogParamW
CreateAcceleratorTableW
GetMenuState
ShowCaret
InsertMenuItemW
GetKeyboardType
GetForegroundWindow
RemoveMenu
EndDialog
CreateWindowExW
UnregisterClassA
MessageBoxA
LoadBitmapW
GetDlgItemInt
DialogBoxIndirectParamW
SetWindowPos
IsChild
CharNextA
MonitorFromPoint
GetMenuItemInfoW
GetSubMenu
SetActiveWindow
FindWindowW
wsprintfW
SendMessageW
GetKeyboardLayout
IsIconic
GetClassInfoExA
LoadCursorW
LoadMenuIndirectW
MessageBoxIndirectA
CheckMenuItem
GetMenuStringA
IsMenu
keybd_event
CreateDialogIndirectParamW
EndMenu
DestroyIcon
CharPrevW
SetWindowLongW
TrackPopupMenu
CharUpperA
InsertMenuA
CreateDesktopA
IsDlgButtonChecked
GetTopWindow
CreateMenu
SetCursorPos
CreateWindowExA
TrackPopupMenuEx
CharLowerA
GetClassInfoA
SetFocus
PeekMessageA
GetActiveWindow
WinHelpA
RegisterClassExA
LoadImageW
CreateDesktopW
IsWindow
SetCursor
CopyRect
GetMenuItemRect
CreateDialogIndirectParamA
GetMenuItemCount

advapi32

LsaCreateTrustedDomainEx
AddAccessDeniedObjectAce
RegCreateKeyExW
RegReplaceKeyA
MD5Final

shlwapi

PathIsLFNFileSpecW
SHCreateStreamOnFileA
PathAddExtensionA
StrStrNIW

olecli32

ErrExecute
ErrClose

Sections

.vz
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.KU
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tdQZB
Size: 3KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.OymKZB
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pnxz
Size: 1KB - Virtual size: 427KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.npt
Size: 11KB - Virtual size: 229KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UDTsep
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.sIjI
Size: 5KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.IEE
Size: 2KB - Virtual size: 497KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b1dec5f776004b6cc5db4f6b4eead70d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

4f:53:8f:24:25:65:7e:95:05:19:3a:68:06:5f:ed:f6Certificate

Extended Key Usages

Key Usages

55:e7:9a:ab:76:04:4e:8f:6e:00:11:92:51:87:d6:9b:4f:ab:6b:deSigner

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

olecli32

Sections

.vz Size: 10KB - Virtual size: 9KB

.KU Size: 11KB - Virtual size: 11KB

.tdQZB Size: 3KB - Virtual size: 104KB

.OymKZB Size: 106KB - Virtual size: 106KB

.pnxz Size: 1KB - Virtual size: 427KB

.npt Size: 11KB - Virtual size: 229KB

.UDTsep Size: 107KB - Virtual size: 107KB

.sIjI Size: 5KB - Virtual size: 23KB

.IEE Size: 2KB - Virtual size: 497KB

.rsrc Size: 8KB - Virtual size: 8KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

4f:53:8f:24:25:65:7e:95:05:19:3a:68:06:5f:ed:f6
Certificate

55:e7:9a:ab:76:04:4e:8f:6e:00:11:92:51:87:d6:9b:4f:ab:6b:de
Signer

.vz
Size: 10KB - Virtual size: 9KB

.KU
Size: 11KB - Virtual size: 11KB

.tdQZB
Size: 3KB - Virtual size: 104KB

.OymKZB
Size: 106KB - Virtual size: 106KB

.pnxz
Size: 1KB - Virtual size: 427KB

.npt
Size: 11KB - Virtual size: 229KB

.UDTsep
Size: 107KB - Virtual size: 107KB

.sIjI
Size: 5KB - Virtual size: 23KB

.IEE
Size: 2KB - Virtual size: 497KB

.rsrc
Size: 8KB - Virtual size: 8KB