a319e00c93375f877c6b27eff75e36ca

Sharing

Copy URL Twitter E-mail

General

Target

a319e00c93375f877c6b27eff75e36ca
Size

874KB
MD5

a319e00c93375f877c6b27eff75e36ca
SHA1

d52edc2bac313e04a72955b824b034940a59f339
SHA256

2065f5c5da2fbb9a7b0f80e04b682b316a6f34dcc4a67f1b06db94f74f2e0836
SHA512

f5a2c3cd02187228ff00d3c267a028e170b353453bcd1cdb453758667e670cd6f58b553915cece9d877063a9266db1b09a5543c92be64afaa1e451dfb5af16fd
SSDEEP

24576:kSUCCAssauv1uljM3c+L0oxkn/slG4IyK:hkAFNB0V/sBIN

Score

1^/10

Malware Config

Signatures

Files

a319e00c93375f877c6b27eff75e36ca
.exe .vbs windows:5 windows x86 arch:x86 polyglot

6c65741b84ef10d29b294ed68e8a07f6

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04/04/2006, 17:44

Not After

26/04/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/04/2006, 19:43

Not After

04/10/2007, 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

64:c1:ac:7a:d9:4b:27:90:31:f6:b3:60:f8:ad:06:23:23:bc:15:23
Signer

Actual PE Digest

64:c1:ac:7a:d9:4b:27:90:31:f6:b3:60:f8:ad:06:23:23:bc:15:23

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

D:\binaries.x86fre\SCP_WPA\update.PDB

Imports

advapi32

QueryServiceConfigA
UnlockServiceDatabase
GetNamedSecurityInfoA
SetNamedSecurityInfoA
GetTokenInformation
RegisterEventSourceA
ReportEventA
DeregisterEventSource
OpenProcessToken
RegLoadKeyA
RegUnLoadKeyA
AdjustTokenPrivileges
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
GetLengthSid
CopySid
GetAclInformation
SetFileSecurityW
AddAce
RegQueryInfoKeyA
RegSaveKeyA
RegFlushKey
EnumDependentServicesA
InitializeAcl
AddAccessAllowedAce
SetFileSecurityA
QueryServiceStatus
GetServiceDisplayNameA
RegOpenKeyA
RegDeleteValueA
OpenSCManagerA
OpenServiceA
StartServiceA
ControlService
CloseServiceHandle
AllocateAndInitializeSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
RegSetKeySecurity
FreeSid
RegEnumKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
LockServiceDatabase
GetFileSecurityA
RegOpenKeyExW
AbortSystemShutdownA
InitiateSystemShutdownA
OpenServiceW
EnumServicesStatusExA
ChangeServiceConfigA

comctl32

PropertySheetW
CreatePropertySheetPageW

crypt32

CertCreateCertificateContext
CertOpenStore
CryptEncodeObject
CertSetCertificateContextProperty
CertAddCertificateContextToStore
CertCloseStore
CertFreeCertificateContext

gdi32

GetDeviceCaps
CreateFontIndirectA
DeleteObject
CreateCompatibleDC
GetDIBits
SelectObject
StretchBlt
BitBlt

imagehlp

EnumerateLoadedModules64

kernel32

GetCompressedFileSizeA
GetDiskFreeSpaceA
GetDiskFreeSpaceExA
GetCurrentProcess
GetTempPathA
LoadLibraryExA
FindResourceA
LoadResource
LockResource
FreeResource
lstrlenA
GetSystemInfo
SetEnvironmentVariableA
SetUnhandledExceptionFilter
ExitProcess
GetFullPathNameA
GetVolumeInformationA
lstrcmpA
GetWindowsDirectoryW
GetVolumeInformationW
SetErrorMode
GetCommandLineA
GetCommandLineW
CreateMutexA
WaitForSingleObject
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
GetFileInformationByHandle
FileTimeToDosDateTime
GetModuleHandleA
FormatMessageW
ReadFile
GetTickCount
CreateEventA
CreateThread
SetThreadPriority
WaitForMultipleObjects
SetEvent
RemoveDirectoryA
EnterCriticalSection
GetExitCodeProcess
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateProcessA
MapViewOfFileEx
FreeLibrary
DeviceIoControl
GetFileAttributesExA
VirtualFree
WritePrivateProfileStringA
SetCurrentDirectoryA
GetModuleFileNameA
VirtualAlloc
FindNextFileW
GetEnvironmentVariableA
InitializeCriticalSection
Sleep
GetThreadLocale
lstrcmpiW
FindFirstFileW
GetLocaleInfoA
GetPrivateProfileStringA
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
GetStartupInfoA
GetFileTime
FlushFileBuffers
GetProcessHeap
GetComputerNameA
SetFilePointer
WriteFile
HeapFree
InterlockedCompareExchange
GetSystemDirectoryA
GetTempFileNameA
CopyFileA
OpenProcess
MoveFileExA
SetFileAttributesA
GetVersionExA
LocalAlloc
LocalFree
SetLastError
CreateFileA
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
CloseHandle
GetDriveTypeA
ExpandEnvironmentStringsA
FindFirstFileA
FindNextFileA
LoadLibraryW
MultiByteToWideChar
WideCharToMultiByte
lstrcmpiA
FormatMessageA
GetFileAttributesA
CreateDirectoryA
GetSystemDirectoryW
LoadLibraryA
GetProcAddress
GetLastError
GetWindowsDirectoryA
DeleteFileA
lstrcpynA
DefineDosDeviceA
QueryDosDeviceA
CreateEventW
WriteProcessMemory
VirtualAllocEx
CreateRemoteThread
InterlockedIncrement
GetFullPathNameW
GetFileSizeEx
OpenEventA
GetLocalTime
lstrlenW
GetDriveTypeW
lstrcpynW
lstrcpyW
SearchPathW
ExpandEnvironmentStringsW
GetVersionExW
GetTempFileNameW
CopyFileW
ReleaseMutex
GetModuleFileNameW
GetSystemDefaultLangID
DuplicateHandle
CreateProcessW
OpenFileMappingA
RaiseException
GlobalFree
GlobalUnlock
GlobalHandle
GlobalLock
GlobalAlloc
HeapDestroy
HeapCreate
ReleaseSemaphore
SetEndOfFile
InterlockedDecrement
GetCurrentThread
GetExitCodeThread
CreateSemaphoreA
MoveFileA
HeapAlloc
DeleteFileW
CreateFileW
FlushViewOfFile
QueryPerformanceCounter
DelayLoadFailureHook
LeaveCriticalSection
FindClose
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
GetSystemTime
VirtualProtect
InitializeCriticalSectionAndSpinCount
GetVersion
TlsFree

mpr

WNetGetUniversalNameA
WNetGetUserA

msvcrt

_itoa
strncpy
_except_handler3
strchr
_stricmp
sprintf
strrchr
mbstowcs
malloc
free
_vsnprintf
memmove
vsprintf
strncat
_wcsdup
_errno
_open
_read
_snprintf
_write
_close
_lseek
remove
_tempnam
wcscat
_vsnwprintf
ctime
_wcsicmp
_strnicmp
wcsstr
_snwprintf
_local_unwind2
_memicmp
atoi
realloc
_c_exit
_exit
_XcptFilter
_cexit
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
memchr
_strcmpi
wcscpy
_mbslwr
strstr
swprintf
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_ltoa
wcschr
fprintf
wcstoul
wcslen
_strdup
calloc
getenv
strtoul
strncmp
_mbsupr
rename
strcspn
isdigit
wcsrchr
wcscmp
wcsncat
wcsncpy
toupper
strspn
atol
strpbrk
isspace
_ultoa
_wtoi64
_wcslwr
strtok
_itow
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
__CxxFrameHandler
??3@YAXPAX@Z
??0exception@@QAE@ABV0@@Z
_CxxThrowException
fclose
??2@YAPAXI@Z
fopen

ntdll

RtlInitUnicodeString
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
RtlInitAnsiString
RtlAnsiStringToUnicodeString
NtClose
NtAdjustPrivilegesToken
NtOpenProcessToken
NtQueryInformationProcess
RtlCharToInteger
LdrAccessResource
LdrFindResource_U
NtQuerySystemInformation
NtShutdownSystem
RtlRaiseStatus
RtlFreeHeap
RtlAllocateHeap
NtYieldExecution
NtSetSystemInformation
NtCreateSection
NtOpenFile
NtOpenSection
NtOpenDirectoryObject
RtlCompareUnicodeString
NtCreateFile
RtlDosPathNameToNtPathName_U
LdrUnloadDll
NtFreeVirtualMemory
NtQueryInformationThread
NtWaitForSingleObject
RtlCreateUserThread
NtWriteVirtualMemory
NtAllocateVirtualMemory
NtOpenProcess
LdrGetProcedureAddress
LdrLoadDll
RtlDestroyHeap
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
RtlGetAce
RtlAddAccessAllowedAce
RtlCreateAcl
RtlLengthSid
RtlAllocateAndInitializeSid
RtlCreateHeap
DbgPrint
RtlFreeUnicodeString
NtQuerySystemTime
RtlTimeToTimeFields

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysFreeString

psapi

GetModuleFileNameExA

rpcrt4

UuidFromStringA

shell32

SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderPathA
SHBrowseForFolderA

updspapi

UpdSpSetDynamicStringA
UpdSpCopyErrorA
UpdSpPromptForDiskA
UpdSpInitDefaultQueueCallbackEx
UpdSpIterateCabinetA
UpdSpGetLineCountW
UpdSpGetLineByIndexW
UpdSpGetStringFieldW
UpdSpCommitFileQueueA
UpdSpOpenFileQueue
UpdSpGetSourceInfoA
UpdSpGetSourceFileLocationA
UpdSpCloseFileQueue
UpdSpDefaultQueueCallbackW
UpdSpDefaultQueueCallbackA
UpdSpDecompressOrCopyFileA
UpdSpGetTargetPathW
UpdSpInstallFromInfSectionA
UpdSpQueueCopyA
UpdSpGetIntField
UpdSpGetBinaryField
UpdSpScanFileQueueA
UpdSpGetLineTextW
UpdSpOpenInfFileA
UpdSpCloseInfFile
UpdSpSetDirectoryIdA
UpdSpInstallFilesFromInfSectionA
UpdSpGetLineCountA
UpdSpGetLineByIndexA
UpdSpGetStringFieldA
UpdSpFindFirstLineA
UpdSpGetLineTextA
UpdSpGetFieldCount
UpdSpFindNextLine
UpdSpGetMultiSzFieldW
UpdSpFindFirstLineW
UpdSpFindNextMatchLineW
UpdSpGetTargetPathA

user32

ShowWindow
wvsprintfW
EnumWindowStationsA
OpenWindowStationA
GetProcessWindowStation
SetProcessWindowStation
EnumDesktopsA
CloseWindowStation
OpenDesktopA
GetThreadDesktop
SetThreadDesktop
EnumWindows
CloseDesktop
GetClientRect
FindWindowExA
GetWindowThreadProcessId
GetWindow
RegisterClassA
CreateWindowExA
DefWindowProcA
MessageBoxW
GetSystemMetrics
LoadStringA
LoadStringW
MessageBoxA
PostQuitMessage
DestroyWindow
SendMessageA
SetDlgItemTextA
SystemParametersInfoA
EnableWindow
GetDlgItem
DispatchMessageA
TranslateMessage
GetMessageA
PostThreadMessageA
SetWindowTextW
RedrawWindow
SetWindowLongA
GetWindowLongA
GetWindowTextA
PostMessageA
EnumChildWindows
SetDlgItemTextW
LoadBitmapA
IsDlgButtonChecked
SetTimer
CheckDlgButton
KillTimer
ReleaseDC
GetDC
SetForegroundWindow
SetWindowTextA
EndDialog
DialogBoxParamA
GetDesktopWindow
SetFocus

userenv

ord138
ord121
ord119

version

VerQueryValueW
VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoW
GetFileVersionInfoSizeW
GetFileVersionInfoA

winspool.drv

GetPrinterDriverDirectoryA

Sections

.text
Size: 598KB - Virtual size: 597KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 503KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pmj
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6c65741b84ef10d29b294ed68e8a07f6

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:baCertificate

Extended Key Usages

Key Usages

61:46:9e:cb:00:04:00:00:00:65Certificate

Extended Key Usages

Key Usages

64:c1:ac:7a:d9:4b:27:90:31:f6:b3:60:f8:ad:06:23:23:bc:15:23Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

comctl32

crypt32

gdi32

imagehlp

kernel32

mpr

msvcrt

ntdll

ole32

oleaut32

psapi

rpcrt4

shell32

updspapi

user32

userenv

version

winspool.drv

Sections

.text Size: 598KB - Virtual size: 597KB

.data Size: 4KB - Virtual size: 503KB

.rsrc Size: 90KB - Virtual size: 90KB

.pmj Size: 2KB - Virtual size: 4KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

61:46:9e:cb:00:04:00:00:00:65
Certificate

64:c1:ac:7a:d9:4b:27:90:31:f6:b3:60:f8:ad:06:23:23:bc:15:23
Signer

.text
Size: 598KB - Virtual size: 597KB

.data
Size: 4KB - Virtual size: 503KB

.rsrc
Size: 90KB - Virtual size: 90KB

.pmj
Size: 2KB - Virtual size: 4KB