ac8be71418f6b67e0a8ffc0d069e1549

Sharing

Copy URL

Twitter E-mail

General

Target

ac8be71418f6b67e0a8ffc0d069e1549
Size

204KB
MD5

ac8be71418f6b67e0a8ffc0d069e1549
SHA1

7ef023bd02b09eb5bff53959b464ac6d9f554a95
SHA256

152e4afaa9cd11d5e8e9d7884d8116f938270c3ff13703b493d7c476f1a55618
SHA512

521ec152d12df37a0fad700f29877121151ecd4ce897cba03ed4186df8cb6ff8f809a30e52d50dd37d8c250776572eb046bdd8ff4ea909c6c901cca2dd4179a8
SSDEEP

6144:h0Awt4S0ZJrhsmWP5CjHJO16u6tTBjtOwBHQV:h0PtD2Jrh+P5Cj3u6tTlO

Score

1^/10

Malware Config

Signatures

Files

ac8be71418f6b67e0a8ffc0d069e1549
.exe windows:5 windows x86 arch:x86

c4b7cb9b3688c9184d96f3878577a50c

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04-12-2003 00:00

Not After

03-12-2008 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10-01-1997 07:00

Not After

31-12-2020 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10-12-2000 08:00

Not After

12-11-2005 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:0e:7d:a7:00:00:00:00:00:48
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25-10-2003 05:59

Not After

25-01-2005 06:09

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

42:e4:5f:8f:09:42:33:90:b5:05:1f:82:a2:b0:bd:6d:2b:93:7b:2a
Signer

Actual PE Digest

42:e4:5f:8f:09:42:33:90:b5:05:1f:82:a2:b0:bd:6d:2b:93:7b:2a

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcr90

_invoke_watson
_lock
_controlfp_s
_strnicmp
_onexit
_decode_pointer
_strupr
__dllonexit
_unlock
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_stricmp
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_except_handler4_common
_snprintf
_beginthreadex
atol
mbstowcs
wcstombs
_errno
_mbscmp
_mbsstr
sprintf
strncmp
atoi
realloc
strncat
srand
rand
_time64
strncpy
??0exception@std@@QAE@ABV01@@Z
_invalid_parameter_noinfo
strrchr
??_U@YAPAXI@Z
free
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
malloc
strchr
memmove
ceil
strstr
memcpy
memset
_CxxThrowException
__CxxFrameHandler3
??3@YAXPAX@Z
??2@YAPAXI@Z

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
Sleep
CreateEventA
CloseHandle
GetProcAddress
LoadLibraryA
WaitForSingleObject
SetEvent
CreateThread
InitializeCriticalSection
DeleteCriticalSection
VirtualFree
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
InterlockedExchange
CancelIo
lstrcpyA
lstrlenA
lstrcatA
FreeLibrary
lstrcmpA
GetVersionExA
LocalFree
LocalReAlloc
LocalAlloc
ReadFile
GetLastError
OpenProcess
ExitThread
GetTickCount
ExitProcess
MoveFileExA
GetSystemDirectoryA
GlobalFree
GlobalAlloc
GlobalSize
TerminateProcess
WaitForMultipleObjects
GetStartupInfoA
GetSystemInfo
OpenEventA
GetModuleFileNameA
lstrcpyW
LocalSize
GetModuleHandleA
GetCurrentThreadId
InterlockedCompareExchange
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter

user32

CloseClipboard
SetCursorPos
SetCapture
GetSystemMetrics
LoadCursorA
EmptyClipboard
EnumWindows
SetThreadDesktop
GetCursorInfo
ReleaseDC
OpenClipboard
GetForegroundWindow
GetDC
GetDesktopWindow
SetRect
SetProcessWindowStation
OpenWindowStationA
GetProcessWindowStation
IsWindowVisible
ExitWindowsEx
CloseDesktop
GetUserObjectInformationA
GetThreadDesktop
OpenDesktopA
CloseWindow
SendMessageA
IsWindow
CreateWindowExA
DestroyCursor
DispatchMessageA
TranslateMessage
GetWindowThreadProcessId
GetMessageA
wsprintfA
MessageBoxA
GetWindowTextA

gdi32

DeleteObject
DeleteDC
GetDIBits
CreateCompatibleBitmap
BitBlt
SelectObject
CreateDIBSection
CreateCompatibleDC

advapi32

CloseEventLog
RegOpenKeyA
RegQueryValueExA
RegSetValueExA
OpenSCManagerA
QueryServiceStatus
ControlService
DeleteService
CloseServiceHandle
RegOpenKeyExA
RegQueryValueA
RegCloseKey
LsaFreeMemory
LsaOpenPolicy
LsaRetrievePrivateData
LsaClose
LookupAccountNameA
IsValidSid
GetTokenInformation
LookupAccountSidA
GetUserNameA
AbortSystemShutdownA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
CreateServiceA
OpenEventLogA
ClearEventLogA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegDeleteValueA
RegEnumValueA
RegEnumKeyExA
RegDeleteKeyA
RegCreateKeyExA
StartServiceA
UnlockServiceDatabase
LockServiceDatabase

shell32

SHGetFileInfoA
SHGetSpecialFolderPathA

winmm

waveOutUnprepareHeader
waveOutReset
waveInClose
waveInUnprepareHeader
waveInReset
waveInStop
waveOutPrepareHeader
waveOutOpen
waveOutGetNumDevs
waveInAddBuffer
waveInStart
waveInPrepareHeader
waveInOpen
waveInGetNumDevs
waveOutWrite
waveOutClose

ws2_32

socket
gethostbyname
htons
connect
send
setsockopt
closesocket
WSAStartup
ioctlsocket
listen
accept
getpeername
__WSAFDIsSet
recvfrom
bind
ntohs
getsockname
WSAGetLastError
WSACleanup
htonl
gethostname
inet_ntoa
inet_addr
recv
sendto
select

msvcp90

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

iphlpapi

GetIfTable

msvfw32

ICSeqCompressFrameStart
ICOpen
ICSeqCompressFrame
ICClose
ICCompressorFree
ICSeqCompressFrameEnd
ICSendMessage

netapi32

NetApiBufferFree
NetUserEnum
NetUserGetLocalGroups
NetUserGetInfo
NetUserSetInfo
NetUserDel

psapi

EnumProcessModules
GetModuleFileNameExA

wtsapi32

WTSLogoffSession
WTSDisconnectSession
WTSFreeMemory
WTSQuerySessionInformationA
WTSEnumerateSessionsA
WTSQuerySessionInformationW

Exports

Exports

jghdr
trtyer

Sections

.text
Size: 146KB - Virtual size: 146KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.66985
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c4b7cb9b3688c9184d96f3878577a50c

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6Certificate

Extended Key Usages

Key Usages

61:0e:7d:a7:00:00:00:00:00:48Certificate

Extended Key Usages

Key Usages

42:e4:5f:8f:09:42:33:90:b5:05:1f:82:a2:b0:bd:6d:2b:93:7b:2aSigner

Headers

DLL Characteristics

File Characteristics

Imports

msvcr90

kernel32

user32

gdi32

advapi32

shell32

winmm

ws2_32

msvcp90

iphlpapi

msvfw32

netapi32

psapi

wtsapi32

Exports

Exports

Sections

.text Size: 146KB - Virtual size: 146KB

.rdata Size: 30KB - Virtual size: 29KB

.data Size: 4KB - Virtual size: 24KB

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 9KB - Virtual size: 9KB

.66985 Size: 1KB - Virtual size: 1KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

61:0e:7d:a7:00:00:00:00:00:48
Certificate

42:e4:5f:8f:09:42:33:90:b5:05:1f:82:a2:b0:bd:6d:2b:93:7b:2a
Signer

.text
Size: 146KB - Virtual size: 146KB

.rdata
Size: 30KB - Virtual size: 29KB

.data
Size: 4KB - Virtual size: 24KB

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 9KB - Virtual size: 9KB

.66985
Size: 1KB - Virtual size: 1KB