bf933ccf86c55fc328e343b55dbf2e8ebd528e8a0a54f8f659cd0d4b4f261f26

Sharing

Copy URL Twitter E-mail

General

Target

bf933ccf86c55fc328e343b55dbf2e8ebd528e8a0a54f8f659cd0d4b4f261f26
Size

63KB
MD5

ae224c5e196ff381836c9e95deebb7d5
SHA1

910446a2a0f4e53307b6fdeb1a3e236c929e2ef4
SHA256

bf933ccf86c55fc328e343b55dbf2e8ebd528e8a0a54f8f659cd0d4b4f261f26
SHA512

f845dbb13b04f76b6823bec48e1c47f96bcbd6d02a834c8b128ac750fe338b53f775ee2a8784e8c443d49dfcb918c5b9d59b5492a1fe18743b8ba65b7d12514c
SSDEEP

1536:Wio8DVyYs7JZT0uPXn8OS6sIe3ekT5Z240jSZk:WkhyYIJZT0uPXn8OdsIe3c4Ql

Score

1^/10

Malware Config

Signatures

Files

bf933ccf86c55fc328e343b55dbf2e8ebd528e8a0a54f8f659cd0d4b4f261f26
.exe windows:5 windows x86 arch:x86

8e149a2ff051703c4fba168a5a92f52d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

44:51:ad:37:17:cf:a2:23:71:ff:bc:07:df:13:e6:5d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/10/2013, 00:00

Not After

15/11/2016, 23:59

Subject

CN=VMware\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=VMware\, Inc.,L=Palo Alto,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7c:20:e0:ef:05:b5:a0:8e:ae:ca:61:f7:2c:29:ed:08:8c:5e:85:5d
Signer

Actual PE Digest

7c:20:e0:ef:05:b5:a0:8e:ae:ca:61:f7:2c:29:ed:08:8c:5e:85:5d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\build\ob\bora-4448491\bora-vmsoft\build\release\tools-for-windows\Win32\services\vmtoolsd\vmtoolsd.pdb

Imports

advapi32

FreeSid
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclW
AllocateAndInitializeSid
CloseServiceHandle
OpenServiceW
OpenSCManagerW
DeleteService
ReportEventW
RegisterEventSourceW
SetServiceStatus
DeregisterEventSource
RegCloseKey
RegSetValueExW
RegCreateKeyW
CreateServiceW
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW

ole32

CoUninitialize

user32

UnregisterClassW
UnregisterDeviceNotification
RegisterDeviceNotificationW
MessageBoxW
RegisterClassW
GetDesktopWindow
CreateWindowExW
SetWindowLongW
GetWindowLongW
DefWindowProcW
PeekMessageW
TranslateMessage
DispatchMessageW
DestroyWindow

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

msvcr90

_cexit
_exit
_XcptFilter
__winitenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_purecall
wprintf
_wcsicmp
malloc
free
memset
setlocale
??2@YAPAXI@Z
??3@YAXPAX@Z
exit
__CxxFrameHandler3
__wgetmainargs
_amsg_exit

intl

libintl_gettext

glib-2.0

g_strdup
g_str_has_suffix
g_dir_read_name_utf8
g_ptr_array_new
g_dir_open_utf8
g_malloc0
g_strdup_printf
g_ptr_array_remove_index
g_array_free
g_thread_join
g_queue_remove
g_thread_functions_for_glib_use
g_idle_add_full
g_ptr_array_remove
g_free
g_thread_pool_push
g_queue_push_head
g_queue_delete_link
g_queue_find_custom
g_thread_create_full
g_queue_new
g_thread_pool_set_max_unused_threads
g_thread_pool_set_max_idle_time
g_thread_pool_new
g_malloc
g_queue_free
g_ptr_array_add
g_print
g_printerr
g_win32_error_message
g_option_context_free
g_option_context_parse
g_option_group_set_error_hook
g_option_context_get_main_group
g_option_context_add_main_entries
g_option_context_set_summary
g_option_context_new
g_key_file_get_boolean
g_ptr_array_free
g_array_append_vals
g_queue_pop_tail
g_log
g_clear_error
g_main_loop_run
g_source_remove
g_timeout_add
g_threads_got_initialized
g_main_context_default
g_main_loop_new
g_main_context_unref
g_key_file_new
g_key_file_free
g_dir_close
g_ptr_array_sort
g_thread_pool_free
g_file_test_utf8
g_idle_add
g_source_set_callback
g_main_loop_get_context
g_source_attach
g_source_unref
g_str_has_prefix
g_main_loop_is_running
g_main_loop_quit
g_logv
g_key_file_get_integer
g_main_loop_unref
g_array_new

gmodule-2.0

g_module_symbol
g_module_open_utf8
g_module_error
g_module_make_resident
g_module_close

gobject-2.0

g_signal_emit_by_name
g_object_unref
g_object_set
g_object_new
g_type_init
g_signal_connect_data
g_signal_lookup
g_signal_parse_name
g_value_set_boolean
g_value_get_boolean
g_value_set_pointer
g_value_get_pointer
g_value_set_uint
g_value_get_uint
g_object_notify
g_type_check_instance_cast
g_type_register_static
g_type_check_class_cast
g_cclosure_marshal_VOID__POINTER
g_signal_new
g_type_class_peek_parent
g_object_class_install_property
g_param_spec_pointer
g_value_peek_pointer

gthread-2.0

g_thread_init

vmtools

RpcChannel_New
GuestApp_GetConfPath
StrUtil_GetNextToken
RpcChannel_SetRetVals
RpcChannel_Send
Str_SafeAsprintf
RpcOut_sendOne
VMTools_GetString
GuestApp_GetInstallPath
RpcChannel_RegisterCallback
RpcChannel_Start
VMTools_SuspendLogIO
VMTools_ResumeLogIO
VMTools_LoadConfig
VMTools_NewHandleSource
Unicode_InitW
VMTools_ConfigLogging
VMTools_BindTextDomain
VMTools_AttachConsole
CodeSet_Utf8ToUtf16le
RpcChannel_Stop
RpcChannel_Destroy
Str_SafeVaswprintf
Str_Aswprintf
vm_free
Hostinfo_GetOSType
RpcChannel_Setup
Panic
Str_Vaswprintf
Str_Snwprintf
VmCheck_IsVirtualWorld
Str_Wcscpy
Str_Vasprintf

kernel32

IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
InterlockedCompareExchange
Sleep
InterlockedExchange
LocalAlloc
LoadLibraryW
GetProcAddress
FreeLibrary
OutputDebugStringA
OutputDebugStringW
GetModuleFileNameW
OpenEventW
WaitForSingleObject
GetLastError
GetModuleHandleW
CreateEventW
SetConsoleCtrlHandler
GetCurrentProcess
SetPriorityClass
GetCurrentThread
SetThreadPriority
LocalFree
SetErrorMode
SetEvent
CloseHandle

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8e149a2ff051703c4fba168a5a92f52d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

44:51:ad:37:17:cf:a2:23:71:ff:bc:07:df:13:e6:5dCertificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

7c:20:e0:ef:05:b5:a0:8e:ae:ca:61:f7:2c:29:ed:08:8c:5e:85:5dSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

ole32

user32

version

msvcr90

intl

glib-2.0

gmodule-2.0

gobject-2.0

gthread-2.0

vmtools

kernel32

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 13KB - Virtual size: 12KB

.reloc Size: 2KB - Virtual size: 2KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

44:51:ad:37:17:cf:a2:23:71:ff:bc:07:df:13:e6:5d
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

7c:20:e0:ef:05:b5:a0:8e:ae:ca:61:f7:2c:29:ed:08:8c:5e:85:5d
Signer

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 13KB - Virtual size: 12KB

.reloc
Size: 2KB - Virtual size: 2KB