b9b44181c55a4a2f5653722e5812be76

Sharing

Copy URL

Twitter E-mail

General

Target

b9b44181c55a4a2f5653722e5812be76
Size

281KB
MD5

b9b44181c55a4a2f5653722e5812be76
SHA1

7d200a3d64963790cd5950bb629578660190e3b9
SHA256

2a94a1ecb6792a192319e9b49aaacfd60890d2b389097fef981179535c97ed78
SHA512

45482addf2155e0006ae7c5a723bee55721f9e3f78bc704372c7c316c8fd08191f986ba1ce3626182af1d261c33e0534308c4b3b957caefdfe2cc158c6cd7f41
SSDEEP

6144:4CITJiDTUNDNiAN6ETLu7auxCoJaxdVKU4wB3cf9CD:Fws3WpN6sqWSBJU4whcf9CD

Score

1^/10

Malware Config

Signatures

Files

b9b44181c55a4a2f5653722e5812be76
.exe windows:4 windows x86 arch:x86

d7f229f9d0334c45eb59fba2f902103b

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29-01-1996 00:00

Not After

01-08-2028 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1c:2d:d6:1a:35:e6:5d:f6:29:97:01:ff:9b:e5:ca:44
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

20-01-2010 00:00

Not After

24-01-2012 23:59

Subject

CN=BITDEFENDER LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BITDEFENDER LLC,L=Fort Lauderdale,ST=Florida,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

88:af:73:24:b6:f1:19:64:76:81:56:c6:bf:19:26:74:4c:a7:7a:63
Signer

Actual PE Digest

88:af:73:24:b6:f1:19:64:76:81:56:c6:bf:19:26:74:4c:a7:7a:63

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileTime
GetLocaleInfoA
GetTempFileNameW
CreateDirectoryW
GetModuleFileNameW
lstrlenA
OpenWaitableTimerW
CreateEventW
GetLocalTime
GetThreadLocale
SetErrorMode
GetExitCodeThread
CreateFileMappingW
ReplaceFileA
GetAtomNameW
GetCommandLineW
GetTimeFormatW
Beep
GetTempFileNameA
GetCurrentProcess
SetLocaleInfoW
WaitForSingleObject
GetCurrentThreadId
GetStringTypeA
lstrcpyn
QueryPerformanceCounter
lstrcmp
GetSystemDefaultLangID
GetComputerNameA
ReadDirectoryChangesW
GetCurrentDirectoryW
FatalAppExitW
GetShortPathNameA
HeapCreate
GetCurrentDirectoryA
CreateEventA
GetModuleHandleW
BeginUpdateResourceW
RemoveDirectoryA
GetEnvironmentStringsW
SetCurrentDirectoryW
GetACP
OpenFile
GetProcAddress
GetCPInfo

user32

GetWindowTextA
GetDC
SetMenu
PostMessageW
LoadBitmapA
CharNextW
GetDC
CreatePopupMenu
GetWindowLongW
ChildWindowFromPoint
wsprintfW
SetForegroundWindow
MessageBeep
PostMessageA
CallWindowProcW
SetWindowTextA
CheckRadioButton
ShowCursor
GetScrollPos
GetClassInfoExW
CreateDialogParamA
SetWindowLongW
InvalidateRgn
LoadIconA
PostQuitMessage
keybd_event
OffsetRect
DrawTextW
DefFrameProcA
GetFocus

gdi32

RoundRect
SetICMProfileA
SetViewportExtEx
GetCharWidthA
GetPolyFillMode
EnumICMProfilesW
FillPath
UpdateICMRegKeyA
GetLayout
PaintRgn
AddFontResourceW
GetObjectType
GetLogColorSpaceA
CopyEnhMetaFileW
GetKerningPairsA
PolyDraw
GetStockObject
GetOutlineTextMetricsW

advapi32

RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegEnumValueA
RegQueryInfoKeyA
RegDeleteValueW

shell32

SHGetFileInfoW

shlwapi

SHGetValueW

opengl32

glRasterPos3s
glVertex4dv
glLightModelf
glNormal3f
glMultMatrixd
glEnable
glAccum
glLoadMatrixf
glColor3dv
glTexCoord4d
glRasterPos2fv
glTexCoord1fv
glSelectBuffer
glDrawBuffer
glColor4us
glGetTexImage

setupapi

SetupLogFileW
CM_Get_Version
SetupCopyOEMInfW
SetupGetFileQueueFlags

winspool.drv

AddPrinterW
EndDocPrinter
EnumPrinterDataW
AddPrinterDriverExA
AddPortW
SetDefaultPrinterW

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.qifQu
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.uyHT
Size: 1KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Vfy
Size: 2KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.HZQgg
Size: 1024B - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.f
Size: 2KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.k
Size: 3KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.WEAVw
Size: 1024B - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.nnB
Size: 2KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.uYOSNR
Size: 2KB - Virtual size: 283KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 231KB - Virtual size: 230KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d7f229f9d0334c45eb59fba2f902103b

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

1c:2d:d6:1a:35:e6:5d:f6:29:97:01:ff:9b:e5:ca:44Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

88:af:73:24:b6:f1:19:64:76:81:56:c6:bf:19:26:74:4c:a7:7a:63Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

opengl32

setupapi

winspool.drv

Sections

.text Size: 11KB - Virtual size: 10KB

.qifQu Size: 512B - Virtual size: 4KB

.uyHT Size: 1KB - Virtual size: 31KB

.Vfy Size: 2KB - Virtual size: 24KB

.HZQgg Size: 1024B - Virtual size: 12KB

.f Size: 2KB - Virtual size: 19KB

.k Size: 3KB - Virtual size: 18KB

.data Size: 13KB - Virtual size: 12KB

.WEAVw Size: 1024B - Virtual size: 46KB

.nnB Size: 2KB - Virtual size: 13KB

.uYOSNR Size: 2KB - Virtual size: 283KB

.rsrc Size: 231KB - Virtual size: 230KB

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

1c:2d:d6:1a:35:e6:5d:f6:29:97:01:ff:9b:e5:ca:44
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

88:af:73:24:b6:f1:19:64:76:81:56:c6:bf:19:26:74:4c:a7:7a:63
Signer

.text
Size: 11KB - Virtual size: 10KB

.qifQu
Size: 512B - Virtual size: 4KB

.uyHT
Size: 1KB - Virtual size: 31KB

.Vfy
Size: 2KB - Virtual size: 24KB

.HZQgg
Size: 1024B - Virtual size: 12KB

.f
Size: 2KB - Virtual size: 19KB

.k
Size: 3KB - Virtual size: 18KB

.data
Size: 13KB - Virtual size: 12KB

.WEAVw
Size: 1024B - Virtual size: 46KB

.nnB
Size: 2KB - Virtual size: 13KB

.uYOSNR
Size: 2KB - Virtual size: 283KB

.rsrc
Size: 231KB - Virtual size: 230KB