28a45a0c2e997ccf90b5501b25c97e3d10c95be7a51a32ea3d242b390f2ef3af

Sharing

Copy URL Twitter E-mail

General

Target

28a45a0c2e997ccf90b5501b25c97e3d10c95be7a51a32ea3d242b390f2ef3af
Size

882KB
MD5

fc0d30117affee44ebd6fefb5f32ad56
SHA1

8c2045345f40a65d4de2fd9733c2291ef0f88159
SHA256

28a45a0c2e997ccf90b5501b25c97e3d10c95be7a51a32ea3d242b390f2ef3af
SHA512

4bbc5c9ebd6830716e1dbe608dc9ebf81562f4a5fbacc2ee6341345da8285a69ed34689210d540f8b6d516a95708a4cf06e28c76f8fb46e55551b6dfa5b54369
SSDEEP

12288:QAuJ1l+dnSEYWq+Sl7rh7J8FViCtSygp3fDVSaT9TlLaSGcilNaXJPqZYI/:6Vnh7+tSygp3rVz9TlLHGciDaXJPd

Score

1^/10

Malware Config

Signatures

Files

28a45a0c2e997ccf90b5501b25c97e3d10c95be7a51a32ea3d242b390f2ef3af
.exe windows:5 windows x86 arch:x86

944792e3ec5334a6015094a68480749b

Code Sign

2b:8e:33:c5:e6:ac:f2:06:b6:09:d4:f8:48:c0:8c:58
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

14/02/2012, 00:00

Not After

13/02/2014, 23:59

Subject

CN=SecureLink\, Inc,O=SecureLink\, Inc,L=Austin,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e6:3b:9f:dd:54:ad:24:12:07:b6:4e:06:a3:ce:86:c6:0c:f7:43:47
Signer

Actual PE Digest

e6:3b:9f:dd:54:ad:24:12:07:b6:4e:06:a3:ce:86:c6:0c:f7:43:47

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeConsole
CreateEventA
OpenProcess
TerminateProcess
GetComputerNameA
ResetEvent
WaitForSingleObject
SetEvent
Sleep
CloseHandle
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetLastError
FindResourceA
LoadResource
GetModuleFileNameA
CreateFileA
ResumeThread
TlsSetValue
CreateThread
GetCurrentThread
GetCurrentThreadId
TlsGetValue
TlsAlloc
GetProcAddress
LoadLibraryA
CreateProcessA
ExitProcess
GetExitCodeProcess
GetCurrentProcess
LockResource
FreeLibrary
GetVersionExA
ExpandEnvironmentStringsA
OutputDebugStringA
GetCurrentProcessId
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
WideCharToMultiByte
MultiByteToWideChar
FormatMessageA
QueryPerformanceFrequency
QueryPerformanceCounter
GetTickCount
WriteFile
ReadFile
GetStdHandle
CreateMutexA
ReleaseMutex
ConnectNamedPipe
CreateNamedPipeA
CopyFileA
DeleteFileA
InterlockedIncrement
InterlockedDecrement
RaiseException
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
GetCommandLineA
GetStartupInfoA
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
MoveFileA
HeapFree
HeapReAlloc
HeapAlloc
GetTimeZoneInformation
SetEnvironmentVariableA
TlsFree
SetLastError
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapCreate
VirtualFree
GetConsoleCP
GetConsoleMode
FlushFileBuffers
VirtualAlloc
LCMapStringA
LCMapStringW
SetFilePointer
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
GetProcessHeap
CompareStringA
CompareStringW
SizeofResource
WaitForMultipleObjects
GetModuleHandleA

user32

GetWindowRect
IsWindowVisible
CloseDesktop
SetThreadDesktop
GetThreadDesktop
GetUserObjectInformationA
OpenInputDesktop
OpenDesktopA
RegisterClassA
UnregisterClassA
CreateWindowExA
WaitForInputIdle
GetClassNameA
EnumDesktopWindows
EnumDesktopsA
GetProcessWindowStation
ExitWindowsEx
GetDesktopWindow
MsgWaitForMultipleObjects
PeekMessageA
DefWindowProcA
GetIconInfo
DrawIconEx
KillTimer
ClientToScreen
GetClientRect
IsRectEmpty
IsIconic
IsWindow
SetClipboardViewer
ChangeClipboardChain
CloseClipboard
GetClipboardData
OpenClipboard
GetClipboardOwner
SetClipboardData
EmptyClipboard
GetDC
ReleaseDC
keybd_event
MapVirtualKeyA
SetWindowPos
mouse_event
GetSystemMetrics
ToAscii
VkKeyScanA
GetForegroundWindow
EnumWindows
EnumChildWindows
GetWindowTextA
GetWindowInfo
GetParent
GetDlgItemTextA
DestroyWindow
DialogBoxParamA
ShowWindow
LoadIconA
SetDlgItemTextA
SendDlgItemMessageA
SystemParametersInfoA
EndDialog
SendMessageA
GetDlgItem
SetTimer
CreateWindowExW
PostThreadMessageA
PostMessageA
SetWindowTextA
FindWindowA
LoadImageA
TrackPopupMenu
GetCursorPos
SetForegroundWindow
EnableMenuItem
SetMenuDefaultItem
GetSubMenu
LoadMenuA
PostQuitMessage
GetMessageA
TranslateMessage
DispatchMessageA
GetWindowThreadProcessId
SetWindowLongA
GetWindowLongA
GetAsyncKeyState

gdi32

CreateDIBSection
SetDIBColorTable
CreateDCA
GetClipBox
GetDIBits
DeleteObject
GdiFlush
GetDeviceCaps
CreateCompatibleDC
SelectObject
DeleteDC
GetObjectA
CreateFontIndirectA
CreateCompatibleBitmap
GetSystemPaletteEntries
GetBitmapBits
BitBlt

shell32

Shell_NotifyIconA

ws2_32

WSACreateEvent
WSAResetEvent
WSAEnumNetworkEvents
select
send
closesocket
recv
accept
listen
gethostbyname
socket
WSAEventSelect
setsockopt
htons
inet_addr
WSAStartup
inet_ntoa
connect
getsockname
getpeername
ntohs
shutdown
htonl
WSACloseEvent
WSAGetLastError
bind
WSAIoctl

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

advapi32

SetSecurityDescriptorDacl
ReportEventA
CreateProcessAsUserA
OpenProcessToken
RegCloseKey
RevertToSelf
GetUserNameA
ImpersonateLoggedOnUser
RegOpenKeyExA
RegisterEventSourceA
SetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorA
GetSecurityDescriptorSacl
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
InitializeSecurityDescriptor
DeregisterEventSource
RegNotifyChangeKeyValue
RegSetValueExA
RegQueryInfoKeyA
RegEnumValueA
RegQueryValueExA

ole32

CoCreateInstance
CoUninitialize
CoInitialize

Sections

.text
Size: 310KB - Virtual size: 310KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 471KB - Virtual size: 470KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

944792e3ec5334a6015094a68480749b

Code Sign

2b:8e:33:c5:e6:ac:f2:06:b6:09:d4:f8:48:c0:8c:58Certificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

e6:3b:9f:dd:54:ad:24:12:07:b6:4e:06:a3:ce:86:c6:0c:f7:43:47Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ws2_32

version

advapi32

ole32

Sections

.text Size: 310KB - Virtual size: 310KB

.rdata Size: 84KB - Virtual size: 83KB

.data Size: 13KB - Virtual size: 32KB

.rsrc Size: 471KB - Virtual size: 470KB

2b:8e:33:c5:e6:ac:f2:06:b6:09:d4:f8:48:c0:8c:58
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

e6:3b:9f:dd:54:ad:24:12:07:b6:4e:06:a3:ce:86:c6:0c:f7:43:47
Signer

.text
Size: 310KB - Virtual size: 310KB

.rdata
Size: 84KB - Virtual size: 83KB

.data
Size: 13KB - Virtual size: 32KB

.rsrc
Size: 471KB - Virtual size: 470KB