be620708b887298e213165adbd972102

Sharing

Copy URL Twitter E-mail

General

Target

be620708b887298e213165adbd972102
Size

139KB
MD5

be620708b887298e213165adbd972102
SHA1

47ab0fc31d54c5a765c8b7c261f5d025df8614be
SHA256

48ceff549b4c5595e43f58723485229eb1d6e95ff869ceadd17a00e1ba85a104
SHA512

257bb63b6cc07861946f935473a64f8bd5d7c47e177154c7f77aeba115af290d831990637ec6858b338a404bcfdc5d358b9816d7c95d27308aa033cfed86a1e7
SSDEEP

3072:rq4YoYyUTPZARR5GXmZfzougRGnx7qD90t9tX/6zPpXI:+4YCEhuR5GefzouFntA0aPZI

Score

1^/10

Malware Config

Signatures

Files

be620708b887298e213165adbd972102
.exe windows:3 windows x86 arch:x86

2ee29efe65336541b5c5888d5db089ec

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:be:8f:83:f4:45:50:21:f4:e2:4f:b0:21:fc:a2:4a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

08/03/2010, 00:00

Not After

08/03/2011, 23:59

Subject

CN=Kaspersky Lab,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Technical dept,O=Kaspersky Lab,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cf:37:37:ec:01:4d:d0:cd:03:ab:03:2f:c9:f4:1c:5f:3e:4f:c8:5a
Signer

Actual PE Digest

cf:37:37:ec:01:4d:d0:cd:03:ab:03:2f:c9:f4:1c:5f:3e:4f:c8:5a

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeResource
GetLocalTime
SetThreadPriority
GetEnvironmentStringsW
GetCommandLineW
GetLogicalDrives
MoveFileW
lstrcatW
GetFileType
GetCalendarInfoW
GetOEMCP
IsBadStringPtrA
LocalAlloc
GetEnvironmentVariableW
GetEnvironmentStringsA
LoadLibraryA
LoadLibraryW
GetModuleFileNameA
SetErrorMode
IsBadStringPtrW
GetThreadPriority
GetCalendarInfoA
lstrlenW
CreateSemaphoreA
GetModuleFileNameW
OpenMutexA
SetLocaleInfoA
GlobalGetAtomNameA
lstrcatA
RemoveDirectoryA
GetExpandedNameA
GetDateFormatW
SearchPathW
CreatePipe
SetPriorityClass
GetStringTypeA
GetLogicalDriveStringsA
GetShortPathNameA
CreateFileMappingA
FatalAppExitA
IsValidLanguageGroup
VirtualAlloc
GetSystemTime
LocalFree
EndUpdateResourceW
OpenFile
lstrcat
MulDiv
WaitForSingleObject
lstrcmpi

user32

GetAsyncKeyState
LoadBitmapW
CopyRect
ArrangeIconicWindows
IsIconic
MoveWindow
GetDC
InsertMenuItemA
MonitorFromPoint
PeekMessageW
CharPrevW
GetClassInfoA
ShowWindow
LoadMenuA
UnregisterClassW
GetSysColorBrush
CreateAcceleratorTableA
keybd_event
GetMenuInfo
RegisterClassExA
GetCapture
CharUpperA
CharNextW
wsprintfA
WaitMessage
InsertMenuW
CreateAcceleratorTableW
MessageBoxIndirectA
WaitForInputIdle
GetClassNameW
ReleaseDC
GetWindowRgn
wvsprintfW
GetWindowRect

gdi32

SetTextAlign
GetBitmapBits
EnumFontFamiliesW
LineTo
GetCharABCWidthsFloatA
CreateScalableFontResourceA
GetMiterLimit
SwapBuffers
GetEnhMetaFileDescriptionA
GetPath
FontIsLinked
ArcTo
CreateMetaFileW
CreateEllipticRgn
GetCharABCWidthsW
EnumObjects
ExtFloodFill
TextOutA

advapi32

RegSetValueA
RegOpenKeyExW
RegOpenKeyExA

wininet

HttpEndRequestA
ResumeSuspendedDownload
InternetSecurityProtocolToStringA

winspool.drv

SetJobW
DocumentPropertiesA
DeletePrinterDriverA
ResetPrinterW
GetDefaultPrinterW
GetPrinterDataW
AddPrinterDriverExA
SeekPrinter
SetPrinterDataExA

Sections

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

./fd10{
Size: 1024B - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.:7^a6
Size: 1024B - Virtual size: 7KB

IMAGE_SCN_MEM_READ

.43K
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.%
Size: 1024B - Virtual size: 22KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.;W7-
Size: 15KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.4;82
Size: 1024B - Virtual size: 25KB

IMAGE_SCN_MEM_READ

.fq-)a!
Size: 1024B - Virtual size: 42KB

IMAGE_SCN_MEM_READ

.rsrc
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2ee29efe65336541b5c5888d5db089ec

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

07:be:8f:83:f4:45:50:21:f4:e2:4f:b0:21:fc:a2:4aCertificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

cf:37:37:ec:01:4d:d0:cd:03:ab:03:2f:c9:f4:1c:5f:3e:4f:c8:5aSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

wininet

winspool.drv

Sections

.rdata Size: 3KB - Virtual size: 3KB

.text Size: 16KB - Virtual size: 15KB

./fd10{ Size: 1024B - Virtual size: 14KB

.:7^a6 Size: 1024B - Virtual size: 7KB

.43K Size: 1KB - Virtual size: 1KB

.% Size: 1024B - Virtual size: 22KB

.;W7- Size: 15KB - Virtual size: 21KB

.4;82 Size: 1024B - Virtual size: 25KB

.fq-)a! Size: 1024B - Virtual size: 42KB

.rsrc Size: 86KB - Virtual size: 85KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

07:be:8f:83:f4:45:50:21:f4:e2:4f:b0:21:fc:a2:4a
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

cf:37:37:ec:01:4d:d0:cd:03:ab:03:2f:c9:f4:1c:5f:3e:4f:c8:5a
Signer

.rdata
Size: 3KB - Virtual size: 3KB

.text
Size: 16KB - Virtual size: 15KB

./fd10{
Size: 1024B - Virtual size: 14KB

.:7^a6
Size: 1024B - Virtual size: 7KB

.43K
Size: 1KB - Virtual size: 1KB

.%
Size: 1024B - Virtual size: 22KB

.;W7-
Size: 15KB - Virtual size: 21KB

.4;82
Size: 1024B - Virtual size: 25KB

.fq-)a!
Size: 1024B - Virtual size: 42KB

.rsrc
Size: 86KB - Virtual size: 85KB