c2f0ea76561385814378b48837b1b260

Sharing

Copy URL Twitter E-mail

General

Target

c2f0ea76561385814378b48837b1b260
Size

9.1MB
MD5

c2f0ea76561385814378b48837b1b260
SHA1

93b0cfb69e9ab0808d0e53d6a07aa463943529c8
SHA256

40c7bc31482912f629ac9c84c5050d885974e763f2d0b02aa0cbfe365e511cc1
SHA512

705bf3dbc32dd6b0e04b3c3d7e53a77e2ac449e6b59cd41ffdc1346280b0eede11601106fda86c8b7ec839e4a996b3689535191b922fb920f3cc411a9c4dd40f
SSDEEP

196608:ddIisU9YjTcUOujlHZQfpXJWOFKRJBiSeJJ7tzAWsIIIFx+:rJ7CTc5pWJ6JBziKx+

Score

1^/10

Malware Config

Signatures

Files

c2f0ea76561385814378b48837b1b260
.rar
sc-VisualTarot-Lite-8.10.26-ru.exe
.exe windows:5 windows x86 arch:x86

f9c37a14f38ef8970a39597d0dfc3dd3

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

18:18:7b:cc:2d:af:1e:dd:44:a2:f4:54:90:0e:c5:dc
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

11/01/2010, 00:00

Not After

11/01/2012, 23:59

Subject

CN=LLC Mail.Ru,OU=Secure Application Development,O=LLC Mail.Ru,L=Moscow,ST=Moscow region,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

fb:15:fd:b0:e6:e4:f8:cd:2e:54:f1:69:8f:a5:9c:63:ee:46:c3:18
Signer

Actual PE Digest

fb:15:fd:b0:e6:e4:f8:cd:2e:54:f1:69:8f:a5:9c:63:ee:46:c3:18

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

urlmon

URLDownloadToFileW

kernel32

MoveFileW
LocalFree
GetCurrentThreadId
DeleteCriticalSection
RaiseException
HeapAlloc
GetProcessHeap
HeapFree
CreateEventA
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameW
InitializeCriticalSection
FreeLibrary
MultiByteToWideChar
LoadLibraryExW
lstrcmpiW
FlushInstructionCache
GetCurrentProcess
GetVersionExW
CreateDirectoryW
GlobalUnlock
GlobalLock
GlobalAlloc
WideCharToMultiByte
lstrcmpW
MulDiv
GlobalFree
GlobalHandle
SetEvent
CreateEventW
TerminateThread
GetExitCodeThread
CreateProcessW
IsBadWritePtr
FindResourceExW
LoadResource
LockResource
SetEndOfFile
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
MoveFileExW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
QueryPerformanceCounter
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
SetFilePointer
ReadFile
GetStartupInfoA
GetFileType
SetHandleCount
SizeofResource
GetStdHandle
HeapCreate
IsValidCodePage
GetOEMCP
GetModuleHandleA
ExitProcess
GetStringTypeW
GetCPInfo
LCMapStringW
LCMapStringA
GetConsoleMode
HeapDestroy
CreateThread
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
ResumeThread
TlsSetValue
ResetEvent
WaitForSingleObject
TerminateProcess
GetExitCodeProcess
GetStartupInfoW
FindClose
FindFirstFileW
FindNextFileW
RemoveDirectoryW
GetModuleHandleW
GetTempPathW
GetStringTypeA
GetFileAttributesW
FindResourceW
WriteFile
GetLastError
CreateFileW
CloseHandle
DeleteFileW
GetTickCount
lstrlenW
SetLastError
VirtualAlloc
OpenEventA
GetCurrentProcessId
TlsGetValue
TlsFree
TlsAlloc
GetSystemTimeAsFileTime
FormatMessageA
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
LoadLibraryW
GetProcAddress
lstrlenA
GetACP
FormatMessageW
FreeResource
HeapReAlloc
HeapSize
InterlockedExchange
Sleep
GetFileAttributesExW
CreateFileA
GetModuleFileNameA
GetConsoleCP

user32

SetWindowPos
MapWindowPoints
wsprintfW
UnregisterClassA
GetDlgItem
GetClientRect
GetMonitorInfoW
SetTimer
GetWindowLongW
GetWindowRect
GetWindow
GetParent
SetWindowLongW
MessageBoxW
DefWindowProcW
DestroyWindow
CharNextW
LoadImageW
GetSystemMetrics
SetWindowTextW
SendMessageW
EndDialog
IsWindowVisible
ShowWindow
ScreenToClient
MonitorFromWindow
EndPaint
DialogBoxIndirectParamW
InvalidateRgn
InvalidateRect
SetCapture
ReleaseCapture
ClientToScreen
CreateAcceleratorTableW
GetDC
ReleaseDC
GetDesktopWindow
GetClassNameW
RedrawWindow
BeginPaint
FillRect
CreateWindowExW
IsChild
SetFocus
GetFocus
GetSysColor
DestroyAcceleratorTable
GetWindowTextLengthW
GetWindowTextW
RegisterWindowMessageW
GetClassInfoExW
LoadCursorW
RegisterClassExW
SetWindowContextHelpId
CallWindowProcW
MapDialogRect
PostThreadMessageW
IsDialogMessageW
DialogBoxParamW
GetActiveWindow
IsWindow
KillTimer
MoveWindow

gdi32

GetDeviceCaps
CreateSolidBrush
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
CreateFontIndirectW
GetObjectW
GetStockObject

advapi32

RegQueryValueExW
RegQueryInfoKeyW
RegDeleteValueW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteKeyW
RegSetValueExW
OpenProcessToken
RegCreateKeyExW
RegCloseKey
GetTokenInformation
FreeSid
EqualSid
AllocateAndInitializeSid

shell32

FindExecutableW
CommandLineToArgvW
ShellExecuteExW
SHGetPathFromIDListW
SHGetSpecialFolderPathW
SHGetSpecialFolderLocation
SHGetDesktopFolder
ShellExecuteW

ole32

CreateStreamOnHGlobal
CLSIDFromProgID
OleInitialize
OleUninitialize
OleLockRunning
CLSIDFromString
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoInitialize
StringFromGUID2
CoUninitialize
StringFromCLSID
CoCreateGuid
CoGetClassObject

oleaut32

LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
SysStringLen
SysAllocStringLen
SysStringByteLen
SysAllocStringByteLen
SysAllocString
SysFreeString
VariantCopy
SafeArrayUnlock
SafeArrayLock
SafeArrayDestroy
SafeArrayCreate
VarUI4FromStr
VariantInit
VariantChangeType
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
VariantClear

shlwapi

PathIsURLW

comctl32

InitCommonControlsEx

gdiplus

GdiplusStartup
GdiplusShutdown

wininet

InternetQueryDataAvailable
InternetCloseHandle
InternetOpenW
InternetOpenUrlW
InternetReadFile
InternetSetOptionW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Sections

.text
Size: 428KB - Virtual size: 427KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8.9MB - Virtual size: 8.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f9c37a14f38ef8970a39597d0dfc3dd3

Code Sign

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

18:18:7b:cc:2d:af:1e:dd:44:a2:f4:54:90:0e:c5:dcCertificate

Extended Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

fb:15:fd:b0:e6:e4:f8:cd:2e:54:f1:69:8f:a5:9c:63:ee:46:c3:18Signer

Headers

DLL Characteristics

File Characteristics

Imports

urlmon

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

wininet

version

Sections

.text Size: 428KB - Virtual size: 427KB

.rdata Size: 78KB - Virtual size: 77KB

.data Size: 15KB - Virtual size: 25KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 8.9MB - Virtual size: 8.9MB

.reloc Size: 49KB - Virtual size: 49KB

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

18:18:7b:cc:2d:af:1e:dd:44:a2:f4:54:90:0e:c5:dc
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

fb:15:fd:b0:e6:e4:f8:cd:2e:54:f1:69:8f:a5:9c:63:ee:46:c3:18
Signer

.text
Size: 428KB - Virtual size: 427KB

.rdata
Size: 78KB - Virtual size: 77KB

.data
Size: 15KB - Virtual size: 25KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 8.9MB - Virtual size: 8.9MB

.reloc
Size: 49KB - Virtual size: 49KB