c4a4cee5d1292fbc0103fcca6948671d

Sharing

Copy URL Twitter E-mail

General

Target

c4a4cee5d1292fbc0103fcca6948671d
Size

45.1MB
MD5

c4a4cee5d1292fbc0103fcca6948671d
SHA1

8fa1bc7e9ac2baadad080b324174a857fde35dfe
SHA256

b8bad551b3a1b256917de18b494771e773a6468002164aa8c55a3e9471f61100
SHA512

387bdfc944de453e1011628eb6f91ae4ba592af500ebf8256d5ec540c9637cb090ce2e81d70efc702f8a542dfca9dd05554e5684c7dcfafe45359a8e2ba9231d
SSDEEP

786432:fvx1k33hx41jdhMiqVl0JuTAeAGv958Y14vRbab2iuFEeug57jbV5e1+95LZvEbz:f4hi1jdhMkEAJbYyaKierhnVTZvM36Le

Score

1^/10

Malware Config

Signatures

Files

c4a4cee5d1292fbc0103fcca6948671d
.exe windows:4 windows x86 arch:x86

94b8f4d240e0a2bf5ea80d6834735486

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3f:2b:1c
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

08/04/2005, 13:54

Not After

07/04/2007, 18:02

Subject

CN=Hewlett-Packard Company,OU=Hewlett-Packard Company,O=Hewlett-Packard Company,L=Palo Alto,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpyW
lstrcatW
WideCharToMultiByte
lstrlenW
lstrcmpW
GetModuleFileNameW
CreateDirectoryW
GetTempPathW
RemoveDirectoryW
FindClose
FindNextFileW
DeleteFileW
MoveFileExW
SetFileAttributesW
FindFirstFileW
GlobalFree
lstrcmpiW
GetLocaleInfoW
lstrcmpiA
CloseHandle
WriteFile
CreateFileW
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
GetCommandLineW
Sleep
GetDiskFreeSpaceExW
SetCurrentDirectoryW
GetCurrentDirectoryW
DosDateTimeToFileTime
GetDateFormatW
FreeLibrary
LoadLibraryW
SetProcessShutdownParameters
GetCurrentProcessId
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GetLastError
GetLocalTime
CopyFileW
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
lstrlenA
ReadFile
SetFilePointer
GetFileSize
lstrcpynA
GetFileTime
SetFileTime
LocalFileTimeToFileTime
MultiByteToWideChar
LocalFree
GetStartupInfoW
GetModuleHandleW
FileTimeToSystemTime
GetDateFormatA
GetTimeFormatW
GetTimeFormatA

user32

LoadStringW
GetClientRect
SetDlgItemTextA
EndDialog
CharNextW
GetSystemMetrics
GetWindowRect
DestroyIcon
SetWindowTextW
GetSystemMenu
AppendMenuW
SetWindowLongW
EnableWindow
ScreenToClient
MoveWindow
SetDlgItemTextW
SetFocus
DialogBoxParamW
CreateDialogParamW
DestroyWindow
GetDesktopWindow
SendDlgItemMessageW
CloseWindow
PeekMessageW
DispatchMessageW
OpenIcon
MessageBoxW
CallWindowProcW
GetParent
GetDlgItem
SetWindowPos
SendMessageW
ShowWindow
LoadImageW
wsprintfW

advapi32

RegCloseKey
RegCreateKeyExW
RegSetValueExW

shell32

Shell_NotifyIconW
CommandLineToArgvW
SHGetMalloc
SHBrowseForFolderW
SHGetPathFromIDListW

ole32

CoTaskMemFree
StringFromCLSID
CoCreateGuid
OleInitialize
OleUninitialize

oleaut32

SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayUnaccessData
VariantClear

msvcrt

_wcsnicmp
_ltoa
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
calloc
memcmp
memmove
setlocale
wcsncat
wcsncpy
towupper
wcscmp
wcscpy
wcscat
_wcsrev
wcschr
_wcsicmp
_local_unwind2
_wsetlocale
wcstombs
wcslen
_ftol
_splitpath
malloc
free
mbstowcs
_except_handler3
wcsrchr
_wtoi
_wsplitpath
__CxxFrameHandler
strcat
strncat
??3@YAXPAX@Z
_CxxThrowException
strncpy
strcpy
strlen
memcpy
memset
??2@YAPAXI@Z
_stricmp

Sections

.text
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

94b8f4d240e0a2bf5ea80d6834735486

Code Sign

01Certificate

0aCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

3f:2b:1cCertificate

Extended Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

msvcrt

Sections

.text Size: 76KB - Virtual size: 74KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 12KB - Virtual size: 12KB

.rsrc Size: 16KB - Virtual size: 15KB

01
Certificate

0a
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

3f:2b:1c
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

.text
Size: 76KB - Virtual size: 74KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 16KB - Virtual size: 15KB