c5282a0cc6d9db92f0f0fe5ec51c9d9a

Sharing

Copy URL Twitter E-mail

General

Target

c5282a0cc6d9db92f0f0fe5ec51c9d9a
Size

68KB
MD5

c5282a0cc6d9db92f0f0fe5ec51c9d9a
SHA1

005654849b3dafe149aeb78079c0bcc6bec001ad
SHA256

206bd46c83042e943da904eeae9b7b459c7a645f697d6b55c8f9598913b08cc0
SHA512

0f85752d2b7028ae635d7327eaeaeda3ea7258d8541ba40f32f29585d58cf7954512ce42c643a7f41f112866d50b95a6e906804598499993c0727428b08c4f3a
SSDEEP

768:/3fws7XVo395BZhX3OMiDsduVBp4uH/r6Bmr9/NLWubC8HY:/rlG95/hHOMiDs4F4uHD6BmZVauCx

Score

1^/10

Malware Config

Signatures

Files

c5282a0cc6d9db92f0f0fe5ec51c9d9a
.exe windows:5 windows x86 arch:x86

32b50d6e5f7f882e5491a9f6ad6db0ff

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3d:1c:b7:8a:fc:8d:91:be:03:21:20:fb:59:84:49:36
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

21/01/2010, 00:00

Not After

11/02/2013, 23:59

Subject

CN=Deep Software Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Deep Software Inc.,L=New Westminster,ST=British Columbia,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

fc:e1:46:e6:bd:e2:a8:14:da:74:02:fa:76:ca:95:87:2e:6d:41:65
Signer

Actual PE Digest

fc:e1:46:e6:bd:e2:a8:14:da:74:02:fa:76:ca:95:87:2e:6d:41:65

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\opt\hudson\jobs\AM-night\workspace\trunk\Program\Bin\Release\CaptureScr.pdb

Imports

kernel32

GetProcessHeap
DuplicateHandle
OpenProcess
InterlockedExchange
Sleep
GetCurrentThreadId
GetTickCount
HeapFree
HeapReAlloc
HeapSize
InterlockedCompareExchange
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSection
DeleteCriticalSection
HeapDestroy
OutputDebugStringW
GetCurrentProcess
GetLastError
CloseHandle
WriteFile
OutputDebugStringA
HeapAlloc

user32

GetForegroundWindow
ReleaseDC
GetWindowDC
GetSystemMetrics
GetWindowRect

gdi32

BitBlt

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken

ole32

CreateStreamOnHGlobal

msvcp90

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?setf@ios_base@std@@QAEHHH@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?good@ios_base@std@@QBE_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?width@ios_base@std@@QAEHH@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
?eof@?$char_traits@D@std@@SAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBEHXZ
?length@?$char_traits@D@std@@SAIPBD@Z
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??_D?$basic_istringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAM@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAPAX@Z
??$?5_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@AA_W@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAK@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_istringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@1@H@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z

msvcr90

memmove_s
malloc
free
??2@YAPAXI@Z
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
__CxxFrameHandler3
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
??3@YAXPAX@Z
_invalid_parameter_noinfo
memset
_controlfp_s
_invoke_watson
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
_except_handler4_common
?terminate@@YAXXZ

gdiplus

GdipSetStringFormatAlign
GdipCreateSolidFill
GdipCreateMatrix2
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromScan0
GdipGetImageHeight
GdipGetImageWidth
GdipSaveImageToStream
GdipDisposeImage
GdipDeleteFont
GdipCreateFont
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFontFamilyFromName
GdipDeleteGraphics
GdipDeletePath
GdipCreatePath
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeletePen
GdipCreatePen1
GdipDeleteBrush
GdipDeleteMatrix
GdipAlloc
GdipFree
GdiplusStartup
GdiplusShutdown
GdipSetStringFormatLineAlign
GdipAddPathString
GdipGetDC
GdipReleaseDC
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipSetSmoothingMode
GdipSetWorldTransform
GdipTranslateWorldTransform
GdipDrawPath
GdipFillPath
GdipDrawString
GdipDrawImageRectI
GdipDrawImageRectRect
GdipSaveGraphics
GdipRestoreGraphics
GdipCloneBrush
GdipCloneImage
GdipGetImageGraphicsContext
GdipMeasureString

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

32b50d6e5f7f882e5491a9f6ad6db0ff

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

3d:1c:b7:8a:fc:8d:91:be:03:21:20:fb:59:84:49:36Certificate

Extended Key Usages

Key Usages

fc:e1:46:e6:bd:e2:a8:14:da:74:02:fa:76:ca:95:87:2e:6d:41:65Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

ole32

msvcp90

msvcr90

gdiplus

Sections

.text Size: 15KB - Virtual size: 15KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 23KB - Virtual size: 22KB

.reloc Size: 12KB - Virtual size: 12KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

3d:1c:b7:8a:fc:8d:91:be:03:21:20:fb:59:84:49:36
Certificate

fc:e1:46:e6:bd:e2:a8:14:da:74:02:fa:76:ca:95:87:2e:6d:41:65
Signer

.text
Size: 15KB - Virtual size: 15KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 23KB - Virtual size: 22KB

.reloc
Size: 12KB - Virtual size: 12KB