29610f2215ff597d10e475e795794aea74360556babd58b91a0a64b1e6899c3b

Sharing

Copy URL Twitter E-mail

General

Target

29610f2215ff597d10e475e795794aea74360556babd58b91a0a64b1e6899c3b
Size

3.6MB
MD5

9b268b4331943ee50ef8429ad8caf3fc
SHA1

d57c83503f65c4119b17a7f67713a51eb17caa33
SHA256

29610f2215ff597d10e475e795794aea74360556babd58b91a0a64b1e6899c3b
SHA512

0f5478428e7e728c48866ed186f2337eb5d67d56fbfafe7f46b8c470d908c5c11d0527a25e2e592c14c51713c0a9681563f64773555467919fa77daae2c904d4
SSDEEP

49152:I3Wk2juuH5Kb0rsTzmhg4afQKxwQCPSgBWMidp/9XTegFB3olI2s65bWU8UO:uWk2juuH/sPmhgnfQKxrleWF9XTegb

Score

1^/10

Malware Config

Signatures

Files

29610f2215ff597d10e475e795794aea74360556babd58b91a0a64b1e6899c3b
.exe windows:4 windows x86 arch:x86

0d23f0e428ad52c613acb171aebd3be5

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

40:5a:05:ed:fd:51:2c:1b:cc:7b:45:f6:02:fb:8e:3c
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

02/08/2011, 00:00

Not After

31/07/2014, 23:59

Subject

CN=SwiftView\, Inc.,O=SwiftView\, Inc.,L=Portland,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

d2:a5:d7:c9:06:0a:d4:9a:66:b4:71:fd:34:26:32:99:e8:50:d1:67
Signer

Actual PE Digest

d2:a5:d7:c9:06:0a:d4:9a:66:b4:71:fd:34:26:32:99:e8:50:d1:67

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

iphlpapi

GetAdaptersInfo

mpr

WNetGetUniversalNameA

kernel32

GetTickCount
QueryPerformanceCounter
GlobalMemoryStatus
OpenMutexA
CreateMutexA
ReleaseMutex
RemoveDirectoryA
GetLocaleInfoW
IsBadCodePtr
IsBadReadPtr
CompareStringW
CompareStringA
SetUnhandledExceptionFilter
SetCurrentDirectoryA
SetStdHandle
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
SetEnvironmentVariableA
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
FreeLibrary
IsBadWritePtr
VirtualAlloc
HeapCreate
HeapDestroy
SetHandleCount
GetStringTypeW
GetStringTypeA
GetACP
HeapSize
CreateDirectoryA
RaiseException
FindFirstFileW
GetDriveTypeW
CreateDirectoryW
RtlUnwind
GetFileType
GetCommandLineA
GetStartupInfoA
HeapAlloc
HeapReAlloc
GetFullPathNameW
SetCurrentDirectoryW
GetCurrentDirectoryW
SetEnvironmentVariableW
ExitProcess
ExitThread
CreateThread
HeapFree
GetLocalTime
GetSystemTime
GetTimeZoneInformation
FileTimeToLocalFileTime
FileTimeToSystemTime
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetCurrentThreadId
DeviceIoControl
TerminateProcess
CreatePipe
OutputDebugStringA
ExpandEnvironmentStringsA
MoveFileA
CopyFileA
DeleteFileA
InterlockedExchange
InterlockedCompareExchange
LCMapStringW
GetUserDefaultLCID
LCMapStringA
GetStringTypeExA
GetSystemInfo
VirtualQuery
VirtualFree
VirtualProtect
lstrcatA
GetFileAttributesA
FindClose
FindFirstFileA
FindNextFileA
WriteFile
GetStdHandle
CreateFileW
SetFilePointer
lstrcpyA
GetCurrentThread
GetCurrentProcess
GetVersion
LocalAlloc
lstrlenA
WritePrivateProfileStringA
GetWindowsDirectoryA
GetTempPathA
FormatMessageA
lstrcmpiA
CreateFileA
LocalFree
lstrcpynA
GetVolumeInformationA
lstrcmpA
GetCurrentProcessId
GetSystemDirectoryA
SetFileAttributesA
SetLastError
InitializeCriticalSection
GlobalFree
GetDriveTypeA
GetOEMCP
GetCPInfo
GlobalFlags
GetProcessVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetModuleHandleA
GetFileInformationByHandle
InterlockedIncrement
InterlockedDecrement
TlsGetValue
LoadLibraryA
GetProcAddress
MulDiv
Sleep
GetFullPathNameA
GetVersionExA
GetProfileStringA
GetExitCodeProcess
WaitForMultipleObjects
ResetEvent
GetShortPathNameA
CreateProcessA
MultiByteToWideChar
GetPrivateProfileStringA
EnterCriticalSection
LeaveCriticalSection
PeekNamedPipe
ReadFile
GetCommandLineW
GetModuleFileNameA
WideCharToMultiByte
GetCurrentDirectoryA
DeleteCriticalSection
CreateEventA
GetLastError
SetEvent
WaitForSingleObject
TerminateThread
CloseHandle
GlobalAlloc
GlobalLock
GlobalUnlock
LocalReAlloc
TlsSetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
GetSystemTimeAsFileTime
SetNamedPipeHandleState
UnhandledExceptionFilter

user32

ReleaseDC
GetDC
InvalidateRect
MoveWindow
DefWindowProcA
EndPaint
FillRect
GetClientRect
CreateWindowExA
DestroyMenu
ClientToScreen
SetCapture
ReleaseCapture
SetRect
TrackPopupMenu
InsertMenuA
CreatePopupMenu
EndDialog
ShowWindow
UpdateWindow
DestroyWindow
GetCursorPos
KillTimer
UnregisterClassA
SetTimer
BeginPaint
GetMessageA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
RegisterClassA
GetDlgItemTextA
SetWindowTextA
SetDlgItemTextA
IsWindow
ScreenToClient
GetParent
GetPropA
GetWindowRect
GetWindowPlacement
PostMessageA
GetProcessWindowStation
GetUserObjectInformationW
LoadStringA
wsprintfA
DialogBoxIndirectParamW
MessageBoxA
GetTabbedTextExtentA
LoadBitmapA
GetSysColor
GetDialogBaseUnits
CallWindowProcA
SetWindowLongA
SetDlgItemTextW
GetDlgItemTextW
SendMessageA
GetDlgCtrlID
CheckDlgButton
EnableWindow
SendDlgItemMessageA
SetDlgItemInt
GetDlgItemInt
DialogBoxParamA
DdeUninitialize
DdeInitializeW
DdeNameService
DdePostAdvise
DdeCmpStringHandles
DdeCreateDataHandle
DdeCreateStringHandleW
DdeKeepStringHandle
DdeGetData
GetWindowLongA
DdeInitializeA
DdeFreeStringHandle
DdeCreateStringHandleA
DdeConnect
WaitForInputIdle
DdeClientTransaction
DdeDisconnect
BringWindowToTop
WindowFromPoint
GetAsyncKeyState
CheckRadioButton
GetDlgItem
IsDlgButtonChecked
GetSystemMetrics
IsWindowVisible
GetClassLongA
SetClassLongA
SetCursor
SetForegroundWindow
AdjustWindowRect
SystemParametersInfoA
GetDesktopWindow
LoadIconA
SetWindowPos
IsIconic
PeekMessageA
TranslateMessage
PostQuitMessage
RegisterWindowMessageA
DispatchMessageA
SetFocus
GetKeyState
IsWindowEnabled
GetLastActivePopup
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
GetNextDlgTabItem
GetFocus
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
GetMenuCheckMarkDimensions
GetWindow
GetForegroundWindow
GetMessagePos
GetMessageTime
RemovePropA
SetPropA
GetWindowTextA
GetMenuItemID
GetSubMenu
GetMenuItemCount
GetMenu
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
AdjustWindowRectEx
MapWindowPoints
GetSysColorBrush
GetClassNameA
PtInRect
TabbedTextOutA
DrawTextA
GrayStringA
LoadCursorA

gdi32

Escape
CreateFontA
GetBitmapBits
SetBitmapBits
GetNearestPaletteIndex
GetSystemPaletteEntries
CreatePalette
Polyline
SelectPalette
RealizePalette
GetNearestColor
CreateDIBitmap
GetPaletteEntries
StartPage
EndPage
CreateBitmap
PolyPolygon
CreatePolyPolygonRgn
CreatePolygonRgn
PaintRgn
CreateRectRgn
CreateDCA
StartDocA
SetPolyFillMode
EndDoc
GetObjectA
CreateFontIndirectA
ResetDCA
SetROP2
CreatePatternBrush
Rectangle
SetBkColor
Polygon
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
CreatePen
MoveToEx
LineTo
DeleteDC
CreateSolidBrush
DeleteObject
SetTextAlign
SetTextColor
SetBkMode
TextOutA
GetStockObject
SelectObject
GetTextMetricsA
GetTextExtentPoint32A
GetDeviceCaps
DeleteEnhMetaFile
CloseEnhMetaFile
CreateEnhMetaFileA
ExtTextOutA
GetClipBox
SaveDC
RestoreDC
RectVisible
PtVisible
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode

winspool.drv

GetPrinterA
GetJobA
EndDocPrinter
OpenPrinterA
StartDocPrinterA
WritePrinter
EndPagePrinter
DocumentPropertiesA
ClosePrinter
EnumPrintersA
StartPagePrinter

wtsapi32

WTSQuerySessionInformationA
WTSEnumerateSessionsA
WTSFreeMemory

comdlg32

GetOpenFileNameW
CommDlgExtendedError
PrintDlgA
GetSaveFileNameW

advapi32

SetSecurityDescriptorDacl
RegEnumValueA
RegSetValueExA
RegCreateKeyA
OpenThreadToken
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
CryptDecrypt
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptDestroyHash
CryptEncrypt
CryptDestroyKey
CryptReleaseContext
FreeSid
RegDeleteValueA
RegQueryValueA
RegOpenKeyA
RegDeleteKeyA
ReportEventA
DeregisterEventSource
RegisterEventSourceA
RegOpenKeyExA
RegQueryValueExA
GetUserNameA
RegCloseKey

shell32

DragQueryFileW
DragAcceptFiles
ShellExecuteA
SHGetSpecialFolderPathA
DragFinish

wsock32

WSAGetLastError
gethostname
WSAStartup
accept
recvfrom
send
socket
inet_ntoa
connect
select
__WSAFDIsSet
getsockopt
shutdown
closesocket
bind
listen
setsockopt
htons
htonl
ntohl
gethostbyname
WSACleanup

comctl32

ord17
InitCommonControlsEx

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 212KB - Virtual size: 210KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 844KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 168KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0d23f0e428ad52c613acb171aebd3be5

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

40:5a:05:ed:fd:51:2c:1b:cc:7b:45:f6:02:fb:8e:3cCertificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

d2:a5:d7:c9:06:0a:d4:9a:66:b4:71:fd:34:26:32:99:e8:50:d1:67Signer

Headers

File Characteristics

Imports

iphlpapi

mpr

kernel32

user32

gdi32

winspool.drv

wtsapi32

comdlg32

advapi32

shell32

wsock32

comctl32

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 212KB - Virtual size: 210KB

.data Size: 844KB - Virtual size: 1.2MB

.rsrc Size: 168KB - Virtual size: 164KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

40:5a:05:ed:fd:51:2c:1b:cc:7b:45:f6:02:fb:8e:3c
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

d2:a5:d7:c9:06:0a:d4:9a:66:b4:71:fd:34:26:32:99:e8:50:d1:67
Signer

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 212KB - Virtual size: 210KB

.data
Size: 844KB - Virtual size: 1.2MB

.rsrc
Size: 168KB - Virtual size: 164KB