f03e7083f55187707d3b54e1f7c1c4d208958ab724e5273743ba7016d87575b1

Sharing

Copy URL Twitter E-mail

General

Target

f03e7083f55187707d3b54e1f7c1c4d208958ab724e5273743ba7016d87575b1
Size

201KB
MD5

eaff8cb99a1f19385fa38e6e885b1fa3
SHA1

59bc8ec77b2638047fcbeac6f1359818db50d4be
SHA256

f03e7083f55187707d3b54e1f7c1c4d208958ab724e5273743ba7016d87575b1
SHA512

b36752b69123314f0f4f18a7a0831df06f3faa504bdd20ba36e4b9d50737059ce5b3eba79541d07991cc522a8f1ffa368fa1a8e61510888478dbc486656dc41b
SSDEEP

3072:eSF+qx5TNwXm5IxSfQYObj/tEYMqzCQ5CkKtCdFOoAT66D3:aqx5TmXu+KXuj1EbOrFOj

Score

1^/10

Malware Config

Signatures

Files

f03e7083f55187707d3b54e1f7c1c4d208958ab724e5273743ba7016d87575b1
.exe windows:4 windows x86 arch:x86

6ceedec190f731a48cbf32d0227f2b39

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

50:1d:f4:ef:34:98:e9:ef:63:f6:d4:44:19:87:94:72
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

31/10/2006, 00:00

Not After

31/10/2008, 23:59

Subject

CN=Cat Computer Services (P) Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Development,O=Cat Computer Services (P) Ltd.,L=Pune,ST=Maharashtra,C=IN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:61:cd:3e:3e:d7:00:e0:f4:5e:76:d4:79:89:e1:ce:d8:cc:7b:3b
Signer

Actual PE Digest

2e:61:cd:3e:3e:d7:00:e0:f4:5e:76:d4:79:89:e1:ce:d8:cc:7b:3b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

registry

SetRegDWORDValue
GetRegValue

filewrap

my_read
my_close
my_unlink
my_open
my_open_create
my_write
my_lseek

onlnmf

ord4
ord6
ord1

kernel32

lstrcmpA
GetCurrentThread
InterlockedDecrement
RaiseException
InitializeCriticalSection
DeleteCriticalSection
GlobalFlags
LeaveCriticalSection
GlobalReAlloc
GlobalHandle
EnterCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
InterlockedIncrement
GetCPInfo
GetOEMCP
FlushFileBuffers
SetEndOfFile
GetCurrentProcess
SetErrorMode
ConvertDefaultLocale
GetFileAttributesA
RtlUnwind
ExitThread
CreateThread
GetFileType
GetTimeFormatA
GetDateFormatA
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStartupInfoA
GetCommandLineA
HeapReAlloc
TerminateProcess
HeapSize
UnhandledExceptionFilter
SetHandleCount
GetStdHandle
SetStdHandle
GetTimeZoneInformation
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetEnvironmentVariableA
EnumResourceLanguagesA
lstrcpyA
SetLastError
MulDiv
GlobalAlloc
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcatA
lstrcmpW
lstrcpynA
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
CompareStringW
CompareStringA
lstrlenA
lstrcmpiA
GetVersion
GetPrivateProfileIntA
GetLogicalDrives
LoadLibraryW
SetFilePointer
GetModuleFileNameW
GetShortPathNameW
WritePrivateProfileStringA
ExitProcess
GetCurrentProcessId
CreateMutexA
DeviceIoControl
SetFileAttributesA
LoadLibraryExA
LoadLibraryA
GetProcAddress
FreeLibrary
FindResourceA
LoadResource
LockResource
SizeofResource
Sleep
CreateProcessA
GetExitCodeProcess
GetLocalTime
LocalAlloc
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
GetModuleHandleA
GetModuleFileNameA
GetShortPathNameA
OpenFileMappingA
MapViewOfFile
OpenEventA
UnmapViewOfFile
SetEvent
WideCharToMultiByte
MultiByteToWideChar
WaitForMultipleObjects
FormatMessageA
LocalFree
ReadFile
CreateEventA
ResetEvent
WriteFile
GetLastError
WaitForSingleObject
GetOverlappedResult
CloseHandle
CreateFileA

user32

TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
ClientToScreen
GetDC
ReleaseDC
BeginPaint
EndPaint
GetSysColorBrush
LoadCursorA
wsprintfA
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
ShowWindow
SetWindowTextA
IsDialogMessageA
WinHelpA
GetCapture
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
GetFocus
SetFocus
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
DestroyMenu
TrackPopupMenu
GetKeyState
IsWindowVisible
UpdateWindow
GetMenu
PostMessageA
GetMenuItemID
GetSysColor
AdjustWindowRectEx
GetClassInfoA
RegisterClassA
UnregisterClassA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
MessageBoxA
EnableWindow
SendMessageA
LoadStringW
GetActiveWindow
GetSystemMetrics
DispatchMessageA
GetMessageA
CopyRect
PtInRect
GetWindow
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetWindowLongA
GetDlgItem
IsWindowEnabled
GetParent
GetNextDlgTabItem
EndDialog
DestroyIcon
TranslateMessage
ValidateRect
RegisterWindowMessageA
SetCursor
PostQuitMessage
FindWindowA
MessageBoxW
LoadIconA
DrawIcon
AppendMenuA
EnableMenuItem
GetSubMenu
LoadMenuA
GetSystemMenu
IsIconic
GetClientRect
SetTimer
KillTimer
SetForegroundWindow
GetCursorPos
DeleteMenu
SetMenuDefaultItem
ModifyMenuW
GetMenuItemCount

gdi32

SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
PtVisible
DeleteDC
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutA
SaveDC
ExtTextOutA
GetDeviceCaps
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetClipBox
GetStockObject
DeleteObject
SetMapMode
RestoreDC
RectVisible

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegCloseKey
RegOpenKeyA
AllocateAndInitializeSid
SetEntriesInAclA
FreeSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyExA

shell32

Shell_NotifyIconW
ShellExecuteExA

comctl32

ord17

shlwapi

PathFindFileNameA
PathFindExtensionA

oleaut32

VariantClear
VariantChangeType
VariantInit

Sections

.text
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6ceedec190f731a48cbf32d0227f2b39

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

50:1d:f4:ef:34:98:e9:ef:63:f6:d4:44:19:87:94:72Certificate

Extended Key Usages

Key Usages

2e:61:cd:3e:3e:d7:00:e0:f4:5e:76:d4:79:89:e1:ce:d8:cc:7b:3bSigner

Headers

File Characteristics

Imports

registry

filewrap

onlnmf

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oleaut32

Sections

.text Size: 128KB - Virtual size: 127KB

.rdata Size: 32KB - Virtual size: 28KB

.data Size: 8KB - Virtual size: 24KB

.rsrc Size: 24KB - Virtual size: 23KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

50:1d:f4:ef:34:98:e9:ef:63:f6:d4:44:19:87:94:72
Certificate

2e:61:cd:3e:3e:d7:00:e0:f4:5e:76:d4:79:89:e1:ce:d8:cc:7b:3b
Signer

.text
Size: 128KB - Virtual size: 127KB

.rdata
Size: 32KB - Virtual size: 28KB

.data
Size: 8KB - Virtual size: 24KB

.rsrc
Size: 24KB - Virtual size: 23KB