c81dc43523430a617443a8ed519a548e

Sharing

Copy URL Twitter E-mail

General

Target

c81dc43523430a617443a8ed519a548e
Size

593KB
MD5

c81dc43523430a617443a8ed519a548e
SHA1

3e962c8e7a36e50f241cb586ecd603071c141b51
SHA256

53b50ea2f47b0c2d641ff701d1d86602ad8e87db7a49c7f38586e74776e5ffd2
SHA512

a7183f27094bd0ded9b2831f3d5a67657293ddf3fbfa28e42848d9038311f05e5d58563845e83a85496a38bfce37c99f79ec287b1192674a984e0e95707f0803
SSDEEP

6144:JCO5kuOWqqgN+iJ87qu9cB1hZXaXiu1p29qe+DXuz45ywkMbrn+HIWKtBMjKRL7E:gOBOWHgN+iJ8ZkNSe+qvw9f+oYKrjQ7

Score

1^/10

Malware Config

Signatures

Files

c81dc43523430a617443a8ed519a548e
.exe windows:4 windows x86 arch:x86

0e2b6c8c4fd60b93aca65b8ceba25ca9

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5a:2d:0e:95:59:2b:51:5a:5c:f3:f5:c5:d5:9c:88:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

11/08/2006, 00:00

Not After

03/09/2009, 23:59

Subject

CN=Yahoo! Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Yahoo! Inc.,L=Santa Clara,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

d9:70:01:a5:a6:75:02:3e:0b:b7:78:8b:42:2b:73:f4:df:73:a8:bf
Signer

Actual PE Digest

d9:70:01:a5:a6:75:02:3e:0b:b7:78:8b:42:2b:73:f4:df:73:a8:bf

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\ravip\dev\work\yupdater\135_20080915_1958\Yahoo\yupdater\Release\yupdater.pdb

Imports

comctl32

_TrackMouseEvent

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

shlwapi

PathFindFileNameW
PathAppendW

wininet

InternetErrorDlg
InternetCloseHandle
InternetReadFile
HttpSendRequestW
HttpQueryInfoW
HttpOpenRequestW
InternetConnectW
InternetCrackUrlW
InternetOpenW
HttpAddRequestHeadersW

kernel32

FlushInstructionCache
GetCurrentProcess
lstrcmpW
MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
SetLastError
MultiByteToWideChar
SetFileAttributesW
GetFileAttributesW
UnmapViewOfFile
MapViewOfFile
CloseHandle
CreateFileMappingW
GetFileSize
CreateFileW
WriteFile
WideCharToMultiByte
CreateDirectoryW
GetVersionExW
LocalFree
LocalAlloc
GetCurrentThread
OutputDebugStringW
GlobalFree
GlobalHandle
SystemTimeToFileTime
Sleep
SetFilePointer
CompareFileTime
GetFileTime
GetPrivateProfileIntW
GetPrivateProfileStringW
GetPrivateProfileSectionW
lstrlenA
QueryPerformanceCounter
GetCurrentProcessId
GlobalMemoryStatus
FreeLibrary
GetProcAddress
LoadLibraryA
GetVersionExA
LCMapStringW
LCMapStringA
TlsFree
lstrlenW
TlsAlloc
TlsGetValue
GetModuleHandleA
IsValidCodePage
GetOEMCP
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetModuleFileNameA
GetStartupInfoW
GetLocalTime
GetConsoleMode
GetConsoleCP
ReadFile
GetFileType
RtlUnwind
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedCompareExchange
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
SetStdHandle
SetEndOfFile
SetHandleCount
GetStartupInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
GetSystemTimeAsFileTime
SetConsoleCtrlHandler
GetStdHandle
LeaveCriticalSection
EnterCriticalSection
lstrcpynW
GetModuleFileNameW
CopyFileW
DeleteFileW
SetEvent
InterlockedDecrement
InterlockedIncrement
GetCurrentThreadId
FileTimeToSystemTime
GetLastError
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetModuleHandleW
GetTickCount
FlushFileBuffers
VirtualQuery
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
CreateFileA
HeapCreate
FatalAppExitA
ExitProcess
GetTimeZoneInformation
CompareStringA
CompareStringW
SetEnvironmentVariableA
TlsSetValue

user32

DialogBoxIndirectParamW
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
CreateDialogIndirectParamW
IsDialogMessageW
GetMessageW
GetActiveWindow
CreateAcceleratorTableW
RegisterClassExW
GetClassInfoExW
SetFocus
GetFocus
DestroyAcceleratorTable
GetDesktopWindow
BeginPaint
EndPaint
FillRect
ReleaseCapture
GetClassNameW
GetDlgItem
GetParent
IsChild
MapWindowPoints
SystemParametersInfoW
DrawTextW
LoadIconW
SetCursor
MapDialogRect
SetWindowContextHelpId
BringWindowToTop
SetTimer
EndDialog
SetDlgItemTextW
AdjustWindowRectEx
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
ScreenToClient
ClientToScreen
SetWindowPos
CharNextW
GetSysColor
CallWindowProcW
MoveWindow
SendMessageW
GetWindow
GetClientRect
GetWindowLongW
SetWindowLongW
GetAsyncKeyState
GetKeyState
PostMessageW
CreateWindowExW
ShowWindow
PostThreadMessageW
FindWindowW
LoadCursorW
RegisterClassW
LoadStringW
PeekMessageW
TranslateMessage
DispatchMessageW
DefWindowProcW
PostQuitMessage
IsWindow
DestroyWindow
UnregisterClassW
GetWindowRect
KillTimer
SendDlgItemMessageW
SetWindowTextW
UnregisterClassA

gdi32

DeleteDC
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
GetDeviceCaps
CreateSolidBrush
SelectObject
GetStockObject
SetTextColor
CreateFontIndirectW
TextOutW
GetBitmapBits
GetObjectA
CreateDCA
GetObjectW
DeleteObject

advapi32

AccessCheck
RegQueryValueExA
RegDeleteValueW
RegDeleteKeyW
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
OpenThreadToken
OpenProcessToken
DuplicateToken
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
IsValidSecurityDescriptor
SetSecurityDescriptorOwner

shell32

SHGetFolderPathW
ShellExecuteExW
SHFileOperationW

ole32

CoInitialize
CoUninitialize
CoCreateInstance
StringFromGUID2
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoTaskMemAlloc
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoTaskMemFree
StringFromCLSID

oleaut32

SysAllocString
VariantChangeType
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
SysStringByteLen
DispCallFunc
SysAllocStringLen
VariantClear
VariantInit
SysStringLen
SysFreeString

Sections

.text
Size: 428KB - Virtual size: 426KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 32KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0e2b6c8c4fd60b93aca65b8ceba25ca9

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

5a:2d:0e:95:59:2b:51:5a:5c:f3:f5:c5:d5:9c:88:b7Certificate

Extended Key Usages

Key Usages

d9:70:01:a5:a6:75:02:3e:0b:b7:78:8b:42:2b:73:f4:df:73:a8:bfSigner

Headers

File Characteristics

PDB Paths

Imports

comctl32

version

shlwapi

wininet

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 428KB - Virtual size: 426KB

.rdata Size: 92KB - Virtual size: 91KB

.data Size: 32KB - Virtual size: 67KB

.rsrc Size: 32KB - Virtual size: 108KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

5a:2d:0e:95:59:2b:51:5a:5c:f3:f5:c5:d5:9c:88:b7
Certificate

d9:70:01:a5:a6:75:02:3e:0b:b7:78:8b:42:2b:73:f4:df:73:a8:bf
Signer

.text
Size: 428KB - Virtual size: 426KB

.rdata
Size: 92KB - Virtual size: 91KB

.data
Size: 32KB - Virtual size: 67KB

.rsrc
Size: 32KB - Virtual size: 108KB