c8e1f6b2e43a124697147b4c11a03911

Sharing

Copy URL Twitter E-mail

General

Target

c8e1f6b2e43a124697147b4c11a03911
Size

237KB
MD5

c8e1f6b2e43a124697147b4c11a03911
SHA1

184870f1baf43d4e5770d7ad45c2992580948c26
SHA256

fd65805d8921ba2b297754a347203a305fcaca2c013368c3bf89b9fa4bb95911
SHA512

aacfcc23df750cda8a8941fe9160c47efc7d9216af519b78970219ae6b7f917b205a89f9636d9544172db826c876187c2a73b9c3ac583ea010b155c43a8279e2
SSDEEP

6144:i9ioRbz4wBj2ILyTBWBTQgsQ82E9aLLpA+BAXAJ1vIBmh:iwObRiI+BqQb0E9aLLpAUsAJ1wu

Score

1^/10

Malware Config

Signatures

Files

c8e1f6b2e43a124697147b4c11a03911
.exe windows:4 windows x86 arch:x86

10e048f792cbed2c19a20b6a1751cede

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ed:f8:34:0c:df:06:0c:09:9e:1a:64:72:f7:6d:b4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

11/09/2006, 00:00

Not After

24/11/2007, 23:59

Subject

CN=Symantec Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Symantec Research Labs,O=Symantec Corporation,L=Santa Monica,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

06:d2:6c:ca:32:7c:ed:d9:ad:57:c6:30:3c:86:18:9b:46:6e:21:c3
Signer

Actual PE Digest

06:d2:6c:ca:32:7c:ed:d9:ad:57:c6:30:3c:86:18:9b:46:6e:21:c3

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FatalAppExitW
GetVersion
lstrcatA
GetAtomNameW
lstrcat
CreateNamedPipeW
GetLogicalDriveStringsW
IsBadCodePtr
SetCurrentDirectoryW
DuplicateHandle
GetUserDefaultLCID
GetProcAddress
ExitProcess
CreateEventW
lstrcpynW
OpenEventA
WaitForSingleObject
lstrcmpA
LoadLibraryExA
EnumDateFormatsA
GetTempPathA
lstrcmpi
CopyFileA
GetProcessHeap
SearchPathW
GetVersionExA
QueryPerformanceCounter
OpenWaitableTimerW
AddAtomA
SystemTimeToFileTime
CompareFileTime
lstrcpyA
AddAtomW
BeginUpdateResourceA
CreateSemaphoreW
lstrcmpW
GetTempFileNameW
FreeLibrary
DeleteAtom
EnumDateFormatsW
SearchPathA
CopyFileExW
SetLocaleInfoW
GetDiskFreeSpaceW
CreateMutexA
IsBadStringPtrA
GetTempFileNameA
GlobalFindAtomW
lstrcpyW
LoadLibraryA
GetLongPathNameA
GetFileAttributesA
GetSystemDefaultLangID
OpenEventW
lstrcmpiW
WinExec
DisconnectNamedPipe
GetModuleFileNameW
GetLogicalDriveStringsA
GetThreadLocale
lstrlen
SetComputerNameW

user32

SetDlgItemInt
CharLowerW
SendDlgItemMessageA
CreateDesktopA
LoadBitmapA
WinHelpW
wvsprintfW
SetWindowLongW
TrackPopupMenu
EmptyClipboard
WaitMessage
MessageBoxIndirectW
RegisterClassExW
UnregisterClassW
GetMenuItemCount
GetMenuInfo
FindWindowW
DefWindowProcW
EnableMenuItem
InsertMenuItemA
ActivateKeyboardLayout
MessageBoxA
DestroyIcon
DialogBoxIndirectParamW
SetActiveWindow
EnumClipboardFormats
GetClassInfoW
PeekMessageW
GetKeyboardLayout
DialogBoxParamW
FindWindowA
MonitorFromWindow
GetActiveWindow
RegisterWindowMessageW
GetMenuStringA
IsDlgButtonChecked
InsertMenuA
SetWindowTextW
SendMessageW
GetSubMenu
SetCursor
GetSysColorBrush
CreateDesktopW
TrackPopupMenuEx
GetWindowRgn
CharPrevA
SetWindowRgn
GetMenuItemRect
CreatePopupMenu
CreateWindowExW

shell32

StrStrW
ExtractAssociatedIconW
StrChrIW
StrRStrA
StrCmpNW
SHGetDiskFreeSpaceA
StrNCmpIA

shlwapi

PathCommonPrefixW
StrStrIW
PathCompactPathExA
PathFindSuffixArrayW
UrlCombineA
PathIsFileSpecA
SHEnumKeyExA
PathFindNextComponentA
PathFindOnPathW
SHGetValueW
StrTrimA

comctl32

FlatSB_GetScrollPos
CreateStatusWindowW
CreatePropertySheetPageW
DrawStatusTextA

comdlg32

PageSetupDlgA
GetFileTitleW
ReplaceTextA
PrintDlgExA
GetOpenFileNameA
GetFileTitleA
FindTextW

ole32

IsValidIid
CoGetDefaultContext
OleInitialize

opengl32

glNormal3d
glTexCoord4d
glFlush
GlmfEndGlsBlock
glTexGendv
glVertex4iv
glScissor
glStencilOp
glDisable
wglGetLayerPaletteEntries
glMap2d
glArrayElement
glFeedbackBuffer
glTexCoord3f
glTexSubImage2D
wglGetCurrentContext
GlmfInitPlayback

imm32

ImmReleaseContext
ImmRegisterWordA

Sections

.x
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.jY
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rbJp
Size: 2KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.zedR
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.TPiJ
Size: 4KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mf
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.W
Size: 9KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Z
Size: 4KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

10e048f792cbed2c19a20b6a1751cede

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

01:ed:f8:34:0c:df:06:0c:09:9e:1a:64:72:f7:6d:b4Certificate

Extended Key Usages

Key Usages

06:d2:6c:ca:32:7c:ed:d9:ad:57:c6:30:3c:86:18:9b:46:6e:21:c3Signer

Headers

File Characteristics

Imports

kernel32

user32

shell32

shlwapi

comctl32

comdlg32

ole32

opengl32

imm32

Sections

.x Size: 8KB - Virtual size: 8KB

.jY Size: 91KB - Virtual size: 91KB

.rbJp Size: 2KB - Virtual size: 123KB

.zedR Size: 12KB - Virtual size: 12KB

.TPiJ Size: 4KB - Virtual size: 46KB

.mf Size: 91KB - Virtual size: 90KB

.W Size: 9KB - Virtual size: 74KB

.Z Size: 4KB - Virtual size: 156KB

.rsrc Size: 7KB - Virtual size: 6KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

01:ed:f8:34:0c:df:06:0c:09:9e:1a:64:72:f7:6d:b4
Certificate

06:d2:6c:ca:32:7c:ed:d9:ad:57:c6:30:3c:86:18:9b:46:6e:21:c3
Signer

.x
Size: 8KB - Virtual size: 8KB

.jY
Size: 91KB - Virtual size: 91KB

.rbJp
Size: 2KB - Virtual size: 123KB

.zedR
Size: 12KB - Virtual size: 12KB

.TPiJ
Size: 4KB - Virtual size: 46KB

.mf
Size: 91KB - Virtual size: 90KB

.W
Size: 9KB - Virtual size: 74KB

.Z
Size: 4KB - Virtual size: 156KB

.rsrc
Size: 7KB - Virtual size: 6KB