01b889e0255234852c482610b84316d20b60e1cff4e256b8e0dcc014116ab47c

Sharing

Copy URL Twitter E-mail

General

Target

01b889e0255234852c482610b84316d20b60e1cff4e256b8e0dcc014116ab47c
Size

138KB
MD5

961c8e38acf27ec276206406342ef383
SHA1

cf1d56f545e1a436563c14d278dd505ed0b5c099
SHA256

01b889e0255234852c482610b84316d20b60e1cff4e256b8e0dcc014116ab47c
SHA512

d832a2cccf61f2ed42aefc643abd9bc22241126f839f1329b502174eb7fb621d2653ee4b3964e88d6dff40072059a630424a833ed99b9351ecfe10b57e24a564
SSDEEP

3072:gJcO4ONeOTf8l52lQBV+UdE+rECWp7hKGuMU:SpUOTfMBV+UdvrEFp7hKGuMU

Score

1^/10

Malware Config

Signatures

Files

01b889e0255234852c482610b84316d20b60e1cff4e256b8e0dcc014116ab47c
.exe windows:4 windows x86 arch:x86

a3c79b5ef0fc97a4f26a94b132f94924

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:23:54:03:64:37:c5:89:5f:95:9d:dc:9c:f8:9a:a7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

24/01/2007, 00:00

Not After

24/01/2008, 23:59

Subject

CN=Even Balance\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Even Balance\, Inc.,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

67:c6:d2:4f:00:b5:3f:ac:c5:0e:dd:3a:f0:ab:d0:03:83:97:8d:02
Signer

Actual PE Digest

67:c6:d2:4f:00:b5:3f:ac:c5:0e:dd:3a:f0:ab:d0:03:83:97:8d:02

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

r:\pnkbstra\Release\pnkbstra.pdb

Imports

wsock32

WSAStartup
socket
inet_ntoa
setsockopt
htons
ioctlsocket
bind
recvfrom
inet_addr
ntohs
sendto
closesocket

kernel32

GetCurrentProcess
GetTickCount
HeapSize
Sleep
GetSystemDirectoryA
CopyFileA
WideCharToMultiByte
SystemTimeToFileTime
FileTimeToLocalFileTime
lstrcmpA
lstrcpyW
FileTimeToSystemTime
MultiByteToWideChar
GetLastError
FormatMessageA
lstrlenA
LocalAlloc
LocalFree
SetEndOfFile
ReadFile
GetLocaleInfoA
VirtualProtect
GetOEMCP
GetACP
GetStringTypeW
GetStringTypeA
GetSystemInfo
LCMapStringA
LCMapStringW
CompareStringA
CompareStringW
SetEnvironmentVariableA
CreateDirectoryA
GetFileAttributesA
SetFileAttributesA
GetCPInfo
DeleteFileA
GetSystemTimeAsFileTime
ExitProcess
RtlUnwind
GetModuleHandleA
GetCommandLineA
GetVersionExA
WriteFile
FlushFileBuffers
HeapFree
CloseHandle
GetProcAddress
TerminateProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
GetTimeZoneInformation
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetModuleFileNameA
InterlockedExchange
VirtualQuery
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
SetStdHandle
HeapAlloc
VirtualAlloc
HeapReAlloc
CreateFileA
LoadLibraryA

user32

wsprintfA

advapi32

RegSetValueExA
CreateServiceA
CloseServiceHandle
DeleteService
ControlService
OpenServiceA
OpenSCManagerA
AdjustTokenPrivileges
LookupPrivilegeValueA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
RegCreateKeyExA
StartServiceA
RegOpenKeyExA
RegCloseKey
SetServiceStatus
OpenProcessToken

shell32

SHGetFolderPathA

wintrust

WinVerifyTrust

crypt32

CertGetNameStringA
CryptDecodeObject
CertFreeCertificateContext
CryptMsgClose
CertCloseStore
CertVerifyTimeValidity
CertFindCertificateInStore
CryptQueryObject
CryptMsgGetParam

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a3c79b5ef0fc97a4f26a94b132f94924

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

0d:23:54:03:64:37:c5:89:5f:95:9d:dc:9c:f8:9a:a7Certificate

Extended Key Usages

Key Usages

67:c6:d2:4f:00:b5:3f:ac:c5:0e:dd:3a:f0:ab:d0:03:83:97:8d:02Signer

Headers

File Characteristics

PDB Paths

Imports

wsock32

kernel32

user32

advapi32

shell32

wintrust

crypt32

Sections

.text Size: 36KB - Virtual size: 35KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 18KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

0d:23:54:03:64:37:c5:89:5f:95:9d:dc:9c:f8:9a:a7
Certificate

67:c6:d2:4f:00:b5:3f:ac:c5:0e:dd:3a:f0:ab:d0:03:83:97:8d:02
Signer

.text
Size: 36KB - Virtual size: 35KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 18KB