cab62cf45e2d5b324b43b7cc14d5f98b

Sharing

Copy URL Twitter E-mail

General

Target

cab62cf45e2d5b324b43b7cc14d5f98b
Size

377KB
MD5

cab62cf45e2d5b324b43b7cc14d5f98b
SHA1

d6bc3c469ecc41054cb47081518e7538e675d4b6
SHA256

4723432d1f287811ae91a98c48b98bda2c45fd0f99dabc285bba30a3a67ed7ba
SHA512

e07b34eb6246855b0ee6ca70251f6a9b4484705d139a08356ff623b4918adb5b628299cb047b67a0d51087a68771e1eb80130ba919b3da793ef64ad8ac40da85
SSDEEP

6144:AiyxNdnQikJYLDOR/b4r/HHa3R0kIZWzuVAMo932Pn3WXXzxOR:vqIiWq4j4rm7IZsuVAMo932PnmX+

Score

1^/10

Malware Config

Signatures

Files

cab62cf45e2d5b324b43b7cc14d5f98b
.exe windows:5 windows x86 arch:x86

2eb0601790e6bd3051f9021ca938602d

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4f:ea:b5:57:30:a7:55:a4:56:fe:6c:18:a4:79:1c:1a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

19/05/2009, 00:00

Not After

19/05/2011, 23:59

Subject

CN=Pinball Corporation.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Pinball Corporation.,L=Bellevue,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

8e:0e:80:78:43:6f:6b:93:11:fd:3a:e7:d8:45:94:ad:67:3a:23:86
Signer

Actual PE Digest

8e:0e:80:78:43:6f:6b:93:11:fd:3a:e7:d8:45:94:ad:67:3a:23:86

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThreadId
GetCurrentProcessId
DeleteFileA
CreateFileA
TerminateThread
ReadFile
HeapAlloc
lstrlenA
HeapReAlloc
GlobalFree
GlobalUnlock
MulDiv
GlobalAlloc
GlobalLock
lstrcpyA
CreateThread
CloseHandle
GetModuleHandleA
CreateEventA
GetTickCount
SetEvent
WaitForSingleObject
LockResource
SizeofResource
Sleep
WideCharToMultiByte
DeleteCriticalSection
CreateMutexA
OpenMutexA
EnterCriticalSection
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
InitializeCriticalSectionAndSpinCount
GetStringTypeW
GetStringTypeA
HeapCreate
LCMapStringW
LCMapStringA
TlsFree
GetLastError
RaiseException
MultiByteToWideChar
GetModuleFileNameW
LeaveCriticalSection
InitializeCriticalSection
GetCommandLineA
GetProcessHeap
HeapFree
InterlockedDecrement
InterlockedIncrement
FindResourceExA
LoadResource
FindResourceA
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
VirtualQuery
GetSystemInfo
VirtualProtect
GetStartupInfoA
ExitProcess
GetModuleHandleW
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedCompareExchange
HeapSize
HeapDestroy
LocalAlloc
GetShortPathNameA
GetTempPathA
GetVersion
GetVersionExA
CreateToolhelp32Snapshot
Process32Next
WriteConsoleA
GetTempFileNameA
AttachConsole
GetStdHandle
Module32First
CreateDirectoryA
GetSystemDirectoryA
TerminateProcess
CreateProcessA
GetComputerNameExA
GetExitCodeProcess
FreeConsole
GetVolumeInformationA
OpenProcess
GetProcessTimes
GetDriveTypeA
WriteFile
GetWindowsDirectoryA
Process32First
lstrcmpA
GetCurrentProcess
lstrlenW
FlushInstructionCache
SetLastError
GetModuleFileNameA
SystemTimeToFileTime
GetSystemTimeAsFileTime
GetLocalTime
GetSystemTime
WaitForMultipleObjectsEx
ResumeThread
FreeLibrary
GetProcAddress
LoadLibraryA
GetExitCodeThread
DeviceIoControl
FormatMessageA
LocalFree
GetComputerNameA
DosDateTimeToFileTime
GetFileSize
GetLocaleInfoA
MoveFileExA
SetErrorMode

user32

LoadCursorA
SystemParametersInfoA
ReleaseCapture
DispatchMessageA
PostMessageA
FrameRect
GetSysColorBrush
RegisterClassA
FindWindowExA
SendMessageA
UpdateWindow
ShowWindow
GetCursorPos
SetWindowPos
RedrawWindow
DefWindowProcA
EnableMenuItem
ReleaseDC
CreateWindowExA
GetFocus
GetParent
GetClassNameA
CreateDialogParamA
GetClientRect
EnumWindows
GetWindowTextA
GetWindowThreadProcessId
PostThreadMessageA
RegisterClassExA
GetClassInfoExA
UnregisterClassA
GetDesktopWindow
IsWindow
SetDlgItemTextA
EndPaint
DestroyWindow
SetCursor
GetMessageA
GetSystemMenu
SetTimer
ScreenToClient
GetWindowRect
FillRect
SetCapture
KillTimer
DrawTextA
SetForegroundWindow
BeginPaint
PtInRect
GetDC
TranslateMessage
InflateRect
SetRect
MoveWindow
GetWindow
CallWindowProcA
LoadImageA
SetWindowTextA
GetSystemMetrics
GetSysColor
GetDlgItem
CreateAcceleratorTableA
InvalidateRect
RegisterWindowMessageA
GetWindowTextLengthA
SetFocus
CharNextA
InvalidateRgn
IsChild
DestroyAcceleratorTable
ClientToScreen
FindWindowA
GetForegroundWindow
AttachThreadInput
SetWindowLongA
MessageBoxA
BringWindowToTop
GetWindowLongA

gdi32

BitBlt
PatBlt
SetTextColor
DeleteDC
CreateFontIndirectA
SetBkMode
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
GetDeviceCaps
CreateSolidBrush
GetStockObject
GetObjectA

advapi32

CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextA
CryptImportKey
CryptCreateHash
CryptVerifySignatureA
RegSetValueExA
RegQueryValueExA
RegEnumKeyExA
RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
OpenProcessToken
ConvertSidToStringSidA
LookupAccountNameA
DuplicateTokenEx

ole32

CoGetClassObject
CoTaskMemAlloc
CoCreateGuid
CoSetProxyBlanket
CoInitializeSecurity
StringFromGUID2
CLSIDFromString
CLSIDFromProgID
OleUninitialize
OleInitialize
CoInitializeEx
CoInitialize
CoUninitialize
CreateStreamOnHGlobal
OleLockRunning
CoCreateInstance

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
LoadRegTypeLi
SysStringByteLen
OleCreateFontIndirect
VariantChangeType
VariantInit
SysAllocStringByteLen
LoadTypeLi
VariantClear
SysStringLen
SysAllocString
OleLoadPicture
SysAllocStringLen
SysFreeString

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

shlwapi

UrlEscapeA
PathAddExtensionA
PathAppendA
PathStripToRootA
PathCombineA
PathQuoteSpacesA
PathFileExistsA
PathFindExtensionA
PathRemoveExtensionA
PathRemoveArgsA
PathStripPathA
PathUnquoteSpacesA

ws2_32

getaddrinfo
WSAGetLastError
WSAConnect
WSAStartup
WSASetEvent
WSASend
WSARecv
WSACleanup
WSASocketA
WSAResetEvent
closesocket
WSASetLastError
WSACreateEvent
freeaddrinfo
WSACloseEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAGetOverlappedResult

Sections

.text
Size: 278KB - Virtual size: 278KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2eb0601790e6bd3051f9021ca938602d

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

4f:ea:b5:57:30:a7:55:a4:56:fe:6c:18:a4:79:1c:1aCertificate

Extended Key Usages

Key Usages

8e:0e:80:78:43:6f:6b:93:11:fd:3a:e7:d8:45:94:ad:67:3a:23:86Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

version

shlwapi

ws2_32

Sections

.text Size: 278KB - Virtual size: 278KB

.rdata Size: 65KB - Virtual size: 65KB

.data Size: 10KB - Virtual size: 20KB

.rsrc Size: 19KB - Virtual size: 18KB

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

4f:ea:b5:57:30:a7:55:a4:56:fe:6c:18:a4:79:1c:1a
Certificate

8e:0e:80:78:43:6f:6b:93:11:fd:3a:e7:d8:45:94:ad:67:3a:23:86
Signer

.text
Size: 278KB - Virtual size: 278KB

.rdata
Size: 65KB - Virtual size: 65KB

.data
Size: 10KB - Virtual size: 20KB

.rsrc
Size: 19KB - Virtual size: 18KB