d73b10e47d7c71eee974c97c40d93359

Sharing

Copy URL Twitter E-mail

General

Target

d73b10e47d7c71eee974c97c40d93359
Size

113KB
MD5

d73b10e47d7c71eee974c97c40d93359
SHA1

b379bd73e9c4d418b6a4851d1fc116629b9ef6cf
SHA256

6d1191df6ff1f3ff2e1644de1c6ba4e8a416993f38b1dc8fcaa4fe4fd9a3fca1
SHA512

933094ee65ba8e5de3b73e182fb6246986e307526095a818d4d83c9a14e811a96368710afea3e4111cf487b5ff176efa72308a0d10e7012141f00b320e4151ed
SSDEEP

3072:1R0BPtp/1nIRUIgA5YdoUL2RP9KdpBvJalLqKmp:1wT/1nIRUI5eoULkPIvJD

Score

1^/10

Malware Config

Signatures

Files

d73b10e47d7c71eee974c97c40d93359
.exe windows:5 windows x86 arch:x86

f8848278ee66f2915d745c514e8d0bc2

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

18:a6:86:a1:22:90:59:01:7a:67:21:36:ac:2e:72:65
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

15/12/2006, 00:00

Not After

10/01/2010, 23:59

Subject

CN=Dell Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Dell Inc.,L=Round Rock,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c2:8b:76:46:e8:25:10:68:65:c4:a2:f0:22:2f:e4:00:3b:c2:b0:2b
Signer

Actual PE Digest

c2:8b:76:46:e8:25:10:68:65:c4:a2:f0:22:2f:e4:00:3b:c2:b0:2b

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

RpcServerUseProtseqA

mpr

WNetCloseEnum
WNetOpenEnumA

kernel32

GetProcAddress
LoadLibraryA
OpenEventA
TerminateThread
OutputDebugStringA
GetLocalTime
GetModuleFileNameA
SetConsoleCtrlHandler
GetTimeZoneInformation
SetFilePointer
FlushFileBuffers
lstrcatA
HeapReAlloc
VirtualAlloc
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
WaitNamedPipeA
CreateFileA
WriteFile
ReadFile
lstrcmpA
lstrlenA
WaitForMultipleObjects
ResetEvent
lstrcmpiA
GlobalSize
GetVersionExA
CreateEventA
InitializeCriticalSection
GetLastError
GlobalAlloc
lstrcpyA
SetEnvironmentVariableA
GetComputerNameA
Sleep
EnterCriticalSection
GlobalFree
CreateThread
SetEvent
LeaveCriticalSection
WaitForSingleObject
CloseHandle
DeleteCriticalSection
FreeLibrary
GetLocaleInfoW
SetStdHandle
CompareStringA
CompareStringW
IsBadWritePtr
RtlUnwind
ExitProcess
TerminateProcess
GetCurrentProcess
GetCommandLineA
GetVersion
FatalAppExitA
GetCPInfo
GetACP
GetOEMCP
InterlockedDecrement
InterlockedIncrement
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetCurrentThread
GetModuleHandleA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
HeapAlloc

user32

EnumWindows
PostMessageA
GetClassNameA
wsprintfA

winspool.drv

FindClosePrinterChangeNotification
GetPrinterA
FindNextPrinterChangeNotification
FindFirstPrinterChangeNotification
EnumJobsA
OpenPrinterA
GetPrinterDataA
EnumPortsA
EnumPrintersA
ClosePrinter

advapi32

AddAccessAllowedAce
ControlService
DeleteService
CreateServiceA
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
QueryServiceStatus
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
GetLengthSid
InitializeAcl
GetAce
SetSecurityDescriptorDacl
GetSecurityDescriptorLength
MakeSelfRelativeSD
AllocateAndInitializeSid
FreeSid
RegDeleteValueA
RegQueryInfoKeyA
RegEnumValueA
RegEnumKeyExA
GetSecurityDescriptorDacl
GetAclInformation
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA

Sections

.text
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f8848278ee66f2915d745c514e8d0bc2

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

18:a6:86:a1:22:90:59:01:7a:67:21:36:ac:2e:72:65Certificate

Extended Key Usages

Key Usages

c2:8b:76:46:e8:25:10:68:65:c4:a2:f0:22:2f:e4:00:3b:c2:b0:2bSigner

Headers

File Characteristics

Imports

rpcrt4

mpr

kernel32

user32

winspool.drv

advapi32

Sections

.text Size: 76KB - Virtual size: 74KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 16KB - Virtual size: 22KB

.rsrc Size: 4KB - Virtual size: 2KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

18:a6:86:a1:22:90:59:01:7a:67:21:36:ac:2e:72:65
Certificate

c2:8b:76:46:e8:25:10:68:65:c4:a2:f0:22:2f:e4:00:3b:c2:b0:2b
Signer

.text
Size: 76KB - Virtual size: 74KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 16KB - Virtual size: 22KB

.rsrc
Size: 4KB - Virtual size: 2KB