d6346f79150662e4e2ddd3a6dd8be158

Sharing

Copy URL Twitter E-mail

General

Target

d6346f79150662e4e2ddd3a6dd8be158
Size

262KB
MD5

d6346f79150662e4e2ddd3a6dd8be158
SHA1

1a979819a512732ac41ef64dc973f0ae6514b7ce
SHA256

2ce023ed9c87c1cb662016dd91d7e4338f64836133e15baa7fcaff9152e2e7ab
SHA512

bf14ccbacdf21ebb3c0cd79f9614fdb4c855646f0816b70570dddb0256babc9a77643efd1d8a3ef3767339c9733b5eab189d92da58f647268f4ee22bf65108f8
SSDEEP

6144:aIosRTaTL3jmgFIAKP6tQd7ruOo2AARcBYv3VuwAB/2y:sbn3Kg06WprRA/60fB/2y

Score

1^/10

Malware Config

Signatures

Files

d6346f79150662e4e2ddd3a6dd8be158
.exe windows:4 windows x86 arch:x86

0237b3827e17b6068abc7b5937f0d4a1

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1c:2d:d6:1a:35:e6:5d:f6:29:97:01:ff:9b:e5:ca:44
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

20/01/2010, 00:00

Not After

24/01/2012, 23:59

Subject

CN=BITDEFENDER LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BITDEFENDER LLC,L=Fort Lauderdale,ST=Florida,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

37:70:a9:99:69:20:a2:31:1a:d4:a3:e6:54:6c:44:38:44:e7:b7:76
Signer

Actual PE Digest

37:70:a9:99:69:20:a2:31:1a:d4:a3:e6:54:6c:44:38:44:e7:b7:76

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EndUpdateResourceW
LoadResource
GetEnvironmentStringsW
CreateSemaphoreW
GetLogicalDriveStringsA
GetAtomNameA
EnumCalendarInfoA
GetProcessHeaps
lstrlenW
SetCalendarInfoW
GetTimeFormatW
CreateFileMappingW
OpenFile
GetDiskFreeSpaceA
GetSystemDirectoryW
GetProcAddress
CreateNamedPipeW
GetProcessHeap
OpenProcess
IsBadCodePtr
GetModuleHandleA
DisconnectNamedPipe
GetCurrentThreadId
GetLocaleInfoA
FindAtomW
SetLastError
ReadDirectoryChangesW

user32

RegisterWindowMessageW
MessageBoxW
EnumDesktopsA
RegisterClassW
GetDC
IsWindow
PeekMessageW
GetCapture
GetWindowLongW
DialogBoxIndirectParamW
LoadMenuA
GetSysColor
UnregisterClassW
RegisterWindowMessageA
GetForegroundWindow
CharPrevW
LoadImageW
MessageBoxIndirectW
GetMenuItemInfoA
AppendMenuW
GetKeyboardType
AppendMenuA
CheckMenuItem
SetWindowLongA
LoadIconA
DeleteMenu
SetFocus
GetCursorPos
EnumChildWindows
DrawTextW
GetDCEx
DefDlgProcW
MonitorFromRect
RemoveMenu
CreateAcceleratorTableA
LoadCursorA
InsertMenuItemW
AnimateWindow
GetWindowTextW
CascadeWindows
CharLowerA
GetIconInfo
OffsetRect
ShowCaret
SetForegroundWindow
WinHelpA
DefDlgProcA
IsIconic

gdi32

EnumICMProfilesW
GetFontUnicodeRanges
GetColorSpace
LineTo
WidenPath
AbortDoc
SetDIBits
CreateRectRgn

advapi32

RegFlushKey
OpenServiceA
OpenSCManagerA
RegEnumValueA
RegSaveKeyA
RegCreateKeyExW
RegCreateKeyExA

shlwapi

UrlUnescapeW
StrCSpnA
StrFormatByteSize64A
SHQueryValueExA
PathCreateFromUrlA
PathSearchAndQualifyW
PathFindOnPathW
StrCmpNA
PathRemoveExtensionA
PathCreateFromUrlW

opengl32

glTexSubImage2D
glBitmap
glRasterPos2iv
glTexCoord1dv
glTexGend
glPixelStoref
glAccum
glColor3f

setupapi

SetupCopyOEMInfA
SetupPromptReboot
CM_Get_Device_ID_List_ExW
pSetupIsGuidNull
CM_Register_Device_InterfaceA
CM_Get_Class_Key_Name_ExA
SetupAddInstallSectionToDiskSpaceListA
CM_Get_Class_Key_Name_ExW

wininet

HttpQueryInfoA
InternetClearAllPerSiteCookieDecisions
InternetGetConnectedStateEx
InternetSecurityProtocolToStringW
InternetConfirmZoneCrossingA
FtpOpenFileA
RetrieveUrlCacheEntryStreamW
InternetSetFilePointer

winmm

waveInGetErrorTextW

sqlunirl

_GetDlgItemText@16
_ObjectDeleteAuditAlarm_@12
_DlgDirListComboBox_@20
_GetFileTitle@12
_ExtractIcon_@12
_RegOpenKey_@12
_NDdeShareDel_@12
_LoadIcon@8
_CreateWaitableTimer_@12
_VkKeyScan_@4
_CreateProcess_@40
_MAKEINTRESOURCE@4
_MapVirtualKeyEx_@12
_WritePrivateProfileSection_@12
_GetClipboardFormatName_@12
_GetTempFileName_@16
_GetCompressedFileSize_@8
_GetComputerName@8
_InsertMenuItem_@16
_lstrcpyn_@12
_EnumWindowStations_@8
_GetVolumeInformation_@32
_SendMessageTimeout_@28
_QueryServiceLockStatus_@16

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.M
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sB
Size: 512B - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Aav
Size: 1024B - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.FiSojf
Size: 4KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.L
Size: 512B - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.AsbgMc
Size: 2KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.k
Size: 2KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.WUu
Size: 1024B - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 214KB - Virtual size: 213KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0237b3827e17b6068abc7b5937f0d4a1

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

1c:2d:d6:1a:35:e6:5d:f6:29:97:01:ff:9b:e5:ca:44Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

37:70:a9:99:69:20:a2:31:1a:d4:a3:e6:54:6c:44:38:44:e7:b7:76Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shlwapi

opengl32

setupapi

wininet

winmm

sqlunirl

Sections

.text Size: 12KB - Virtual size: 11KB

.M Size: 512B - Virtual size: 4KB

.sB Size: 512B - Virtual size: 26KB

.Aav Size: 1024B - Virtual size: 28KB

.FiSojf Size: 4KB - Virtual size: 27KB

.L Size: 512B - Virtual size: 30KB

.data Size: 15KB - Virtual size: 14KB

.AsbgMc Size: 2KB - Virtual size: 9KB

.k Size: 2KB - Virtual size: 38KB

.WUu Size: 1024B - Virtual size: 164KB

.rsrc Size: 214KB - Virtual size: 213KB

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

1c:2d:d6:1a:35:e6:5d:f6:29:97:01:ff:9b:e5:ca:44
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

37:70:a9:99:69:20:a2:31:1a:d4:a3:e6:54:6c:44:38:44:e7:b7:76
Signer

.text
Size: 12KB - Virtual size: 11KB

.M
Size: 512B - Virtual size: 4KB

.sB
Size: 512B - Virtual size: 26KB

.Aav
Size: 1024B - Virtual size: 28KB

.FiSojf
Size: 4KB - Virtual size: 27KB

.L
Size: 512B - Virtual size: 30KB

.data
Size: 15KB - Virtual size: 14KB

.AsbgMc
Size: 2KB - Virtual size: 9KB

.k
Size: 2KB - Virtual size: 38KB

.WUu
Size: 1024B - Virtual size: 164KB

.rsrc
Size: 214KB - Virtual size: 213KB