426d796c20e5aab422dcb915651f2dd786b03438943ebad9fe709e608be62002

Sharing

Copy URL Twitter E-mail

General

Target

426d796c20e5aab422dcb915651f2dd786b03438943ebad9fe709e608be62002
Size

1.5MB
MD5

a38b3e7a34277fb87784d2f72b7ecd2c
SHA1

13cc4db19adbeb6fe395c3465052307f65f927d6
SHA256

426d796c20e5aab422dcb915651f2dd786b03438943ebad9fe709e608be62002
SHA512

4569576181afe0b3de9926df9b6efe7bc94b9234208f01bd4bb4dcef02d706de2661e952a03f8dac6fb72f99b0c4a978f51dc0538301d92dcc76a1aaacf4a5ed
SSDEEP

24576:aQkClmYnX8WeGC/CJSdpRFhgbhe3pvQpgF9S9kksc6LoiKKT:mbnGC/CkGtwQpMg9kksc6ow

Score

1^/10

Malware Config

Signatures

Files

426d796c20e5aab422dcb915651f2dd786b03438943ebad9fe709e608be62002
.exe windows:5 windows x86 arch:x86

e877d0b39d1797ba317f8a9496362280

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

36:bc:cc:b4:cd:7b:56:00:2d:df:6f:c9:6a:d0:68:a3
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

15/09/2010, 00:00

Not After

14/09/2012, 23:59

Subject

CN=RockMelt\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=RockMelt\, Inc.,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

97:b9:5b:77:d4:d2:89:ae:c9:fc:56:7d:c7:0d:46:fa:16:f1:f6:05
Signer

Actual PE Digest

97:b9:5b:77:d4:d2:89:ae:c9:fc:56:7d:c7:0d:46:fa:16:f1:f6:05

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\build\release-maint\src\build\Release\chrome_exe.pdb

Imports

shlwapi

PathRemoveFileSpecW
PathFileExistsW

kernel32

SetInformationJobObject
WaitForSingleObject
SetLastError
GetLastError
InitializeCriticalSection
TerminateJobObject
SetEvent
GetQueuedCompletionStatus
ResetEvent
DuplicateHandle
GetCurrentThreadId
CreateThread
CreateEventW
CreateIoCompletionPort
DeleteCriticalSection
PostQueuedCompletionStatus
InterlockedExchange
SignalObjectAndWait
SetHandleInformation
GetProcessHandleCount
VirtualFree
LocalFree
ResumeThread
FreeLibrary
LoadLibraryW
WriteProcessMemory
MapViewOfFile
CreateFileMappingW
GetExitCodeProcess
GetThreadContext
AssignProcessToJobObject
InterlockedIncrement
InterlockedDecrement
UnregisterWaitEx
RegisterWaitForSingleObject
VirtualFreeEx
VirtualAllocEx
VirtualProtectEx
GetLongPathNameW
GetFileAttributesW
CreateFileW
QueryDosDeviceW
CreateJobObjectW
CreateMutexW
GetCurrentProcessId
CreateNamedPipeW
OpenEventW
SearchPathW
GetCurrentDirectoryW
DebugBreak
lstrlenW
WideCharToMultiByte
VirtualQuery
ReadProcessMemory
SuspendThread
ReleaseSemaphore
CreateSemaphoreW
WaitNamedPipeW
WaitForMultipleObjects
WriteFile
TransactNamedPipe
SetNamedPipeHandleState
LoadLibraryA
ReleaseMutex
SetFilePointer
OutputDebugStringA
FormatMessageA
ExpandEnvironmentStringsW
GetFileTime
UnmapViewOfFile
LeaveCriticalSection
ReadFile
VirtualAlloc
SetEnvironmentVariableW
MultiByteToWideChar
GetUserDefaultLangID
GetNativeSystemInfo
GetVersionExW
RaiseException
IsDebuggerPresent
InitializeCriticalSectionAndSpinCount
RtlCaptureStackBackTrace
TlsGetValue
TlsFree
TlsSetValue
TlsAlloc
InterlockedExchangeAdd
GetStdHandle
GetSystemTimeAsFileTime
QueryPerformanceCounter
QueryPerformanceFrequency
SetEndOfFile
FlushFileBuffers
SizeofResource
LockResource
LoadResource
FindResourceW
WTSGetActiveConsoleSessionId
UnhandledExceptionFilter
GetStartupInfoW
HeapFree
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
SetStdHandle
GetFileType
HeapReAlloc
HeapAlloc
GetProcessHeap
GetCPInfo
RtlUnwind
LCMapStringA
LCMapStringW
GetStringTypeW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStartupInfoA
HeapCreate
HeapSize
GetACP
GetOEMCP
IsValidCodePage
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetStringTypeA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
EnterCriticalSection
TerminateProcess
GetTickCount
GetModuleHandleW
GetCurrentProcess
GetUserDefaultUILanguage
GetSystemDirectoryW
GetWindowsDirectoryW
LocalAlloc
GetThreadLocale
QueueUserWorkItem
GetTempPathW
GetCommandLineW
CreateProcessW
CloseHandle
SetUnhandledExceptionFilter
ExitProcess
InterlockedCompareExchange
Sleep
GetModuleHandleA
GetProcAddress
SetCurrentDirectoryW
LoadLibraryExW
GetEnvironmentVariableW
GetModuleFileNameW
GetCommandLineA

user32

CloseDesktop
CloseWindowStation
CreateWindowStationW
GetProcessWindowStation
CreateDesktopW
SetProcessWindowStation
GetThreadDesktop
GetUserObjectInformationW
MessageBoxW
CharUpperW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

wtsapi32

WTSQueryUserToken

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

winmm

timeGetTime

advapi32

InitializeSecurityDescriptor
GetSecurityDescriptorSacl
SetSecurityInfo
RevertToSelf
RegDisablePredefinedCache
RegOpenKeyExW
RegCloseKey
SetTokenInformation
GetLengthSid
ConvertStringSidToSidW
OpenProcessToken
SetThreadToken
CreateProcessAsUserW
RegCreateKeyExW
CreateRestrictedToken
DuplicateTokenEx
DuplicateToken
EqualSid
SetSecurityDescriptorDacl
GetTokenInformation
LookupPrivilegeValueW
CopySid
CreateWellKnownSid
GetSecurityInfo
GetFileSecurityW
ConvertSecurityDescriptorToStringSecurityDescriptorW
SetFileSecurityW
TraceEvent
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
ConvertSidToStringSidW
RegSetValueExW
RegDeleteValueW
SetEntriesInAclW
RegQueryInfoKeyW
RegQueryValueExW
RegEnumKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW

shell32

CommandLineToArgvW
SHGetFolderPathW

Exports

Exports

CrashForException
DumpProcess
SetActiveURL
SetAssertText
SetClientId
SetCommandLine
SetExtensionID
SetGpuInfo
SetNumberOfExtensions
SetNumberOfViews
SetUserId

Sections

.text
Size: 695KB - Virtual size: 695KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 352KB - Virtual size: 351KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 296KB - Virtual size: 295KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e877d0b39d1797ba317f8a9496362280

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

36:bc:cc:b4:cd:7b:56:00:2d:df:6f:c9:6a:d0:68:a3Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

97:b9:5b:77:d4:d2:89:ae:c9:fc:56:7d:c7:0d:46:fa:16:f1:f6:05Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

kernel32

user32

userenv

wtsapi32

version

winmm

advapi32

shell32

Exports

Exports

Sections

.text Size: 695KB - Virtual size: 695KB

.rdata Size: 352KB - Virtual size: 351KB

.data Size: 12KB - Virtual size: 32KB

.rsrc Size: 296KB - Virtual size: 295KB

.reloc Size: 41KB - Virtual size: 41KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

36:bc:cc:b4:cd:7b:56:00:2d:df:6f:c9:6a:d0:68:a3
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

97:b9:5b:77:d4:d2:89:ae:c9:fc:56:7d:c7:0d:46:fa:16:f1:f6:05
Signer

.text
Size: 695KB - Virtual size: 695KB

.rdata
Size: 352KB - Virtual size: 351KB

.data
Size: 12KB - Virtual size: 32KB

.rsrc
Size: 296KB - Virtual size: 295KB

.reloc
Size: 41KB - Virtual size: 41KB