75da35d2527045955bbb10d42b3fd952b2411835a5d21d3ea77ec656d6eeda20

Sharing

Copy URL

Twitter E-mail

General

Target

75da35d2527045955bbb10d42b3fd952b2411835a5d21d3ea77ec656d6eeda20
Size

821KB
MD5

6b5de527f91e61817355f39d82aacc26
SHA1

41aadf83eb89fb73869ed19fc178003805be4d74
SHA256

75da35d2527045955bbb10d42b3fd952b2411835a5d21d3ea77ec656d6eeda20
SHA512

309410ecb9d016234156783e34209c7af7fda9c9c6901dc01ff2c453e035352dfaf60882473af412e2f26340d3f74ad6453e88f21f5a10b6dfddce5a98e3f59d
SSDEEP

24576:lVAQDF6wkCrm9vvVYqre4h229chxDco86CaNFKzfMEczVVPLHAK:AHwXNPLgK

Score

1^/10

Malware Config

Signatures

Files

75da35d2527045955bbb10d42b3fd952b2411835a5d21d3ea77ec656d6eeda20
.exe windows:5 windows x86 arch:x86

3d6d75988427347d3980056cf4cbcbb5

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

08:99:45:31:fd:f1:b2:eb:b8:c7:82:1b:f6:50:fd:cf
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

18-12-2008 00:00

Not After

18-12-2011 23:59

Subject

CN=Hewlett-Packard Company,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Hewlett-Packard Company,O=Hewlett-Packard Company,L=Palo Alto,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07:00:6e:a8:47:1b:06:2a:dc:eb:27:39:c5:6a:0a:39:6d:8d:25:01
Signer

Actual PE Digest

07:00:6e:a8:47:1b:06:2a:dc:eb:27:39:c5:6a:0a:39:6d:8d:25:01

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Prog\HPCASL\Release\hpqWmiEx.pdb

Imports

setupapi

SetupDiOpenClassRegKeyExW
CM_Get_Device_ID_Size
CM_Get_Child
SetupDiOpenDeviceInfoW
CM_Get_Device_IDW
CM_Locate_DevNodeW
CM_Get_Sibling
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
CM_Get_DevNode_Status
SetupDiGetClassDevsW

kernel32

DeleteTimerQueue
GetVersionExW
CreateTimerQueueTimer
CreateTimerQueue
GetCurrentThreadId
SetEnvironmentVariableW
FlushFileBuffers
GetVolumeInformationW
QueryDosDeviceW
LoadLibraryW
InitializeCriticalSectionAndSpinCount
GlobalAlloc
TerminateProcess
VerSetConditionMask
VerifyVersionInfoW
FormatMessageW
ExpandEnvironmentStringsW
GetCurrentThread
DeleteFileW
GetFileAttributesExW
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
FreeEnvironmentStringsW
WideCharToMultiByte
GetDateFormatA
GetTimeFormatA
GetCurrentProcess
CreateEventW
SetEvent
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
GetVolumePathNamesForVolumeNameW
GetSystemPowerStatus
GetCommandLineW
CreateThread
SetProcessShutdownParameters
DeviceIoControl
SetThreadPriority
ReleaseSemaphore
WaitForSingleObject
CreateSemaphoreW
LocalAlloc
GetLocalTime
Sleep
GlobalFree
WaitForMultipleObjects
TerminateThread
CreateFileW
InterlockedExchange
OpenEventW
PulseEvent
CloseHandle
FindResourceExW
LockResource
GetModuleFileNameW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
InterlockedDecrement
InterlockedIncrement
LocalFree
GetCurrentProcessId
lstrcmpiW
GetModuleHandleW
GetProcAddress
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
CreateDirectoryW
SetEnvironmentVariableA
GetModuleHandleA
CompareStringW
CompareStringA
CreateFileA
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
SetFilePointer
GetStringTypeW
GetStringTypeA
LCMapStringA
GetLocaleInfoA
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
HeapCreate
VirtualFree
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoW
ExitThread
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
GetSystemTimeAsFileTime
ReadFile
LoadLibraryA

user32

CharNextW
PostThreadMessageW
GetSystemMetrics
GetMessageW
UnregisterDeviceNotification
RegisterDeviceNotificationW
LoadStringW
CharUpperW
TranslateMessage
DispatchMessageW

advapi32

OpenThreadToken
CryptHashData
CryptCreateHash
CryptDestroyHash
CryptDestroyKey
CryptVerifySignatureW
CryptReleaseContext
CryptAcquireContextW
CryptImportKey
StartServiceW
QueryServiceStatus
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
CreateWellKnownSid
CreateServiceW
DeleteService
ControlService
OpenProcessToken
InitializeAcl
AddAccessAllowedAce
GetAclInformation
AddAce
GetAce
GetTokenInformation
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
IsValidSid
GetLengthSid
CopySid
RegisterEventSourceW
ReportEventW
DeregisterEventSource
SetServiceStatus
OpenServiceW
ChangeServiceConfigW
OpenSCManagerW
GetServiceKeyNameW
CloseServiceHandle
AllocateAndInitializeSid
SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

ole32

CoRevokeClassObject
CoFreeUnusedLibraries
CoInitialize
CoRegisterClassObject
CoCreateGuid
CoCreateInstance
CoDisconnectObject
StringFromGUID2
CoTaskMemFree
CoTaskMemAlloc
CoSuspendClassObjects
CoInitializeSecurity
CoSetProxyBlanket
CoResumeClassObjects
CoInitializeEx
CLSIDFromString
OleRun
CoUninitialize
CoTaskMemRealloc

shell32

CommandLineToArgvW
SHGetFolderPathW

oleaut32

SafeArrayAccessData
SafeArrayUnaccessData
GetErrorInfo
VarUI4FromStr
SysFreeString
VariantClear
SysAllocString
VariantInit
VariantCopy
SysStringLen
SafeArrayCreate
SafeArrayDestroy
SafeArrayPutElement
SafeArrayCreateVector
SysAllocStringLen
VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocStringByteLen
SysStringByteLen
VarUdateFromDate
VarCmp
SafeArrayGetElement
VarBstrCmp
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
LoadRegTypeLi

shlwapi

StrCmpIW
StrCmpNIW
StrTrimW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Sections

.text
Size: 510KB - Virtual size: 509KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 244KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3d6d75988427347d3980056cf4cbcbb5

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

08:99:45:31:fd:f1:b2:eb:b8:c7:82:1b:f6:50:fd:cfCertificate

Extended Key Usages

Key Usages

07:00:6e:a8:47:1b:06:2a:dc:eb:27:39:c5:6a:0a:39:6d:8d:25:01Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

setupapi

kernel32

user32

advapi32

ole32

shell32

oleaut32

shlwapi

version

Sections

.text Size: 510KB - Virtual size: 509KB

.rdata Size: 244KB - Virtual size: 244KB

.data Size: 11KB - Virtual size: 27KB

.rsrc Size: 9KB - Virtual size: 8KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

08:99:45:31:fd:f1:b2:eb:b8:c7:82:1b:f6:50:fd:cf
Certificate

07:00:6e:a8:47:1b:06:2a:dc:eb:27:39:c5:6a:0a:39:6d:8d:25:01
Signer

.text
Size: 510KB - Virtual size: 509KB

.rdata
Size: 244KB - Virtual size: 244KB

.data
Size: 11KB - Virtual size: 27KB

.rsrc
Size: 9KB - Virtual size: 8KB