60e605c4eabe3e5278af245a4efe4101579f00e698e67a3eeb81e13157462ce3

Sharing

Copy URL Twitter E-mail

General

Target

60e605c4eabe3e5278af245a4efe4101579f00e698e67a3eeb81e13157462ce3
Size

157KB
MD5

1ba99c7ec89cfed004c258fb6ba0ebed
SHA1

8e2d5f1c9e127167c8b59163980fe83d639fcc51
SHA256

60e605c4eabe3e5278af245a4efe4101579f00e698e67a3eeb81e13157462ce3
SHA512

5efceb1b0f41eed8d6c478c5818961f880801460d4e6e4ec65bd53e104702023339d5e746d855b8b261a0c90fab1800cc8c4828ec85f93d6d6ba13c07b54c673
SSDEEP

3072:rSl8ZMv3cssIzE8s1xjXXzwdrhXj0dr3Bud:FMvQIzEfFHMnXj2FW

Score

1^/10

Malware Config

Signatures

Files

60e605c4eabe3e5278af245a4efe4101579f00e698e67a3eeb81e13157462ce3
.exe windows:4 windows x86 arch:x86

abcb2c69b80049f6b90b06d8173e0f4d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

43:48:b1:5a:ac:d0:e0:78:29:0c:6d:4f:be:d6:58:f9
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

07/02/2011, 00:00

Not After

06/02/2013, 23:59

Subject

CN=Skill On Net,O=Skill On Net,L=TaXbiex,ST=Malta,C=MT

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

12:1b:1e:c5:9a:56:b9:56:17:c0:88:13:09:c5:8e:64:37:c9:c3:c8
Signer

Actual PE Digest

12:1b:1e:c5:9a:56:b9:56:17:c0:88:13:09:c5:8e:64:37:c9:c3:c8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\BG\app\debug\Updater.pdb

Imports

wininet

InternetOpenUrlA
InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetReadFile
InternetCloseHandle

netapi32

Netbios

mfc71

ord2172
ord1522
ord6279
ord3802
ord6277
ord3345
ord4967
ord1362
ord5175
ord1964
ord1656
ord1655
ord1599
ord5200
ord2537
ord2731
ord2835
ord4307
ord2714
ord2862
ord2540
ord2646
ord2533
ord2991
ord3718
ord3719
ord3709
ord2644
ord3949
ord4486
ord4261
ord572
ord2372
ord5214
ord3908
ord760
ord1439
ord5323
ord2903
ord5089
ord6288
ord3683
ord3210
ord1934
ord3163
ord1280
ord2168
ord605
ord6090
ord304
ord356
ord1054
ord4038
ord4014
ord6278
ord3801
ord6276
ord4326
ord2063
ord2018
ord5583
ord2178
ord1010
ord5102
ord6219
ord5382
ord3832
ord1920
ord2931
ord5224
ord5226
ord2248
ord3948
ord4568
ord5230
ord5213
ord5566
ord2838
ord4481
ord3333
ord757
ord566
ord3605
ord3641
ord1198
ord1084
ord6067
ord1395
ord4125
ord5142
ord6065
ord5570
ord3401
ord1631
ord1096
ord313
ord1199
ord5185
ord1063
ord5182
ord4890
ord1671
ord1670
ord1551
ord5912
ord1401
ord5203
ord4262
ord3182
ord354
ord6283
ord4580
ord1025
ord3635
ord3595
ord5227
ord4569
ord5567
ord759
ord570
ord2249
ord5484
ord5235
ord5233
ord2390
ord2400
ord2398
ord2396
ord2392
ord2415
ord2403
ord1614
ord2405
ord2387
ord2385
ord2408
ord2413
ord2394
ord2410
ord934
ord930
ord932
ord928
ord923
ord5960
ord1600
ord4282
ord4722
ord3403
ord4185
ord6275
ord5073
ord1908
ord5152
ord4244
ord1402
ord3946
ord1617
ord1620
ord5915
ord3596
ord762
ord1123
ord1263
ord297
ord2131
ord1249
ord6286
ord5320
ord6297
ord5331
ord1185
ord266
ord781
ord3255
ord911
ord384
ord2322
ord2469
ord265
ord764
ord2468
ord629
ord380
ord310
ord784
ord578
ord3201
ord2703
ord5493
ord1187
ord1191
ord3806
ord1207

msvcr71

free
_resetstkoflw
_except_handler3
wcscpy
__CxxFrameHandler
rand
srand
time
sprintf
atof
atol
_CIpow
??0exception@@QAE@ABV0@@Z
??0bad_cast@@QAE@ABV0@@Z
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@PBD@Z
_CxxThrowException
memmove
strncpy
isalnum
strstr
malloc
strchr
strncmp
atoi
_itoa
_stricmp
realloc
_setmbcp
strtod
_access
fclose
ftell
fseek
fopen
strrchr
fflush
fwrite
sscanf
exit
rename
memset
??1type_info@@UAE@XZ
__dllonexit
_onexit
_c_exit
_exit
_XcptFilter
_ismbblead
_cexit
_acmdln
_amsg_exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
__security_error_handler
?terminate@@YAXXZ
_controlfp

kernel32

LeaveCriticalSection
EnterCriticalSection
InterlockedExchange
GetThreadLocale
GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
GetLastError
GetVersion
lstrcmpiA
lstrlenW
lstrcmpiW
lstrlenA
CompareStringA
CompareStringW
GetEnvironmentVariableA
GetEnvironmentVariableW
GetStringTypeExA
GetStringTypeExW
RaiseException
InitializeCriticalSection
DeleteCriticalSection
DeviceIoControl
CloseHandle
CreateFileA
SetPriorityClass
GetCurrentProcess
LocalFree
FormatMessageA
GetModuleFileNameA
GetLocalTime
GetSystemTimeAsFileTime
GetComputerNameA
Process32Next
TerminateProcess
GetCurrentProcessId
OpenProcess
Process32First
CreateToolhelp32Snapshot
WaitForSingleObject
CreateProcessA
GetCurrentDirectoryA
GetTempPathA
ResetEvent
ResumeThread
SuspendThread
CreateEventA
LockResource
LoadResource
FindResourceA
SetEvent
DeleteFileA
CreateDirectoryA
CopyFileA
GetTickCount
GetModuleHandleA
GetStartupInfoA
ExitProcess
QueryPerformanceCounter
GetCurrentThreadId
GetLocaleInfoA
GetACP

user32

PostQuitMessage
IsWindowEnabled
GetActiveWindow
SetActiveWindow
SetRect
GetClientRect
GetWindowRect
IsIconic
ShowWindow
PostThreadMessageA
EnumWindows
GetWindowThreadProcessId
LoadImageA
SendMessageA
GetSystemMetrics
EnableWindow
PostMessageA
MessageBoxA
UnregisterClassA
CharUpperW
CharUpperA
CharLowerW
CharLowerA
UpdateWindow
SetForegroundWindow

gdi32

CreateSolidBrush

advapi32

RegCloseKey
RegQueryValueExA
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc
SHFileOperationA

oleaut32

SysFreeString

msvcp71

?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?id@?$ctype@G@std@@2V0locale@2@A
?_Getcat@?$ctype@G@std@@SAIPAPBVfacet@locale@2@@Z
??0_Lockit@std@@QAE@H@Z
?id@?$ctype@D@std@@2V0locale@2@A
??1_Lockit@std@@QAE@XZ
?_Id_cnt@id@locale@std@@0HA
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@@Z
?_Incref@facet@locale@std@@QAEXXZ
?_Register@facet@locale@std@@QAEXXZ
?_Lock@_Mutex@std@@QAEXXZ
?_Unlock@_Mutex@std@@QAEXXZ
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IPBDI@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IG@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
?widen@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEGD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QAE_N_N@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?clear@ios_base@std@@QAEXH_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1locale@std@@QAE@XZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IG@Z
?is@?$ctype@G@std@@QBE_NFG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGG@Z
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
?max_size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

abcb2c69b80049f6b90b06d8173e0f4d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

43:48:b1:5a:ac:d0:e0:78:29:0c:6d:4f:be:d6:58:f9Certificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

12:1b:1e:c5:9a:56:b9:56:17:c0:88:13:09:c5:8e:64:37:c9:c3:c8Signer

Headers

File Characteristics

PDB Paths

Imports

wininet

netapi32

mfc71

msvcr71

kernel32

user32

gdi32

advapi32

shell32

oleaut32

msvcp71

Sections

.text Size: 72KB - Virtual size: 71KB

.rdata Size: 28KB - Virtual size: 24KB

.data Size: 24KB - Virtual size: 53KB

.rsrc Size: 24KB - Virtual size: 23KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

43:48:b1:5a:ac:d0:e0:78:29:0c:6d:4f:be:d6:58:f9
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

12:1b:1e:c5:9a:56:b9:56:17:c0:88:13:09:c5:8e:64:37:c9:c3:c8
Signer

.text
Size: 72KB - Virtual size: 71KB

.rdata
Size: 28KB - Virtual size: 24KB

.data
Size: 24KB - Virtual size: 53KB

.rsrc
Size: 24KB - Virtual size: 23KB