fcdb0acadf483c5ea8051915c833952546c4e44d06bd856e63b1d86d06032fda

Sharing

Copy URL Twitter E-mail

General

Target

fcdb0acadf483c5ea8051915c833952546c4e44d06bd856e63b1d86d06032fda
Size

8.9MB
MD5

4c57e342b5df606ab1a105589cbec37f
SHA1

75ee2eaf870da3d41d0c40ec7229e43fa4b01454
SHA256

fcdb0acadf483c5ea8051915c833952546c4e44d06bd856e63b1d86d06032fda
SHA512

bf1015dd9b68f95fd646328b2174b6178ce488d648186a597c833db3f44a96a7b47ac630265273de28179be9aeba379ecf20b6690822c19ff6fab1c488c5f8f4
SSDEEP

196608:vPypo9N5CS0+SSYXgM+bR2wKZievlKx7spp7gA7jyy5XB4:vPypoH5CS0+SSa+UvB9Kez8Ax5R4

Score

1^/10

Malware Config

Signatures

Files

fcdb0acadf483c5ea8051915c833952546c4e44d06bd856e63b1d86d06032fda
.exe windows:4 windows x86 arch:x86

37b8a76ba38526dcac495b6d93fa9568

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:e1:d8
Certificate

Issuer

CN=Thawte Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c177365727665722d6365727473407468617774652e636f6d

Not Before

28/02/2002, 19:34

Not After

01/02/2003, 17:11

Subject

CN=WildTangent Inc.,OU=Secure Application Development,O=WildTangent Inc.,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

01
Certificate

Issuer

CN=Thawte Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c177365727665722d6365727473407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c177365727665722d6365727473407468617774652e636f6d

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

kernel32

SetFileAttributesA
GetFileAttributesA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
DeleteFileA
GetSystemDirectoryA
CreateDirectoryA
GetWindowsDirectoryA
GetLastError
CloseHandle
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
lstrcmpiA
FindClose
FindNextFileA
FindFirstFileA
FreeLibrary
GetProcAddress
LoadLibraryA
SetCurrentDirectoryA
GetCurrentDirectoryA
RemoveDirectoryA
lstrcpyA
SetFilePointer
CompareStringA
CreateMutexA
ReleaseMutex
MoveFileA
lstrcatA
GetModuleHandleA
GetVersionExA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
CopyFileA
GetTempFileNameA
GetTickCount
GetTempPathA
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
UnmapViewOfFile
GetStdHandle
CreatePipe
LeaveCriticalSection
EnterCriticalSection
CreateThread
DeleteCriticalSection
InitializeCriticalSection
GetModuleFileNameA
lstrlenA
SetLastError
CreateFileA
GetFileSize
ReadFile
GetStartupInfoA
OpenProcess
GetDiskFreeSpaceA
WriteFile
ExitProcess

user32

MessageBoxA
wsprintfA
SystemParametersInfoA
SendMessageA
LoadIconA
GetWindowRect
SetWindowPos
DefWindowProcA
RegisterClassA
CreateWindowExA
CharLowerA
GetActiveWindow
DialogBoxParamA
GetDlgItem
IsDlgButtonChecked
SetDlgItemTextA
EndDialog
EnableWindow
ShowWindow
CheckDlgButton
SendDlgItemMessageA
SetWindowTextA
SetForegroundWindow
SetFocus
PostMessageA
IsRectEmpty
GetSystemMetrics

gdi32

CreateFontIndirectA
DeleteObject
CreateSolidBrush

comctl32

ord17

advapi32

RegOpenKeyExA
RegQueryValueExA
RegQueryValueA
RegCreateKeyExA
RegOpenKeyA
RegCloseKey
RegSetValueExA

shell32

FindExecutableA
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteExA

ole32

CoInitialize
CoUninitialize

msvcrt

_controlfp
__dllonexit
strcmp
__p___argc
__p___argv
_ftol
strcat
strcpy
_strlwr
_stricmp
atoi
_splitpath
sprintf
sscanf
strchr
strtok
memset
strrchr
strstr
_acmdln
_itoa
malloc
??2@YAPAXI@Z
free
_onexit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
memcpy
_EH_prolog
strlen
_exit
_XcptFilter
exit
__CxxFrameHandler

Sections

.text
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

37b8a76ba38526dcac495b6d93fa9568

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3Certificate

08:e1:d8Certificate

Extended Key Usages

01Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9dCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

version

kernel32

user32

gdi32

comctl32

advapi32

shell32

ole32

msvcrt

Sections

.text Size: 80KB - Virtual size: 77KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 32KB - Virtual size: 64KB

.rsrc Size: 20KB - Virtual size: 17KB

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

08:e1:d8
Certificate

01
Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

.text
Size: 80KB - Virtual size: 77KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 32KB - Virtual size: 64KB

.rsrc
Size: 20KB - Virtual size: 17KB