d230d01e58b00da0879aed3b78fd8cb25c291e4440d376a99b3773b31f36dc05

Sharing

Copy URL Twitter E-mail

General

Target

d230d01e58b00da0879aed3b78fd8cb25c291e4440d376a99b3773b31f36dc05
Size

238KB
MD5

16c1ffcfbd92320f78fee562d4ea258d
SHA1

363f1743abb9fde14b6d120706d75749508c163b
SHA256

d230d01e58b00da0879aed3b78fd8cb25c291e4440d376a99b3773b31f36dc05
SHA512

584e64931b0aa410889e506570f17e1fe7ee1235b42100ac4d4593bd806ca9f914285c070b7df1b243204e5dc4e1f4d999e32360a7d9401da2d18fc883542c62
SSDEEP

6144:cUYWgJhv8O3t6FZn6aD1u3YqLK1VYuAWD2P:F2JhvFcFB6a5uBtvWCP

Score

1^/10

Malware Config

Signatures

Files

d230d01e58b00da0879aed3b78fd8cb25c291e4440d376a99b3773b31f36dc05
.exe windows:4 windows x86 arch:x86

3a544b10b071c826120cefc1cc00e13c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:b5:cf:ec:ee:20:4d:59:f9:ac:ff:72:26:21:ee:00
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

27/05/2008, 00:00

Not After

21/06/2011, 23:59

Subject

CN=Transparent Language,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Release Engineering,O=Transparent Language,L=Merrimack,ST=New Hampshire,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

e0:4b:f7:98:b2:d0:14:e0:23:f8:33:a4:0b:8b:00:ef:f2:58:d2:c7
Signer

Actual PE Digest

e0:4b:f7:98:b2:d0:14:e0:23:f8:33:a4:0b:8b:00:ef:f2:58:d2:c7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnterCriticalSection
LeaveCriticalSection
FlushInstructionCache
GetCurrentProcess
HeapFree
GetProcessHeap
HeapAlloc
InterlockedIncrement
InterlockedDecrement
GetCurrentThreadId
GetModuleHandleA
GetModuleFileNameA
FreeLibrary
LoadLibraryExA
lstrcpynA
IsDBCSLeadByte
MulDiv
GlobalFree
GlobalUnlock
FreeResource
GlobalLock
GlobalAlloc
CreateFileA
lstrlenA
WideCharToMultiByte
CloseHandle
GetLastError
GetEnvironmentVariableA
FindResourceExA
FlushFileBuffers
SetStdHandle
LoadLibraryA
IsBadCodePtr
IsBadReadPtr
LCMapStringW
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
TerminateProcess
SetUnhandledExceptionFilter
lstrlenW
lstrcmpiA
MultiByteToWideChar
ResetEvent
WaitForSingleObject
ReleaseMutex
WriteFile
FindResourceA
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetVersionExA
GetThreadLocale
GetLocaleInfoA
IsBadWritePtr
VirtualFree
HeapCreate
GetProcAddress
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
GetStringTypeW
GetStringTypeA
GetCPInfo
GetOEMCP
ExitProcess
GetACP
InterlockedExchange
GetCommandLineA
GetStartupInfoA
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
RtlUnwind
HeapSize
HeapReAlloc
HeapDestroy
GetSystemDirectoryA
GetWindowsDirectoryA
SetFilePointer
CreateToolhelp32Snapshot
Process32First
Process32Next
ResumeThread
GetPrivateProfileIntA
GetPrivateProfileStringA
GetFileSize
CopyFileA
GetLocalTime
MoveFileA
DeleteFileA
CreateDirectoryA
LocalFree
FormatMessageA
RemoveDirectoryA
FindClose
FindNextFileA
FindFirstFileA
CreateThread
Sleep
GetExitCodeProcess
WaitForMultipleObjects
CreateMutexA
CreateEventA
QueryPerformanceCounter
QueryPerformanceFrequency
SetEvent

user32

GetClientRect
DialogBoxParamA
DestroyWindow
KillTimer
OffsetRect
LoadCursorA
SetWindowLongA
SetTimer
DrawTextA
DrawFocusRect
UnregisterClassA
CharNextA
SetCursor
PtInRect
InflateRect
CopyRect
IsWindow
PostMessageA
GetActiveWindow
GetSystemMetrics
LoadImageA
GetDC
SetRect
ReleaseDC
ShowWindow
GetSystemMenu
EnableMenuItem
GetDlgItem
SendMessageA
GetWindowLongA
GetParent
GetWindow
GetWindowRect
SystemParametersInfoA
MapWindowPoints
SetWindowPos
SetDlgItemTextA
BeginPaint
EndPaint
ReleaseCapture
GetCursorPos
ScreenToClient
SetCapture
InvalidateRect
MessageBoxA
EndDialog
DefWindowProcA

gdi32

SetTextColor
GetDeviceCaps
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
DeleteObject
GetTextExtentPoint32A
AddFontResourceA
CreateFontA
SetBkMode

advapi32

RegOpenKeyExA
RegEnumKeyExA
RegQueryInfoKeyA
RegDeleteValueA
RegDeleteKeyA
RegSetValueExA
RegQueryValueExA
OpenProcessToken
RegCreateKeyExA
RegCloseKey

ole32

CreateStreamOnHGlobal
CoUninitialize
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance

oleaut32

OleLoadPicture
VarUI4FromStr

userenv

GetUserProfileDirectoryA

shlwapi

PathFindOnPathA
PathFileExistsA

comctl32

InitCommonControlsEx
_TrackMouseEvent

wininet

HttpOpenRequestA
HttpSendRequestA
InternetCloseHandle
InternetReadFile
HttpQueryInfoA
InternetQueryDataAvailable
InternetSetCookieA
InternetSetOptionA
InternetOpenA
InternetConnectA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

shell32

SHCreateDirectoryExA
ShellExecuteExA
ShellExecuteA

Sections

.text
Size: 146KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3a544b10b071c826120cefc1cc00e13c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

21:b5:cf:ec:ee:20:4d:59:f9:ac:ff:72:26:21:ee:00Certificate

Extended Key Usages

Key Usages

e0:4b:f7:98:b2:d0:14:e0:23:f8:33:a4:0b:8b:00:ef:f2:58:d2:c7Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

userenv

shlwapi

comctl32

wininet

version

shell32

Sections

.text Size: 146KB - Virtual size: 145KB

.rdata Size: 24KB - Virtual size: 24KB

.data Size: 6KB - Virtual size: 12KB

.rsrc Size: 55KB - Virtual size: 55KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

21:b5:cf:ec:ee:20:4d:59:f9:ac:ff:72:26:21:ee:00
Certificate

e0:4b:f7:98:b2:d0:14:e0:23:f8:33:a4:0b:8b:00:ef:f2:58:d2:c7
Signer

.text
Size: 146KB - Virtual size: 145KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 6KB - Virtual size: 12KB

.rsrc
Size: 55KB - Virtual size: 55KB