15657168da83741f74c6d4a4c2bc54b0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

15657168da83741f74c6d4a4c2bc54b0N.exe
Size

1.0MB
MD5

15657168da83741f74c6d4a4c2bc54b0
SHA1

88cd98cab5e37d034cf673973352ea40770a32bd
SHA256

574b77025e341f09468eebdfe49b5d687655333fdb9853daf5d1ce6ff0c1ab08
SHA512

3904e9fa4dd92cbb3ffb90f6f71302aeb9f39203ac1a0cb819216853dfedaafe97d7ab14dd72629865387cbd9bb0e83be1179fa791c1b619fbc0fcfd999c0f6f
SSDEEP

24576:ctiVD0XAJ7J4zlIhVSDIEZBzs4KAGb45ErEH7cm:ctJa7J4zlRD5Bzs4KAU45H

Score

1^/10

Malware Config

Signatures

Files

15657168da83741f74c6d4a4c2bc54b0N.exe
.exe windows:5 windows x86 arch:x86

291500c74014a1c5db732aa1db45670e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:bc:63:ea:9d:7f:b6:8c:bc:d9:10:1f:39:1c:a1:45
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

16/11/2011, 00:00

Not After

15/11/2014, 23:59

Subject

CN=Hewlett-Packard Company,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Development IT2,O=Hewlett-Packard Company,L=Andover,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

bf:e9:cb:03:d8:c1:5e:72:16:17:89:ed:03:69:a8:ae:60:94:da:b2
Signer

Actual PE Digest

bf:e9:cb:03:d8:c1:5e:72:16:17:89:ed:03:69:a8:ae:60:94:da:b2

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Prog\HPCASL\hpqwmiex\ReleaseV90\hpqwmiex.pdb

Imports

setupapi

CM_Locate_DevNodeW
CM_Get_Sibling
SetupDiOpenClassRegKeyExW
CM_Get_Child
CM_Get_Device_IDW
CM_Get_Device_ID_Size
SetupDiOpenDeviceInfoW
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
CM_Get_DevNode_Status
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList

kernel32

GetVersionExW
CreateTimerQueueTimer
CreateTimerQueue
GetCurrentThreadId
SetEnvironmentVariableW
FlushFileBuffers
GetVolumeInformationW
QueryDosDeviceW
LoadLibraryW
InitializeCriticalSectionAndSpinCount
GlobalAlloc
TerminateProcess
GetExitCodeProcess
CreateProcessW
VerifyVersionInfoW
VerSetConditionMask
FormatMessageW
CreateDirectoryW
ExpandEnvironmentStringsW
DeleteFileW
GetFileAttributesExW
OutputDebugStringW
CreateMutexW
ReleaseMutex
GetFullPathNameW
FindFirstFileW
FindNextFileW
FindClose
GetTempFileNameW
MoveFileW
SetLastError
QueryPerformanceCounter
QueryPerformanceFrequency
CompareStringW
HeapAlloc
GetProcessHeap
HeapFree
HeapDestroy
HeapReAlloc
HeapSize
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetTimeZoneInformation
SetFilePointer
GetLocaleInfoW
LoadLibraryA
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
DeleteTimerQueue
CreateEventW
GetCurrentProcessId
OpenProcess
GetCurrentThread
GetCurrentProcess
SetEvent
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
GetVolumePathNamesForVolumeNameW
GetSystemPowerStatus
GetCommandLineW
DeviceIoControl
CreateSemaphoreW
LocalAlloc
CreateThread
SetProcessShutdownParameters
SetThreadPriority
ReleaseSemaphore
WaitForSingleObject
GetLocalTime
Sleep
GlobalFree
WaitForMultipleObjects
TerminateThread
CreateFileW
InterlockedExchange
OpenEventW
PulseEvent
CloseHandle
FindResourceExW
LockResource
GetModuleFileNameW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
InterlockedDecrement
InterlockedIncrement
lstrcmpiW
GetModuleHandleW
WideCharToMultiByte
GetProcAddress
GetLastError
LocalFree
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
SetEndOfFile
CreateFileA
CompareStringA
SetEnvironmentVariableA
RtlUnwind
UnhandledExceptionFilter
GetLocaleInfoA
GetUserDefaultLCID
GetConsoleMode
GetConsoleCP
ReadFile
GetSystemTimeAsFileTime
GetTickCount
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetDateFormatA
GetTimeFormatA
GetModuleHandleA
IsValidCodePage
GetOEMCP
GetACP
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
WriteFile
SetUnhandledExceptionFilter
IsDebuggerPresent
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
ExitThread
ResumeThread
GetStartupInfoW
GetFileAttributesW
GetCPInfo
LCMapStringA
LCMapStringW
GetStringTypeW
VirtualFree
HeapCreate
ExitProcess
InterlockedCompareExchange

user32

CharUpperW
GetSystemMetrics
PostThreadMessageW
CharNextW
UnregisterDeviceNotification
RegisterDeviceNotificationW
LoadStringW
TranslateMessage
DispatchMessageW
GetMessageW

advapi32

CryptImportKey
EqualSid
ReportEventW
DeregisterEventSource
RegisterEventSourceW
CryptAcquireContextW
CryptReleaseContext
CryptVerifySignatureW
CryptDestroyKey
CryptDestroyHash
CryptCreateHash
CryptHashData
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
CreateWellKnownSid
CreateServiceW
StartServiceW
SetServiceStatus
ControlService
DeleteService
OpenThreadToken
OpenProcessToken
InitializeAcl
AddAccessAllowedAce
GetAclInformation
AddAce
GetAce
GetTokenInformation
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
IsValidSid
GetLengthSid
CopySid
QueryServiceStatus
OpenServiceW
ChangeServiceConfigW
OpenSCManagerW
GetServiceKeyNameW
AllocateAndInitializeSid
SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
CloseServiceHandle
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

ole32

StringFromGUID2
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoDisconnectObject
CoCreateInstance
CoUninitialize
CoFreeUnusedLibraries
CoRevokeClassObject
CoRegisterClassObject
CoSuspendClassObjects
CoInitializeSecurity
CoSetProxyBlanket
CoResumeClassObjects
CoInitializeEx
OleRun
CoCreateGuid
CoInitialize
CLSIDFromString

shell32

SHGetFolderPathW
CommandLineToArgvW

oleaut32

SafeArrayPutElement
SafeArrayCreateVector
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreate
SafeArrayGetElement
GetErrorInfo
VarBstrCmp
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
LoadRegTypeLi
VarCmp
VarUdateFromDate
SysStringByteLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocStringByteLen
SysAllocString
SysAllocStringLen
SysStringLen
VariantCopy
VariantClear
VariantInit
SysFreeString
VarUI4FromStr
SafeArrayDestroy

shlwapi

StrCmpIW
StrCmpNIW
StrTrimW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

psapi

GetProcessImageFileNameW
EnumProcesses

Sections

.text
Size: 677KB - Virtual size: 677KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 265KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

291500c74014a1c5db732aa1db45670e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

44:bc:63:ea:9d:7f:b6:8c:bc:d9:10:1f:39:1c:a1:45Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

bf:e9:cb:03:d8:c1:5e:72:16:17:89:ed:03:69:a8:ae:60:94:da:b2Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

setupapi

kernel32

user32

advapi32

ole32

shell32

oleaut32

shlwapi

version

psapi

Sections

.text Size: 677KB - Virtual size: 677KB

.rdata Size: 265KB - Virtual size: 265KB

.data Size: 12KB - Virtual size: 30KB

.rsrc Size: 9KB - Virtual size: 8KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

44:bc:63:ea:9d:7f:b6:8c:bc:d9:10:1f:39:1c:a1:45
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

bf:e9:cb:03:d8:c1:5e:72:16:17:89:ed:03:69:a8:ae:60:94:da:b2
Signer

.text
Size: 677KB - Virtual size: 677KB

.rdata
Size: 265KB - Virtual size: 265KB

.data
Size: 12KB - Virtual size: 30KB

.rsrc
Size: 9KB - Virtual size: 8KB