db93cd64bdfd1ec7a6e68fd65d462d20N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

db93cd64bdfd1ec7a6e68fd65d462d20N.exe
Size

160KB
MD5

db93cd64bdfd1ec7a6e68fd65d462d20
SHA1

7d08a2e4b2b0a1177535722ffbe39827a5af2e14
SHA256

c160b848278c2190d2e6f56d8708f25c7f969be1ebc0c61cfd01fa441d70d1cc
SHA512

d634a6a259efa25a5fa0da1fc12e7d7455998eab186fcb9f4837fc20b95eafa60ae689b0470fac49ee365732f982d3ad438388dd0104b5f7a037e453facbef9a
SSDEEP

3072:jyyFyyRxd2Pm4dpajwaGHljjHNvTKgWL3D60ao0Dike:jyyFyyYm4dpOGHljLN71GT6NOke

Score

1^/10

Malware Config

Signatures

Files

db93cd64bdfd1ec7a6e68fd65d462d20N.exe
.dll windows:4 windows x86 arch:x86

067c0fbc566f241f1bf58f9b96743323

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

77:d2:ba:67:80:5f:a5:e6:4c:b9:14:71:36:96:b4:48
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

23/01/2007, 00:00

Not After

22/01/2009, 23:59

Subject

CN=Innovation Management Group\, Inc.,OU=Secure Application Development,O=Innovation Management Group\, Inc.,L=Chatsworth,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

23:43:15:e5:3c:32:73:1a:a0:fd:c2:77:6a:59:ab:47:a2:71:76:09
Signer

Actual PE Digest

23:43:15:e5:3c:32:73:1a:a0:fd:c2:77:6a:59:ab:47:a2:71:76:09

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileTime
FileTimeToSystemTime
LeaveCriticalSection
GetFileAttributesA
HeapFree
GetProcessHeap
EnterCriticalSection
lstrcpynA
lstrcmpiA
lstrlenA
InitializeCriticalSection
ReleaseMutex
WaitForSingleObject
InterlockedExchange
CreateMutexA
HeapAlloc
GetCurrentProcess
lstrcpyA
GlobalLock
GlobalAlloc
GlobalFree
GlobalUnlock
GetCommandLineA
HeapReAlloc
MultiByteToWideChar
GetTimeZoneInformation
GetSystemTime
GetLocalTime
InterlockedDecrement
InterlockedIncrement
ExitProcess
TerminateProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetDriveTypeA
GetLocaleInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetVersion
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
FlushFileBuffers
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetProcAddress
LoadLibraryA
SetFilePointer
ReadFile
SetStdHandle
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetVolumeLabelA
FindClose
FindNextFileA
FindFirstFileA
GetFullPathNameA
GetVolumeInformationA
FileTimeToLocalFileTime
CreateFileA
SetFileAttributesA
GetLastError
SetFileTime
CloseHandle
DeleteCriticalSection
GetStartupInfoA
WideCharToMultiByte
GetCurrentDirectoryA
SetEnvironmentVariableW
DeleteFileA
CreateDirectoryA

advapi32

OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
GetSecurityDescriptorControl
GetKernelObjectSecurity
SetKernelObjectSecurity
IsValidSecurityDescriptor
GetSecurityDescriptorDacl
IsValidAcl
GetSecurityDescriptorSacl
GetSecurityDescriptorOwner
IsValidSid
GetSecurityDescriptorGroup
GetSecurityDescriptorLength

user32

OemToCharA
CharToOemA

Exports

Exports

UzpFreeMemBuffer
UzpVersion
UzpVersion2
Wiz_Grep
Wiz_Init
Wiz_NoPrinting
Wiz_SetOpts
Wiz_SingleEntryUnzip
Wiz_Unzip
Wiz_UnzipToMemory
Wiz_Validate

Sections

.text
Size: 104KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

067c0fbc566f241f1bf58f9b96743323

Code Sign

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

77:d2:ba:67:80:5f:a5:e6:4c:b9:14:71:36:96:b4:48Certificate

Extended Key Usages

23:43:15:e5:3c:32:73:1a:a0:fd:c2:77:6a:59:ab:47:a2:71:76:09Signer

Headers

File Characteristics

Imports

kernel32

advapi32

user32

Exports

Exports

Sections

.text Size: 104KB - Virtual size: 100KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 16KB - Virtual size: 20KB

.rsrc Size: 4KB - Virtual size: 848B

.reloc Size: 8KB - Virtual size: 5KB

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

77:d2:ba:67:80:5f:a5:e6:4c:b9:14:71:36:96:b4:48
Certificate

23:43:15:e5:3c:32:73:1a:a0:fd:c2:77:6a:59:ab:47:a2:71:76:09
Signer

.text
Size: 104KB - Virtual size: 100KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 16KB - Virtual size: 20KB

.rsrc
Size: 4KB - Virtual size: 848B

.reloc
Size: 8KB - Virtual size: 5KB