964d0cf040d3627b1fb810ae4c9c4a40N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

964d0cf040d3627b1fb810ae4c9c4a40N.exe
Size

3.0MB
MD5

964d0cf040d3627b1fb810ae4c9c4a40
SHA1

f2d1211d17a38550d9278f281f6d39b37ff8a682
SHA256

40e15b4fa176fe80b124a013d2f6f30769266adebccb0c0ff4965d2eba3d25c3
SHA512

d889d8e94a9e3aafbdc6f6cbba54ee64eb744b3d40f4adbc690a6f5abdb750c7840e0e0c73111e000484b5ee8bb917ab7e4cca4b2a46e7804d00725797bdafa7
SSDEEP

49152:qiH2AaajKHX/Ft0vR+Y1pxsVnmMAnBxbu2ONWWIL2wM8+AtZiti8:HHRawKHPFyvR+2VMETbu2vrSwM8zg

Score

1^/10

Malware Config

Signatures

Files

964d0cf040d3627b1fb810ae4c9c4a40N.exe
.exe windows:4 windows x86 arch:x86

eb8e4c18c0db24e370997034ab673a56

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

02:a6:a4:b1:0c:1c:23:11:0c:2c:40:a2:aa:4b:5c:3c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

18-10-2013 00:00

Not After

18-10-2014 23:59

Subject

CN=O&O Software GmbH,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=O&O Software GmbH,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c9:13:69:7a:35:65:d6:94:7b:72:25:54:6d:cd:35:18:d9:d7:28:67
Signer

Actual PE Digest

c9:13:69:7a:35:65:d6:94:7b:72:25:54:6d:cd:35:18:d9:d7:28:67

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\buildsource\oolu_trunk\src\client\win32\release\OOLiveUpdate.pdb

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

urlmon

URLDownloadToFileW

wininet

InternetGetConnectedState
DeleteUrlCacheEntryW
HttpOpenRequestW
InternetConnectW
HttpSendRequestW
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetOpenW
InternetGetLastResponseInfoW
InternetCloseHandle
HttpQueryInfoW
InternetQueryDataAvailable

advapi32

RegDeleteKeyW
RegOpenKeyW
RegQueryValueW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegDeleteValueW
RegSetValueExW
RegEnumKeyExW
ReportEventW
DeregisterEventSource
RegisterEventSourceW
RegEnumKeyW

msi

ord70
ord45

kernel32

GlobalUnlock
LocalFree
GlobalFree
GlobalAddAtomW
FreeResource
LocalAlloc
GetVersionExA
LoadLibraryA
CompareStringW
GlobalFindAtomW
WritePrivateProfileStringW
GlobalFlags
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
InterlockedIncrement
lstrlenA
GetThreadLocale
LoadLibraryW
UnlockFile
GetFileSize
DuplicateHandle
GetVolumeInformationW
GetFullPathNameW
GetFileAttributesW
GetFileTime
SetErrorMode
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
GetSystemTimeAsFileTime
HeapReAlloc
RtlUnwind
RaiseException
HeapSize
SetStdHandle
GetFileType
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
MulDiv
SetHandleCount
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
VirtualAlloc
LCMapStringA
LCMapStringW
GetTimeFormatA
GetDateFormatA
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
CreateFileA
SetEnvironmentVariableA
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
LoadLibraryExW
CompareStringA
InterlockedExchange
GlobalLock
lstrcmpW
GlobalAlloc
FreeLibrary
GetTimeZoneInformation
GetSystemInfo
GetProcAddress
GetModuleHandleW
GetStdHandle
GetCurrentThreadId
GetSystemTime
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
WriteConsoleW
ReadFile
DeleteCriticalSection
WriteFile
FlushFileBuffers
FileTimeToLocalFileTime
FileTimeToSystemTime
GetCommandLineA
GetModuleHandleA
GetCurrentProcessId
SetEndOfFile
SetFilePointer
CreateFileW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
lstrlenW
GetTickCount
TerminateProcess
Sleep
CreateProcessW
CloseHandle
GetExitCodeProcess
GetTempPathW
CreateEventW
FormatMessageW
GetCurrentProcess
IsWow64Process
CreateThread
GetLastError
FindClose
FindFirstFileW
SetLastError
WideCharToMultiByte
ReleaseMutex
WaitForSingleObject
InterlockedDecrement
CreateMutexW
CreateDirectoryW
GetModuleFileNameW
GetSystemDefaultLCID
FindResourceW
LoadResource
LockResource
SizeofResource
MultiByteToWideChar
DeleteFileW
GetCommandLineW
lstrcpyW
WinExec
lstrcatW
GetWindowsDirectoryW
LockFile

user32

SetCapture
WindowFromPoint
LoadCursorW
ReleaseCapture
GetSysColorBrush
CharUpperW
UnregisterClassW
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
UpdateWindow
GetMenu
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
PtInRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
SetWindowLongW
SystemParametersInfoA
GetWindowPlacement
GetWindow
UnhookWindowsHookEx
SetCursor
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
GetMenuItemID
GetMenuItemCount
GetSubMenu
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetFocus
ModifyMenuW
GetMenuState
CheckMenuItem
EndPaint
BeginPaint
ClientToScreen
ScreenToClient
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
DestroyMenu
InflateRect
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
CreateWindowExW
ReleaseDC
GetDC
CopyRect
IsWindow
GetWindowThreadProcessId
GetParent
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
PostQuitMessage
FillRect
GetSysColor
DrawStateW
IsIconic
KillTimer
EnableWindow
PostMessageW
LoadBitmapW
LoadIconW
LoadImageW
SetTimer
GetWindowRect
SetWindowPos
EnableMenuItem
GetSystemMenu
DrawIcon
SendMessageW
GetClientRect
InvalidateRect
GetSystemMetrics
MessageBoxW
UnregisterClassA
MessageBeep
CopyIcon

gdi32

TextOutW
RectVisible
ExtTextOutW
Escape
GetTextColor
CreateSolidBrush
CreatePen
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
GetBitmapDimensionEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
CreateBitmap
GetStockObject
GetDeviceCaps
GetTextExtentPoint32W
GetObjectW
CreateFontIndirectW
DeleteObject
MoveToEx
LineTo
GetClipBox
SetMapMode
SetTextColor
SetBkMode
SetBkColor
RestoreDC
SaveDC
PtVisible

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

shell32

ShellExecuteW
ShellExecuteExW

shlwapi

PathStripToRootW
PathIsUNCW
PathFindFileNameW
PathFindExtensionW

ole32

CoInitialize
CoSetProxyBlanket
CoCreateInstance
CoUninitialize
CoInitializeSecurity
CoInitializeEx

oleaut32

SysAllocString
SysFreeString
VariantClear
VariantChangeType
VariantInit

ntdll

LdrGetProcedureAddress
LdrLoadDll
RtlInitString
LdrUnloadDll
RtlInitUnicodeString

iphlpapi

GetAdaptersAddresses

Sections

.text
Size: 328KB - Virtual size: 325KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 312KB - Virtual size: 311KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eb8e4c18c0db24e370997034ab673a56

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

02:a6:a4:b1:0c:1c:23:11:0c:2c:40:a2:aa:4b:5c:3cCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

c9:13:69:7a:35:65:d6:94:7b:72:25:54:6d:cd:35:18:d9:d7:28:67Signer

Headers

File Characteristics

PDB Paths

Imports

version

urlmon

wininet

advapi32

msi

kernel32

user32

gdi32

comdlg32

winspool.drv

shell32

shlwapi

ole32

oleaut32

ntdll

iphlpapi

Sections

.text Size: 328KB - Virtual size: 325KB

.rdata Size: 88KB - Virtual size: 86KB

.data Size: 12KB - Virtual size: 28KB

.rsrc Size: 312KB - Virtual size: 311KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

02:a6:a4:b1:0c:1c:23:11:0c:2c:40:a2:aa:4b:5c:3c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

c9:13:69:7a:35:65:d6:94:7b:72:25:54:6d:cd:35:18:d9:d7:28:67
Signer

.text
Size: 328KB - Virtual size: 325KB

.rdata
Size: 88KB - Virtual size: 86KB

.data
Size: 12KB - Virtual size: 28KB

.rsrc
Size: 312KB - Virtual size: 311KB