4d0147748c163ee993f72983af6bcf00N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

4d0147748c163ee993f72983af6bcf00N.exe
Size

237KB
MD5

4d0147748c163ee993f72983af6bcf00
SHA1

897f8ca37f8e778e89d1a7af76c77506b868295c
SHA256

043d109810358ce58f7aa69ee402292726ac373c9802d46e16d62507daf17203
SHA512

a93412c48c1f7febb1020115cd0d2417352cd353b4176cc16b899a49754769254c11e485de0a5382a4c010ca742cd0ff2ae1c980dad010fe7fe55a7235a1cbab
SSDEEP

6144:DD8okEvTyoZVOgd2QZiw5NLclL5orfQH:/sjCF2QZiOU+4

Score

1^/10

Malware Config

Signatures

Files

4d0147748c163ee993f72983af6bcf00N.exe
.exe windows:4 windows x86 arch:x86

77eb68348ee30e01ec09fce3582c5f76

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

75:e8:09:36:1d:af:be:7b:d7:2e:0e:5b:b7:65:95:52
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

11/02/2009, 00:00

Not After

11/02/2012, 23:59

Subject

CN=Avira GmbH,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Development 2009,O=Avira GmbH,L=Tettnang,ST=Baden-Wuerttemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVolumeInformationW
lstrcmp
LocalFree
GetTempPathW
FileTimeToDosDateTime
GetCalendarInfoA
EnumDateFormatsW
GetVersionExA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAlloc
LocalAlloc
CreateFiber
CreatePipe
CompareStringA
VirtualAlloc
GetVolumeInformationA
LoadLibraryA
GetSystemDirectoryW
EnumDateFormatsA
GetLogicalDrives
DisconnectNamedPipe
CopyFileA
SetLocaleInfoW
FreeResource
SystemTimeToFileTime
SetThreadPriority

user32

GetMenuItemRect
CheckMenuRadioItem
GetWindowRect
GetCaretPos
ActivateKeyboardLayout
GetParent
CallWindowProcW
WinHelpW
LoadCursorW
AdjustWindowRect
CopyImage
CreateDialogIndirectParamW
GetCursorPos
GetMenuItemID
LoadMenuIndirectA
CharUpperW
CreateMenu
ArrangeIconicWindows
RegisterClassExW
LoadIconA
SetWindowPos
DestroyWindow
DialogBoxIndirectParamW
GetDlgItemInt
GetSysColor
DialogBoxParamW
ShowCaret
WaitMessage
DestroyCursor
UnregisterClassW
SendMessageW
MonitorFromRect
GetClassNameA
GetClassInfoExA
GetIconInfo
DrawTextW
DrawTextA
CallWindowProcA
CreateWindowExW
UpdateWindow

gdi32

SetICMProfileW
ExtEscape
SetRectRgn
RemoveFontResourceExW
GetPolyFillMode
ColorMatchToTarget
GetCharABCWidthsI
SetWorldTransform
PlayMetaFile
GetLogColorSpaceW
CreateRoundRectRgn
SetWindowOrgEx
GetCharacterPlacementW

advapi32

RegOpenKeyW
RegOpenKeyExW
RegEnumValueA
RegCreateKeyExA

shell32

SHFreeNameMappings

opengl32

glTexGendv
glTexCoord2iv
glRecti
glDebugEntry
glEvalCoord1fv
glMaterialfv
glRasterPos2fv
glPixelMapuiv
glEvalCoord2d

inetcomm

MimeOleGetContentTypeExt
MimeOleGetBodyPropA
CreateSMTPTransport
MimeOleConvertEnrichedToHTML

Sections

.X2"*
Size: 10KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.d>ir
Size: 512B - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.1
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.T:O
Size: 1024B - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.b9"g9Y
Size: 3KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.LJn
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.'
Size: 512B - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 206KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

77eb68348ee30e01ec09fce3582c5f76

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

75:e8:09:36:1d:af:be:7b:d7:2e:0e:5b:b7:65:95:52Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

opengl32

inetcomm

Sections

.X2"* Size: 10KB - Virtual size: 11KB

.d>ir Size: 512B - Virtual size: 20KB

.1 Size: 4KB - Virtual size: 3KB

.T:O Size: 1024B - Virtual size: 25KB

.b9"g9Y Size: 3KB - Virtual size: 10KB

.LJn Size: 2KB - Virtual size: 10KB

.' Size: 512B - Virtual size: 39KB

.rsrc Size: 206KB - Virtual size: 205KB

.reloc Size: 1024B - Virtual size: 68KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

75:e8:09:36:1d:af:be:7b:d7:2e:0e:5b:b7:65:95:52
Certificate

.X2"*
Size: 10KB - Virtual size: 11KB

.d>ir
Size: 512B - Virtual size: 20KB

.1
Size: 4KB - Virtual size: 3KB

.T:O
Size: 1024B - Virtual size: 25KB

.b9"g9Y
Size: 3KB - Virtual size: 10KB

.LJn
Size: 2KB - Virtual size: 10KB

.'
Size: 512B - Virtual size: 39KB

.rsrc
Size: 206KB - Virtual size: 205KB

.reloc
Size: 1024B - Virtual size: 68KB