bbd9842d870c7a44258ed7bd322807c0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

bbd9842d870c7a44258ed7bd322807c0N.exe
Size

4.4MB
MD5

bbd9842d870c7a44258ed7bd322807c0
SHA1

b41d691b51a1b19e4652cae6edc978092be211ec
SHA256

859d39e0c5b214dcc31e20d3f70c44543f2b3be4414027b25fe1adc3fab810af
SHA512

95ab0b0d13e64cb3e29f223368eb696f802ff409bb84b2bcd39f8baa80a7f19986a37e31339cd8cbf057ffd69b00b52b9a002cdc44f03165c7c1ff9d88197bb1
SSDEEP

49152:6XtrVJ59kOxo5WvlfzDObq24DXRRg/AsRt+I:47HzDOu22S7Rj

Score

1^/10

Malware Config

Signatures

Files

bbd9842d870c7a44258ed7bd322807c0N.exe
.exe windows:4 windows x86 arch:x86

c3f999e6c7eb7465ccfe72b097a01bb9

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6a:56:08:20:fa:3e:9a:d8:e5:41:17:34:b1:d4:0a:d5
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

20/05/2013, 00:00

Not After

07/08/2015, 23:59

Subject

CN=NCH Software,O=NCH Software,L=Canberra,ST=Australian Capital Territory,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

19:14:52:aa:bb:69:fd:05:60:c5:50:5a:cc:d9:40:ef:38:ac:89:cc
Signer

Actual PE Digest

19:14:52:aa:bb:69:fd:05:60:c5:50:5a:cc:d9:40:ef:38:ac:89:cc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\SourceCode\videopad\Release\VideoPad.pdb

Imports

opengl32

wglMakeCurrent
wglCreateContext
wglDeleteContext
wglGetProcAddress
wglGetCurrentContext

kernel32

SetEndOfFile
IsBadWritePtr
GetModuleHandleA
Sleep
GetThreadPriority
ResetEvent
MulDiv
SetEvent
GlobalLock
DeleteFileW
GlobalUnlock
LoadLibraryW
GlobalSize
GetLongPathNameW
MoveFileW
GetVersionExW
GetFileSizeEx
LoadLibraryA
GetCurrentThread
GetFileAttributesW
GetFileTime
CreateDirectoryW
GetTempPathW
GetSystemInfo
CreateEventW
DeviceIoControl
GetTimeZoneInformation
InitializeCriticalSection
FreeLibrary
GetCurrentThreadId
GetTickCount
SetFilePointerEx
WaitForSingleObject
GlobalFree
VerifyVersionInfoW
VerSetConditionMask
GlobalMemoryStatusEx
GetProcAddress
GlobalAlloc
WriteFile
CloseHandle
FindClose
WideCharToMultiByte
TlsFree
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
WTSGetActiveConsoleSessionId
FreeResource
GetCurrentProcessId
SetFileTime
GetSystemTime
GetStartupInfoW
FileTimeToSystemTime
LeaveCriticalSection
GetPrivateProfileSectionNamesW
HeapAlloc
InterlockedDecrement
GetCommandLineW
GlobalHandle
SetLastError
RemoveDirectoryW
DuplicateHandle
LockResource
SizeofResource
QueryPerformanceCounter
SetEnvironmentVariableW
SystemTimeToFileTime
ProcessIdToSessionId
CreateToolhelp32Snapshot
GetModuleFileNameW
GetLocaleInfoW
VirtualQuery
LocalAlloc
GetPrivateProfileStringW
SystemTimeToTzSpecificLocalTime
CreateFileMappingW
FindResourceW
SetFilePointer
GetShortPathNameW
lstrcpyW
QueryPerformanceFrequency
GetStdHandle
GetLocaleInfoA
GetDiskFreeSpaceExW
GetUserDefaultLCID
Process32NextW
GetLastError
GetProcessHeap
LoadResource
GetEnvironmentVariableW
LocalFileTimeToFileTime
GetPrivateProfileIntW
ExitProcess
LocalFree
FlushFileBuffers
LoadLibraryExW
GetFileSize
GetVersionExA
SetUnhandledExceptionFilter
GetComputerNameW
OpenProcess
CreatePipe
CreateThread
WaitForMultipleObjects
UnmapViewOfFile
CreateMutexW
GetExitCodeProcess
CancelIo
SetThreadExecutionState
GetLogicalDriveStringsW
ReleaseMutex
TerminateProcess
MoveFileExW
PeekNamedPipe
HeapFree
GetCurrentProcess
MapViewOfFile
GetVolumeInformationW
FileTimeToLocalFileTime
Process32FirstW
FindFirstFileW
FindNextFileW
ReadFile
EnterCriticalSection
CreateProcessW
SetFileAttributesW
MultiByteToWideChar
CopyFileW
DeleteCriticalSection
GetDriveTypeW
SetThreadPriority
CreateFileW
VirtualFree
VirtualAlloc
HeapReAlloc
HeapDestroy
HeapCreate
LCMapStringA
LCMapStringW
GetStringTypeA
TlsAlloc
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
GetConsoleMode
GetConsoleCP
RtlUnwind
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
RaiseException
GetStringTypeW
GetSystemTimeAsFileTime
UnhandledExceptionFilter
InterlockedIncrement
GetCommandLineA
GetStartupInfoA
IsDebuggerPresent
GetModuleFileNameA
TlsGetValue
TlsSetValue

advapi32

OpenProcessToken
RegOpenKeyW
RegDeleteKeyW
CryptAcquireContextW
GetLengthSid
InitializeSid
CheckTokenMembership
RegEnumKeyW
GetSidLengthRequired
RegEnumValueW
AllocateAndInitializeSid
DuplicateTokenEx
FreeSid
CryptDecrypt
AddAccessAllowedAce
RegSetValueExW
SetSecurityDescriptorDacl
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
CryptDestroyHash
RegEnumKeyExW
RegOpenKeyExW
SetFileSecurityW
InitializeAcl
InitializeSecurityDescriptor
GetAce
CryptHashData
GetSidSubAuthority
CryptEncrypt
RegQueryInfoKeyW
RegQueryValueExW
CryptDeriveKey
RegSetKeySecurity
CryptCreateHash
GetUserNameW

comctl32

ImageList_GetImageCount
ImageList_Draw
PropertySheetW
_TrackMouseEvent
ImageList_Replace
ImageList_Remove
ord17
ImageList_ReplaceIcon
ImageList_GetIconSize
ImageList_Destroy
ImageList_Create
CreateToolbarEx
InitCommonControlsEx
ImageList_Add
ImageList_GetImageInfo
ImageList_DrawEx
CreatePropertySheetPageW

comdlg32

ChooseColorW
GetOpenFileNameW
GetSaveFileNameW

gdi32

CreateFontIndirectW
PolyTextOutW
SetTextColor
DeleteObject
SetBrushOrgEx
GetCurrentObject
CreatePatternBrush
CreateCompatibleBitmap
LineTo
Polyline
GetBkMode
DeleteDC
SelectObject
SetBkMode
CreatePen
Polygon
GetDIBits
SetBkColor
CreateCompatibleDC
SetStretchBltMode
GetTextExtentPoint32W
FillRgn
CreateSolidBrush
CreateDIBitmap
TextOutW
CreatePolygonRgn
CreateFontW
GetObjectW
PolyDraw
SetDIBits
MoveToEx
GetStockObject
CreateRectRgnIndirect
PatBlt
DescribePixelFormat
SetPixel
SetBitmapBits
CombineRgn
SetROP2
SetTextAlign
CreateBitmap
GetDeviceCaps
ExtTextOutW
SetDIBitsToDevice
CreateDCW
ChoosePixelFormat
GetWindowExtEx
Rectangle
GetObjectA
SetPixelFormat
BitBlt
GetViewportExtEx
SetViewportExtEx
GetTextFaceW
CreateDIBSection
GetBitmapBits
SetWindowExtEx
StretchBlt

msacm32

acmStreamClose
acmFormatDetailsW
acmDriverClose
acmDriverOpen
acmStreamOpen
acmFormatEnumW
acmStreamPrepareHeader
acmDriverEnum
acmStreamConvert
acmDriverDetailsW
acmStreamSize
acmStreamUnprepareHeader
acmFormatTagEnumW

ole32

CoGetMalloc
CoInitializeSecurity
OleCreate
StgCreateDocfile
CoTaskMemFree
OleSetContainedObject
CoTaskMemAlloc
CreateStreamOnHGlobal
CoCreateInstance
OleInitialize
OleUninitialize
CoInitialize
ReleaseStgMedium
RevokeDragDrop
RegisterDragDrop
DoDragDrop
CLSIDFromString
CoUninitialize

oleaut32

OleCreatePropertyFrame
VariantClear
SysAllocStringLen
SysFreeString
OleLoadPicturePath
OleLoadPicture
SysAllocString
VariantInit

shell32

SHChangeNotify
SHGetFolderPathW
ShellExecuteW
DragQueryPoint
DragQueryFileW
DragFinish
Shell_NotifyIconW
SHBrowseForFolderW
SHFileOperationW
DragAcceptFiles
ord680
ShellExecuteExW
SHGetPathFromIDListW
CommandLineToArgvW
SHGetMalloc

shlwapi

StrCmpLogicalW
SHCopyKeyW
SHDeleteKeyW
PathIsSameRootW
SHDeleteEmptyKeyW

user32

InsertMenuItemW
SetFocus
SetActiveWindow
SetCursor
CreateWindowExW
DestroyIcon
GetCapture
ShowWindow
SetScrollInfo
DestroyMenu
ScrollWindowEx
LoadImageW
RemovePropW
GetSysColor
GetParent
GetFocus
MapDialogRect
SendMessageW
SetPropW
CharLowerW
RemoveMenu
SetTimer
IsWindow
LoadCursorW
KillTimer
FillRect
TrackPopupMenu
DrawTextW
PtInRect
DeleteMenu
UpdateWindow
GetKeyState
SetDlgItemTextW
CheckDlgButton
SetWindowTextW
ReleaseCapture
GetCursor
GetDesktopWindow
SetCapture
MapWindowPoints
EndPaint
ModifyMenuW
CheckRadioButton
CreatePopupMenu
GetWindowPlacement
GetDC
IsDlgButtonChecked
GetDlgItem
InvalidateRect
GetMenu
SetClassLongW
CallNextHookEx
GetDlgItemTextW
MapVirtualKeyW
FlashWindowEx
GetIconInfo
GetForegroundWindow
CreateDialogParamW
SetWindowPlacement
SetMenuDefaultItem
GetWindowTextLengthW
wsprintfW
CloseClipboard
EnumDisplayMonitors
SendDlgItemMessageW
EnumThreadWindows
RegisterClassW
ScreenToClient
GetSysColorBrush
GetClipboardData
GetSubMenu
InflateRect
SystemParametersInfoW
TranslateMessage
EndMenu
EnableWindow
MonitorFromPoint
DrawEdge
MonitorFromWindow
FindWindowW
IsClipboardFormatAvailable
InsertMenuW
CharUpperW
GetKeyNameTextW
IsDialogMessageW
DispatchMessageW
MonitorFromRect
EnumChildWindows
DrawStateW
GetClassInfoW
GetWindow
GetWindowTextW
GetMessageW
EnumDisplaySettingsW
DialogBoxIndirectParamW
UnhookWindowsHookEx
SetDlgItemInt
MsgWaitForMultipleObjects
LoadIconW
SetMenu
SetForegroundWindow
WindowFromDC
CallWindowProcW
PeekMessageW
GetMonitorInfoW
EndDialog
AdjustWindowRectEx
GetSystemMenu
EnumDisplayDevicesW
GetDlgItemInt
GetMenuItemCount
IsCharAlphaW
IsChild
OpenClipboard
PostQuitMessage
AllowSetForegroundWindow
GetClassNameA
GetWindowWord
SetWindowWord
GetMenuStringW
DrawMenuBar
RegisterClipboardFormatW
MessageBeep
GetScrollInfo
GetActiveWindow
WaitForInputIdle
ClientToScreen
SetWindowLongW
IsZoomed
DialogBoxParamW
PostMessageW
MoveWindow
GetWindowDC
DrawIconEx
GetCursorInfo
GetWindowLongW
GetClassNameW
SetMenuItemInfoW
DestroyWindow
AppendMenuW
ReleaseDC
MessageBoxW
GetDlgCtrlID
DrawFocusRect
IsWindowEnabled
CopyImage
GetSystemMetrics
GetAsyncKeyState
GetClientRect
CheckMenuItem
GetPropW
GetMenuItemInfoW
IsIconic
SetWindowPos
SetWindowsHookExW
BeginPaint
RedrawWindow
EnableMenuItem
DefWindowProcW
CreateDialogIndirectParamW
FrameRect
GetWindowRect
IsWindowVisible

winmm

waveInMessage
mixerGetLineInfoW
waveOutWrite
waveInClose
waveInGetDevCapsW
waveOutGetDevCapsW
waveOutPause
waveInReset
waveInStart
waveOutGetNumDevs
mixerGetLineControlsW
waveInAddBuffer
waveOutPrepareHeader
waveOutUnprepareHeader
mixerGetControlDetailsW
waveInOpen
waveOutSetVolume
mixerGetID
waveInUnprepareHeader
waveOutOpen
waveInGetNumDevs
mixerSetControlDetails
waveOutClose
waveInPrepareHeader
waveInStop
waveOutGetPosition
waveOutReset

ws2_32

select
ntohs
WSAStartup
recv
gethostbyname
socket
send
inet_addr
__WSAFDIsSet
ioctlsocket
WSAGetLastError
htons
connect
closesocket
setsockopt

netapi32

NetUserGetInfo
NetApiBufferFree

gdiplus

GdipSaveImageToStream
GdipSetLineWrapMode
GdipDrawCachedBitmap
GdipGetImageHeight
GdipSetPenStartCap
GdipCreatePen1
GdipGetFontCollectionFamilyList
GdipCreateLineBrush
GdipDisposeImage
GdipDeleteStringFormat
GdipGetPropertyCount
GdipGetFontCollectionFamilyCount
GdipAddPathEllipse
GdipGetImageEncoders
GdipGetPropertyItemSize
GdipSetStringFormatAlign
GdipDrawString
GdipBitmapLockBits
GdipSetPenLineJoin
GdipSetPenDashOffset
GdipCreateBitmapFromGdiDib
GdipImageGetFrameDimensionsList
GdipSetWorldTransform
GdipGetImagePixelFormat
GdipDeleteFontFamily
GdipAddPathString
GdipSetPenMiterLimit
GdipSetPenEndCap
GdipGetFamily
GdipCreateMatrix
GdipGetFontSize
GdipGetImageHorizontalResolution
GdipBitmapUnlockBits
GdipCreateFontFromLogfontA
GdipImageGetFrameCount
GdipResetWorldTransform
GdipSetPenDashCap197819
GdipGetPropertyIdList
GdipGetPathWorldBounds
GdipMeasureString
GdipImageSelectActiveFrame
GdipSetPageUnit
GdipCloneImage
GdipCreateBitmapFromScan0
GdipFlattenPath
GdipCreateFontFromDC
GdipDeleteGraphics
GdipGetFamilyName
GdipNewInstalledFontCollection
GdipSetStringFormatLineAlign
GdipDeleteRegion
GdipCreateFromHDC
GdiplusShutdown
GdipSetPenDashArray
GdiplusStartup
GdipGetPropertyItem
GdipTranslateMatrix
GdipDrawImageRect
GdipCloneFontFamily
GdipSetPenDashStyle
GdipCreateBitmapFromStream
GdipSetStringFormatFlags
GdipGetFontStyle
GdipGetImageVerticalResolution
GdipDeleteCachedBitmap
GdipGetImageEncodersSize
GdipRotateMatrix
GdipImageGetFrameDimensionsCount
GdipScaleMatrix
GdipSetStringFormatTrimming
GdipCreateCachedBitmap
GdipGetImageWidth
GdipDrawPath
GdipGetPathLastPoint
GdipFillPath
GdipSetLinePresetBlend
GdipSetInterpolationMode
GdipDrawImageRectI
GdipBitmapSetResolution
GdipCreateStringFormat
GdipGetImageGraphicsContext
GdipDrawLine
GdipDeletePen
GdipSetSolidFillColor
GdipAlloc
GdipFree
GdipDeleteBrush
GdipAddPathLine2
GdipTransformPath
GdipDeletePath
GdipFillRectangle
GdipAddPathRectangle
GdipClosePathFigure
GdipCreateSolidFill
GdipSetSmoothingMode
GdipDeleteFont
GdipAddPathArc
GdipCreatePen2
GdipGraphicsClear
GdipAddPathLine
GdipSetPixelOffsetMode
GdipCloneBrush
GdipDrawEllipse
GdipCreatePath
GdipDeleteMatrix
GdipCreateMatrix2
GdipSetTextRenderingHint
GdipFillEllipse
GdipSetCompositingMode
GdipDrawRectangle

msimg32

AlphaBlend
GradientFill

iphlpapi

GetAdaptersAddresses

wininet

InternetGetConnectedState
InternetQueryOptionA

urlmon

CopyStgMedium

Sections

.rdata
Size: 477KB - Virtual size: 477KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.8MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c3f999e6c7eb7465ccfe72b097a01bb9

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

6a:56:08:20:fa:3e:9a:d8:e5:41:17:34:b1:d4:0a:d5Certificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

19:14:52:aa:bb:69:fd:05:60:c5:50:5a:cc:d9:40:ef:38:ac:89:ccSigner

Headers

File Characteristics

PDB Paths

Imports

opengl32

kernel32

advapi32

comctl32

comdlg32

gdi32

msacm32

ole32

oleaut32

shell32

shlwapi

user32

winmm

ws2_32

netapi32

gdiplus

msimg32

iphlpapi

wininet

urlmon

Sections

.rdata Size: 477KB - Virtual size: 477KB

.data Size: 2.8MB - Virtual size: 3.1MB

.rsrc Size: 1.1MB - Virtual size: 1.1MB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

6a:56:08:20:fa:3e:9a:d8:e5:41:17:34:b1:d4:0a:d5
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

19:14:52:aa:bb:69:fd:05:60:c5:50:5a:cc:d9:40:ef:38:ac:89:cc
Signer

.rdata
Size: 477KB - Virtual size: 477KB

.data
Size: 2.8MB - Virtual size: 3.1MB

.rsrc
Size: 1.1MB - Virtual size: 1.1MB