046d71afd13c21b3285489f2f0ec4d30N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

046d71afd13c21b3285489f2f0ec4d30N.exe
Size

505KB
MD5

046d71afd13c21b3285489f2f0ec4d30
SHA1

8364642cecc063eef2741e0fd75d2ed7facaf65e
SHA256

8bd39660a8a997fe4c3f994a5b956b2bbdede34c9bdc1a852bf2064f2c3a2af1
SHA512

d60c084d3a8f3bf338b7b33e0b5b1b0b1ad5a8041c287495d0958e32ab440f494a4ee4afde0dcafc93b7609c7251c4de3a268170ae06df143545d4b16d70fa06
SSDEEP

12288:sTjAgk7ZRFU/kWjVX3p0P2ClgJL3YZBuSI2:CHp0/qL3YjuSI2

Score

1^/10

Malware Config

Signatures

Files

046d71afd13c21b3285489f2f0ec4d30N.exe
.dll regsvr32 windows:4 windows x86 arch:x86

78f0aa7a22389ccf00e2cba910ff21c5

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:d7:93:eb:66:a4:0d:35:8d:de:cf:c4:c7:d8:cc:eb
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/11/2009, 00:00

Not After

19/12/2011, 23:59

Subject

CN=Eximion B.V.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Technology,O=Eximion B.V.,L=Eindhoven,ST=Noord Brabant,C=NL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

21:7c:e0:6f:2b:cf:49:c0:14:cd:1b:c9:79:ac:4e:48:d3:cf:d4:0e
Signer

Actual PE Digest

21:7c:e0:6f:2b:cf:49:c0:14:cd:1b:c9:79:ac:4e:48:d3:cf:d4:0e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

G:\Eximion\Trunk\Software\Player\Project\vs2005\Bin\Release\kalydoplayer.pdb

Imports

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

wintrust

WinVerifyTrust

crypt32

CertGetNameStringW
CertFreeCertificateContext
CryptVerifyMessageSignature

imagehlp

ImageGetCertificateHeader
ImageEnumerateCertificates
ImageGetCertificateData

kernel32

GlobalLock
FlushInstructionCache
WideCharToMultiByte
CreateProcessW
LoadLibraryW
CopyFileW
WaitForSingleObject
GetExitCodeProcess
CloseHandle
GetExitCodeThread
DeleteFileW
GetProcAddress
RemoveDirectoryW
GetTempPathW
FindClose
SetEndOfFile
CreateFileW
MoveFileExW
GetCurrentDirectoryW
FindFirstFileW
FindNextFileW
LocalFree
SetFilePointerEx
SetCurrentDirectoryW
GetFileAttributesExW
CreateDirectoryW
FormatMessageW
GetVersionExW
Sleep
GetProcessAffinityMask
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
SetEvent
ResetEvent
CreateEventW
ReadFile
FlushFileBuffers
CreateNamedPipeW
WriteFile
ReleaseMutex
GetCurrentProcessId
CreateMutexW
TerminateProcess
OutputDebugStringW
GetThreadPriority
SuspendThread
ResumeThread
CreateThread
SetThreadPriority
FlushViewOfFile
GetSystemInfo
GetFileInformationByHandle
GlobalAlloc
UnmapViewOfFile
CreateFileMappingW
TryEnterCriticalSection
GetSystemTime
GetModuleFileNameW
HeapFree
GetProcessHeap
GetCPInfo
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
HeapSize
ExitProcess
HeapCreate
HeapDestroy
VirtualFree
GetModuleFileNameA
GetStdHandle
RtlUnwind
GetSystemTimeAsFileTime
GetDiskFreeSpaceA
GetFileAttributesW
SetFileAttributesW
GetVersionExA
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
GetACP
UnhandledExceptionFilter
VirtualQuery
GetModuleHandleA
VirtualAlloc
VirtualProtect
HeapReAlloc
HeapAlloc
IsValidCodePage
LCMapStringA
LCMapStringW
GetTimeZoneInformation
GetTimeFormatA
GetDateFormatA
SetFilePointer
GetConsoleCP
GetConsoleMode
LoadLibraryA
GlobalUnlock
GetCurrentProcess
SetLastError
GetCurrentThreadId
MulDiv
GetThreadLocale
LeaveCriticalSection
FindResourceW
SizeofResource
InterlockedDecrement
GetLastError
EnterCriticalSection
lstrcmpiW
SetThreadLocale
lstrlenW
GetModuleHandleW
InterlockedIncrement
InitializeCriticalSection
MultiByteToWideChar
WriteConsoleA
SetStdHandle
LoadResource
FreeLibrary
GetConsoleOutputCP
WriteConsoleW
CompareStringA
CompareStringW
LoadLibraryExW
DeleteCriticalSection
SystemTimeToFileTime
RaiseException
SetEnvironmentVariableA
SetEnvironmentVariableW
CreateFileA
InterlockedCompareExchange
IsProcessorFeaturePresent
MapViewOfFile
GetOEMCP
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
InterlockedExchange

user32

GetCursorPos
UnregisterClassA
ShowCursor
SendMessageW
PostMessageW
CallWindowProcA
SetWindowLongA
ValidateRect
GetWindowRect
PostThreadMessageW
GetWindowLongA
MessageBoxW
WaitForInputIdle
PostMessageA
FillRect
MoveWindow
GetDC
GetParent
SetWindowRgn
UnionRect
GetKeyState
BeginPaint
ShowWindow
InvalidateRect
CreateWindowExW
LoadCursorW
PtInRect
EqualRect
GetClassInfoExW
GetClientRect
OffsetRect
EndPaint
CallWindowProcW
DefWindowProcW
IsWindow
GetFocus
IntersectRect
ReleaseDC
IsChild
SetFocus
SetWindowPos
GetWindowLongW
SetWindowLongW
DestroyWindow
CharNextW
RegisterClassExW
GetKeyboardState

gdi32

CreateSolidBrush
CreateDCW
SetMapMode
LPtoDP
SaveDC
SetWindowExtEx
RestoreDC
SetViewportOrgEx
TextOutW
CreateMetaFileW
DeleteMetaFile
GetDeviceCaps
CreateRectRgnIndirect
CloseMetaFile
SetWindowOrgEx
DeleteDC
SetTextAlign
DeleteObject

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

SetEntriesInAclW
SetNamedSecurityInfoW
AllocateAndInitializeSid
RegSetValueExW
RegCloseKey
RegCreateKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW

shell32

ShellExecuteExW

ole32

CoCreateInstance
WriteClassStm
OleSaveToStream
CreateOleAdviseHolder
StringFromGUID2
OleRegGetUserType
ReadClassStm
CoTaskMemRealloc
OleRegEnumVerbs
CoTaskMemFree
CreateDataAdviseHolder
OleRegGetMiscStatus
CoTaskMemAlloc

oleaut32

VarUI4FromStr
VariantInit
VariantChangeType
OleCreatePropertyFrame
VariantClear
SysAllocStringLen
SysAllocString
LoadTypeLi
RegisterTypeLi
SysFreeString
SysStringLen
UnRegisterTypeLi
SysStringByteLen
SysAllocStringByteLen
LoadRegTypeLi

winmm

timeBeginPeriod
timeEndPeriod
timeGetTime

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 336KB - Virtual size: 333KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

78f0aa7a22389ccf00e2cba910ff21c5

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

4c:d7:93:eb:66:a4:0d:35:8d:de:cf:c4:c7:d8:cc:ebCertificate

Extended Key Usages

Key Usages

21:7c:e0:6f:2b:cf:49:c0:14:cd:1b:c9:79:ac:4e:48:d3:cf:d4:0eSigner

Headers

File Characteristics

PDB Paths

Imports

version

wintrust

crypt32

imagehlp

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

winmm

Exports

Exports

Sections

.text Size: 336KB - Virtual size: 333KB

.rdata Size: 76KB - Virtual size: 75KB

.data Size: 32KB - Virtual size: 58KB

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 44KB - Virtual size: 40KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

4c:d7:93:eb:66:a4:0d:35:8d:de:cf:c4:c7:d8:cc:eb
Certificate

21:7c:e0:6f:2b:cf:49:c0:14:cd:1b:c9:79:ac:4e:48:d3:cf:d4:0e
Signer

.text
Size: 336KB - Virtual size: 333KB

.rdata
Size: 76KB - Virtual size: 75KB

.data
Size: 32KB - Virtual size: 58KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 44KB - Virtual size: 40KB