33adb702e236f19e96cff80d2b07a400N

Sharing

Copy URL Twitter E-mail

General

Target

33adb702e236f19e96cff80d2b07a400N
Size

1.5MB
MD5

33adb702e236f19e96cff80d2b07a400
SHA1

37154e259ac4f7da9714410588e718ffb6432004
SHA256

c7b93a64cbe869144020d0dbd8995b4b03a2cc93bfa218d32f9b8d7eb6e31536
SHA512

4f5a62a842173bf3154599c16678d7b9ca37344a9c3e3adfbe275b634a0e95ada8ad24421f57ce8a16cb5de8050a9aafb58db32e9bfeb63547ebb23ffa530aac
SSDEEP

24576:2WBE9EGnzouRJMzD7iHsaPrnIX7e4Mxsk6Uzce3sJVfxBwAOZW4zsFxSWrPxhciN:2GE9EGnzouRJMzD7iHsaPrnIX7e4Mxsb

Score

1^/10

Malware Config

Signatures

Files

33adb702e236f19e96cff80d2b07a400N
.exe windows:5 windows x86 arch:x86

6463d6f9a8bec217f093645b779f89dd

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

05:bd:ed:82:63:83:ab:0c:99:3a:d8:6d:c9:15:7d:49
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

31/08/2009, 00:00

Not After

03/10/2012, 23:59

Subject

CN=Parametric Technology Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Parametric Technology Corporation,L=Arden Hills,ST=Minnesota,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gbase60

pro_is_bound
coreutils_sret_fp_get_freeze_symbol_chars
remove_dup_special_chars
dbg_err_syserr
pro_call
byte_fill_func
ugc_comment
vector_length
ugc_file_get_version
copy_vector
ugc_find_dd_entry
ugc_replace_entry
har_free
rlsmem
xar_cpy
empty_string
xar_remove
xar_insert
blankstr
xar_shrink
xar_last
dbg_err_crash
relmem
bytcpy_func
make_wscopy
make_scopy
getmem
proe_gmtime
pfa_parse_to_components
Cmp_integers
?ciphThrowNegativeIndex@@YAXH@Z
?ciphThrowInvalidArrayIndex@@YAXPAVxobject@@HH@Z
??0btkXArrayImpl@@QAE@I@Z
?_ClearAll@btkXArrayImpl@@QAEXXZ
?_Lookup@btkXArrayImpl@@QBE_NPAXP6AH00@ZAAI@Z
?_Reallocate@btkXArrayImpl@@EAEXI@Z
?_FreeAllElems@btkXArrayImpl@@MAEXXZ
?_Replace@btkXArrayImpl@@UAE_NIPAX@Z
?_Remove@btkXArrayImpl@@UAE_NII@Z
?_Insert@btkXArrayImpl@@UAE_NIPAXI@Z
pfa_alloc_pro_file
pfa_parse_to_pro_file
pfa_free_pro_file
pfa_get_path
pfa_get_name
pfa_get_extension
xar_free
xar_alloc
xar_append
?KSetGraniteJournaling@@YAXH@Z
iptc_printf
?GetTempPathA@kkTempFile@@SAPADPAD@Z
??1kkTempFile@@QAE@XZ
btk_fopen
iptc_fprintf
btk_fclose
btk_remove
?GetMinPoint@KBoxUV@@QAE?AV?$xrchandle@VKPointUV@@@@XZ
?GetMaxPoint@KBoxUV@@QAE?AV?$xrchandle@VKPointUV@@@@XZ
har_total
har_access
?GetZAxis@KCsys@@QAE?AV?$xrchandle@VKVector3D@@@@XZ
?GetOrigin@KCsys@@QAE?AV?$xrchandle@VKPoint3D@@@@XZ
?GetXAxis@KCsys@@QAE?AV?$xrchandle@VKVector3D@@@@XZ
?GetYAxis@KCsys@@QAE?AV?$xrchandle@VKVector3D@@@@XZ
wstostr
?GetMinPoint@KBox3D@@QAE?AV?$xrchandle@VKPoint3D@@@@XZ
?GetMaxPoint@KBox3D@@QAE?AV?$xrchandle@VKPoint3D@@@@XZ
xar_count
?ToInt@xstring@@QBE_NPAH@Z
?ToDouble@xstring@@QBE_NPAN@Z
strtows
??Bxstring@@QBEPBDXZ
??1xstring@@QAE@XZ
??1btkXArrayImpl@@QAE@XZ
?create@xstringsequence@@SAPAV1@XZ
??0xstring@@QAE@PBD@Z
?Create@KBox3D@@SA?AV?$xrchandle@VKBox3D@@@@V?$xrchandle@VKPoint3D@@@@0@Z
?KCreateColorRGB@@YA?AV?$xrchandle@VKColorRGB@@@@NNN@Z
?KCreatePointUV@@YA?AV?$xrchandle@VKPointUV@@@@NN@Z
?Create@KBoxUV@@SA?AV?$xrchandle@VKBoxUV@@@@V?$xrchandle@VKPointUV@@@@0@Z
?create@xintsequence@@SAPAV1@XZ
btk_sprintf
?KCreateVector3D@@YA?AV?$xrchandle@VKVector3D@@@@NNN@Z
?KCreatePoint3D@@YA?AV?$xrchandle@VKPoint3D@@@@NNN@Z
?Create@KCsys@@SA?AV?$xrchandle@VKCsys@@@@V?$xrchandle@VKPoint3D@@@@V?$xrchandle@VKVector3D@@@@1@Z
?create@xrealsequence@@SAPAV1@XZ
?create@KPoint3DList@@SAPAV1@XZ
?KGetBaseSession@@YA?AV?$xrchandle@VKBaseSession@@@@XZ
??1xany@@QAE@XZ
?xrcattach@@YAXPAVxobject@@@Z
?xrcunirelease@@YAXPAVxobject@@@Z
?xrcuniattach@@YAXPAVxobject@@@Z
?isRefCountable@xobject@@QAEEXZ
?xrcrelease@@YAXPAVxobject@@@Z
?cast@KCommon@@SAPAV1@PAVxobject@@@Z

gpi60

?GrRegisterExportTranslator@@YA_NP6AHHQAPAD@Z@Z
?GrRegisterImportTranslator@@YA_NP6AHV?$xrchandle@VKWPIModel@@@@PAUpro_intf_data_extend@@HQAPAD@Z@Z
?GrRegisterAssemImportTranslator@@YA_NP6AHHQAPAD@Z@Z
?GrRunClient@@YA_NXZ
?cast@KPIBsplsrf@@SAPAV1@PAVxobject@@@Z
?cast@KPILine@@SAPAV1@PAVxobject@@@Z
?cast@KPIArc@@SAPAV1@PAVxobject@@@Z
?cast@KPIEllipse@@SAPAV1@PAVxobject@@@Z
?cast@KPIBspline@@SAPAV1@PAVxobject@@@Z
?FillPIDAnnotPlanes@PIAnnotDataConverter@@QAEXPAPAPAUpro_intf_data_annot_plane@@PAN1@Z
?FillPIDSymbolInstances@PIAnnotDataConverter@@QAEXPAPAPAUpide_sym_inst@@V?$xrchandle@VKPoint3DList@@@@@Z
?create@KPIUnitList@@SAPAV1@XZ
?cast@KPIUnit@@SAPAV1@PAVxobject@@@Z
?create@KPIFacetedRepList@@SAPAV1@XZ
??0PIAnnotDataConverter@@QAE@XZ
?create@KPIFacetVtxList@@SAPAV1@XZ
?create@KPIFacetVtxdataList@@SAPAV1@XZ
?create@KPIFacetdataList@@SAPAV1@XZ
?KGetProIntfData@@YAPAUpro_intf_data_extend@@V?$xrchandle@VKWPIModelExt@@@@@Z
?FillPIDAnnotFeatures@PIAnnotDataConverter@@QAEXPAPAPAUpro_intf_data_annot_feature@@@Z
?create@KPILoopList@@SAPAV1@XZ
?cast@KPICurve@@SAPAV1@PAVxobject@@@Z
?cast@KPISurface@@SAPAV1@PAVxobject@@@Z
?KGetPISession@@YA?AV?$xrchandle@VKWPISession@@@@XZ
?create@KPIDatumList@@SAPAV1@XZ
?create@KPIQuiltList@@SAPAV1@XZ
?create@KPIEdgeList@@SAPAV1@XZ
?create@KPIFaceList@@SAPAV1@XZ
?create@KPIReferenceColorList@@SAPAV1@XZ
?create@KPIElementColorList@@SAPAV1@XZ
?ProParamReadonlyCreate@GraniteProxy@@QAEHPAUpro_model_item@@PBDPAUPro_Param_Value@@HPAUproparameter@@@Z
?SetComponentColor@GraniteProxy@@QAEHHHQAN0@Z
?SendTranslationLog@GraniteProxy@@QAEHPAPAD@Z
?FreeAtbImportLayers@GraniteProxy@@QAEXPAUatb_import_layer@@@Z
?GetAtbImportLayers@GraniteProxy@@QAEHHPAPAUatb_import_layer@@@Z
?SetAtbImportLayers@GraniteProxy@@QAEHHPAUatb_import_layer@@@Z
ProSetModelUnit
ProGetModelUnit
?SendAssemblyInfo@GraniteProxy@@QAEHHPAUpro_model_basic_info@@HHN@Z
?GetAssemblyInfo@GraniteProxy@@QAEHHPAPAUpro_model_basic_info@@PAPAUpro_intf_data_extend@@@Z
?GetProIntfData@GraniteProxy@@QAE?AV?$xrchandle@VKWPIModel@@@@HPAUpro_part_conversion_options@@PAUpro_model_conversion_options_ext@@PAPAUpro_intf_data_extend@@@Z
?InitSolid@GraniteProxy@@QAEHPBDHPAH@Z
?IsModelUsed@GraniteProxy@@QAEHHPBD@Z
?NotifyFinish@GraniteProxy@@QAEXXZ
?NotifyException@GraniteProxy@@QAEXPAD@Z
?AssembleComponent@GraniteProxy@@QAEHHHQAY02NHPAH1@Z
?CreateModel@GraniteProxy@@QAEHPBDHPAH@Z
?ImportProIntfDataToFeature@GraniteProxy@@QAEHHPAUentity@@PAUpro_intf_data@@PAUpro_intf_data_extend@@PAHPAD@Z
?TerminateAssembly@GraniteProxy@@QAEHH@Z
?GetCurrentModel@GraniteProxy@@QAEHHPAH@Z
?IsServerAlive@GraniteProxy@@QAE_NXZ
?GrInitializeClient@@YA?AV?$xrchandle@VGraniteProxy@@@@PBD@Z
?ProMdlToModelitem@GraniteProxy@@QAEHHPAUpro_model_item@@@Z

kernel32

CreateFileA
SetStdHandle
GetConsoleOutputCP
WriteConsoleA
SetFilePointer
GetLocaleInfoW
LCMapStringW
LCMapStringA
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetTimeZoneInformation
FlushFileBuffers
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
LoadLibraryA
FreeLibrary
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
WriteFile
HeapReAlloc
VirtualAlloc
DeleteCriticalSection
VirtualFree
HeapCreate
HeapAlloc
LoadLibraryW
SetConsoleCtrlHandler
LeaveCriticalSection
EnterCriticalSection
ExitProcess
HeapSize
Sleep
GetModuleHandleA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedDecrement
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetProcAddress
GetModuleHandleW
GetCommandLineA
GetSystemTimeAsFileTime
HeapFree
GetLastError
GetModuleFileNameW
GetStdHandle
GetFileType
WriteConsoleW
RaiseException
RtlUnwind
CompareStringA
CompareStringW
SetEnvironmentVariableA
ReadFile
PeekNamedPipe
CreateProcessA
DuplicateHandle
CreatePipe
GetLocalTime
GetFileAttributesA
FindClose
FindNextFileA
FindFirstFileA
CreateDirectoryA
GetCurrentDirectoryA
GetLogicalDrives
RemoveDirectoryA
DeleteFileA
SetCurrentDirectoryA
SetEnvironmentVariableW
SetEndOfFile
GetProcessHeap
CloseHandle

user32

PostMessageA
EnumWindows
GetWindowThreadProcessId

wsock32

closesocket
connect
ioctlsocket
htons
gethostbyname
socket
send
WSAGetLastError
recv
accept
WSACleanup
gethostname
WSAStartup

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 292KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6463d6f9a8bec217f093645b779f89dd

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

05:bd:ed:82:63:83:ab:0c:99:3a:d8:6d:c9:15:7d:49Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

gbase60

gpi60

kernel32

user32

wsock32

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 99KB - Virtual size: 98KB

.data Size: 292KB - Virtual size: 312KB

.rsrc Size: 71KB - Virtual size: 71KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

05:bd:ed:82:63:83:ab:0c:99:3a:d8:6d:c9:15:7d:49
Certificate

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 99KB - Virtual size: 98KB

.data
Size: 292KB - Virtual size: 312KB

.rsrc
Size: 71KB - Virtual size: 71KB