ac9cebc262672fc8ec2e001c51dc38056ea21e3af8f6d70f7e1fc75f8943488c

Sharing

Copy URL Twitter E-mail

General

Target

ac9cebc262672fc8ec2e001c51dc38056ea21e3af8f6d70f7e1fc75f8943488c
Size

81KB
MD5

796accdf79e1adbbdba705dff34cb806
SHA1

f660d38d54ac1bb90430ee39b76265de8b642669
SHA256

ac9cebc262672fc8ec2e001c51dc38056ea21e3af8f6d70f7e1fc75f8943488c
SHA512

84e2f1952044c2f29c128469764635c3990cb98ab5d65541b4c8da0dc7e41e8b6acccd785c7fc32d2cfd83ead74edf0ed3e99833387b897b043e8ae0d41c39cf
SSDEEP

1536:2h0b14KcAxR0fxBkhtt7kGuJ8h7uH6LR1lOaqO2a:2i4KfIZBkftLuJ8hyM/O3O2a

Score

1^/10

Malware Config

Signatures

Files

ac9cebc262672fc8ec2e001c51dc38056ea21e3af8f6d70f7e1fc75f8943488c
.exe windows:5 windows x86 arch:x86

3c1c5cdb0fd37f1cdaaf0d92def0732f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

54:97:1f:f2:38:d2:b8:66:f2:7f:c3:fe:6c:9a:d5:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/07/2011, 00:00

Not After

19/07/2014, 23:59

Subject

CN=Avira Operations GmbH & Co. KG,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Avira Operations GmbH & Co. KG,L=Tettnang,ST=Baden Wuerttemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

78:48:96:31:51:52:22:5e:16:7e:df:c3:38:fb:f0:3f:ea:82:8f:38
Signer

Actual PE Digest

78:48:96:31:51:52:22:5e:16:7e:df:c3:38:fb:f0:3f:ea:82:8f:38

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\Bld\5\9\Binaries\Win32\Release\IPMGUI.pdb

Imports

mfc100u

ord3932
ord8618
ord9353
ord11765
ord5575
ord4849
ord4921
ord13202
ord4147
ord2404
ord1687
ord11483
ord6925
ord6917
ord5077
ord7291
ord3526
ord8115
ord4151
ord11683
ord4512
ord13047
ord7973
ord7932
ord4360
ord12948
ord6096
ord1987
ord4290
ord3446
ord5862
ord2185
ord10937
ord13380
ord8112
ord11163
ord6247
ord10045
ord8393
ord2853
ord12724
ord11246
ord11244
ord1501
ord1508
ord1514
ord1512
ord1519
ord4388
ord4425
ord4396
ord4408
ord4404
ord4400
ord4430
ord4421
ord8345
ord4392
ord4434
ord4413
ord4379
ord4383
ord4416
ord3999
ord14067
ord3992
ord2665
ord13382
ord7109
ord13388
ord6156
ord10725
ord12557
ord5276
ord2339
ord11116
ord2952
ord2951
ord2852
ord11159
ord5143
ord9333
ord13352
ord5827
ord4785
ord14148
ord1310
ord14132
ord3491
ord3985
ord7976
ord12446
ord5049
ord9524
ord2062
ord286
ord6710
ord947
ord377
ord6671
ord266
ord2064
ord2068
ord13206
ord11515
ord13029
ord10894
ord11923
ord2457
ord7615
ord7624
ord7548
ord11784
ord13854
ord4744
ord2164
ord11476
ord11477
ord13381
ord7108
ord13387
ord8530
ord3684
ord3625
ord11864
ord7126
ord1739
ord14162
ord10976
ord13267
ord11469
ord7179
ord13570
ord13567
ord13572
ord13569
ord13571
ord13568
ord3416
ord5261
ord11228
ord11236
ord4087
ord7391
ord9498
ord11240
ord11209
ord11845
ord4642
ord4923
ord5115
ord8483
ord4901
ord5118
ord4645
ord4794
ord4623
ord6931
ord6932
ord6922
ord4792
ord7393
ord9328
ord8346
ord6141
ord11031
ord6036
ord7065
ord13043
ord7366
ord9897
ord8143
ord2346
ord11123
ord10058
ord10412
ord2981
ord2980
ord2756
ord5556
ord12606
ord2885
ord2884
ord7385
ord2417
ord8347
ord14146
ord3627
ord11021
ord7176
ord1293
ord891
ord14147
ord14145
ord8613
ord14149
ord13116
ord7633
ord1934
ord2089
ord14059
ord14060
ord8277
ord11081
ord4858
ord3402
ord6869
ord9447
ord1312
ord280
ord902
ord296
ord923
ord345
ord11838
ord1300

msvcr100

memcpy
__CxxFrameHandler3
__RTDynamicCast
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_controlfp_s
_invoke_watson
_except_handler4_common
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
wcsstr
wcsncpy_s
wcsncat_s
wcscpy_s
wcschr
_purecall
vswprintf_s
_vscwprintf
realloc
_errno
calloc
strtoul
memset
malloc
free
_waccess
_wsopen
_lseek
_close
_read
_filelength
_beginthreadex
_endthreadex
wcsnlen
swscanf_s
memmove_s
wmemcpy_s
_time64
_wtoi
wcscat_s
wcsrchr
_wsplitpath_s
memcpy_s
_wcsicmp
wcsncmp

kernel32

HeapReAlloc
HeapSize
HeapAlloc
HeapDestroy
GetProcessHeap
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
HeapFree
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
SetUnhandledExceptionFilter
DecodePointer
EncodePointer
GetStartupInfoW
HeapSetInformation
InterlockedCompareExchange
InterlockedExchange
GetCurrentProcess
SetEvent
ResumeThread
CreateEventW
SuspendThread
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
InterlockedDecrement
GetModuleFileNameW
FreeLibrary
GetProcAddress
GetFileAttributesW
InterlockedIncrement
LoadLibraryExW
GetModuleHandleW
SetLastError
CreateMutexW
ReleaseMutex
Sleep
WaitForSingleObject
GetTickCount
CloseHandle
OpenMutexW
GetLastError
DeleteCriticalSection

user32

SetWindowRgn
SetLayeredWindowAttributes
GetWindowInfo
GetDesktopWindow
GetShellWindow
IsWindowVisible
GetForegroundWindow
MonitorFromPoint
CopyRect
GetMonitorInfoW
MonitorFromWindow
FindWindowW
EnableWindow
PostMessageW
GetWindowRect
KillTimer
SetTimer
SendMessageW
LoadStringW

gdi32

CreateRectRgnIndirect

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

shell32

ShellExecuteW
SHGetSpecialFolderPathW
SHAppBarMessage

ole32

CoUninitialize
CoInitialize

oleaut32

VariantInit
SysFreeString
VariantClear
SysAllocString

Sections

.text
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3c1c5cdb0fd37f1cdaaf0d92def0732f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

54:97:1f:f2:38:d2:b8:66:f2:7f:c3:fe:6c:9a:d5:77Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

78:48:96:31:51:52:22:5e:16:7e:df:c3:38:fb:f0:3f:ea:82:8f:38Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc100u

msvcr100

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 46KB - Virtual size: 46KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 5KB - Virtual size: 5KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 5KB - Virtual size: 72KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

54:97:1f:f2:38:d2:b8:66:f2:7f:c3:fe:6c:9a:d5:77
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

78:48:96:31:51:52:22:5e:16:7e:df:c3:38:fb:f0:3f:ea:82:8f:38
Signer

.text
Size: 46KB - Virtual size: 46KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 5KB - Virtual size: 72KB