51dd4827ec9d1e9b61683310d2c93722eb8123c80934911616e9bffb600d72a7N

Sharing

Copy URL

Twitter E-mail

General

Target

51dd4827ec9d1e9b61683310d2c93722eb8123c80934911616e9bffb600d72a7N
Size

1.8MB
MD5

8b1da3a9c896385b53d50442a4f3aeb0
SHA1

5239e92ec183bfe4ca13465b5561f97eec3d30db
SHA256

51dd4827ec9d1e9b61683310d2c93722eb8123c80934911616e9bffb600d72a7
SHA512

4319aca811a0b87103fdba0664aebd907f91aaeb997dd79ef500235ff608a1986feb5efa92553f71acb2a5d4c774c02bf97666724257e6aa01d1aa5175ef3e00
SSDEEP

24576:awJe3wJe3wJejwJe3wJe3wJejwJe3wJe3wJe:ZJegJegJeUJegJegJeUJegJegJe

Score

1^/10

Malware Config

Signatures

Files

51dd4827ec9d1e9b61683310d2c93722eb8123c80934911616e9bffb600d72a7N
.exe windows:4 windows x86 arch:x86

430af33f4ce9475c62e2d9321d894f4c

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29-01-1996 00:00

Not After

01-08-2028 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1c:2d:d6:1a:35:e6:5d:f6:29:97:01:ff:9b:e5:ca:44
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

20-01-2010 00:00

Not After

24-01-2012 23:59

Subject

CN=BITDEFENDER LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BITDEFENDER LLC,L=Fort Lauderdale,ST=Florida,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:03:9f:91:04:9a:fc:61:45:5d:3b:d3:a0:f9:57:6b:a3:ba:d8:28
Signer

Actual PE Digest

76:03:9f:91:04:9a:fc:61:45:5d:3b:d3:a0:f9:57:6b:a3:ba:d8:28

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
OpenMutexW
LocalAlloc
lstrcatW
FindAtomW
GetAtomNameA
GetCurrentThread
InitializeCriticalSection
CompareStringA
WinExec
lstrcpy
GetComputerNameA
GetExpandedNameA
FileTimeToDosDateTime
GetAtomNameW
SetUnhandledExceptionFilter
GetLongPathNameA
DuplicateHandle
SetLastError
SetThreadPriority
GlobalGetAtomNameW
SearchPathA
IsBadCodePtr
CreateNamedPipeA
GetStartupInfoW
GetTempPathA
GetLogicalDrives
FindAtomA
GetSystemDefaultLCID
GetProcAddress
GetModuleHandleA
FindResourceA
GetTimeFormatW
GetHandleInformation
EndUpdateResourceA
GetProcessHeap
CreateMailslotW
GetThreadLocale
GetExpandedNameW
SetCalendarInfoA
GetCurrentDirectoryA
OpenEventA
GetLogicalDriveStringsA
lstrcmp
ExitThread
GetVersionExW
CreateSemaphoreA

user32

GetDCEx
LoadCursorA
CreatePopupMenu
GetCapture
CreateCaret
LoadBitmapW
TrackPopupMenu
DefFrameProcW
GetAsyncKeyState
CharUpperA
CreateDesktopW
CreateAcceleratorTableW
MessageBoxIndirectW
SetCursorPos
InsertMenuW
DeleteMenu
InvalidateRgn
mouse_event
ActivateKeyboardLayout
PeekMessageA
ReleaseDC
CopyIcon
CharUpperW
MonitorFromWindow
LoadMenuIndirectA
CreateWindowExA
GetMenuItemInfoW
LoadCursorW
CopyImage
IsChild
MoveWindow
CharLowerW
EndDialog
DefDlgProcW
GetActiveWindow
DestroyWindow
CheckMenuRadioItem
SetCursor
MonitorFromRect
CreateDialogIndirectParamW
EnableMenuItem
SetDlgItemTextW
UpdateWindow
LoadIconA
ArrangeIconicWindows
SendMessageW
EmptyClipboard
GetMessageA
SetWindowPos

gdi32

RemoveFontResourceExW
SetPaletteEntries
EnumObjects
StrokeAndFillPath
GetEnhMetaFileHeader
RestoreDC
CreateMetaFileW
Polygon
GetBkMode
SetLayout
TranslateCharsetInfo
PolyBezierTo

advapi32

RegCreateKeyExA
RegCreateKeyW
RegReplaceKeyW

comdlg32

ReplaceTextA
FindTextW
FindTextA

oleaut32

VarBoolFromDisp
GetRecordInfoFromGuids
LoadTypeLib

version

VerInstallFileW
GetFileVersionInfoSizeA

urlmon

ReleaseBindInfo
BindAsyncMoniker
HlinkGoForward
CDLGetLongPathNameW
URLDownloadA
CompareSecurityIds
IsAsyncMoniker
URLOpenPullStreamA
URLOpenStreamW
RegisterFormatEnumerator

winmm

mmTaskCreate
midiInGetID
NotifyCallbackData
midiOutMessage

inetcomm

MimeOleSMimeCapsToDlg
MimeOleSetBodyPropA
MimeOleSetDefaultCharset
DllGetClassObject

oledlg

OleUIChangeSourceA
OleUIAddVerbMenuA
OleUIInsertObjectW
OleUIPasteSpecialA

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.MBqyqw
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Xp
Size: 1KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.iVZWys
Size: 2KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.av
Size: 4KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.TD
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CXg
Size: 512B - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.J
Size: 1KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.CDN
Size: 512B - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.X
Size: 512B - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

430af33f4ce9475c62e2d9321d894f4c

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

1c:2d:d6:1a:35:e6:5d:f6:29:97:01:ff:9b:e5:ca:44Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

76:03:9f:91:04:9a:fc:61:45:5d:3b:d3:a0:f9:57:6b:a3:ba:d8:28Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

comdlg32

oleaut32

version

urlmon

winmm

inetcomm

oledlg

Sections

.text Size: 11KB - Virtual size: 11KB

.MBqyqw Size: 512B - Virtual size: 4KB

.Xp Size: 1KB - Virtual size: 42KB

.iVZWys Size: 2KB - Virtual size: 24KB

.av Size: 4KB - Virtual size: 40KB

.TD Size: 512B - Virtual size: 4KB

.CXg Size: 512B - Virtual size: 49KB

.data Size: 10KB - Virtual size: 9KB

.J Size: 1KB - Virtual size: 23KB

.CDN Size: 512B - Virtual size: 48KB

.X Size: 512B - Virtual size: 118KB

.rsrc Size: 162KB - Virtual size: 161KB

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

1c:2d:d6:1a:35:e6:5d:f6:29:97:01:ff:9b:e5:ca:44
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

76:03:9f:91:04:9a:fc:61:45:5d:3b:d3:a0:f9:57:6b:a3:ba:d8:28
Signer

.text
Size: 11KB - Virtual size: 11KB

.MBqyqw
Size: 512B - Virtual size: 4KB

.Xp
Size: 1KB - Virtual size: 42KB

.iVZWys
Size: 2KB - Virtual size: 24KB

.av
Size: 4KB - Virtual size: 40KB

.TD
Size: 512B - Virtual size: 4KB

.CXg
Size: 512B - Virtual size: 49KB

.data
Size: 10KB - Virtual size: 9KB

.J
Size: 1KB - Virtual size: 23KB

.CDN
Size: 512B - Virtual size: 48KB

.X
Size: 512B - Virtual size: 118KB

.rsrc
Size: 162KB - Virtual size: 161KB